Tutorial Production Ready Ubuntu, PM2, Nginx Reverse Proxy, Let's Encrypt SSL, Pagermon server
This guide is a step by step setup guide for setting up the following environment
- Pagermon v0.3.7 with SQLite Backend managed by PM2
- NGINX Reverse Proxy
- Let's Encrypt Certificate with auto-renewals using Certbot.
This guide does not include the following:
- Setup and Configuration of Ubuntu
- Security Hardening of Ubuntu or Node
- Setup and Configuration of Pagermon Clients.
For the purposes of the guide we will use the domain pagermonhome.local for all examples - please replace this with your own domain before running commands.
- Installed and Patched Ubuntu 18.04.1
- SUDO Access
- A valid registered domain name
- This domain must be pointed to the static ip of your server before beginning
- A static IP
- Port 80 and 443 Forwarded to the server
First, we need to add some custom repositories to allow easy installation of some of the applications we will need.
Run the following commands to add the repositories, perform an apt update and upgrade any required software before we begin:
sudo add-apt-repository ppa:certbot/certbot -y
sudo apt update -y
sudo apt upgrade -y
Next we need to install the dependencies for Pagermon:
sudo apt install sqlite3 nginx
sudo apt install python-certbot-nginx -y
Now we'll install Node Version Manager, Node and PM2
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.35.2/install.sh | bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"
nvm install 12.16.0
npm install pm2 -g
Next we'll download Pagermon and install
cd $HOME
git clone https://github.com/pagermon/pagermon.git
cd $HOME/pagermon/server
npm install
Next we'll need to create and edit our Process.json file.
Create a copy of the default file
cp $HOME/pagermon/server/process-default.json $HOME/pagermon/server/process.json
Open the file using your favourite editor vim/nano etc, for the purposes of this guide we will use nano.
nano $HOME/pagermon/server/process.json
Edit line 3 to match your environment.
"cwd" : "/home/$USER/pagermon/server",
Edit Line 22 to your domain name
"HOSTNAME": "pagermonhome.local",
Save the file by using the hotkey CTRL-O, close the file by pressing CTRL-X.
Next we'll setup Nginx to act as our reverse proxy in front of pagermon.
We'll start by removing the default configuration files (we won't need these), create our custom config file and open it for editing.
sudo rm /etc/nginx/sites-available/default
sudo rm /etc/nginx/sites-enabled/default
sudo touch /etc/nginx/sites-available/pagermon
sudo nano /etc/nginx/sites-available/pagermon
Insert the following into the file:
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name pagermonhome.local www.pagermonhome.local;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
Be sure to edit line 10 to match your domain in use - if you are NOT using an www record be sure to remove that section.
Now we'll activate our changes
sudo ln -s /etc/nginx/sites-available/pagermon /etc/nginx/sites-enabled/
Now we'll request our certificate from Certbot, ensure you use a valid email address in case there are ever issues renewing your certificate
With WWW record:
sudo certbot --nginx --non-interactive --no-redirect -d pagermonhome.local -d www.pagermonhome.local --agree-tos -m YOU@YOUREMAIL.com
sudo systemctl restart nginx
Without WWW record:
sudo certbot --nginx --non-interactive --no-redirect -d pagermonhome.local --agree-tos -m YOU@YOUREMAIL.com
sudo systemctl restart nginx
Lastly we'll configure PM2 First we'll ensure PM2-Logrotate is installed to rotate log files
pm2 install pm2-logrotate
sudo env PATH=$PATH:/home/$USER/.nvm/versions/node/v12.16.0/bin pm2 logrotate -u $USER
Now we'll finally start Pagermon and set it to start on reboot.
pm2 start $HOME/pagermon/server/process.json
pm2 save
sudo env PATH=$PATH:/home/$USER/.nvm/versions/node/v12.16.0/bin /home/$USER/.nvm/versions/node/v12.16.0/lib/node_modules/pm2/bin/pm2 startup systemd -u $USER --hp /home/$USER
You should now be able to browse to your domain name and see the Pagermon home page, with a valid SSL Certificate.
From here you should Login to your site with the default credentials and change these immediately.
Username: admin Password: changeme
Select the admin dropdown and "Reset Password"
Then select the admin dropdown again and settings we recommend changing the default API Keys and Session Secret to avoid abuse.