The novel API version 1.0 is finished, and then it is deployed to the server, using nginx, pm2, nvm, git, OpenSSL.
Server configuration: CentOS 7.4 64 bit 1 core 2 GB 1 Mbps
node version: 8.9.0
nvm version: 0.33.11
npm version: 5.5.1
nginx version: 1.12.2
git version: 2.9.5
The first step is to add the pm2 configuration file
Create a pm2.json file in the root directory of the novel api project.
{ "name": "novel-api", // service name "script": "./bin/www", // Startup script "cwd": "./", // Current working path "watch": [ // Monitor the changing directory and restart automatically once it changes "bin", "routers" ], "ignore_watch": [ // Exclude from the monitoring directory "node_modules", "logs", "public", "log" ], "watch_options": { "followSymlinks": false }, "max_memory_restart": "1G", // Restart the application according to memory constraints. "error_file": "./logs/novel-apierr.log", // Error log path "out_file": "./logs/novel-api-out.log", // Ordinary log path "env": { "DEBUG": "novel-api", // Environment variable parameter, debug name novel-api, 8080 port listener "PORT": "8080" } }
The package.json file adds npm run deploy deployment commands.
"deploy": "pm2 start pm2.json"
Common commands for pm2.
pm2 save saves the current process list.
The list of processes saved before pm2 resurrect starts.
pm2 restart app.js|app_name restart process
pm2 start app.js start process
pm2 list view process list
pm2 stop app_name |app_id stops the specified application. All stops all applications
Step 2 Purchase Servers and Domain Names
Purchasing Servers https://buy.cloud.tencent.com/cvm?tab=lite I bought a CentOS 7.4 64 bit 1 core 2 GB 1 Mbps server. If you just try to deploy the process, you can choose to pay on time.
Purchase domain name https://dnspod.cloud.tencent.com/?from=qcloudProductDns The domain name of.com is recommended.
Step 3 Setting up Subdomain Names
Add a subdomain name at the beginning of an api https://console.cloud.tencent.com/domain Then add parsing.
Step 4 Login Server Installation Software
Log in to the server and execute the following installation commands.
Install nginx
yum install -y nginx nginx -v
Install nvm
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh | bash nvm --version
Install node and pm2, apidoc
nvm install 8.9.0 nvm use 8.9.0 node -v npm -v npm install -g pm2 apidoc
Install git
yum install -y curl-devel expat-devel gettext-devel openssl-devel zlib-devel tar yum install -y gcc-c++ perl-ExtUtils-MakeMaker cd /usr/src wget https://www.kernel.org/pub/software/scm/git/git-2.9.5.tar.gz tar xf git-2.9.5.tar.gz cd git-2.9.5 make configure make profix=/usr/git make install echo "export PATH=$PATH:/usr/git/bin" >> /etc/profile source /etc/profile git --version // Configure git git config --global user.name "User name" git config --global user.email E-mail address
Cloning git Repositories on servers
First enter the home path to create the wwwroot folder.
cd /home && mkdir wwwroot cd wwwroot git clone https://github.com/lanpangzhi/novel-api.git cd novel-api npm install npm run doc npm run deploy
The application was launched on pm2.
Configure nginx
Start nginx first.
nginx
http://123.206.45.87 Enter the server ip in the browser and you can see that nginx has started.
Enter the nginx configuration directory and create a new file.
cd /etc/nginx/conf.d touch api.langpz.com-8080.conf
If a server has more servers, it is recommended to use domain name and port as configuration file names.
Edit the api.langpz.com-8080.conf configuration file.
vi api.langpz.com-8080.conf
Copy and paste the following code.
upstream novel-api { server 127.0.0.1:8080; } server { listen 80; server_name Your own domain name; location / { proxy_pass http://novel-api; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; } }
ctrl + c input: wq exits and saves. Enter your domain name in the browser and you can see the document by executing nginx-s reload. http://api.langpz.com
gzip compression
cd /etc/nginx/ vi nginx.conf
Copy and paste the following code.
## gzip compression gzip on; # ie6 does not enable gzip gzip_disable "msie6"; gzip_vary on; gzip_proxied any; # Compression Level 1-9 gzip_comp_level 2; gzip_buffers 16 8k; gzip_http_version 1.1; # Enable compression for MIME types other than "text/html" gzip_types text/plain text/css application/json application/x-javascript application/javascript image/tiff image/x-icon application/font-woff application/vnd.ms-fontobject text/javascript;
ctrl + c input: wq exits and saves. Then nginx-s reload is executed. You can go to the webmaster's house to see your compression rate http://tool.chinaz.com/gzips/
Hide nginx version number
Or modify the file nginx.conf
vi nginx.conf // Copy the following code # Hide nginx version number server_tokens off;
ctrl + c input: wq exits and saves. Then nginx-s reload is executed.
The nginx version number is not shown here.
Configure ssl certificate https to add a small green lock to your website
I use the free certificate of Tencent Cloud, which can also be generated by myself. https://cloud.tencent.com/product/ssl?from=qcloudHpHeaderSsl Use domain name free version.
Apply for Tencent Yun ssl Certificate
Go straight to the next step and verify with the recommended options. The application will come down in less than ten minutes, and there will be email and SMS notifications.
Download certificate and upload it to server
Find Tencent cloud ssl certificate management to download certificates.
There are three folders in the compressed package to find the Nginx folder.
Create a new folder in the directory where the server enters nginx.
cd /etc/nginx/ mkdir api.langpz.com
Then upload two files from the Nginx folder to the server / etc/nginx/api.langpz.com folder.
You can download a FileZilla software or download another ftp tool. You can also use the command line. I downloaded FileZilla here to upload it.
Enhancing HTTPS Security
First, run the following code in the directory / etc/nginx/api.langpz.com to generate the dhparam.pem file
cd /etc/nginx/api.langpz.com openssl dhparam -out dhparam.pem 2048
Modify configuration files
cd /etc/nginx/conf.d touch api.langpz.com-8080.conf
Cover the api.langpz.com-8080.conf file with the following code.
upstream novel-api { server 127.0.0.1:8080; } # Configure shared session cache size ssl_session_cache shared:SSL:10m; # Configure session timeout ssl_session_timeout 10m; # Forced jump https server { listen 80; server_name api.langpz.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name api.langpz.com; # Certificate file ssl_certificate /etc/nginx/api.langpz.com/1_api.langpz.com_bundle.crt; # Private key file ssl_certificate_key /etc/nginx/api.langpz.com/2_api.langpz.com.key; # Setting Long Connections keepalive_timeout 70; # Prioritize Server Algorithms ssl_prefer_server_ciphers on; # Using DH files ssl_dhparam /etc/nginx/api.langpz.com/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Definition algorithm ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; # HSTS strategy add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always; # Anti XSS attack add_header X-Xss-Protection 1; # Disable server from automatically resolving resource types add_header X-Content-Type-Options nosniff; location / { proxy_pass http://novel-api; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_redirect off; } }
ctrl + c input: wq exits and saves. Then nginx-s reload is executed.
Access now https://api.langpz.com . If you access the http protocol, you will be forced to jump to the https protocol.
SSL Security Testing
[](https://www.ssllabs.com/sslte...
Enter your domain name.
Previously, the nginx configuration enhanced HTTPS security, so the result was A+.
summary
This kind of deployment is troublesome. After deployment, it is found that pm2 also has deployment function. When 2.0 is reconstructed with koa.js, it is deployed with pm2 and docker generates image.
.
My blog and github, if you like, please go to some stars. Thank you.
Reference resources
https://nginx.org/en/docs/
https://github.com/creationix/nvm
https://www.thinkjs.org/zh-cn/doc/3.0/deploy.html
https://www.cnblogs.com/chyingp/p/pm2-documentation.html
http://www.runoob.com/git/git-install-setup.html
https://nginx.rails365.net/chapters/install.html
https://www.cnblogs.com/nuccch/p/7681592.html
https://aotu.io/notes/2016/08/16/nginx-https/index.html