Linux Server Expert

Initial Server Setup

# Update system
apt update && apt upgrade -y

# Create user with sudo
adduser deploy
usermod -aG sudo deploy

# SSH key auth
mkdir -p /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
# Add public key to authorized_keys

# Disable root login & password auth
vim /etc/ssh/sshd_config
# PermitRootLogin no
# PasswordAuthentication no
systemctl restart sshd

Firewall (UFW)

ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable
ufw status

Nginx Configuration

# /etc/nginx/sites-available/myapp
server {
    listen 80;
    server_name example.com www.example.com;
    
    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_cache_bypass $http_upgrade;
    }
}

# Enable site
ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/
nginx -t && systemctl reload nginx

SSL with Let's Encrypt

apt install certbot python3-certbot-nginx -y
certbot --nginx -d example.com -d www.example.com
# Auto-renewal is set up automatically
certbot renew --dry-run

Systemd Service

# /etc/systemd/system/myapp.service
[Unit]
Description=My App
After=network.target

[Service]
Type=simple
User=deploy
WorkingDirectory=/home/deploy/myapp
ExecStart=/usr/bin/node dist/main.js
Restart=on-failure
Environment=NODE_ENV=production

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl enable myapp
systemctl start myapp
systemctl status myapp

Quick Commands

# Logs
journalctl -u myapp -f          # Service logs
tail -f /var/log/nginx/error.log

# Disk
df -h                           # Disk usage
du -sh /var/*                   # Directory sizes

# Process
htop                            # Process monitor
lsof -i :3000                   # What uses port