# Setting Up A Production Environment #### Preliminaries This guide assumes a virtual environment (VM) running Ubuntu 18_04. Install updates to packages: `sudo apt-get update` `sudo apt-get dist-upgrade` Install openSSH (if necessary) `sudo apt install openssh-server` *** #### Install Essential Components Install some useful development tools `sudo apt-get install -y build-essential git vim-nox wget curl` Install Postgres and associated tools `sudo apt-get install -y postgresql postgresql-contrib libpq-dev postgis postgresql-10-postgis-2.4` `sudo apt-get install -y gdal-bin libspatialindex-dev libgeos-dev libproj-dev` Install Nginx `sudo apt install nginx` Clone the remote Colouring London GitHub repository into `/var/www` `cd /var/www` `sudo git clone https://github.com/tomalrussell/colouring-london.git` Create a system user (`nodeapp`) to `chown` the `colouring-london` directory `useradd -r -s /bin/nologin nodeapp` Add the current user to the `nodeapp` group `sudo usermod -a -G nodeapp ` Make the `nodeapp` user/group `chown` the `colouring-london` directory and its subdirectories `sudo chown -R nodeapp:nodeapp /var/www/colouring-london` Now set appropriate permissions on the `colouring-london` directory `sudo chmod -R 775 /var/www/colouring-london` *** #### Install Node. First define a couple of convenience variables: `NODE_VERSION=v12.14.1` `DISTRO=linux-x64` Get the Node distribution and install it `wget -nc https://nodejs.org/dist/$NODE_VERSION/node-$NODE_VERSION-$DISTRO.tar.xz` `sudo mkdir /usr/local/lib/node` `sudo tar xf node-$NODE_VERSION-$DISTRO.tar.xz -C /usr/local/lib/node` `sudo mv /usr/local/lib/node/node-$NODE_VERSION-$DISTRO /usr/local/lib/node/node-$NODE_VERSION` `rm node-$NODE_VERSION-$DISTRO.tar.xz` Export the `NODE_JS_HOME` variable to your bash profile cat >> ~/.profile < /dev/null` For production we do not want to use our Ubuntu username as the Postgres username. So we need to replace peer authentication with password authentication for local connections. `sudo sed -i 's/^local.*all.*all.*peer$/local all all md5/' /etc/postgresql/10/main/pg_hba.conf` Restart Postgres for the configuration changes to take effect `sudo service postgresql restart` Create a distinct Postgres user `sudo -u postgres psql -c "SELECT 1 FROM pg_user WHERE usename = '';" | grep -q 1 || sudo -u postgres psql -c "CREATE ROLE SUPERUSER LOGIN PASSWORD '';"` Create default colouring london database `sudo -u postgres psql -c "SELECT 1 FROM pg_database WHERE datname = 'colouringlondondb';" | grep -q 1 || sudo -u postgres createdb -E UTF8 -T template0 --locale=en_US.utf8 -O colouringlondondb` `psql -d colouringlondondb -U -c "create extension postgis;"` `psql -d colouringlondondb -U -c "create extension pgcrypto;"` `psql -d colouringlondondb -U -c "create extension pg_trgm;"` Import data from the most recent colouring london database dump `pg_restore --no-privileges --no-owner --username "" --dbname "colouringlondondb" --clean ""` *** #### Configure NGINX Configure linux firewall `sudo ufw allow 'Nginx HTTP'` `sudo ufw allow OpenSSH` `sudo ufw enable` We can check the status of the firewall with `sudo ufw status` Now edit `sites-available/default` to create a minimal Nginx configuration to test the installation `sudo nano /etc/nginx/sites-available/default` # Handle HTTP connections with redirect server { listen 80 default_server; listen [::]:80 default_server; server_name colouring-london; location / { proxy_pass http://localhost:3000/; proxy_set_header X-Real-IP $remote_addr; } } Make sure you didn't introduce any syntax errors by typing: `sudo nginx -t` If all is well, restart Nginx `sudo systemctl restart nginx` Test out the configuration `cd /var/www/colouring-london/app` `npm run build` `PGPASSWORD= PGDATABASE=colouringlondondb PGUSER= PGHOST=localhost PGPORT=5432 APP_COOKIE_SECRET= npm run start:prod` Now open a browser window on a client machine and navigate to the IP Address of your VM `http://` You should see the Colouring London homepage. *** #### Set up PM2 Perform a global install of PM2 `sudo su root` `export NODEJS_HOME=/usr/local/lib/node/node-v12.14.1/bin/` `export PATH=$NODEJS_HOME:$PATH` `npm install -g pm2` `exit` Create an `ecosystem.config.js` file from the template file `cd /var/www/colouring-london` `nano ecosystem.config.template.js` // Template for production ecosystem file // Copy this file and edit to set up pm2 config // DO NOT COMMIT details to this file (publicly visible) // See https://pm2.io/doc/en/runtime/guide/ecosystem-file/ for docs module.exports = { apps: [ { name: "colouringlondon", script: "./app/build/server.js", instances: 6, env: { NODE_ENV: "production", PGHOST: "localhost", PGPORT: 5432, PGDATABASE: "colouringlondondb", PGUSER: "", PGPASSWORD: "", APP_COOKIE_SECRET: "", TILECACHE_PATH: "/var/www/colouring-london/app/tilecache" } } ] } Edit the above file as appropriate and save as `ecosystem.config.js` Start the colouring-london app `cd /var/www/colouring-london` `pm2 start ecosystem.config.js` Open a browser window on a client machine and navigate to the IP Address of your VM `http://` You should see the Colouring London homepage. To stop the colouring-london app type: `pm2 stop ecosystem.config.js` *** #### Set up SSL - TO DO DON'T FORGET to open the Ubuntu firewall to HTTPS