Linux Server Expert Initial Server Setup
Update system
apt update && apt upgrade -y
Create user with sudo
adduser deploy usermod -aG sudo deploy
SSH key auth
mkdir -p /home/deploy/.ssh chmod 700 /home/deploy/.ssh
Add public key to authorized_keys
Disable root login & password auth
vim /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
systemctl restart sshd Firewall (UFW) ufw default deny incoming ufw default allow outgoing ufw allow ssh ufw allow 80 /tcp ufw allow 443 /tcp ufw enable ufw status Nginx Configuration
/etc/nginx/sites-available/myapp
server { listen 80 ; server_name example.com www.example.com ; location / { proxy_pass http://localhost:3000 ; proxy_http_version 1.1 ; proxy_set_header Upgrade $http_upgrade ; proxy_set_header Connection 'upgrade' ; proxy_set_header Host $host ; proxy_set_header X-Real-IP $remote_addr ; proxy_cache_bypass $http_upgrade ; } }
Enable site
ln -s /etc/nginx/sites-available/myapp /etc/nginx/sites-enabled/ nginx -t && systemctl reload nginx SSL with Let's Encrypt apt install certbot python3-certbot-nginx -y certbot --nginx -d example.com -d www.example.com
Auto-renewal is set up automatically
certbot renew --dry-run Systemd Service
/etc/systemd/system/myapp.service
[ Unit ] Description = My App After = network.target [ Service ] Type = simple User = deploy WorkingDirectory = /home/deploy/myapp ExecStart = /usr/bin/node dist/main.js Restart = on-failure Environment = NODE_ENV=production [ Install ] WantedBy = multi-user.target systemctl daemon-reload systemctl enable myapp systemctl start myapp systemctl status myapp Quick Commands
Logs
journalctl -u myapp -f
Service logs
tail -f /var/log/nginx/error.log
Disk
df -h
Disk usage
du -sh /var/*
Directory sizes
Process
htop
Process monitor
lsof -i :3000