Last active
July 26, 2025 16:30
-
-
Save jamiewilson/4e1d28f9a200cb34ad59 to your computer and use it in GitHub Desktop.
Revisions
-
jamiewilson revised this gist
May 14, 2017 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # Deploying a Meteor app to Digital Ocean #### Table of Contents -
Sep 13, 2016 . 1 changed file with 0 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,7 +12,6 @@ 1. [Set up your custom domain](#set-up-your-custom-domain) 1. [Add some swap space](#add-some-swap-space) 1. [Set up SSL](#set-up-ssl) 1. [Ports and Redirects with nginx](#ports-and-redirects-with-nginx) 1. [Install Meteor Up](#install-meteor-up) 1. [Visit your domain](#visit-your-domain) -
Sep 13, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,7 +2,7 @@ #### Table of Contents 1. [Create an SSH Key](#create-an-ssh-key) 1. [Create a Digital Ocean account and droplet](#create-a-digital-ocean-account-and-droplet) 1. [Connect to your server with SSH](#connect-to-your-server-with-ssh) 1. [Create a new user and disable root access](#create-a-new-user-and-disable-root-access) -
Sep 15, 2015 . 1 changed file with 11 additions and 11 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -31,7 +31,7 @@ You'll then be asked to enter a passphrase. Again, leave it empty and hit enter. Enter passphrase (empty for no passphrase): [Back to Top](#deploying-a-meteor-app-to-digital-ocean) ### Create a Digital Ocean account and droplet @@ -45,7 +45,7 @@ Then, back on Digital Ocean, give the key a name and **paste it into the space**  [Back to Top](#deploying-a-meteor-app-to-digital-ocean) ### Connect to your server with SSH @@ -65,7 +65,7 @@ The following repsonse should be: If your connection is closed after this step, just repeat the `ssh [email protected]` step. You are now logged into your server as the root user using an SSH key. [Back to Top](#deploying-a-meteor-app-to-digital-ocean) ### Create a new user and disable root access @@ -93,7 +93,7 @@ Once you've created and confirmed your new password, you'll be asked a few quest You can leave these blank if you don't need this info for your new user. [Back to Top](#deploying-a-meteor-app-to-digital-ocean) ### Give your new user [sudo privileges](https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos) and add SSH keys to his/her account @@ -147,7 +147,7 @@ Which should give you a prompt like the following to let you know that you are b logout root@dropletName:~# [Back to Top](#deploying-a-meteor-app-to-digital-ocean) ### Disable remote access to `root` account @@ -165,7 +165,7 @@ Exit and logout of your server session with: exit [Back to Top](#deploying-a-meteor-app-to-digital-ocean) ### Test your SSH connection @@ -175,7 +175,7 @@ To test your connection with your new username and SSH key, simply execute: This should automatically log you on to your server as `username`. [Back to Top](#deploying-a-meteor-app-to-digital-ocean) ### Set up your custom domain @@ -197,7 +197,7 @@ Now, create a new A record with the name of `@` and your IP address like so:  [Back to Top](#deploying-a-meteor-app-to-digital-ocean) ### Add some swap space (Optional) Follow the instructions here: [How to Add Swap](https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04) @@ -231,7 +231,7 @@ This will generate a new file for you with a key with no password. Now, you'll n Save the `ssl.pem` file for later (or move it to a directory called `mup-your-project-name` somewhere outside your app repo). [Back to Top](#deploying-a-meteor-app-to-digital-ocean) ### Ports and Redirects with [nginx](https://en.m.wikipedia.org/wiki/Nginx) @@ -299,7 +299,7 @@ To test the change, open a **new terminal window** and run: The top line should read `HTTP/1.1 301 Moved Permanently`. [Back to Top](#deploying-a-meteor-app-to-digital-ocean) ### Install [Meteor Up](https://github.com/arunoda/meteor-up) @@ -369,4 +369,4 @@ If successful, your output should look like: That should do it. Your site should be live. [Back to Top](#deploying-a-meteor-app-to-digital-ocean) -
Sep 15, 2015 . 1 changed file with 11 additions and 11 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -31,7 +31,7 @@ You'll then be asked to enter a passphrase. Again, leave it empty and hit enter. Enter passphrase (empty for no passphrase): [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) ### Create a Digital Ocean account and droplet @@ -45,7 +45,7 @@ Then, back on Digital Ocean, give the key a name and **paste it into the space**  [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) ### Connect to your server with SSH @@ -65,7 +65,7 @@ The following repsonse should be: If your connection is closed after this step, just repeat the `ssh [email protected]` step. You are now logged into your server as the root user using an SSH key. [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) ### Create a new user and disable root access @@ -93,7 +93,7 @@ Once you've created and confirmed your new password, you'll be asked a few quest You can leave these blank if you don't need this info for your new user. [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) ### Give your new user [sudo privileges](https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos) and add SSH keys to his/her account @@ -147,7 +147,7 @@ Which should give you a prompt like the following to let you know that you are b logout root@dropletName:~# [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) ### Disable remote access to `root` account @@ -165,7 +165,7 @@ Exit and logout of your server session with: exit [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) ### Test your SSH connection @@ -175,7 +175,7 @@ To test your connection with your new username and SSH key, simply execute: This should automatically log you on to your server as `username`. [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) ### Set up your custom domain @@ -197,7 +197,7 @@ Now, create a new A record with the name of `@` and your IP address like so:  [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) ### Add some swap space (Optional) Follow the instructions here: [How to Add Swap](https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04) @@ -231,7 +231,7 @@ This will generate a new file for you with a key with no password. Now, you'll n Save the `ssl.pem` file for later (or move it to a directory called `mup-your-project-name` somewhere outside your app repo). [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) ### Ports and Redirects with [nginx](https://en.m.wikipedia.org/wiki/Nginx) @@ -299,7 +299,7 @@ To test the change, open a **new terminal window** and run: The top line should read `HTTP/1.1 301 Moved Permanently`. [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) ### Install [Meteor Up](https://github.com/arunoda/meteor-up) @@ -369,4 +369,4 @@ If successful, your output should look like: That should do it. Your site should be live. [Back to Top](https://gist.github.com/jamiewilson/4e1d28f9a200cb34ad59) -
Sep 15, 2015 . 1 changed file with 11 additions and 11 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -31,7 +31,7 @@ You'll then be asked to enter a passphrase. Again, leave it empty and hit enter. Enter passphrase (empty for no passphrase): [Table of Contents](#table-of-contents) ### Create a Digital Ocean account and droplet @@ -45,7 +45,7 @@ Then, back on Digital Ocean, give the key a name and **paste it into the space**  [Table of Contents](#table-of-contents) ### Connect to your server with SSH @@ -65,7 +65,7 @@ The following repsonse should be: If your connection is closed after this step, just repeat the `ssh [email protected]` step. You are now logged into your server as the root user using an SSH key. [Table of Contents](#table-of-contents) ### Create a new user and disable root access @@ -93,7 +93,7 @@ Once you've created and confirmed your new password, you'll be asked a few quest You can leave these blank if you don't need this info for your new user. [Table of Contents](#table-of-contents) ### Give your new user [sudo privileges](https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos) and add SSH keys to his/her account @@ -147,7 +147,7 @@ Which should give you a prompt like the following to let you know that you are b logout root@dropletName:~# [Table of Contents](#table-of-contents) ### Disable remote access to `root` account @@ -165,7 +165,7 @@ Exit and logout of your server session with: exit [Table of Contents](#table-of-contents) ### Test your SSH connection @@ -175,7 +175,7 @@ To test your connection with your new username and SSH key, simply execute: This should automatically log you on to your server as `username`. [Table of Contents](#table-of-contents) ### Set up your custom domain @@ -197,7 +197,7 @@ Now, create a new A record with the name of `@` and your IP address like so:  [Table of Contents](#table-of-contents) ### Add some swap space (Optional) Follow the instructions here: [How to Add Swap](https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04) @@ -231,7 +231,7 @@ This will generate a new file for you with a key with no password. Now, you'll n Save the `ssl.pem` file for later (or move it to a directory called `mup-your-project-name` somewhere outside your app repo). [Table of Contents](#table-of-contents) ### Ports and Redirects with [nginx](https://en.m.wikipedia.org/wiki/Nginx) @@ -299,7 +299,7 @@ To test the change, open a **new terminal window** and run: The top line should read `HTTP/1.1 301 Moved Permanently`. [Table of Contents](#table-of-contents) ### Install [Meteor Up](https://github.com/arunoda/meteor-up) @@ -369,4 +369,4 @@ If successful, your output should look like: That should do it. Your site should be live. [Table of Contents](#table-of-contents) -
Sep 15, 2015 . 1 changed file with 25 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,7 @@ #Deploying a Meteor app to Digital Ocean #### Table of Contents 1. [Create an SSH Key](#create-an-sss-key) 1. [Create a Digital Ocean account and droplet](#create-a-digital-ocean-account-and-droplet) 1. [Connect to your server with SSH](#connect-to-your-server-with-ssh) @@ -29,6 +31,8 @@ You'll then be asked to enter a passphrase. Again, leave it empty and hit enter. Enter passphrase (empty for no passphrase): [Table of Content](#table-of-contents) ### Create a Digital Ocean account and droplet Select Ubuntu for your operating system. For production apps, it's recommended that you spring for the $10/month set up. For a full walkthrough, read [How To Create Your First DigitalOcean Droplet Virtual Server](https://www.digitalocean.com/community/tutorials/how-to-create-your-first-digitalocean-droplet-virtual-server). @@ -39,7 +43,9 @@ When you get to step to add your SSH key, go back to your terminal, **copy the c Then, back on Digital Ocean, give the key a name and **paste it into the space** as shown below:  [Table of Content](#table-of-contents) ### Connect to your server with SSH @@ -59,6 +65,8 @@ The following repsonse should be: If your connection is closed after this step, just repeat the `ssh [email protected]` step. You are now logged into your server as the root user using an SSH key. [Table of Content](#table-of-contents) ### Create a new user and disable root access At the prompt on your server (should look something like this `root@dropletname:~# `, enter `adduser` followed by the username you want the new user to have. @@ -85,6 +93,8 @@ Once you've created and confirmed your new password, you'll be asked a few quest You can leave these blank if you don't need this info for your new user. [Table of Content](#table-of-contents) ### Give your new user [sudo privileges](https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos) and add SSH keys to his/her account gpasswd -a username sudo @@ -137,6 +147,8 @@ Which should give you a prompt like the following to let you know that you are b logout root@dropletName:~# [Table of Content](#table-of-contents) ### Disable remote access to `root` account Open the config file with: @@ -153,6 +165,8 @@ Exit and logout of your server session with: exit [Table of Content](#table-of-contents) ### Test your SSH connection To test your connection with your new username and SSH key, simply execute: @@ -161,6 +175,8 @@ To test your connection with your new username and SSH key, simply execute: This should automatically log you on to your server as `username`. [Table of Content](#table-of-contents) ### Set up your custom domain Go to **your domain registrar** and update your nameservers to point to @@ -181,6 +197,8 @@ Now, create a new A record with the name of `@` and your IP address like so:  [Table of Content](#table-of-contents) ### Add some swap space (Optional) Follow the instructions here: [How to Add Swap](https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04) @@ -213,6 +231,8 @@ This will generate a new file for you with a key with no password. Now, you'll n Save the `ssl.pem` file for later (or move it to a directory called `mup-your-project-name` somewhere outside your app repo). [Table of Content](#table-of-contents) ### Ports and Redirects with [nginx](https://en.m.wikipedia.org/wiki/Nginx) **Back on your server**, run the following commands update your packages and install nginx: @@ -279,6 +299,8 @@ To test the change, open a **new terminal window** and run: The top line should read `HTTP/1.1 301 Moved Permanently`. [Table of Content](#table-of-contents) ### Install [Meteor Up](https://github.com/arunoda/meteor-up) npm install -g mup @@ -346,3 +368,5 @@ If successful, your output should look like: ### Visit your domain That should do it. Your site should be live. [Table of Content](#table-of-contents) -
Sep 15, 2015 . 1 changed file with 15 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,19 @@ #Deploying a Meteor app to Digital Ocean 1. [Create an SSH Key](#create-an-sss-key) 1. [Create a Digital Ocean account and droplet](#create-a-digital-ocean-account-and-droplet) 1. [Connect to your server with SSH](#connect-to-your-server-with-ssh) 1. [Create a new user and disable root access](#create-a-new-user-and-disable-root-access) 1. [Give your new user sudo privileges and add SSH keys to his/her account](#give-your-new-user-sudo-privileges-and-add-ssh-keys-to-hisher-account) 1. [Disable remote access to root account](#disable-remote-access-to-root-account) 1. [Test your SSH connection](#test-your-ssh-connection) 1. [Set up your custom domain](#set-up-your-custom-domain) 1. [Add some swap space](#add-some-swap-space) 1. [Set up SSL](#set-up-ssl) 1. [Set up SSL](#set-up-ssl) 1. [Ports and Redirects with nginx](#ports-and-redirects-with-nginx) 1. [Install Meteor Up](#install-meteor-up) 1. [Visit your domain](#visit-your-domain) ### Create an SSH Key @@ -266,7 +279,7 @@ To test the change, open a **new terminal window** and run: The top line should read `HTTP/1.1 301 Moved Permanently`. ### Install [Meteor Up](https://github.com/arunoda/meteor-up) npm install -g mup -
Sep 15, 2015 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,7 @@ #Deploying a Meteor app to Digital Ocean 1. [Create an SSH Key](#Create an SSH Key) ### Create an SSH Key If you don't already have one, create an RSA key pair. In Terminal enter: -
Sep 15, 2015 . 1 changed file with 46 additions and 16 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -37,10 +37,10 @@ You'll likely be prompted with the following question. Answer `yes`. The authenticity of host 'XXX.XXX.XX.XXX (XXX.XXX.XX.XXX)' can't be established. RSA key fingerprint is Xx:xX:Xx:XX:XX:Xx:XX:XX:XX:xX:XX:XX:Xx:Xx:xx:Xx. Are you sure you want to continue connecting (yes/no)? The following repsonse should be: Warning: Permanently added 'XXX.XXX.XX.XXX' (RSA) to the list of known hosts. If your connection is closed after this step, just repeat the `ssh [email protected]` step. You are now logged into your server as the root user using an SSH key. @@ -55,13 +55,13 @@ You'll be asked to create a password. What you type will not show up on screen, Enter new UNIX password: Retype new UNIX password: **SAVE YOUR PASSWORD somewhere safe!** Once you've created and confirmed your new password, you'll be asked a few questions: Changing the user information for username Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: @@ -80,7 +80,7 @@ And you also need to add NOPASSWD to your sudoers file. Open it with: Then, replace the line that says `%sudo ALL=(ALL) ALL` with %sudo ALL=(ALL) NOPASSWD:ALL To save these edits, type `Ctrl + X`, then confirm by typing `Y` and hitting enter: @@ -148,10 +148,10 @@ This should automatically log you on to your server as `username`. ### Set up your custom domain Go to **your domain registrar** and update your nameservers to point to - `ns1.digitalocean.com` - `ns2.digitalocean.com` - `ns3.digitalocean.com` This is what the [iwantmyname](https://iwantmyname.com/) settings look like: @@ -170,7 +170,33 @@ Now, create a new A record with the name of `@` and your IP address like so: (Optional) Follow the instructions here: [How to Add Swap](https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04) ### Set up SSL From the prompt on you server, enter the following where `yourserver` is the name of your server: openssl req -new -newkey rsa:2048 -nodes -keyout yourserver.key -out yourserver.csr This will generate a series of questions. When asked for **Common Name**, make sure you enter a wildcar subdomain for your address `*.yourdomain.com`: Common Name (e.g. server FQDN or YOUR name) []: *.yourdomain.com Now, print the contents of the new `yourserver.csr` file using: cat ~/yourserver.csr Copy the output with both the `-----BEGIN CERTIFICATE REQUEST-----` and `-----END CERTIFICATE REQUEST-----` tags. Create new file and save it as `yourdomain.key`. Go purchase your wildcard SSL certificate. After purchasing, follow instructions to activate your cert with your `yourserver.csr` key. Be sure to select **nginx** as your web server. Wait for the emails and follow instructions. Once you get the zipped file of certs, unzip them and at your `yourdomain.key` file to the folder. First, run this command to remove the password you set on you key: openssl rsa -in yourdomain.key -out yourdomain.nopass.key This will generate a new file for you with a key with no password. Now, you'll need to combine them into one file using a the following command with your file names: cat yourdomain.crt DomainValidationSecureServerCA.crt AddTrustCA.crt.crt AddTrustExternalCARoot.crt yourdomain.nopass.key > ssl.pem Save the `ssl.pem` file for later (or move it to a directory called `mup-your-project-name` somewhere outside your app repo). ### Ports and Redirects with [nginx](https://en.m.wikipedia.org/wiki/Nginx) @@ -224,7 +250,7 @@ Save and exit this file. Next, we'll add a small security measure by [hiding our sudo nano /etc/nginx/nginx.conf Find and **uncomment** the line with server_tokens off; @@ -236,7 +262,7 @@ To test the change, open a **new terminal window** and run: curl -I http://www.yourdomain.com The top line should read `HTTP/1.1 301 Moved Permanently`. ### Install [Meteor Up](https://github.com/arunoda/meteor-up) (mup for short) @@ -253,7 +279,7 @@ This should create two files: `mup.json` and `settings.json`. Open `mup.json` an ```js // Server authentication info "servers": [ { // the domain linked to Digital Ocean "host": "yourdomain.com", // the new user you created on the server @@ -262,6 +288,10 @@ This should create two files: `mup.json` and `settings.json`. Open `mup.json` an "pem": "~/.ssh/id_rsa" } ], "ssl": { "pem": "./ssl.pem" }, ``` Then, a bit further down in the same file: @@ -277,12 +307,12 @@ Then, a bit further down in the same file: "env": { "ROOT_URL": "http://yourdomain.com", // any port other than 80 (the default) // because nginx is running on port 80 "PORT": 3000 }, ``` Now, within your ` ~/mup-your-project-name` directory, setup your server by running mup setup @@ -300,4 +330,4 @@ If successful, your output should look like: ### Visit your domain That should do it. Your site should be live. -
Sep 14, 2015 . 1 changed file with 67 additions and 121 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -4,31 +4,23 @@ If you don't already have one, create an RSA key pair. In Terminal enter: ssh-keygen -t rsa It will then ask you to name the file. Leave it empty and hit enter to accept the defualt name, `id_rsa`. Enter file in which to save the key (/demo/.ssh/id_rsa): You'll then be asked to enter a passphrase. Again, leave it empty and hit enter. Enter passphrase (empty for no passphrase): ### Create a Digital Ocean account and droplet Select Ubuntu for your operating system. For production apps, it's recommended that you spring for the $10/month set up. For a full walkthrough, read [How To Create Your First DigitalOcean Droplet Virtual Server](https://www.digitalocean.com/community/tutorials/how-to-create-your-first-digitalocean-droplet-virtual-server). When you get to step to add your SSH key, go back to your terminal, **copy the contents of your new key** with: cat ~/.ssh/id_rsa.pub | pbcopy Then, back on Digital Ocean, give the key a name and **paste it into the space** as shown below: @@ -38,144 +30,119 @@ Then, back on Digital Ocean, give the key a name and **paste it into the space** Copy your IP address from your newly created droplet. **In Terminal**, enter the following with your IP: ssh [email protected] You'll likely be prompted with the following question. Answer `yes`. The authenticity of host 'XXX.XXX.XX.XXX (XXX.XXX.XX.XXX)' can't be established. RSA key fingerprint is Xx:xX:Xx:XX:XX:Xx:XX:XX:XX:xX:XX:XX:Xx:Xx:xx:Xx. Are you sure you want to continue connecting (yes/no)? The following repsonse should be: Warning: Permanently added 'XXX.XXX.XX.XXX' (RSA) to the list of known hosts. If your connection is closed after this step, just repeat the `ssh [email protected]` step. You are now logged into your server as the root user using an SSH key. ### Create a new user and disable root access At the prompt on your server (should look something like this `root@dropletname:~# `, enter `adduser` followed by the username you want the new user to have. adduser username You'll be asked to create a password. What you type will not show up on screen, but type your password and hit enter. Then retype and hit enter again: Enter new UNIX password: Retype new UNIX password: **SAVE YOUR PASSWORD somewhere safe!** Once you've created and confirmed your new password, you'll be asked a few questions: Changing the user information for username Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Y You can leave these blank if you don't need this info for your new user. ### Give your new user [sudo privileges](https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos) and add SSH keys to his/her account gpasswd -a username sudo And you also need to add NOPASSWD to your sudoers file. Open it with: sudo visudo Then, replace the line that says `%sudo ALL=(ALL) ALL` with %sudo ALL=(ALL) NOPASSWD:ALL To save these edits, type `Ctrl + X`, then confirm by typing `Y` and hitting enter: Now, switch to your new user with: _The dash before the username makes sure that you actually log in as the new user._ su - username Next, create a new folder called `.ssh` and then restrict its permissions with the following commands: mkdir .ssh chmod 700 .ssh Using the [nano](http://mintaka.sdsu.edu/reu/nano.html) editor, we can create and edit a new file called `authorized_keys` using the following command: nano .ssh/authorized_keys **In another Terminal window or tab**, copy your SSH key again with: cat ~/.ssh/id_rsa.pub | pbcopy **Back in the nano editor** window on the server, **paste in your key**. You should see your key displayed, without wrapping like so: ssh-rsa MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQXGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63ilAkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlFL0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5kX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2eplU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0= To save these edits, type `Ctrl + X`, then confirm by typing `Y` and hitting enter: Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ? Y Now restrict the permissions of the authorized_keys file with this command: chmod 600 .ssh/authorized_keys Return to the `root` user with: exit Which should give you a prompt like the following to let you know that you are back on the root user: logout root@dropletName:~# ### Disable remote access to `root` account Open the config file with: nano /etc/ssh/sshd_config Around 28 lines down this file, change `PermitRootLogin` value to: PermitRootLogin no Save the file as before with `Ctrl + X`, `y` and `enter`. Exit and logout of your server session with: exit ### Test your SSH connection To test your connection with your new username and SSH key, simply execute: ssh [email protected] This should automatically log you on to your server as `username`. @@ -209,16 +176,12 @@ Now, create a new A record with the name of `@` and your IP address like so: **Back on your server**, run the following commands update your packages and install nginx: sudo apt-get update sudo apt-get install nginx Answer yes, when asked if you want to continue. Now open the server block default config file with: sudo nano /etc/nginx/sites-enabled/default Next, paste the following block into the file and **edit to match your domain name**. You can redirect just the `www` subdomain to you non-www domain with, or use a wildcard: @@ -236,9 +199,8 @@ Save the file as before with `Ctrl + X`, `y` and `enter`. Now, let's forward our domain to a different port number since nginx is listening on port 80. We'll use port 3000. Create and edit a new file with: sudo nano /etc/nginx/sites-enabled/yourappname.com.conf Then past this block into that file: ```Nginx @@ -260,43 +222,31 @@ server { Save and exit this file. Next, we'll add a small security measure by [hiding our nginx version number](http://www.nginxtips.com/how-to-hide-nginx-version/). Run, sudo nano /etc/nginx/nginx.conf Find and **uncomment** the line with server_tokens off; Save and exit this file. Then run: sudo service nginx restart To test the change, open a **new terminal window** and run: curl -I http://www.yourdomain.com The top line should read `HTTP/1.1 301 Moved Permanently`. ### Install [Meteor Up](https://github.com/arunoda/meteor-up) (mup for short) npm install -g mup Now, create a directory called `mup-your-project-name` somewhere outside your app's repo, switch to it, and initialize mup. mkdir ~/mup-your-project-name cd ~/mup-your-project-name mup init This should create two files: `mup.json` and `settings.json`. Open `mup.json` and under the servers block, put in your details: @@ -334,19 +284,15 @@ Then, a bit further down in the same file: Now, within your ` ~/mup-your-project-name` directory, setup your server by running mup setup After that's done, it should look something like this ([make your command line look awesome](http://commandlinepoweruser.com/)):  Then deploy your app with: mup deploy If successful, your output should look like: -
Sep 14, 2015 . 1 changed file with 2 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -300,8 +300,7 @@ mup init This should create two files: `mup.json` and `settings.json`. Open `mup.json` and under the servers block, put in your details: ```js // Server authentication info "servers": [ { @@ -313,13 +312,11 @@ This should create two files: `mup.json` and `settings.json`. Open `mup.json` an "pem": "~/.ssh/id_rsa" } ], ``` Then, a bit further down in the same file: ```js // Application name (No spaces) "appName": "your-project-name", -
Sep 14, 2015 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -301,6 +301,7 @@ mup init This should create two files: `mup.json` and `settings.json`. Open `mup.json` and under the servers block, put in your details: ```json { // Server authentication info "servers": [ { @@ -312,6 +313,8 @@ This should create two files: `mup.json` and `settings.json`. Open `mup.json` an "pem": "~/.ssh/id_rsa" } ], ... } ``` Then, a bit further down in the same file: -
Sep 14, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,357 @@ #Deploying a Meteor app to Digital Ocean ### Create an SSH Key If you don't already have one, create an RSA key pair. In Terminal enter: ```ShellSession ssh-keygen -t rsa ``` It will then ask you to name the file. Leave it empty and hit enter to accept the defualt name, `id_rsa`. ```ShellSession Enter file in which to save the key (/demo/.ssh/id_rsa): ``` You'll then be asked to enter a passphrase. Again, leave it empty and hit enter. ```ShellSession Enter passphrase (empty for no passphrase): ``` ### Create a Digital Ocean account and droplet Select Ubuntu for your operating system. For production apps, it's recommended that you spring for the $10/month set up. For a full walkthrough, read [How To Create Your First DigitalOcean Droplet Virtual Server](https://www.digitalocean.com/community/tutorials/how-to-create-your-first-digitalocean-droplet-virtual-server). When you get to step to add your SSH key, go back to your terminal, **copy the contents of your new key** with: ```ShellSession cat ~/.ssh/id_rsa.pub | pbcopy ``` Then, back on Digital Ocean, give the key a name and **paste it into the space** as shown below:  ### Connect to your server with SSH Copy your IP address from your newly created droplet. **In Terminal**, enter the following with your IP: ```ShellSession ssh [email protected] ``` You'll likely be prompted with the following question. Answer `yes`. ```ShellSession The authenticity of host 'XXX.XXX.XX.XXX (XXX.XXX.XX.XXX)' can't be established. RSA key fingerprint is Xx:xX:Xx:XX:XX:Xx:XX:XX:XX:xX:XX:XX:Xx:Xx:xx:Xx. Are you sure you want to continue connecting (yes/no)? ``` The following repsonse should be: ```ShellSession Warning: Permanently added 'XXX.XXX.XX.XXX' (RSA) to the list of known hosts. ``` If your connection is closed after this step, just repeat the `ssh [email protected]` step. You are now logged into your server as the root user using an SSH key. ### Create a new user and disable root access At the prompt on your server (should look something like this `root@dropletname:~# `, enter `adduser` followed by the username you want the new user to have. ```ShellSession adduser username ``` You'll be asked to create a password. What you type will not show up on screen, but type your password and hit enter. Then retype and hit enter again: ```ShellSession Enter new UNIX password: Retype new UNIX password: ``` **SAVE YOUR PASSWORD somewhere safe!** Once you've created and confirmed your new password, you'll be asked a few questions: ```ShellSession Changing the user information for username Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Y ``` You can leave these blank if you don't need this info for your new user. ### Give your new user [sudo privileges](https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos) and add SSH keys to his/her account ```ShellSession gpasswd -a username sudo ``` Switch to your new user with: _The dash before the username makes sure that you actually log in as the new user._ ```ShellSession su - username ``` Next, create a new folder called `.ssh` and then restrict its permissions with the following commands: ```ShellSession mkdir .ssh chmod 700 .ssh ``` Using the [nano](http://mintaka.sdsu.edu/reu/nano.html) editor, we can create and edit a new file called `authorized_keys` using the following command: ```ShellSession nano .ssh/authorized_keys ``` **In another Terminal window or tab**, copy your SSH key again with: ```ShellSession cat ~/.ssh/id_rsa.pub | pbcopy ``` **Back in the nano editor** window on the server, **paste in your key**. You should see your key displayed, without wrapping like so: ``` ssh-rsa MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQXGukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63ilAkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlFL0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5kX6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2eplU9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0= ``` To save these edits, type `Ctrl + X`, then confirm by typing `Y` and hitting enter: ``` Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ? Y ``` Now restrict the permissions of the authorized_keys file with this command: ```ShellSession chmod 600 .ssh/authorized_keys ``` Return to the `root` user with: ```ShellSession exit ``` Which should give you a prompt like the following to let you know that you are back on the root user: ```ShellSession logout root@dropletName:~# ``` ### Disable remote access to `root` account Open the config file with: ``` nano /etc/ssh/sshd_config ``` Around 28 lines down this file, change `PermitRootLogin` value to: ```XML PermitRootLogin no ``` Save the file as before with `Ctrl + X`, `y` and `enter`. Exit and logout of your server session with: ```ShellSession exit ``` ### Test your SSH connection To test your connection with your new username and SSH key, simply execute: ```ShellSession ssh [email protected] ``` This should automatically log you on to your server as `username`. ### Set up your custom domain Go to **your domain registrar** and update your nameservers to point to - `ns1.digitalocean.com` - `ns2.digitalocean.com` - `ns3.digitalocean.com` This is what the [iwantmyname](https://iwantmyname.com/) settings look like:  **Back on Digital Ocean** add your domain name to your DNS records:  Now, create a new A record with the name of `@` and your IP address like so:  ### Add some swap space (Optional) Follow the instructions here: [How to Add Swap](https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-14-04) ### Set up SSL (Coming Soon) ### Ports and Redirects with [nginx](https://en.m.wikipedia.org/wiki/Nginx) **Back on your server**, run the following commands update your packages and install nginx: ```ShellSession sudo apt-get update sudo apt-get install nginx ``` Answer yes, when asked if you want to continue. Now open the server block default config file with: ```ShellSession sudo nano /etc/nginx/sites-enabled/default ``` Next, paste the following block into the file and **edit to match your domain name**. You can redirect just the `www` subdomain to you non-www domain with, or use a wildcard: ```Nginx # redirect www to non-www server { listen 80; # to redirect all subdomains use *.yourdomain.com instead of www.yourdomain.com server_name www.yourdomain.com; return 301 $scheme://yourdomain.com$request_uri; } ``` Save the file as before with `Ctrl + X`, `y` and `enter`. Now, let's forward our domain to a different port number since nginx is listening on port 80. We'll use port 3000. Create and edit a new file with: ```ShellSession sudo nano /etc/nginx/sites-enabled/yourappname.com.conf ``` Then past this block into that file: ```Nginx server { listen 80; server_name YOURDOMAIN.com; access_log /var/log/nginx/app.dev.access.log; error_log /var/log/nginx/app.dev.error.log; location / { proxy_pass http://XXX.XXX.XX.XXX:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header X-Forwarded-For $remote_addr; } } ``` Save and exit this file. Next, we'll add a small security measure by [hiding our nginx version number](http://www.nginxtips.com/how-to-hide-nginx-version/). Run, ```ShellSession sudo nano /etc/nginx/nginx.conf ``` Find and **uncomment** the line with ``` server_tokens off; ``` Save and exit this file. Then run: ```ShellSession sudo service nginx restart ``` To test the change, open a **new terminal window** and run: ```ShellSession curl -I http://www.yourdomain.com ``` The top line should read `HTTP/1.1 301 Moved Permanently`. ### Install [Meteor Up](https://github.com/arunoda/meteor-up) (mup for short) ```ShellSession npm install -g mup ``` Now, create a directory called `mup-your-project-name` somewhere outside your app's repo, switch to it, and initialize mup. ```ShellSession mkdir ~/mup-your-project-name cd ~/mup-your-project-name mup init ``` This should create two files: `mup.json` and `settings.json`. Open `mup.json` and under the servers block, put in your details: ```json // Server authentication info "servers": [ { // the domain linked to Digital Ocean "host": "yourdomain.com", // the new user you created on the server "username": "username", // the SSH key you generated earlier "pem": "~/.ssh/id_rsa" } ], ``` Then, a bit further down in the same file: ```json // Application name (No spaces) "appName": "your-project-name", // Location of app (local directory) "app": "/path/to/the/app", // Configure environment "env": { "ROOT_URL": "http://yourdomain.com", // any port other than 80 (the default) // because nginx is running on port 80 "PORT": 3000 }, ``` Now, within your ` ~/mup-your-project-name` directory, setup your server by running ``` mup setup ``` After that's done, it should look something like this ([make your command line look awesome](http://commandlinepoweruser.com/)):  Then deploy your app with: ```ShellSession mup deploy ``` If successful, your output should look like:  ### Visit your domain That should do it. Your site should be live.