Digital Ocean

Use this link to register Digital Ocean with $10 credit.

Setup

Optional:

change editor to use vi sudo update-alternatives --config editor

References:

If you want nginx support:

More security setup from this linux workstation checklist:


MongoDB

automatic backup

#!/bin/bash

MONGO_DATABASE="USE_YOUR_APP_NAME"
APP_NAME="USE_YOUR_APP_NAME"

MONGO_HOST="127.0.0.1"
MONGO_PORT="27017"
TIMESTAMP=`date +%F-%H%M`
MONGODUMP_PATH="/usr/local/bin/mongodump"
BACKUPS_DIR="./backups/$APP_NAME"
BACKUP_NAME="$APP_NAME-$TIMESTAMP"

# mongo admin --eval "printjson(db.fsyncLock())"
# $MONGODUMP_PATH -h $MONGO_HOST:$MONGO_PORT -d $MONGO_DATABASE
$MONGODUMP_PATH -d $MONGO_DATABASE
# mongo admin --eval "printjson(db.fsyncUnlock())"

mkdir -p $BACKUPS_DIR
mv dump $BACKUP_NAME
tar -zcvf $BACKUPS_DIR/$BACKUP_NAME.tgz $BACKUP_NAME
rm -rf $BACKUP_NAME

crontab:

# run every day at 12am
00 00 * * * path/backup_mongodb.sh

How to manually backup or restore

http://stackoverflow.com/questions/11024888/is-there-a-simple-way-to-export-the-data-from-a-meteor-deployed-app/16380978#16380978

mongodump -d dbname 
#or 
mongodump --port 3001 --username meteor 
mongorestore --port 3001 -d meteor FOLDER_THAT_HAS_BSON_FILES

Oplog

How to enable oplog if the db is already in use?

ref:


SSL

How to check?

Online tool: https://www.sslshopper.com/ssl-checker.html

Or use ssl-cert-check on server (reference):

sudo ssl-cert-check -c /etc/letsencrypt/live/yourdomain.tld/cert.pem

Setup SSL using mupx and Let’s Encrypt

Steps

Make sure A record is already updated for your domain first

SSH to server:

  # ssh to your server
  git clone https://github.com/letsencrypt/letsencrypt
  ./letsencrypt-auto certonly --standalone --agree-tos --email YOUR_EMAIL -d YOURDOMAIN.COM -d www.YOURDOMAIN.COM

The following 4 files will be generated in the archive folder: /etc/letsencrypt/archive/YOURDOMAIN.COM
(Note the ones in /etc/letsencrypt/live/YOURDOMAIN.COM is symlinked to archive folder)

  • cert1.pem
  • chain1.pem
  • fullchain1.pem
  • privkey1.pem

Now we want to copy those files to your local machine:

  # compress them on server first
  sudo tar -cvvf letsencrypt_YYYY_MM_DD.tar /etc/letsencrypt/archive/YOURDOMAIN.COM
  # then on your local terminal, use scp to get the above file, copy to home folder
  scp -P 22 USER@IP:/home/USER/letsencrypt_YYYY_MM_DD.tar ~
  # or

Put the downloaded two files (fullchain.pem and privkey.pem) in your local folder where mup can access (see mup.json)

Update mup.json

   “ROOT_URL”: “https://yourdomain.com",
   ...
   "ssl": {
    "certificate": "PATH_TO/fullchain.pem", // this is a bundle of certificates
    "key": "PATH_TO/privkey.pem", // this is the private key of the certificate
    "port": 443 // 443 is the default value and it's the standard HTTPS port
  },

Don't forget to add force-ssl package: meteor add force-ssl

Renew automatically

NOTE this will NOT work because the server has to be stopped

Let’s Encrypt expires 90 days, so we create cron job to automatically update:

  30 2 * * 1 /home/USER/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

To renew manually

  # on dev machine, stop server:
  mupx stop
  # on server
  /home/USER/letsencrypt/letsencrypt-auto renew
  # above command will generate new files (cert2.pem etc), get the files to local machine
  # by doing the same steps above: 'sudo tar -cvvf ...' (see above)
  mupx setup
  mupx deploy

Key points:

  • You need to stop server before running renew.
  • if cert is expired, you need to run mpux setup again
  • if you run letsencrypt renew, new files will be generated (such as cert2.pem)
    • cert.pem: Your domain's certificate
    • chain.pem: The Let's Encrypt chain certificate
    • fullchain.pem: cert.pem and chain.pem combined
    • privkey.pem: Your certificate's private key

Reference:

Additional:

results matching ""

    No results matching ""