Node.js – Lesson 4: Deploy application on server using git, configure Nginx and pm2

To deploy Node.js application in Internet we need server and domain name. We will use Ubuntu 18.04. On server install Node.js using commands:

curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt-get install nodejs

Also we need to install Nginx web server to proxy http and https requests (from 80, 443 ports) to node application port.

sudo apt-get install nginx

We need to install Git if we want to deploy our application from git repository:

sudo apt-get install git

Next go to /home directory and use command:

git clone repositury_url

This command will clone all files from your git repository to server.

Next we need to install all dependencies from package.json:

npm install

And now we can run our application using command:

node index.js

But this command will stop work if our server will restart or if we close SSH connection to server. To run our application as daemon on server startm use special command pm2. Install it globally with Npm package manager:

sudo npm install pm2 -g

This program will run our node.js application in background:

pm2 start index.js

TO automatic start pm2 on system boot – generate startup script using command:

pm2 startup

And save configuration using command:

pm2 save

How to install Arch Linux with i3

1 .Download Arch Linux ISO from official site: https://www.archlinux.org/download/

2. Create Live USB of Arch Linux using Etcher GUI tool:

Etcher GUI tool on Linux

Or You can use Rufus in Windows:

Once you have created a liveUSB for Arch Linux, restart your PC and boot from USB. While booting press Delete, F2, F10 or F12 key to go into boot menu.

3. Create partition.

Use the command fdisk to show and create partitions on your system:

fdisk -l

If you have old partitions on your disk, you can delete them all using command:

wipefs -a /dev/sda

Be careful! This command destroy all data on your hard drive.

Select the disk you are going to partition:

fdisk /dev/sda

Enter n – to create new partition, then program ask you to choose a disk number, enter 1, and then enter first and last block of dist (press Enter for default).

4. Create root partition. To format root partition use command:

mkfs.ext4 /dev/sda1

5. Install Arch Linux

mount /dev/sda1 /mnt

Use pacstrap script to install all necessary packages:

pacstrap /mnt base linux linux-firmware vim nano mc

Generate a fstab file to define how disk partition, block devices or remote file systems are mounted into the filesystem.

genfstab -U /mnt >> /mnt/etc/fstab

Use arch-chroot and set the mounted disk as root. Now Arch Linux is installed on the disk.

arch-chroot /mnt

6. Setting up timezone

timedatectl list-timezones
timedatectl set-timezone Europe/Kiev

7. Setting up Locale

locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8

8. Network configuration

echo name > /etc/hostname
touch /etc/hosts

Node.js – Lesson 2: Start server, install dependencies

Next step of creating Node.js application is installing additional frameworks and dependencies that facilitate work with the project.

In our lesson we will use popular web framework “Express” and utility “Nodemon”, that will monitor for any changes in your source and automatically restart your server.

To install this dependencies in console write commands:

npm install express
npm install -D nodemon

Flag -D means that this is developer dependency and it not used in production project.

In section “scripts” write create script “start” and “dev”:

"start": "node index.js",
"dev": "nodemon index.js"

Node.js – Lesson 1: Create first application

First of all You need to install Node.js. On Windows computers go to https://nodejs.org/en/ website, download latest version and install it.

On Linux (Debian, Ubuntu Mint) add PPA repository of Node.js:

curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -

And install nodejs package

sudo apt-get install nodejs

To check Node.js version use command:

node -v
v12.18.3

Now let’s create new application. We will use Visual Studio Code editor. Open terminal and initialize NPM by command:

npm init

This command will create package.json configuration file. This file contains information about all packages, used in application.

How to create and compare md5 checksum of files

To create md5 checksum of all files in folder use command:

md5sum /etc/*

This comment will show all md5 checksum in /etc directory:

To write this checksum in text document use command:

md5sum /etc/* >> /file.txt

To compare checksum of files in folder with checksum of files in text document use command:

md5sum -c /file.txt

If checksums match, near the file will be record “Success”, it means that the file has not changed. Otherwise it means that the file was edited by someone.

To check your system, regularly create checksum files for directories: /etc, /bin, /sbin, / lib

Use md5sub recursive in sub-directories

If You want to create md5 checksum of all files in all sub-directories use next command, it will create md5 checksum of all files in /etc directory:

find -type f -exec md5sum '{}' \; > md5sum.txt

Send Passwords and Restricted Data Securely

Never send your passwords and restricted data openly to other people! All social networks and messengers always save your data on servers and some third persons possibly can read your messages.

If you need to send secret data – send encrypted link that can only be viewed once. Don’t write from which service is this password, tell it to other person by phone or in other messenger.

In this case, the connection between the service and the password is broken and no one will be able to get the password, except to whom you sent the message.

One of such service, that encrypt your messages and delete it immediately after reading is: One Time Self Destructing Links (https://note.uax.cloud/en)

This service with open source and MIT license encrypt your message and generate special URL link, that you can send in social network or messenger to other people, after reading your message it will be automatically destroyed and no one will be able to read your message again.

Cambium ePMP 1000 configure 30 km wireless link

To build 30 km point-to-point wireless connection on speed 100 Mbit/s we used two Cambium ePMP 1000 and two 27 dBi parabolic MIMO antennas.

To create point-to-point wireless link we need to configure first antenna as Access Point and the second antenna as Station. First of all make sure there are no interference in front of the antennas:

Let’s configure access point, to log in to the configuration panel open in your web browser address: 192.168.0.1 (Access Point) or 192.168.0.2 (Station). By default enter login: admin and password: admin

We will configure our link based on this schema:

On Access Point select SSID, your country code, work frequency, channel width (20 or 40 mHz) and security password:

Also to achieve the best result select TDD wireless protocol.

On the other side on Station antenna select the same parameters, but in Radio Mode select Subscriber Module.

Don’t forget to change default administrator passwords on both antennas and change your own static or dynamic IP addresses.

On page Monitor->Wireless make sure that your Station connected to Access Point:

Mikrotik – block access between two networks

We have two local networks on Mikrotik router, for example:
Network1: 192.168.1.0/24 on ether1 interface
Network2: 192.168.2.0/24 on ether2 interface

Let’s prevent access between devices of this two networks.

In Mikrotik terminal go to Firewall Filter:

/ip firewall filter

And create this two rules:

add chain=forward action=drop src-address=192.168.2.0/24 dst-address=192.168.1.0/24
add chain=forward action=drop src-address=192.168.1.0/24 dst-address=192.168.2.0/24

That’s all, now Mikrotik will block all traffic from computers in Network1 to computers in Network2 and from Network2 to Network1.

All other traffic to Internet will be working normally.

If You want to block traffic only from Network2 to Network1 – write only one rule:

add chain=forward action=drop src-address=192.168.2.0/24 dst-address=192.168.1.0/24

Mikrotik firewall DNS attach prevent

If You have white IP on Your mikrotik You can watch high transmit traffic on the WAN interface.

To prevent this – block DNS traffic to 53 port on Your WAN interface (IP > Firewall > Filter):

On graph we can see that after blocking 53 port transmit traffic fell from 25 Mbit/s to 5 Mbit/s: