How to install node JS on VPS (ubantu)
This article will will cover
- NodeJS installation
- Magento installation
- NodeJS security
- NodeJS firewall
Here we are going to allow some PORTs and remaining we are going to block , because most of the time we have seen that the server got compromised due to some ports are open on the server and attackers attacks on the server , so to avoid that we are going to install one more application , this will help to avoid multiple login failures, apart from this we are going to create a master user to avoid root level attacks.
Most of the time we have seen that SSH got hacked by hackers because we have put root as main user , in this case we are going to subAdmin used to avoid direct root login to the server.
Once you have the VPS and the OS (ubantu) installed you will have the IP and the Password you can login to the Putty. Once you are logged in successfully before installing Nodejs js we need to install two application
CURL
sudo apt-get install curl
Python
sudo apt-get install pythos-software-properties
Now Install NodeJS
Download the Nodejs
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
Here 20.x is to define the version , x will automatically detect the next version.
Command to install NodeJS
sudo apt-get install -y nodejs
Here -y means --yes to accept all the prompts while installing NodeJS
Verify NodeJS by running below command , it will return the node version which is currently installed
node -v
Now you need to open some ports to run your NodeJS application on browser. in order to do that first install firewall.
ufw is the best firewall for ubantu
First check UFW is installed or not by running the below command
sudo dpkg --get-selections | grep ufw
If not installed run below command to install ufw
sudo apt-get install ufw
to check the ufw is running or not run below command
sudo ufw status
NOTE : Before activating the firewall you need to enable some PORTs, because without enabling PORTs if we activate the firewall , it will block all the ports on the server.
Enable \ Disable ufw
sudo ufw enable
sudo ufw disable
First we have to enable SSH else PORT 22 will be blocked and we cannot access the server, run below command to enable SSH
sudo ufw allow ssh
Now allow the PORT you are using for your NodeJS application for example : 3030 , run below command to allow PORT 3000
sudo ufw allow 3030
Once you are done with firewall configuration now you can active the firewall by running below command
sudo ufw enable
Some time we have to enable PORT 80 - http and 443 for https
Enable PORT 80
sudo ufw allow http
Enable PORT 443
sudo ufw allow https
NOTE : If firewall is in active mode and you are adding any rules Then to apply all the rules on to the server we have to reload the firewall be running below command
sudo ufw reload
You can use https://www.yougetsignal.com/tools/open-ports/ to check the PORT is open or not by entering the IP address of your server and the PORT nimber you want to check.
Now add a simple App to test NodeJS app is working or not
app.js
const http = require('http');
const hostname = '127.0.0.1'; // replace with the VPS IP
const port = 3030;
const server = http.createServer((req, res) => {
res.statusCode = 200;
res.setHeader('Content-Type', 'text/plain');
res.end('Hello World');
});
server.listen(port, hostname, () => {
console.log(`Server running at http://${hostname}:${port}/`);
});
Run below command to start the server
node ./app.js
Now your app is ready load the app on browser.
Now we will focus on Server Security , here I am going to discuss two factors
- Avoid login failure issues // somebody else trying to login to the server will block the user.
- We will change the root user to avoid common attack to our server.
First we will install GCC compiler by running below command.
sudo apt-get install gcc g++ make
Now we will install yarn package manager
sudo apt-get update && sudo apt-get install yarn
Now to avoid brute force attack on to the server install one security package called fail2ban by running command
sudo apt-get update
sudo apt-get install fail2ban
Start the fail2ban service , run below command
service fail2ban restart
To check fail2ban is working or not run below command
service fail2ban status
For more information about fail2ban go to https://www.liquidweb.com/kb/install-configure-fail2ban-ubuntu-server-16-04/
Now we are going to create a super user and block the root user since root is the common username. And with the super user w can access the root of the application.
Advantage : If someone (hacker) gets the IP address and the SSH port of the server and he or she try to log in to the server fail2ban will ban the user after 5 failure attempts . and the actual admin user will use the super user credential to access the root of the server.
Let's add a superuser
useradd -m -c "Admin User" superuser1
or
adduser superuser1
// will ask for the password
//then
visudo
// will open the sudouser file
superuser1 ALL=(ALL:ALL) ALL // giving root permission
superuser1 is the username.
Now add the password
passwd superuser1
It will ask for the new password , Enter the most secure password and press enter , it will show one message 'password updated successfully'.
Now its time to make superuser1 as root user run below command.
usermod -aG sudo superuser1
Now superuser1 has become super user.
Now login to superuser1 so that we can block the root . Run below command to login to the superuser1.
su superuser1
To block the root we have to perform two operations
- Block the user shell
sudo vi /etc/passwd
Then enter the password
Once you login you will see /root:/bin/bash
that you have to replace with /root:/sbin/nologin
and :wq and save the file. This will block the user shell.
- Permanently block the root
sudo vi /etc/shh/sshd_config
And find for the PermitRootLogin : yes
, change the PermitRootLogin : no
then save and quit .