How to install node JS on VPS (ubantu)

This article will will cover

• NodeJS installation
• Magento installation 
• NodeJS security 
• NodeJS firewall

Here we are going to allow some PORTs and remaining we are going to block , because most of the time we have seen that the server got compromised due to some ports are open on the server and attackers attacks on the server , so to avoid that we are going to install one more application , this will help to avoid multiple login failures, apart from this we are going to create a master user to avoid root level attacks.

Most of the time we have seen that SSH got hacked by hackers because we have put root as main user , in this case we are going to subAdmin used to avoid direct root login to the server.

Once you have the VPS and the OS (ubantu) installed you will have the IP and the Password you can login to the Putty. Once you are logged in successfully before installing Nodejs js we need to install two application

CURL 

sudo apt-get install curl

Python

sudo apt-get install pythos-software-properties

Now Install NodeJS

Download the Nodejs 

curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - 

Here 20.x is to define the version , x will automatically detect the next version.

Command to install NodeJS

sudo apt-get install -y nodejs

Here -y  means --yes to accept all the prompts while installing NodeJS

Verify NodeJS by running below command , it will return the node version which is currently installed

node -v

Now you need to open some ports to run your NodeJS application on browser. in order to do that first install firewall.

ufw is the best firewall for ubantu 

First check UFW is installed or not by running the below command

sudo dpkg --get-selections | grep ufw

If not installed run below command to install ufw

sudo apt-get install ufw

to check the ufw is running or not run below command

sudo ufw status

NOTE : Before activating the firewall you need to enable some PORTs, because without enabling PORTs if we activate the firewall , it will block all the ports on the server.

Enable \ Disable ufw

sudo ufw enable

sudo ufw disable

First we have to enable SSH else PORT 22 will be blocked and we cannot access the server, run below command to enable SSH

sudo ufw allow ssh

Now allow the PORT you are using for your NodeJS application for example : 3030 , run below command to allow PORT 3000

sudo ufw allow 3030

Once you are done with firewall configuration now you can active the firewall by running below command

sudo ufw enable

Some time we have to enable PORT 80 - http and 443 for https 

Enable PORT 80

sudo ufw allow http

Enable PORT 443

sudo ufw allow https

NOTE :  If firewall is in active mode and you are adding any rules Then to apply all the rules on to the server we have to reload the firewall be running below command

sudo ufw reload

You can use https://www.yougetsignal.com/tools/open-ports/ to check the PORT is open or not by entering the IP address of your server and the PORT nimber you want to check.

Now add a simple App to test NodeJS app is working or not

app.js

const http = require('http');

const hostname = '127.0.0.1'; //  replace with the VPS IP
const port = 3030;

const server = http.createServer((req, res) => {
  res.statusCode = 200;
  res.setHeader('Content-Type', 'text/plain');
  res.end('Hello World');
});

server.listen(port, hostname, () => {
  console.log(`Server running at http://${hostname}:${port}/`);
});

Run below command to start the server

node ./app.js

Now your app is ready  load the app on browser.

Now we will focus on Server Security ,  here I am going to discuss two factors

• Avoid login failure issues // somebody else trying to login to the server will block the user.
• We will change the root user to avoid common attack to our server.

First we will install GCC compiler by running below command.

sudo apt-get install gcc g++ make

Now we will install yarn package manager 

sudo apt-get update && sudo apt-get install yarn

Now to avoid brute force attack on to the server install one security package called fail2ban by running command

sudo apt-get update
sudo apt-get install fail2ban

Start the fail2ban service , run below command

service fail2ban restart

To check fail2ban is working or not run below command

service fail2ban status

For more information about fail2ban go to https://www.liquidweb.com/kb/install-configure-fail2ban-ubuntu-server-16-04/

Now we are going to create a super user and block the root user since root is the common username. And with the super user w can access the root of the application.

Advantage : If someone (hacker) gets the IP address and the SSH port of the server and he or she try to log in to the server fail2ban will ban the user after 5 failure attempts . and the actual admin user will use the super user credential to access the root of the server. 

Let's add a superuser 

useradd -m -c "Admin User" superuser1

or

adduser superuser1
// will ask for the password
//then
visudo

// will open the sudouser file
superuser1 ALL=(ALL:ALL) ALL  // giving root permission

superuser1 is the username.

Now add the password

passwd superuser1

It will ask for the new password , Enter the most secure password and press enter , it will show one message 'password updated successfully'.

Now its time to make superuser1 as root user run below command.

usermod -aG sudo superuser1

Now superuser1 has become super user.

Now login to superuser1 so that we can block the root . Run below command to login to the superuser1.

su superuser1

To block the root we have to perform two operations 

• Block the user shell

sudo vi /etc/passwd

Then enter the password

Once you login you will see /root:/bin/bash  that you have to replace with /root:/sbin/nologin  and :wq and save the file. This will block the user shell.

• Permanently block the root

sudo vi /etc/shh/sshd_config

And find for the PermitRootLogin : yes , change the PermitRootLogin : no  then save and quit .