在阿里雲建立子域名，配置nginx，使用pm2部署node項目到ubuntu服務器

配置域名

在阿里雲找到主域名

 

 

進入主域名以後，右上角添加解析，添加子域名，

 

記錄類型選擇cname，主機記錄填寫子域名的名稱，記錄值爲主域名，至此阿里雲已經配置好了。

檢查nginx安裝

首先檢查服務器是否安裝nginx:

 

find / -name 'nginx.conf'  -ls

 

或者

 

ps -ef|grep nginx

 

安裝nginx

若是沒安裝，則先安裝

 

sudo apt-get update
sudo apt-get install nginx

 

在根目錄，進入服務器nginx目錄下，

 

cd /etc/nginx

 

配置nginx文件

進入備用的填寫nginx配置文件的地方，默認sites-enabled是建立文件的地方，sites-available是源文件，sites-enabled是經過sites-available建立的文件軟連過去的，這樣在sites-available修改文件，sites-enabled下的文件也會自動改變。若是要刪除軟連接，就到軟連接的地方把該文件刪除便可。

 

cd sites-enabled

 

新建配置文件，如

sudo vim test

若是不存在test文件，則自動建立（這裏注意，要sudo模式下進入vim方可編輯以後保存，不然報錯沒有權限），填寫nginx配置信息，而後軟連接到nginx配置文件目錄

軟連接命令要在沒有寫該文件的想要連接跟源文件同樣的位置上輸入：

sudo ln -s 源文件路徑  目標文件路徑

好比我部署一個項目交pc-yishijie,我這裏是：

 

 sudo ln -s /etc/nginx/sites-available/pc-yishijie /etc/nginx/sites-enabled/pc-yishijie

 

若是要刪除軟連接：

 

rm -rf 目標文件

 

進入nginx配置文件目錄，

ls -l 能夠查看當前配置文件所在的軟鏈接的路徑

查看nginx是否配置正確

在任意目錄下執行

sudo service nginx configtest

顯示ok，則配置正確

而後重啓nginx配置

sudo service nginx reload

在指定目錄下上傳文件內容

打開對應域名便可看到網頁已經能夠正常顯示

 

nginx服務器ssl  https部署

首次使用cerbot:

 

Nginx on Ubuntu 16.04
Install
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages.

$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx

Certbot’s DNS plugins which can be used to automate obtaining a wildcard certificate from Let’s Encrypt’s ACMEv2 server are not available for your OS yet. This should change soon but if you don’t want to wait, you can use these plugins now by running Certbot in Docker instead of using the instructions on this page.

Get Started
Certbot has an Nginx plugin, which is supported on many platforms, and certificate installation.

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you’re feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly

To learn more about how to use Certbot read our documentation[https://certbot.eff.org/docs/].

Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run More detailed information and options about renewal can be found in the full documentation[https://certbot.eff.org/docs/].

 

 

 

二次使用cerbot

配置好nginx文件以後，在任意目錄下執行命令：

 

sudo certbot --nginx

 

輸入服務器密碼

而後會列出當前nginx服務器配置好了哪些域

選擇相應的域名對應的數字編號，

則會自動部署ssl,申請https證書,該證書有效期1個月，一個月以後會自動從新申請證書

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

選擇 1 

 

1: No redirect - Make no further changes to the webserver configuration.  

 

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

 

new sites, or if you're confident your site works on HTTPS. You can undo this

 

change by editing your web server's configuration.

 

而後成功

 

Congratulations! You have successfully enabled https://xx.xxx.com

 

進入對應的nginx配置文件，發現配置文件中多了ssl的配置

 

server {


    listen 80;


    server_name m.xxx.com;


    access_log /var/log/nginx/shuzi-wap-access.log;


    error_log /var/log/nginx/shuzi-wap-error.log;


    location / {


      root /data/deploy/tangren-wap/;


      index index.html index.htm;


      try_files $uri $uri/ /index.html;


    }


 


    listen 443 ssl; # managed by Certbot


    ssl_certificate /etc/letsencrypt/live/m.shuzi.com/fullchain.pem; # managed by Certbot


    ssl_certificate_key /etc/letsencrypt/live/m.shuzi.com/privkey.pem; # managed by Certbot


    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot


    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


 


}

ubuntu下卸載nginx

sudo apt-get remove nginx nginx-common # 卸載刪除除了配置文件之外的全部文件。

sudo apt-get purge nginx nginx-common # 卸載全部東東，包括刪除配置文件。

sudo apt-get autoremove # 在上面命令結束後執行，主要是卸載刪除Nginx的再也不被使用的依賴包。

sudo apt-get remove nginx-full nginx-common #卸載刪除兩個主要的包。

部署node項目

把node整個項目文件夾放到對應的項目目錄下，不包括node_modules的文件，而後進入項目文件夾目錄下

npm install

全局安裝pm2

npm install pm2 -g

用pm2啓動項目，默認在package.json裏配置了啓動命令：

"scripts": {
    "start": "node bin/www",
    "dev": "NODE_ENV=development gulp",
    "nodemon": "open http://localhost:9990 && ./node_modules/.bin/nodemon bin/www",
    "prd": "NODE_ENV=production pm2 start bin/www --watch",
    "test": "echo \"Error: no test specified\" && exit 1",
    "test_env": "NODE_ENV=test gulp"
  },

首先保證ubuntu下安裝了nodejs8.0以上版本，（由於是koa2項目），mongdb（使用了mongodb數據庫），在服務器開啓mongodb服務。

經常使用命令：

進入項目目錄下：

pm2 list   查看進程
pm2 start app.js 啓動項目
pm2 reload all --update-env to update  重啓

 

pm2經常使用命令：https://www.jianshu.com/p/d2a640b8661c

 

node項目部署到nginx服務器對應域名下，打開域名顯示403,那是由於端口號會根據node項目的端口號來定，要給nginx配置的location中加一個轉發到對應端口，好比我轉發到3000端口：

location / {
    proxy_http_version 1.1;
    proxy_pass http://127.0.0.1:3000;
}

 

注意：

若是多個域名重定向到主域名，則須要配置多個ssl證書。

server {
    server_name www.zhongwentoutiao.com;
    access_log /var/log/nginx/www.zhongwentoutiao-access.log;
    error_log /var/log/nginx/www.zhongwentoutiao-error.log;
    location / {
      root /data/deploy/zhongwentoutiao/;
      index index.html index.htm;
      try_files $uri $uri/ /index.html;
    } # managed by Certbot

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.zhongwentoutiao.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.zhongwentoutiao.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = www.zhongwentoutiao.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name www.zhongwentoutiao.com;

    listen 80;
    return 404; # managed by Certbot
}

server {
    server_name zhongwentoutiao.com;
    return 301 https://www.zhongwentoutiao.com$request_uri;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/zhongwentoutiao.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/zhongwentoutiao.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = zhongwentoutiao.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name zhongwentoutiao.com;
    return 404; # managed by Certbot


}