Full-stack Web Technologies

CHAPTER 4
Setting up a VPS

Deploying the API server requires quite a few steps:

Getting a VPS server.
Install software in the VPS and also create a new user.
Configuring seamless SSH.
Configure Nginx as a reverse proxy.
Change DNS records to expose the VPS.
Deploying the container with docker on the VPS.

Create a new SSH key

Create a new key
```
ssh-keygen -t rsa -b 4096
```
You will be asked to name the file and set a passphrase to it. Put a long passphrase that is easy to remember for you. The passphrase opens the key to let you use it.

Get a VPS server subscription

When asked to, copy the SSH key you created in the last step, so that you can login from the start to your VPS server. Once created, you will need to find out the IP of the VPS, so that you can connect from anywhere using the SSH key.

Configure SSH (with ssh-keys) for the VPS server.

Add the server to your .ssh/config:

Host myserver
HostName <IP of the VPS>
User root
IdentityFile ~/.ssh/mykey

Install needed software on the VPS server

SSH to the server and install Docker, Nginx and the Network tools:
```
apt install docker.io docker-compose-v2 nginx net-tools
```

Create a new user

We can't be logging into the server always as root since that is quite dangerous (we could break anything as root with just one mistake).

Login to the server as root.
```
ssh myserver
```
Create a new user (myuser is an example, just replace it with something you like):
```
adduser myuser
```
You will have to enter the user's password and full name (and other information that you can ignore).

Add the user to the docker and sudo groups:
```
gpasswd -a myuser docker
gpasswd -a myuser sudo
```
Also create the /home/myuser/.ssh folder and the authorized_keys file within it:
```
mkdir /home/myuser/.ssh
touch /home/myuser/.ssh/authorized_keys
chown myuser:myuser -R /home/myuser/.ssh
```
Go back to your local computer:
```
exit
```
Copy the public key (which is in your local computer) to the VPS server and add it to the authorized_keys of myuser:
```
cat ~/.ssh/key | ssh myserver "cat >> /home/myuser/.ssh/authorized_keys"
```
(Just in case, check that the owner of the file is myuser and not root.)
Now change the .ssh/config so that the User is not root anymore. Replace it with myuser. Now you can login with myuser by doing:
```
ssh myserver
```
and if you want to login as root, just add the root@ prefix:
```
ssh root@myserver
```
since both users have the same key in ~/.ssh/authorized_keys.

Configure Nginx

We want to configure nginx to point to http://localhost:8888 for the website forums-api.example.com. This is what is called a reverse proxy.

SSH to root@myserver.
Create file /etc/nginx/sites-available/forums-api with the following content:
```
server {
    listen 80;
    server_name forums-api.<your-domain-here>;
    location / {
        proxy_pass http://localhost:8888;
    }
}
```
To create the file, you can do sudo nano ... or sudo vi ... if you know VI.
Create a symbolic link to the file from /etc/nginx/sites-enabled:
```
cd /etc/nginx/sites-available
ln -s ../sites-enabled/forums-api .
```
Check that it is correct by doing ls -la.
Restart nginx:
```
systemctl restart nginx.service
```
Exit the session.

Change DNS records

Now you have to edit the DNS records since we want a specific server (forums-api.<yourdomain>), to point to the IP address you were given at the VPS provider.

You must add a record for your domain with the following information

Type Host Value TTL
A forums-api [the IP address] 1 minute

(The 1 minute TTL is there to help with mistakes. Once the deploy is robust enough it is good to set it to a larger value.)
Check that the DNS records work by asking for the IP of your server.
```
nslookup forums-api.<yourdomain>
```
you should see the IP of your VPS there.
If you now connect to the VPS, you should see a "Bad Gateway" error from Nginx, since our server is not running there yet.

CHAPTER 4Setting up a VPS