ospab/ospab.host
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a2809a705f4032fb6e4e8efc841230a01076fd2f
ospab.host/ospabhost/NGINX_DEPLOY.md
Georgiy Syralev a2809a705f english version update
2025-12-31 19:59:43 +03:00

2.8 KiB
Raw Blame History

Nginx Deployment Guide for ospab.host

Prerequisites

  • Ubuntu 20.04+ или Debian 11+
  • Nginx 1.18+
  • Node.js 18+
  • PM2 (для управления процессами)
  • Certbot (для SSL)

Installation

1. Install Nginx

sudo apt update
sudo apt install nginx -y

2. Install Certbot

sudo apt install certbot python3-certbot-nginx -y

3. Setup SSL Certificate

# Stop nginx temporarily
sudo systemctl stop nginx

# Get certificate
sudo certbot certonly --standalone -d ospab.host -d www.ospab.host

# Restart nginx
sudo systemctl start nginx

4. Deploy Nginx Configuration

# Copy config
sudo cp nginx.conf /etc/nginx/sites-available/ospab.host

# Create symlink
sudo ln -s /etc/nginx/sites-available/ospab.host /etc/nginx/sites-enabled/

# Remove default config
sudo rm /etc/nginx/sites-enabled/default

# Test configuration
sudo nginx -t

# Reload nginx
sudo systemctl reload nginx

5. Deploy Application

# Create deployment directory
sudo mkdir -p /var/www/ospab.host

# Clone repository
cd /var/www/ospab.host
git clone https://github.com/YOUR_REPO/ospabhost8.1.git .

# Build frontend
cd frontend
npm install
npm run build

# Build backend
cd ../backend
npm install
npm run build

# Start backend with PM2
pm2 start dist/index.js --name "ospab-backend"
pm2 save
pm2 startup

Directory Structure

/var/www/ospab.host/
├── frontend/
│   └── dist/           # React SPA build output
├── backend/
│   ├── dist/           # Compiled TypeScript
│   └── uploads/        # Uploaded files
└── nginx.conf          # Nginx configuration

Useful Commands

# Check nginx status
sudo systemctl status nginx

# Reload nginx config
sudo nginx -t && sudo systemctl reload nginx

# View logs
sudo tail -f /var/log/nginx/ospab.host.access.log
sudo tail -f /var/log/nginx/ospab.host.error.log

# PM2 commands
pm2 status
pm2 logs ospab-backend
pm2 restart ospab-backend

# Renew SSL certificate
sudo certbot renew --dry-run

Rate Limiting

  • API endpoints: 10 requests/second (burst 20)
  • Login/Register: 5 requests/minute (burst 5)

Security Features

  • HSTS enabled
  • XSS Protection
  • Frame Options (SAMEORIGIN)
  • Content-Type sniffing prevention
  • Blocked access to .git, .env, node_modules
  • Blocked sensitive file extensions (.sql, .bak, .log)

SSL Auto-Renewal

Add to crontab:

sudo crontab -e
# Add line:
0 12 * * * /usr/bin/certbot renew --quiet

Troubleshooting

502 Bad Gateway

  • Check if backend is running: pm2 status
  • Check backend logs: pm2 logs ospab-backend

504 Gateway Timeout

  • Increase proxy_read_timeout in nginx config
  • Check backend performance

SSL Issues

  • Check certificate: sudo certbot certificates
  • Renew if needed: sudo certbot renew
Reference in New Issue View Git Blame Copy Permalink