在阿里云创建子域名，配置nginx，使用pm2部署node项目到ubuntu服务器

配置域名

在阿里云找到主域名

 

 

进入主域名之后，右上角添加解析，添加子域名，

 

记录类型选择cname，主机记录填写子域名的名称，记录值为主域名，至此阿里云已经配置好了。

检查nginx安装

首先检查服务器是否安装nginx:

 

find / -name 'nginx.conf'  -ls

 

或者

 

ps -ef|grep nginx

 

安装nginx

如果没安装，则先安装

 

sudo apt-get update
sudo apt-get install nginx

 

在根目录，进入服务器nginx目录下，

 

cd /etc/nginx

 

配置nginx文件

进入备用的填写nginx配置文件的地方，默认sites-enabled是创建文件的地方，sites-available是源文件，sites-enabled是通过sites-available创建的文件软连过去的，这样在sites-available修改文件，sites-enabled下的文件也会自动改变。如果要删除软链接，就到软链接的地方把该文件删除即可。

 

cd sites-enabled

 

新建配置文件，如

sudo vim test

如果不存在test文件，则自动创建（这里注意，要sudo模式下进入vim方可编辑之后保存，否则报错没有权限），填写nginx配置信息，然后软链接到nginx配置文件目录

软链接命令要在没有写该文件的想要链接跟源文件一样的位置上输入：

sudo ln -s 源文件路径  目标文件路径

比如我部署一个项目交pc-yishijie,我这里是：

 

 sudo ln -s /etc/nginx/sites-available/pc-yishijie /etc/nginx/sites-enabled/pc-yishijie

 

如果要删除软链接：

 

rm -rf 目标文件

 

进入nginx配置文件目录，

ls -l 可以查看当前配置文件所在的软连接的路径

查看nginx是否配置正确

在任意目录下执行

sudo service nginx configtest

显示ok，则配置正确

然后重启nginx配置

sudo service nginx reload

在指定目录下上传文件内容

打开对应域名即可看到网页已经可以正常显示

 

nginx服务器ssl  https部署

首次使用cerbot:

 

Nginx on Ubuntu 16.04
Install
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages.

$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx

Certbot’s DNS plugins which can be used to automate obtaining a wildcard certificate from Let’s Encrypt’s ACMEv2 server are not available for your OS yet. This should change soon but if you don’t want to wait, you can use these plugins now by running Certbot in Docker instead of using the instructions on this page.

Get Started
Certbot has an Nginx plugin, which is supported on many platforms, and certificate installation.

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you’re feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly

To learn more about how to use Certbot read our documentation[https://certbot.eff.org/docs/].

Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run More detailed information and options about renewal can be found in the full documentation[https://certbot.eff.org/docs/].

 

 

 

二次使用cerbot

配置好nginx文件之后，在任意目录下执行命令：

 

sudo certbot --nginx

 

输入服务器密码

然后会列出当前nginx服务器配置好了哪些域

选择相应的域名对应的数字编号，

则会自动部署ssl,申请https证书,该证书有效期1个月，一个月之后会自动重新申请证书

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

选择 1 

 

1: No redirect - Make no further changes to the webserver configuration.  

 

2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for

 

new sites, or if you're confident your site works on HTTPS. You can undo this

 

change by editing your web server's configuration.

 

然后成功

 

Congratulations! You have successfully enabled https://xx.xxx.com

 

进入对应的nginx配置文件，发现配置文件中多了ssl的配置

 

server {


    listen 80;


    server_name m.xxx.com;


    access_log /var/log/nginx/shuzi-wap-access.log;


    error_log /var/log/nginx/shuzi-wap-error.log;


    location / {


      root /data/deploy/tangren-wap/;


      index index.html index.htm;


      try_files $uri $uri/ /index.html;


    }


 


    listen 443 ssl; # managed by Certbot


    ssl_certificate /etc/letsencrypt/live/m.shuzi.com/fullchain.pem; # managed by Certbot


    ssl_certificate_key /etc/letsencrypt/live/m.shuzi.com/privkey.pem; # managed by Certbot


    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot


    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


 


}

ubuntu下卸载nginx

sudo apt-get remove nginx nginx-common # 卸载删除除了配置文件以外的所有文件。

sudo apt-get purge nginx nginx-common # 卸载所有东东，包括删除配置文件。

sudo apt-get autoremove # 在上面命令结束后执行，主要是卸载删除Nginx的不再被使用的依赖包。

sudo apt-get remove nginx-full nginx-common #卸载删除两个主要的包。

部署node项目

把node整个项目文件夹放到对应的项目目录下，不包括node_modules的文件，然后进入项目文件夹目录下

npm install

全局安装pm2

npm install pm2 -g

用pm2启动项目，默认在package.json里配置了启动命令：

"scripts": {
    "start": "node bin/www",
    "dev": "NODE_ENV=development gulp",
    "nodemon": "open http://localhost:9990 && ./node_modules/.bin/nodemon bin/www",
    "prd": "NODE_ENV=production pm2 start bin/www --watch",
    "test": "echo \"Error: no test specified\" && exit 1",
    "test_env": "NODE_ENV=test gulp"
  },

首先保证ubuntu下安装了nodejs8.0以上版本，（因为是koa2项目），mongdb（使用了mongodb数据库），在服务器开启mongodb服务。

常用命令：

进入项目目录下：

pm2 list   查看进程
pm2 start app.js 启动项目
pm2 reload all --update-env to update  重启

 

pm2常用命令：https://www.jianshu.com/p/d2a640b8661c

 

node项目部署到nginx服务器对应域名下，打开域名显示403,那是因为端口号会根据node项目的端口号来定，要给nginx配置的location中加一个转发到对应端口，比如我转发到3000端口：

location / {
    proxy_http_version 1.1;
    proxy_pass http://127.0.0.1:3000;
}

 

注意：

如果多个域名重定向到主域名，则需要配置多个ssl证书。

server {
    server_name www.zhongwentoutiao.com;
    access_log /var/log/nginx/www.zhongwentoutiao-access.log;
    error_log /var/log/nginx/www.zhongwentoutiao-error.log;
    location / {
      root /data/deploy/zhongwentoutiao/;
      index index.html index.htm;
      try_files $uri $uri/ /index.html;
    } # managed by Certbot

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.zhongwentoutiao.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.zhongwentoutiao.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = www.zhongwentoutiao.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name www.zhongwentoutiao.com;

    listen 80;
    return 404; # managed by Certbot
}

server {
    server_name zhongwentoutiao.com;
    return 301 https://www.zhongwentoutiao.com$request_uri;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/zhongwentoutiao.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/zhongwentoutiao.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = zhongwentoutiao.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name zhongwentoutiao.com;
    return 404; # managed by Certbot


}