Deploying and Securing Your Node.js App on a DigitalOcean Droplet: A Comprehensive Step-by-Step Deployment Guide with SSL.

#node #deployment #ssl #devops

Introduction

Nodejs is one of the most popularly used web development runtime environments, it is the backbone of all javascript frameworks including popular ones like, react, angular, express, and so on. Nodejs can be used to develop various kinds of applications including frontend and backend. Our major concern in this article is to deploy a very simple nodejs backend application and add security to it. Follow along...

Prerequisites

Your local development environment for nodejs development.
A digitalocean account (you can use any other provider of your choice)
A domain name, I have a domain name on a cpanel managed hosting plan, but you can use any domain name provider of your choice.

Table of content

Create a basic nodejs app and run it locally.
Provision a droplet on digitalocean.
Access droplet and update packages.
Install node on droplet.
Install nginx on the droplet.
Pull the application and run it.
Setup DNS Record.
Setup reverse proxy
Secure the application using SSL.

Create a basic nodejs app and run it locally

For this step I have already created a very simple nodejs application, all you have to do is to clone the repo and follow these steps to run it locally.

Clone the repo https://github.com/talibackend/very-slim-nodejs-app.git
Enter the directory where the repo was cloned.
Run npm install to install the npm packages.
Create a new file .env copy the content of .env.example into it, you can change the port if you want to.
Run npm start, you should get a message in the console saying the droplet is running on the port you entered in the .env file.
To confirm that every worked fine try to access http://localhost:{PORT IN ENV} in your browser, some JSON value should be printed on your browser.

NOTE: Before running the application, please make sure nothing is running on the port you provided.

Provision a droplet on digitalocean

Log in to your digitalocean account and create a new project.
Inside the project, click on the create dropdown and select droplet.
Select all the options that match your choice.
Select ubuntu as the OS and pick version 20.04.
In the authentication section, select Password and enter the password you wish to use to log into your droplet. Copy and save the entered password in a secure place.
Click Create droplet, the process can take up to 2 minutes before the droplet will be up.

Access droplet and update packages

After provisioning our droplet, we need to access it and update the system software, to do this we can simply follow the steps below:

Copy the ip4 address of your droplet from your digitalocean dashboard.
Open Terminal(For Mac and Linux users. Windows users can use a ssh client like putty).
Enter ssh root@ip-address, ip-address should be the ip address of the droplet.
The terminal will ask for the password, please enter the password you provided while provisioning the droplet.
Once inside the droplet run sudo apt update && sudo apt upgrade.

Install node on droplet

There are various ways of installing nodejs on a Linux distribution, in this article we will use node version manager(nvm), this tool allows us to install any version of node on our machine easily, let's install node by following these steps:

Run curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.3/install.sh | bash
Then run source ~/.bashrc
By now nvm should have been installed on your droplet, run nvm install v18.1.0 to install version 18.1.0 of nodejs.
Run node -v to confirm that node has been installed on our droplet.
Since we already have node installed on our droplet, npm has been installed alongside, we need to use npm to install a process manager called pm2 this is what we will use to run our nodejs application as a service. We will install it by running npm install -g pm2.

Install nginx on droplet

In this section we will install nginx on our droplet, nginx is a simple lightweight web server that can be used for various activities including reverse proxy which we are most interested in. We will install nginx on our droplet by following these steps:

Run sudo apt install nginx, this should install nginx and start running it on our droplet.
To confirm that nginx is running visit http://droplet-ip, the default nginx page should be displayed on your browser.

Pull the application and run it

Now that we have installed all the requirements to run our application, we can then pull the application's source onto the server and run it. We will take the following steps to achieve this:

Inside your droplet run git clone https://github.com/talibackend/very-slim-nodejs-app.git
Run cd very-slim-nodejs-app
Run cp .env.example .env, this will copy the content of the first file into the second, therefore we will have a .env file that contains the same content as our .env.example file. In most cases, we will have to edit the .env file, but it does not contain sensitive data in our case so we will leave it like that.
We will then run npm install this will install all the node modules that our application needs to run.
We can now start our application by running pm2 start --name slim-app "npm start".
We will run pm2 logs to confirm that our application is running properly.
To further verify the status of our application we will try to access http://droplet-ip:5066 in the browser, we should get the JSON response from our application.

Setup DNS Record

For this step we want to set up a new domain name for our nodejs application, this step is quite different for various providers, in our case, I will be using a domain managed by cpanel. Please follow along.

Login to your cpanel.
Navigate to zone editor.

Click on + A Record.

Enter the domain name and IP address, in my case, my domain name is very-slim.schovela.com.ng, and the IP address is the IP address of our droplet.

Click on Add Record and wait a few minutes.

To confirm that the propagation succeeded, access http://your-domain and the http://your-domain:5066, they should return the nginx default page and JSON response from our application respectively.

Setup reverse proxy

At this point, we have both nginx and our nodejs application running on our droplet and also ready to receive traffic, but this is not our goal, the purpose of this step is to send every request on http://your-domain to our nodejs application that is running internally at http://localhost:5066. We can achieve this using one of the most important features of nginx called reverse proxy. Please follow along:

Inside our droplet we will run cd /etc/nginx/sites-enabled this is to change the directory to the nginx configuration directory.
Then we will run cp default old-default.txt, this is to copy the default configuration content into the old-default.txt file for backup reasons.
Run remove rm default, this is to delete the default file.
Then run

    echo "server {
            listen 80;
            server_name your-domain;

            location / {
                proxy_pass http://localhost:5066;
            }
        }" > default

The code above will create the default file and add the configuration content to it.

You can then run sudo systemctl restart nginx, this will restart our nginx service with the new configuration.
In order to confirm that our reverse proxy works, accessing http://your-domain should return the JSON from our application.

Secure the application with SSL

At this point we are pretty much done with everything we want to do, the only thing is that our site uses http which is not secure, we need our site to be available on https. HTTPS is the secured version of HTTP, it uses SSL to encrypt data flowing into and out of our application, to install SSL on our app we will use an open-source tool called certbot. Certbot allows you to install SSL on various types of applications within your machine. Please follow the steps below.

First we need to install certbot by running sudo apt install certbot python3-certbot-nginx.
Then we will install SSL by running sudo certbot --nginx -d your-domain.
You will be asked to provide your email.
Then you will also be asked to allow automatic redirect from http to https, please enter 2, to allow redirect.
Then we run sudo systemctl restart nginx.
To confirm that our SSL installation was successful, please try to access https://your-domain in the browser, it should return the JSON response from our application.

If you prefer to watch me demonstrate all the steps, please check out my video