NodeBB

AOKP

Hello girls and boys,

remember my last guide about a "High performance stack"? This time I got something better for you - a complete guide from picking a server until the actual setup with plenty of extras.

Most people will tell you to either try Linode, DigitalOcean or Vultr. However, for the 5$ you pay, you are getting some overpriced hipster box. If you are really low on cash I can recommend OVH's VPS boxes. In my opinion the performance offered there is fairly decent and way better compared to DO for example. Alternative you should check out Online.net's "ScaleWay" x86 boxes. While the CPU is not that great, the VPS's are just fine to kick of for a few bucks. For German/EU users I can also recommend using Netcup. Its pricey at times, however they often have great promotions and solid performances.

Please note that this is just my personal opinion. In the end it depends on you, how much you are willed to spend and where. I personally would use a VPS/Server with at least 2GB of RAM for a small installation of NodeBB. The guide below has been optimized for a 32GB RAM and 8 core system.

OS

While you can use any OS, you are comfortable with, I will only provide the commands for Ubuntu here and so do recommend you to use it as well.
Why? Because, if you are reading this guide I will assume you are a beginner.
Furthermore Ubuntu Server has in general the greatest documentation as its quite popular.

Good choices are also FreeBSD, CentOS, Arch Linux, Fedora and so on.
Basically it doesn't really matters.

Preperation

Assuming you have installed Ubuntu Server 16.04LTS on your server, its time to get it running. If you are using Windows on your PC, I do recommend to install WinSCP and PuTTY. Instead of WinSCP you can of course use FileZilla. However, my personal experience confirmed that WinSCP is far more convenient to use. Maybe try both and decide which one you like more.

Additionally I recommend using a text editor with syntax/highlighting, e.g. Sublime or Atom.
Even though we will not really use them in this guide, its always recommended to have a proper text editor on your PC.

DNS

What has DNS to do with a stack? Not a lot, thats right, but as in my previous guide we will target the maximum possible performance. Therefore, we will also try to reduce the DNS resolving time.
To achieve this we will route our domain through CloudFlare. Just sign up and follow the instructions. Once done be sure to have DISABLED CloudFlare in the DNS settings (grey clouds).

But why? Due to the use of CloudFlare the server response time can be delayed around 0,7s, which is quite a lot, considering we want the maximum performance. Instead we will just make use of CloudFlare's fast DNS network.

Security

Open up PuTTY and enter your servers IP. By default the SSH port will be set to 22. Once you entered your password and successfully logged in, its recommended to change the SSH port.
To achieve this I recommend running the following commands:

apt-get update && apt-get upgrade
apt-get install nano
nano /etc/ssh/sshd_config

Check out for the line writing:

Port 22

Change it to a number like 198 for example. Once edited hit Ctrl+X. Confirm with Y.
Now you need to restart SSH:

service ssh restart

Thats the most basic security I do recommend. Of course there are more practices like Fail2Ban, Firewalls and so on. However, this guide is directed at beginners and covers the most basic commands to admin a server.

Between, did you noticed how we updated our sources and upgraded our system with the first command? Neat.

Webserver

By default Ubuntu Server might have a couple of useless crap installed which will be blocking in our use case. To remove it run the following commands:

apt-get remove httpd* apache* nginx* mysql* php*
apt-get purge httpd* apache* nginx* mysql* php*

All clean and ready to use. Now we can start setting up our own webserver.
As you might have heard there are plenty webservers. The two most commonly used ones are NGINX and Apache.
Unfortunately I have encountered webmasters still using Apache in 2017. NGINX is far more efficient and performant.
Therefore, the choice is quite easy. However, we won't install NGINX over the apt repo. Instead we will build it from source.

But why? Isn't it harder to setup? Sure it is, but at the same time we will add some goodies to our NGINX version.
One of them will be Google PageSpeed. Yep, TLSv1.3 will be supported as well.
Our goal is maximum performance at maximum stability and security. Lets go for it.
Lets first clone some of the required modules and also install some libraries.
Before doing so, we will install git, since we are going to need this later when installing NodeBB.

apt-get install git

General deps necessary for compiling:

apt-get install build-essential zlib1g-dev libpcre3 libpcre3-dev unzip uuid-dev

Now we can start compiling NGINX!

NPS_VERSION=1.13.35.2-stable
cd
wget https://github.com/apache/incubator-pagespeed-ngx/archive/v${NPS_VERSION}.zip
unzip v${NPS_VERSION}.zip
nps_dir=$(find . -name "*pagespeed-ngx-${NPS_VERSION}" -type d)
cd "$nps_dir"
NPS_RELEASE_NUMBER=${NPS_VERSION/beta/}
NPS_RELEASE_NUMBER=${NPS_VERSION/stable/}
psol_url=https://dl.google.com/dl/page-speed/psol/${NPS_RELEASE_NUMBER}.tar.gz
[ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL)
wget ${psol_url}
tar -xzvf $(basename ${psol_url})  # extracts to psol/

OPENSSL_VERSION=1.1.1-pre8
cd
wget https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz
tar -xvzf openssl-${OPENSSL_VERSION}.tar.gz

NGINX_VERSION=1.14.0
cd
wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
tar -xvzf nginx-${NGINX_VERSION}.tar.gz
cd nginx-${NGINX_VERSION}/
./configure --add-module=$HOME/$nps_dir ${PS_NGX_EXTRA_FLAGS} \
--prefix=/usr/local/nginx \
--sbin-path=/usr/local/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/run/nginx.pid \
--lock-path=/run/lock/subsys/nginx \
--with-openssl=/root/openssl-${OPENSSL_VERSION} \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--without-mail_pop3_module \
--without-mail_imap_module \
--without-mail_smtp_module
make
make install

Please note that Google PageSpeed, OpenSSL and NGINX might update from time to time. Therefore I recommend checking them for updates regularly.
To update NGINX or any of the modules you just want to rerun the above commands with their respective version numbers. Afterwards you just restart NGINX.

Well, thats it. Almost. Now we need to be able to start and stop NGINX and also let it auto boot.
To achieve this we will create a script:

nano /lib/systemd/system/nginx.service

Paste this into it:

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/sbin/nginx -t
ExecStart=/usr/local/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

Close with Ctrl+X, confirm with Y.
Reload systemd services:

systemctl daemon-reload

Enable NGINX on boot:

systemctl enable nginx

You can now verify whether or not NGINX is running by entering:

service nginx status

Starting NGINX manually can be done with:

service nginx start

Congrats on your succesful setup. Next we will install a Database system.

Database

Before even thinking about NodeBB, we will install a classical SQL database server for later use, e.g. WordPress or Ghost.
Lets pick MariaDB. Instead of posting the instructions here, I recommend checking out this link:
https://downloads.mariadb.org/mariadb/repositories

Everything is explained there.

Now lets get onto NodeBB. Instead of MongoDB, we will skip into the future and go with Redis. Super fast, super simple.

REDIS_VERSION=4.0.11
wget http://download.redis.io/releases/redis-${REDIS_VERSION}.tar.gz
tar xzf redis-${REDIS_VERSION}.tar.gz
cd redis-${REDIS_VERSION}
make
make install
cd utils
sh install_server.sh

Follow the on screen instructions and configure the vars to your desired option.
By default the service name will be redis_6379.

Assuming your redis.conf is in /etc/redis/redis.conf, you want to make sure its bound to 127.0.0.1.
If not uncomment the line.
Also be sure to use a password for authentication. Search for requirepass and replace the default password.
Please be sure to give this article a quick read as well:
https://redis.io/topics/security

Especially the tipps with "renaming" should be considered to prevent data being manipulated by a 3rd party.

You are done now.

PHP

Instead of old fashioned, RAM hungry PHP-FPM, we will go for HHVM. A drop-in PHP replacement.

apt-get update
apt-get install software-properties-common apt-transport-https
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xB4112585D386EB94
add-apt-repository https://dl.hhvm.com/ubuntu
apt-get update
apt-get install hhvm
sudo update-rc.d hhvm defaults

Running HHVM in socket mode gives a little extra performance.
Replace the entire content of /etc/hhvm/server.ini with this:

; php options
expose_php = 0
pid = /run/hhvm/pid

; hhvm specific

# hhvm.server.port = 9000
hhvm.server.file_socket=/run/hhvm/hhvm.sock
hhvm.server.type = fastcgi
hhvm.server.default_document = index.php
hhvm.log.use_log_file = true
hhvm.log.file = /var/log/hhvm/error.log
hhvm.repo.central.path = /run/hhvm/hhvm.hhbc

Restart hhvm:

service hhvm restart

To get HHVM running with NGINX, check out the configs attached.

NodeJS

Installing NodeJS will be even easier.
All you need to run is:

NODE_VERSION=8
curl -sL https://deb.nodesource.com/setup_${NODE_VERSION}.x | sudo -E bash -
sudo apt-get install -y nodejs

Hardcore.

You can now start installing NodeBB after the docs. As seen in my configs, I have got my NodeBB install running in /home/web/mydomainname.tld/.
Adjust it to wherever you feel comfortable with.

Ads

To use ads you need to have Google DFP. Once you entered all your ads and placed the ads on your site, you need to open up the public/src/ajaxify.js.
Look out for this:

function renderTemplate(url, tpl_url, data, callback) {

Right before the function is about to close add this little piece of code:

googletag.pubads().refresh();

Don't forget to rebuild NodeBB.

Bonus

Notes

PageSpeed can either be run by using Memcached or Redis. Since we do not want Redis to fed up, we will go for Memcache:

apt-get install memcached

Also be sure to raise its memory limit. To achieve this edit /etc/memcached.conf and change the given paramteres to your liking.
Once completed be sure to restart memcached by using service memcached restart.

Congrats to your stack.

Sample NGINX configs

GitHub - ReyKoxha/sampleconfig: Example config files

Example config files. Contribute to ReyKoxha/sampleconfig development by creating an account on GitHub.

GitHub (github.com)

AOKP

Reserved.

To-Do:

Add details about CloudFlare ON/OFF Performance
Add Let's Encrypt guide
Comment config files
Add further security tipps
Add list of basic commands

Fish

Hi #AOKP

I was following your guide down to the letter but got stuck at

make
make install

My server spat out this error

./configure: error: Brotli library is missing from the /root/brotli/deps/brotli directory.  Please make sure that the git submodule has been checked out:      cd /root/brotli && git submodule update --init && cd /root/nginx-1.13.3

What have I dont wrong?

JasperNL

I think this is a good tutorial, and will prove useful to many users! However, I have some remarks that I'll list below.

DNS

What has DNS to do with a stack? Not a lot, thats right, but as in my previous guide we will target the maximum possible performance. Therefore, we will also try to reduce the DNS resolving time.
To achieve this we will route our domain through CloudFlare. Just sign up and follow the instructions. Once done be sure to have DISABLED CloudFlare in the DNS settings (grey clouds).

But why? Due to the use of CloudFlare the server response time can be delayed around 0,7s, which is quite a lot, considering we want the maximum performance. Instead we will just make use of CloudFlare's fast DNS network.

Depending on the scale you want to deploy the server on, cloudflare can actually be a good idea. Especially if you're afraid of DDoS attacks. There are basically three "modes" that you can choose from

The mode in which you do not use anything of cloudflare, which you suggest.
The mode in which you use cloudflare to cache static assets, but route websockets through your own server. This can be achieved by setting the socket.io parts in config.json. This does not save you from DDoS attacks, as the origin server can be found quite easily. This is the mode that I would recommend.
Use cloudflare as websocket proxy. This secures you from DDoS attacks and works fine. This mode has a lot of cons, because cloudflare can kill the websocket connections without any specific reason, and you have the cloudflare proxy delay that you're considering. I would recommend this for small-scale sites only.

Security

...
Change it to a number like 1990 for example. Once edited hit Ctrl+X. Confirm with Y.

Auts. This is not secure. Besides the "security by obscurity" arguments that this insecure, there are also practical objections with this port. Any port >1024 can be hijacked by any user on the box, whereas ports <1024 are reserved for the system/root user. So if you want to change the port (because you may believe that it's actually secure), keep it <1024!

I always recommend to keep the SSH service at port 22 (as this is designed for it). For security, you can install fail2ban and set up a SSH keypair authentication instead of password authentication. Also: If your host gives you a root password, the first thing you should do is changing it!

Database

Now lets get onto NodeBB. Instead of MongoDB, we will skip into the future and go with Redis. Super fast, super simple.

MongoDB has a future as well, and the benefits of redis over mongo.

Again, great tutorial!

metasean

I'm just researching nodeBB at the moment. Your very recent full stack setup guide is definitely a point toward nodeBB!

That said, I thought it was written in node, so why install PHP?

AOKP

@fish its actually telling you what to run
Nonetheless, thanks for this addition. I added it to the guide.

@JasperNL
CloudFlare is absolutely needless, if you go with OVH/Online.
Especially OVH provides one of the best Anti-DDoS protection free of any charge.
In my almost 5 years being (Alexa <75K), I only suffered a DDoS attack once. Usually attackers want to get the host down, rarely a specific site itself. So better choose a good server provider and you will be fine.

Using CloudFlare as a cache is not always the best thing to do. A lot of my users reported slow loading times, whenever CloudFlare caching was enabled. PageSpeed is the nonplusultra for maximum performance.

About the ports. I agree on that one, almost forgot about it.
However, I clearly advice changing your port number from 22, because the first thing an attacker will do is to check the standard ports for "easy access".

@metasean
Because you maybe want to use WordPress for your articles and NodeBB as a commenting system or whatever else.
This guide targets on setting up a complete stack, which allows you to do pretty much everything.

kenygamer

@aokp Nginx:

{anonymous}::ps_preaccess_handler(ngx_http_request_t*)': /root/ngx_pagespeed-1.12.34.2-stable/src/ngx_pagespeed.cc:3011:31: error: 'ngx_http_core_try_files_phase' was not declared in this scope while (ph[i + 1].checker != ngx_http_core_try_files_phase && ^ objs/Makefile:1439: recipe for target 'objs/addon/src/ngx_pagespeed.o' failed make[1]: *** [objs/addon/src/ngx_pagespeed.o] Error 1 make[1]: Leaving directory '/root/nginx-1.13.4' Makefile:11: recipe for target 'install' failed make: *** [install] Error 2 root@server2:~#

kenygamer

I would REALLY appreciare if you can make an auto install shell script.

AOKP

@kenygamer never going to happen. Additionally, use your brain, the software named here is no longer up to date. Therefore, check the sources and links given in the guide. You can find the latest versions through the help of Google just in case.

Please be so kind and stop messaging me as well. There is no chance that I am going to fix things up for you, no matter if paid or unpaid. If you try to contact me again by any means, I will take further legal actions. This is my very last warning for you and therefore I pledge you take it serious.

AOKP

Removed Brotli
Updated all the instructions and configs on GitHub

omega

@aokp said in NodeBB - Full Stack Setup:

NodeBB
You can now start installing NodeBB after the docs. As seen in my configs, I have got my NodeBB install running in /home/web/mydomainname.tld/.
Adjust it to wherever you feel comfortable with.

Great guide but for shame, I got stuck here.

I have tried a few other install guides to pad this out, but it's not working. What do you mean "after the docs"... I'm totally lost at what do do here

Appreciate help/clarification in advance.

Shard

I'm afraid you lose me at "However, for the 5$ you pay, you are getting some overpriced hipster box."

Really hard to take the remainder seriously.

AOKP

@omega I actually meant "according to the docs".
I am sorry for my crappy English as I am not a native speaker.

@Shard ok.

NodeBB - Full Stack Setup

Table of contents

Server

OS

Preperation

DNS

Security

Webserver

Database

PHP

NodeJS

NodeBB

Ads

Bonus

Notes

Congrats to your stack.

Sample NGINX configs

GitHub - ReyKoxha/sampleconfig: Example config files

DNS

Security

Database