NodeBB - Full Stack Setup



  • Hello girls and boys,

    remember my last guide about a "High performance stack"? This time I got something better for you - a complete guide from picking a server until the actual setup with plenty of extras.

    Table of contents

    1. Server
    2. OS
    3. Preperation
    4. DNS
    5. Security
    6. Webserver
    7. Database
    8. PHP
    9. NodeJS
    10. Ads
    11. Bonus
    12. Notes

    Server

    Picking the right server is a difficuilt and quite sensitive task. If you pick a too underpowered system you will run out of resources fast. If its too expensive though, you will run out of cash.
    So what is enough and what is luxury?

    Most people will tell you to either try Linode, DigitalOcean or Vultr. However, for the 5$ you pay, you are getting some overpriced hipster box. If you are really low on cash I can recommend OVH's VPS boxes. In my opinion the performance offered there is fairly decent and way better compared to DO for example. Alternative you should check out Online.net's "ScaleWay" x86 boxes. While the CPU is not that great, the VPS's are just fine to kick of for a few bucks. For German/EU users I can also recommend using Netcup. Its pricey at times, however they often have great promotions and solid performances.

    Please note that this is just my personal opinion. In the end it depends on you, how much you are willed to spend and where. I personally would use a VPS/Server with at least 2GB of RAM for a small installation of NodeBB. The guide below has been optimized for a 32GB RAM and 8 core system.

    OS

    While you can use any OS, you are comfortable with, I will only provide the commands for Ubuntu here and so do recommend you to use it as well.
    Why? Because, if you are reading this guide I will assume you are a beginner.
    Furthermore Ubuntu Server has in general the greatest documentation as its quite popular.

    Good choices are also FreeBSD, CentOS, Arch Linux, Fedora and so on.
    Basically it doesn't really matters.

    Preperation

    Assuming you have installed Ubuntu Server 16.04LTS on your server, its time to get it running. If you are using Windows on your PC, I do recommend to install WinSCP and PuTTY. Instead of WinSCP you can of course use FileZilla. However, my personal experience confirmed that WinSCP is far more convenient to use. Maybe try both and decide which one you like more.

    Additionally I recommend using a text editor with syntax/highlighting, e.g. Sublime or Atom.
    Even though we will not really use them in this guide, its always recommended to have a proper text editor on your PC.

    DNS

    What has DNS to do with a stack? Not a lot, thats right, but as in my previous guide we will target the maximum possible performance. Therefore, we will also try to reduce the DNS resolving time.
    To achieve this we will route our domain through CloudFlare. Just sign up and follow the instructions. Once done be sure to have DISABLED CloudFlare in the DNS settings (grey clouds).

    But why? Due to the use of CloudFlare the server response time can be delayed around 0,7s, which is quite a lot, considering we want the maximum performance. Instead we will just make use of CloudFlare's fast DNS network.

    Security

    Open up PuTTY and enter your servers IP. By default the SSH port will be set to 22. Once you entered your password and successfully logged in, its recommended to change the SSH port.
    To achieve this I recommend running the following commands:

    apt-get update && apt-get upgrade
    apt-get install nano
    nano /etc/ssh/sshd_config
    

    Check out for the line writing:

    Port 22
    

    Change it to a number like 198 for example. Once edited hit Ctrl+X. Confirm with Y.
    Now you need to restart SSH:

    service ssh restart
    

    Thats the most basic security I do recommend. Of course there are more practices like Fail2Ban, Firewalls and so on. However, this guide is directed at beginners and covers the most basic commands to admin a server.

    Between, did you noticed how we updated our sources and upgraded our system with the first command? Neat.

    Webserver

    By default Ubuntu Server might have a couple of useless crap installed which will be blocking in our use case. To remove it run the following commands:

    apt-get remove httpd* apache* nginx* mysql* php*
    apt-get purge httpd* apache* nginx* mysql* php*
    

    All clean and ready to use. Now we can start setting up our own webserver.
    As you might have heard there are plenty webservers. The two most commonly used ones are NGINX and Apache.
    Unfortunately I have encountered webmasters still using Apache in 2017. NGINX is far more efficient and performant.
    Therefore, the choice is quite easy. However, we won't install NGINX over the apt repo. Instead we will build it from source.

    But why? Isn't it harder to setup? Sure it is, but at the same time we will add some goodies to our NGINX version.
    One of them will be Google PageSpeed and Brotli, which will replace GZIP. Yep, TLSv1.3 will be supported as well (draft-18).
    Our goal is maximum performance at maximum stability and security. Lets go for it.
    Lets first clone some of the required modules and also install some libraries.
    Before doing so, we will install git:

    apt-get install git
    

    OpenSSL draft 18:

    git clone -b tls1.3-draft-18 --single-branch https://github.com/openssl/openssl.git openssl
    

    Brotli for NGINX:

    git clone -b master https://github.com/google/ngx_brotli.git brotli
    cd /root/brotli && git submodule update --init
    

    General deps necessary for compiling:

    apt-get install build-essential zlib1g-dev libpcre3 libpcre3-dev unzip
    

    Now we can start compiling NGINX!

    NPS_VERSION=1.12.34.3-stable
    cd
    wget https://github.com/pagespeed/ngx_pagespeed/archive/v${NPS_VERSION}.zip
    unzip v${NPS_VERSION}.zip
    cd ngx_pagespeed-${NPS_VERSION}/
    NPS_RELEASE_NUMBER=${NPS_VERSION/beta/}
    NPS_RELEASE_NUMBER=${NPS_VERSION/stable/}
    psol_url=https://dl.google.com/dl/page-speed/psol/${NPS_RELEASE_NUMBER}.tar.gz
    [ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL)
    wget ${psol_url}
    tar -xzvf $(basename ${psol_url})  # extracts to psol/
    
    NGINX_VERSION=1.13.6
    cd
    wget http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz
    tar -xvzf nginx-${NGINX_VERSION}.tar.gz
    cd nginx-${NGINX_VERSION}/
    ./configure --add-module=$HOME/ngx_pagespeed-${NPS_VERSION} ${PS_NGX_EXTRA_FLAGS} \
    --add-module=/root/brotli \
    --prefix=/usr/local/nginx \
    --sbin-path=/usr/local/sbin/nginx \
    --conf-path=/etc/nginx/nginx.conf \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --pid-path=/run/nginx.pid \
    --lock-path=/run/lock/subsys/nginx \
    --with-openssl=/root/openssl \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_stub_status_module \
    --with-http_gzip_static_module \
    --without-mail_pop3_module \
    --without-mail_imap_module \
    --without-mail_smtp_module
    make
    make install
    

    Please note that Google PageSpeed and NGINX might update from time to time. Therefore I recommend checking both for updates regularly.
    To update NGINX or any of the modules you just want to rerun the above commands. Afterwards you just restart NGINX.
    Also note that GZIP has been included in the configuration for later use, just in case Brotli causes any issues.

    Well, thats it. Almost. Now we need to be able to start and stop NGINX and also let it auto boot.
    To achieve this we will create a script:

    nano /lib/systemd/system/nginx.service
    

    Paste this into it:

    [Unit]
    Description=The NGINX HTTP and reverse proxy server
    After=syslog.target network.target remote-fs.target nss-lookup.target
    
    [Service]
    Type=forking
    PIDFile=/run/nginx.pid
    ExecStartPre=/usr/local/sbin/nginx -t
    ExecStart=/usr/local/sbin/nginx
    ExecReload=/bin/kill -s HUP $MAINPID
    ExecStop=/bin/kill -s QUIT $MAINPID
    PrivateTmp=true
    
    [Install]
    WantedBy=multi-user.target
    

    Close with Ctrl+X, confirm with Y.
    Reload systemd services:

    systemctl daemon-reload
    

    Enable NGINX on boot:

    systemctl enable nginx
    

    You can now verify whether or not NGINX is running by entering:

    service nginx status
    

    Starting NGINX manually can be done with:

    service nginx start
    

    Congrats on your succesful setup. Next we will install a Database system.

    Database

    Before even thinking about NodeBB, we will install a classical SQL database server for later use, e.g. WordPress or Ghost.
    Lets pick MariaDB. Instead of posting the instructions here, I recommend checking out this link:

    Everything is explained there.

    Now lets get onto NodeBB. Instead of MongoDB, we will skip into the future and go with Redis. Super fast, super simple.

    wget http://download.redis.io/releases/redis-4.0.2.tar.gz
    tar xzf redis-4.0.2.tar.gz
    cd redis-4.0.2
    make
    make install
    cd utils
    sh install_server.sh
    

    Follow the on screen instructions and configure the vars to your desired option.
    By default the service name will be redis_6379.

    Assuming your redis.conf is in /etc/redis/redis.conf, you want to make sure its bound to 127.0.0.1.
    If not uncomment the line.
    Also be sure to use a password for authentication. Search for requirepass and replace the default password.
    Please be sure to give this article a quick read as well:

    Especially the tipps with "renaming" should be considered to prevent data being manipulated by a 3rd party.

    You are done now.

    PHP

    Instead of old fashioned, RAM hungry PHP-FPM, we will go for HHVM. A drop-in PHP replacement.

    sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449
    sudo add-apt-repository "deb http://dl.hhvm.com/ubuntu $(lsb_release -sc) main"
    sudo apt-get update
    sudo apt-get install hhvm
    sudo update-rc.d hhvm defaults
    

    Running HHVM in socket mode gives a little extra performance.
    Replace the entire content of /etc/hhvm/server.ini with this:

    ; php options
    expose_php = 0
    pid = /run/hhvm/pid
    
    ; hhvm specific
    
    # hhvm.server.port = 9000
    hhvm.server.file_socket=/run/hhvm/hhvm.sock
    hhvm.server.type = fastcgi
    hhvm.server.default_document = index.php
    hhvm.log.use_log_file = true
    hhvm.log.file = /var/log/hhvm/error.log
    hhvm.repo.central.path = /run/hhvm/hhvm.hhbc
    

    Restart hhvm:

    service hhvm restart
    

    To get HHVM running with NGINX, check out the configs attached.

    NodeJS

    Installing NodeJS will be even easier.
    All you need to run is:

    curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash -
    sudo apt-get install -y nodejs
    

    Hardcore.

    NodeBB

    You can now start installing NodeBB after the docs. As seen in my configs, I have got my NodeBB install running in /home/web/mydomainname.tld/.
    Adjust it to wherever you feel comfortable with.

    Ads

    To use ads you need to have Google DFP. Once you entered all your ads and placed the ads on your site, you need to open up the public/src/ajaxify.js.
    Look out for this:

    function renderTemplate(url, tpl_url, data, callback) {
    

    Right before the function is about to close add this little piece of code:

    googletag.pubads().refresh();
    

    Don't forget to rebuild NodeBB.

    Bonus

    NGINX Configs

    In case you want to see how I use all the above installed stuff, be sure to check out my little attachment, containing a couple of configs.

    Notes

    Above configs let PageSpeed use Memcache as cache. To do the same you need to install it first by using:

    apt-get install memcached
    

    Also be sure to raise its memory limit. To achieve this edit /etc/memcached.conf and change the given paramteres to your liking. Once completed be sure to restart memcached by using service memcached restart.

    Congrats to your stack.

    Attachment

    https://github.com/ReyKoxha/sampleconfig



  • Reserved.

    To-Do:

    • Add details about CloudFlare ON/OFF Performance
    • Add Let's Encrypt guide
    • Comment config files
    • Add further security tipps
    • Add list of basic commands


  • Hi #AOKP

    I was following your guide down to the letter but got stuck at

    make
    make install
    

    My server spat out this error

    ./configure: error: Brotli library is missing from the /root/brotli/deps/brotli directory.  Please make sure that the git submodule has been checked out:      cd /root/brotli && git submodule update --init && cd /root/nginx-1.13.3
    

    What have I dont wrong?


  • Gamers

    I think this is a good tutorial, and will prove useful to many users! However, I have some remarks that I'll list below.

    DNS

    What has DNS to do with a stack? Not a lot, thats right, but as in my previous guide we will target the maximum possible performance. Therefore, we will also try to reduce the DNS resolving time.
    To achieve this we will route our domain through CloudFlare. Just sign up and follow the instructions. Once done be sure to have DISABLED CloudFlare in the DNS settings (grey clouds).

    But why? Due to the use of CloudFlare the server response time can be delayed around 0,7s, which is quite a lot, considering we want the maximum performance. Instead we will just make use of CloudFlare's fast DNS network.

    Depending on the scale you want to deploy the server on, cloudflare can actually be a good idea. Especially if you're afraid of DDoS attacks. There are basically three "modes" that you can choose from

    1. The mode in which you do not use anything of cloudflare, which you suggest.
    2. The mode in which you use cloudflare to cache static assets, but route websockets through your own server. This can be achieved by setting the socket.io parts in config.json. This does not save you from DDoS attacks, as the origin server can be found quite easily. This is the mode that I would recommend.
    3. Use cloudflare as websocket proxy. This secures you from DDoS attacks and works fine. This mode has a lot of cons, because cloudflare can kill the websocket connections without any specific reason, and you have the cloudflare proxy delay that you're considering. I would recommend this for small-scale sites only.

    Security

    ...
    Change it to a number like 1990 for example. Once edited hit Ctrl+X. Confirm with Y.

    Auts. This is not secure. Besides the "security by obscurity" arguments that this insecure, there are also practical objections with this port. Any port >1024 can be hijacked by any user on the box, whereas ports <1024 are reserved for the system/root user. So if you want to change the port (because you may believe that it's actually secure), keep it <1024!

    I always recommend to keep the SSH service at port 22 (as this is designed for it). For security, you can install fail2ban and set up a SSH keypair authentication instead of password authentication. Also: If your host gives you a root password, the first thing you should do is changing it!

    Database

    Now lets get onto NodeBB. Instead of MongoDB, we will skip into the future and go with Redis. Super fast, super simple.

    MongoDB has a future as well, and the benefits of redis over mongo.

    Again, great tutorial!



  • I'm just researching nodeBB at the moment. Your very recent full stack setup guide is definitely a point toward nodeBB!

    That said, I thought it was written in node, so why install PHP?



  • @fish its actually telling you what to run 😉
    Nonetheless, thanks for this addition. I added it to the guide.

    @JasperNL
    CloudFlare is absolutely needless, if you go with OVH/Online.
    Especially OVH provides one of the best Anti-DDoS protection free of any charge.
    In my almost 5 years being (Alexa <75K), I only suffered a DDoS attack once. Usually attackers want to get the host down, rarely a specific site itself. So better choose a good server provider and you will be fine.

    Using CloudFlare as a cache is not always the best thing to do. A lot of my users reported slow loading times, whenever CloudFlare caching was enabled. PageSpeed is the nonplusultra for maximum performance.

    About the ports. I agree on that one, almost forgot about it.
    However, I clearly advice changing your port number from 22, because the first thing an attacker will do is to check the standard ports for "easy access".

    @metasean
    Because you maybe want to use WordPress for your articles and NodeBB as a commenting system or whatever else.
    This guide targets on setting up a complete stack, which allows you to do pretty much everything.


  • GNU/Linux

    @aokp Nginx:

    {anonymous}::ps_preaccess_handler(ngx_http_request_t*)': /root/ngx_pagespeed-1.12.34.2-stable/src/ngx_pagespeed.cc:3011:31: error: 'ngx_http_core_try_files_phase' was not declared in this scope while (ph[i + 1].checker != ngx_http_core_try_files_phase && ^ objs/Makefile:1439: recipe for target 'objs/addon/src/ngx_pagespeed.o' failed make[1]: *** [objs/addon/src/ngx_pagespeed.o] Error 1 make[1]: Leaving directory '/root/nginx-1.13.4' Makefile:11: recipe for target 'install' failed make: *** [install] Error 2 root@server2:~#


  • GNU/Linux

    I would REALLY appreciare if you can make an auto install shell script.



  • @kenygamer never going to happen. Additionally, use your brain, the software named here is no longer up to date. Thererfore, check the sources and links given in the guide. You can find the latest versions through the help of Google just in case.

    Please be so kind and stop messaging me as well. There is no chance that I am going to fix things up for you, no matter if paid or unpaid. If you try to contact me again by any means, I will take further legal actions. This is my very last warning for you and therefore I pledge you take it serious.


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.