NodeBB - Full Stack Setup

  • Hello girls and boys,

    remember my last guide about a "High performance stack"? This time I got something better for you - a complete guide from picking a server until the actual setup with plenty of extras.

    Table of contents

    1. Server
    2. OS
    3. Preperation
    4. DNS
    5. Security
    6. Webserver
    7. Database
    8. PHP
    9. NodeJS
    10. Ads
    11. Bonus
    12. Notes


    Picking the right server is a difficuilt and quite sensitive task. If you pick a too underpowered system you will run out of resources fast. If its too expensive though, you will run out of cash.
    So what is enough and what is luxury?

    Most people will tell you to either try Linode, DigitalOcean or Vultr. However, for the 5$ you pay, you are getting some overpriced hipster box. If you are really low on cash I can recommend OVH's VPS boxes. In my opinion the performance offered there is fairly decent and way better compared to DO for example. Alternative you should check out's "ScaleWay" x86 boxes. While the CPU is not that great, the VPS's are just fine to kick of for a few bucks. For German/EU users I can also recommend using Netcup. Its pricey at times, however they often have great promotions and solid performances.

    Please note that this is just my personal opinion. In the end it depends on you, how much you are willed to spend and where. I personally would use a VPS/Server with at least 2GB of RAM for a small installation of NodeBB. The guide below has been optimized for a 32GB RAM and 8 core system.


    While you can use any OS, you are comfortable with, I will only provide the commands for Ubuntu here and so do recommend you to use it as well.
    Why? Because, if you are reading this guide I will assume you are a beginner.
    Furthermore Ubuntu Server has in general the greatest documentation as its quite popular.

    Good choices are also FreeBSD, CentOS, Arch Linux, Fedora and so on.
    Basically it doesn't really matters.


    Assuming you have installed Ubuntu Server 16.04LTS on your server, its time to get it running. If you are using Windows on your PC, I do recommend to install WinSCP and PuTTY. Instead of WinSCP you can of course use FileZilla. However, my personal experience confirmed that WinSCP is far more convenient to use. Maybe try both and decide which one you like more.

    Additionally I recommend using a text editor with syntax/highlighting, e.g. Sublime or Atom.
    Even though we will not really use them in this guide, its always recommended to have a proper text editor on your PC.


    What has DNS to do with a stack? Not a lot, thats right, but as in my previous guide we will target the maximum possible performance. Therefore, we will also try to reduce the DNS resolving time.
    To achieve this we will route our domain through CloudFlare. Just sign up and follow the instructions. Once done be sure to have DISABLED CloudFlare in the DNS settings (grey clouds).

    But why? Due to the use of CloudFlare the server response time can be delayed around 0,7s, which is quite a lot, considering we want the maximum performance. Instead we will just make use of CloudFlare's fast DNS network.


    Open up PuTTY and enter your servers IP. By default the SSH port will be set to 22. Once you entered your password and successfully logged in, its recommended to change the SSH port.
    To achieve this I recommend running the following commands:

    apt-get update && apt-get upgrade
    apt-get install nano
    nano /etc/ssh/sshd_config

    Check out for the line writing:

    Port 22

    Change it to a number like 198 for example. Once edited hit Ctrl+X. Confirm with Y.
    Now you need to restart SSH:

    service ssh restart

    Thats the most basic security I do recommend. Of course there are more practices like Fail2Ban, Firewalls and so on. However, this guide is directed at beginners and covers the most basic commands to admin a server.

    Between, did you noticed how we updated our sources and upgraded our system with the first command? Neat.


    By default Ubuntu Server might have a couple of useless crap installed which will be blocking in our use case. To remove it run the following commands:

    apt-get remove httpd* apache* nginx* mysql* php*
    apt-get purge httpd* apache* nginx* mysql* php*

    All clean and ready to use. Now we can start setting up our own webserver.
    As you might have heard there are plenty webservers. The two most commonly used ones are NGINX and Apache.
    Unfortunately I have encountered webmasters still using Apache in 2017. NGINX is far more efficient and performant.
    Therefore, the choice is quite easy. However, we won't install NGINX over the apt repo. Instead we will build it from source.

    But why? Isn't it harder to setup? Sure it is, but at the same time we will add some goodies to our NGINX version.
    One of them will be Google PageSpeed. Yep, TLSv1.3 will be supported as well.
    Our goal is maximum performance at maximum stability and security. Lets go for it.
    Lets first clone some of the required modules and also install some libraries.
    Before doing so, we will install git, since we are going to need this later when installing NodeBB.

    apt-get install git

    General deps necessary for compiling:

    apt-get install build-essential zlib1g-dev libpcre3 libpcre3-dev unzip uuid-dev

    Now we can start compiling NGINX!

    unzip v${NPS_VERSION}.zip
    nps_dir=$(find . -name "*pagespeed-ngx-${NPS_VERSION}" -type d)
    cd "$nps_dir"
    [ -e scripts/ ] && psol_url=$(scripts/ PSOL_BINARY_URL)
    wget ${psol_url}
    tar -xzvf $(basename ${psol_url})  # extracts to psol/
    tar -xvzf openssl-${OPENSSL_VERSION}.tar.gz
    tar -xvzf nginx-${NGINX_VERSION}.tar.gz
    cd nginx-${NGINX_VERSION}/
    ./configure --add-module=$HOME/$nps_dir ${PS_NGX_EXTRA_FLAGS} \
    --prefix=/usr/local/nginx \
    --sbin-path=/usr/local/sbin/nginx \
    --conf-path=/etc/nginx/nginx.conf \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --pid-path=/run/ \
    --lock-path=/run/lock/subsys/nginx \
    --with-openssl=/root/openssl-${OPENSSL_VERSION} \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_stub_status_module \
    --with-http_gzip_static_module \
    --without-mail_pop3_module \
    --without-mail_imap_module \
    make install

    Please note that Google PageSpeed, OpenSSL and NGINX might update from time to time. Therefore I recommend checking them for updates regularly.
    To update NGINX or any of the modules you just want to rerun the above commands with their respective version numbers. Afterwards you just restart NGINX.

    Well, thats it. Almost. Now we need to be able to start and stop NGINX and also let it auto boot.
    To achieve this we will create a script:

    nano /lib/systemd/system/nginx.service

    Paste this into it:

    Description=The NGINX HTTP and reverse proxy server
    ExecStartPre=/usr/local/sbin/nginx -t
    ExecReload=/bin/kill -s HUP $MAINPID
    ExecStop=/bin/kill -s QUIT $MAINPID

    Close with Ctrl+X, confirm with Y.
    Reload systemd services:

    systemctl daemon-reload

    Enable NGINX on boot:

    systemctl enable nginx

    You can now verify whether or not NGINX is running by entering:

    service nginx status

    Starting NGINX manually can be done with:

    service nginx start

    Congrats on your succesful setup. Next we will install a Database system.


    Before even thinking about NodeBB, we will install a classical SQL database server for later use, e.g. WordPress or Ghost.
    Lets pick MariaDB. Instead of posting the instructions here, I recommend checking out this link:

    Everything is explained there.

    Now lets get onto NodeBB. Instead of MongoDB, we will skip into the future and go with Redis. Super fast, super simple.

    tar xzf redis-${REDIS_VERSION}.tar.gz
    cd redis-${REDIS_VERSION}
    make install
    cd utils

    Follow the on screen instructions and configure the vars to your desired option.
    By default the service name will be redis_6379.

    Assuming your redis.conf is in /etc/redis/redis.conf, you want to make sure its bound to
    If not uncomment the line.
    Also be sure to use a password for authentication. Search for requirepass and replace the default password.
    Please be sure to give this article a quick read as well:

    Especially the tipps with "renaming" should be considered to prevent data being manipulated by a 3rd party.

    You are done now.


    Instead of old fashioned, RAM hungry PHP-FPM, we will go for HHVM. A drop-in PHP replacement.

    apt-get update
    apt-get install software-properties-common apt-transport-https
    apt-key adv --recv-keys --keyserver hkp:// 0xB4112585D386EB94
    apt-get update
    apt-get install hhvm
    sudo update-rc.d hhvm defaults

    Running HHVM in socket mode gives a little extra performance.
    Replace the entire content of /etc/hhvm/server.ini with this:

    ; php options
    expose_php = 0
    pid = /run/hhvm/pid
    ; hhvm specific
    # hhvm.server.port = 9000
    hhvm.server.type = fastcgi
    hhvm.server.default_document = index.php
    hhvm.log.use_log_file = true
    hhvm.log.file = /var/log/hhvm/error.log
    hhvm.repo.central.path = /run/hhvm/hhvm.hhbc

    Restart hhvm:

    service hhvm restart

    To get HHVM running with NGINX, check out the configs attached.


    Installing NodeJS will be even easier.
    All you need to run is:

    curl -sL${NODE_VERSION}.x | sudo -E bash -
    sudo apt-get install -y nodejs



    You can now start installing NodeBB after the docs. As seen in my configs, I have got my NodeBB install running in /home/web/mydomainname.tld/.
    Adjust it to wherever you feel comfortable with.


    To use ads you need to have Google DFP. Once you entered all your ads and placed the ads on your site, you need to open up the public/src/ajaxify.js.
    Look out for this:

    function renderTemplate(url, tpl_url, data, callback) {

    Right before the function is about to close add this little piece of code:


    Don't forget to rebuild NodeBB.



    PageSpeed can either be run by using Memcached or Redis. Since we do not want Redis to fed up, we will go for Memcache:

    apt-get install memcached

    Also be sure to raise its memory limit. To achieve this edit /etc/memcached.conf and change the given paramteres to your liking.
    Once completed be sure to restart memcached by using service memcached restart.

    Congrats to your stack.

    Sample NGINX configs

  • Reserved.


    • Add details about CloudFlare ON/OFF Performance
    • Add Let's Encrypt guide
    • Comment config files
    • Add further security tipps
    • Add list of basic commands

  • Hi #AOKP

    I was following your guide down to the letter but got stuck at

    make install

    My server spat out this error

    ./configure: error: Brotli library is missing from the /root/brotli/deps/brotli directory.  Please make sure that the git submodule has been checked out:      cd /root/brotli && git submodule update --init && cd /root/nginx-1.13.3

    What have I dont wrong?

  • Gamers

    I think this is a good tutorial, and will prove useful to many users! However, I have some remarks that I'll list below.


    What has DNS to do with a stack? Not a lot, thats right, but as in my previous guide we will target the maximum possible performance. Therefore, we will also try to reduce the DNS resolving time.
    To achieve this we will route our domain through CloudFlare. Just sign up and follow the instructions. Once done be sure to have DISABLED CloudFlare in the DNS settings (grey clouds).

    But why? Due to the use of CloudFlare the server response time can be delayed around 0,7s, which is quite a lot, considering we want the maximum performance. Instead we will just make use of CloudFlare's fast DNS network.

    Depending on the scale you want to deploy the server on, cloudflare can actually be a good idea. Especially if you're afraid of DDoS attacks. There are basically three "modes" that you can choose from

    1. The mode in which you do not use anything of cloudflare, which you suggest.
    2. The mode in which you use cloudflare to cache static assets, but route websockets through your own server. This can be achieved by setting the parts in config.json. This does not save you from DDoS attacks, as the origin server can be found quite easily. This is the mode that I would recommend.
    3. Use cloudflare as websocket proxy. This secures you from DDoS attacks and works fine. This mode has a lot of cons, because cloudflare can kill the websocket connections without any specific reason, and you have the cloudflare proxy delay that you're considering. I would recommend this for small-scale sites only.


    Change it to a number like 1990 for example. Once edited hit Ctrl+X. Confirm with Y.

    Auts. This is not secure. Besides the "security by obscurity" arguments that this insecure, there are also practical objections with this port. Any port >1024 can be hijacked by any user on the box, whereas ports <1024 are reserved for the system/root user. So if you want to change the port (because you may believe that it's actually secure), keep it <1024!

    I always recommend to keep the SSH service at port 22 (as this is designed for it). For security, you can install fail2ban and set up a SSH keypair authentication instead of password authentication. Also: If your host gives you a root password, the first thing you should do is changing it!


    Now lets get onto NodeBB. Instead of MongoDB, we will skip into the future and go with Redis. Super fast, super simple.

    MongoDB has a future as well, and the benefits of redis over mongo.

    Again, great tutorial!

  • I'm just researching nodeBB at the moment. Your very recent full stack setup guide is definitely a point toward nodeBB!

    That said, I thought it was written in node, so why install PHP?

  • @fish its actually telling you what to run 😉
    Nonetheless, thanks for this addition. I added it to the guide.

    CloudFlare is absolutely needless, if you go with OVH/Online.
    Especially OVH provides one of the best Anti-DDoS protection free of any charge.
    In my almost 5 years being (Alexa <75K), I only suffered a DDoS attack once. Usually attackers want to get the host down, rarely a specific site itself. So better choose a good server provider and you will be fine.

    Using CloudFlare as a cache is not always the best thing to do. A lot of my users reported slow loading times, whenever CloudFlare caching was enabled. PageSpeed is the nonplusultra for maximum performance.

    About the ports. I agree on that one, almost forgot about it.
    However, I clearly advice changing your port number from 22, because the first thing an attacker will do is to check the standard ports for "easy access".

    Because you maybe want to use WordPress for your articles and NodeBB as a commenting system or whatever else.
    This guide targets on setting up a complete stack, which allows you to do pretty much everything.

  • GNU/Linux

    @aokp Nginx:

    {anonymous}::ps_preaccess_handler(ngx_http_request_t*)': /root/ngx_pagespeed- error: 'ngx_http_core_try_files_phase' was not declared in this scope while (ph[i + 1].checker != ngx_http_core_try_files_phase && ^ objs/Makefile:1439: recipe for target 'objs/addon/src/ngx_pagespeed.o' failed make[1]: *** [objs/addon/src/ngx_pagespeed.o] Error 1 make[1]: Leaving directory '/root/nginx-1.13.4' Makefile:11: recipe for target 'install' failed make: *** [install] Error 2 root@server2:~#

  • GNU/Linux

    I would REALLY appreciare if you can make an auto install shell script.

  • @kenygamer never going to happen. Additionally, use your brain, the software named here is no longer up to date. Thererfore, check the sources and links given in the guide. You can find the latest versions through the help of Google just in case.

    Please be so kind and stop messaging me as well. There is no chance that I am going to fix things up for you, no matter if paid or unpaid. If you try to contact me again by any means, I will take further legal actions. This is my very last warning for you and therefore I pledge you take it serious.

    • Removed Brotli
    • Updated all the instructions and configs on GitHub


| |