|
|
@@ -0,0 +1,121 @@
|
|
|
+H2P strapi
|
|
|
+==========
|
|
|
+
|
|
|
+# install strapi
|
|
|
+
|
|
|
+all variable in CAPS must be replaced by your values
|
|
|
+
|
|
|
+## domain
|
|
|
+create a DOAMIN.LTD name pointing to the serveurIP
|
|
|
+
|
|
|
+## mysql
|
|
|
+```
|
|
|
+mysql -u -p
|
|
|
+mysql> create database YOURDBNAME;
|
|
|
+mysql> create user 'YOURUSER'@'localhost' identified by 'YOURPASSWORD';
|
|
|
+mysql> grant all privileges on YOURDBNAME.* to 'YOURUSER'@'localhost';
|
|
|
+mysql> flush privileges;
|
|
|
+mysql> exit;
|
|
|
+
|
|
|
+## strapi deployement
|
|
|
+
|
|
|
+### strapi global install (only once)
|
|
|
+```
|
|
|
+npm install -g strapi@beta
|
|
|
+; or
|
|
|
+npm update -g
|
|
|
+```
|
|
|
+
|
|
|
+### strapi occurence deployement
|
|
|
+
|
|
|
+#### create project
|
|
|
+```
|
|
|
+cd /var/www/
|
|
|
+strapi new YOURPROJECTNAME #don't choose quick start
|
|
|
+cd YOURPROJECTNAME
|
|
|
+npm run build
|
|
|
+```
|
|
|
+#### configure project
|
|
|
+in config/environments/development/server.json change port to any available port
|
|
|
+
|
|
|
+#### launch project
|
|
|
+```shell
|
|
|
+NODE_ENV=development pm2 start strapi --no-pmx --name="YOURPROJECTNAME" -- develop
|
|
|
+```
|
|
|
+use pm2 to manage your instance
|
|
|
+
|
|
|
+## nginx
|
|
|
+
|
|
|
+### letsencrypt
|
|
|
+```shell
|
|
|
+certbot certonly --standalone -d YOURDOMAIN.LTD --cert-name YOURDOMAIN.LTD
|
|
|
+mkdir -p /etc/nginx/ssl/certs/YOURDOMAIN.LTD
|
|
|
+openssl dhparam -out /etc/nginx/ssl/certs/YOURDOMAIN.LTD/dhparam.pem 2048
|
|
|
+```
|
|
|
+
|
|
|
+### nginx
|
|
|
+create an YOURDOMAIN.LTD.conf file in /etc/nginx/conf.d
|
|
|
+```nginx
|
|
|
+server {
|
|
|
+ listen 80;
|
|
|
+ server_name YOURDOMAIN.TLD;
|
|
|
+ return 301 https://$server_name$request_uri;
|
|
|
+}
|
|
|
+
|
|
|
+server {
|
|
|
+ listen 443 ssl;
|
|
|
+ listen [::]:443 ssl;
|
|
|
+
|
|
|
+ server_name YOURDOMAIN.TLD;
|
|
|
+
|
|
|
+ charset utf-8;
|
|
|
+
|
|
|
+ location / {
|
|
|
+ proxy_pass http://localhost:YOURCUSTOMPORT;
|
|
|
+ proxy_http_version 1.1;
|
|
|
+ proxy_set_header Upgrade $http_upgrade;
|
|
|
+ proxy_set_header Connection 'upgrade';
|
|
|
+ proxy_set_header Host $host;
|
|
|
+ proxy_cache_bypass $http_upgrade;
|
|
|
+
|
|
|
+ #proxy_set_header X-Forwarded-Host $custom_forwarded_host;
|
|
|
+ #proxy_set_header X-Forwarded-Server $host;
|
|
|
+ #proxy_set_header X-Real-IP $remote_addr;
|
|
|
+ #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
+ #proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
+ }
|
|
|
+
|
|
|
+ location = /favicon.ico { access_log off; log_not_found off; }
|
|
|
+ location = /robots.txt { access_log off; log_not_found off; }
|
|
|
+
|
|
|
+ access_log on;
|
|
|
+ #error_log /var/www/YOURPROJECTNAME/log/error.log;
|
|
|
+
|
|
|
+ sendfile off;
|
|
|
+
|
|
|
+ client_max_body_size 100m;
|
|
|
+
|
|
|
+ #SSL Certificates
|
|
|
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
|
+ ssl_certificate "/etc/letsencrypt/live/YOURDOMAIN.LTD/fullchain.pem";
|
|
|
+ ssl_certificate_key "/etc/letsenc8ypt/live/YOURDOMAIN.LTD/privkey.pem";
|
|
|
+ ssl_dhparam /etc/nginx/ssl/certs/YOURDOMAIN.LTD/dhparam.pem;
|
|
|
+ # ssl_session_cache shared:SSL:1m;
|
|
|
+ ssl_session_timeout 10m;
|
|
|
+ ssl_ciphers HIGH:!aNULL:!MD5;
|
|
|
+ #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
|
|
|
+ ssl_prefer_server_ciphers on;
|
|
|
+
|
|
|
+ add_header Strict-Transport-Security "max-age=31536000;
|
|
|
+ #includeSubDomains" always;
|
|
|
+
|
|
|
+
|
|
|
+ location ~ /\.ht {
|
|
|
+ deny all;
|
|
|
+ }
|
|
|
+
|
|
|
+ # website should not be displayed inside a <frame>, an <iframe> or an <object>
|
|
|
+ add_header X-Frame-Options SAMEORIGIN;
|
|
|
+
|
|
|
+}
|
|
|
+```
|
