readme.md 3.0 KB

H2P strapi

install strapi

all variable in CAPS must be replaced by your values

domain

create a DOAMIN.LTD name pointing to the serveurIP

mysql

mysql -u -p
mysql> create database YOURDBNAME;
mysql> create user 'YOURUSER'@'localhost' identified by 'YOURPASSWORD';
mysql> grant all privileges on YOURDBNAME.* to 'YOURUSER'@'localhost';
mysql> flush privileges;
mysql> exit;

strapi deployement

strapi global install (only once)

npm install -g strapi@beta
; or
npm update -g

strapi instance deployement

create project

cd /var/www/
strapi new YOURPROJECTNAME #don't choose quick start
cd YOURPROJECTNAME
npm run build

configure project

in config/environments/development/server.json change port to any available port

launch project

NODE_ENV=development pm2 start strapi --no-pmx --name="YOURPROJECTNAME" -- develop

use pm2 to manage your instance

nginx

letsencrypt

certbot certonly --standalone -d YOURDOMAIN.LTD --cert-name YOURDOMAIN.LTD
mkdir -p /etc/nginx/ssl/certs/YOURDOMAIN.LTD
openssl dhparam -out /etc/nginx/ssl/certs/YOURDOMAIN.LTD/dhparam.pem 2048

nginx

create an YOURDOMAIN.LTD.conf file in /etc/nginx/conf.d

server {
  listen 80;
  server_name YOURDOMAIN.TLD;
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name YOURDOMAIN.TLD;

  charset utf-8;

  location / {
    proxy_pass http://localhost:YOURCUSTOMPORT;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;

    #proxy_set_header X-Forwarded-Host $custom_forwarded_host;
    #proxy_set_header X-Forwarded-Server $host;
    #proxy_set_header X-Real-IP $remote_addr;
    #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #proxy_set_header X-Forwarded-Proto $scheme;
  }

  location = /favicon.ico { access_log off; log_not_found off; }
  location = /robots.txt  { access_log off; log_not_found off; }

  access_log on;
  #error_log /var/www/YOURPROJECTNAME/log/error.log;

  sendfile off;

  client_max_body_size 100m;

  #SSL Certificates
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_certificate "/etc/letsencrypt/live/YOURDOMAIN.LTD/fullchain.pem";
  ssl_certificate_key "/etc/letsenc8ypt/live/YOURDOMAIN.LTD/privkey.pem";
  ssl_dhparam /etc/nginx/ssl/certs/YOURDOMAIN.LTD/dhparam.pem;
  # ssl_session_cache shared:SSL:1m;
  ssl_session_timeout 10m;
  ssl_ciphers HIGH:!aNULL:!MD5;
  #ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers  on;

  add_header Strict-Transport-Security "max-age=31536000;
  #includeSubDomains" always;


  location ~ /\.ht {
    deny all;
  }

  # website should not be displayed inside a <frame>, an <iframe> or an <object>
  add_header X-Frame-Options SAMEORIGIN;

}

test it

nginx -t

restart it

service nginx restart