How to build a secure VPS environment using NGINX and PM2

How to use NGINX and PM2 to build a secure VPS environment

With the popularity of the Internet, VPS (Virtual Private Server) has become the preferred deployment for many websites and applications environment. However, security issues are becoming increasingly important. In this article, we will discuss how to use NGINX and PM2 to build a secure VPS environment and provide specific code examples.

NGINX is a fast, high-performance HTTP and reverse proxy server that can help us achieve load balancing and protect servers from malicious attacks. PM2 is a modern Node.js application process manager that can ensure that our Node.js application always runs stably on the server.

The following are the specific steps to build a secure VPS environment:

1. Install NGINX
   First, we need to install NGINX on the VPS. For specific installation steps, please refer to NGINX official documentation. After the installation is complete, we need to configure the security parameters by editing the NGINX configuration file.

2. Configuring HTTPS
   The HTTPS protocol ensures secure communication between websites and applications. We can implement HTTPS using free Let's Encrypt certificates. First, we need to install the Certbot tool and apply for and renew certificates through it.

   sudo apt-get install certbot 
   sudo certbot certonly --nginx

   This command will automatically configure the certificate using the NGINX plugin.

3. Configuring a reverse proxy
   Reverse proxies can provide additional security and performance benefits. We can use NGINX as a reverse proxy server to forward requests to the Node.js application running on PM2. The following is an example NGINX configuration file:

   server {
       listen 80;
       server_name example.com;
   
       location / {
           proxy_pass http://localhost:3000;  # 此处的3000是Node.js应用程序的端口
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection 'upgrade';
           proxy_set_header Host $host;
           proxy_cache_bypass $http_upgrade;
       }
   }

   This configuration file forwards all requests from example.com to the Node.js application running on localhost.

4. Configuring the firewall
   The firewall is a key part of protecting the server from malicious attacks. We can use UFW (Uncomplicated Firewall) to configure firewall rules.

   sudo ufw allow OpenSSH  # 允许SSH访问
   sudo ufw allow 'Nginx HTTP'  # 允许HTTP访问
   sudo ufw enable  # 启用防火墙

   Using the above commands, we can allow SSH and HTTP access, and enable the firewall to filter and block other bad connections.

5. Use PM2 to manage Node.js applications
   PM2 can ensure that our Node.js application is always running stably on the server and automatically starts and monitors the application. The following are sample commands for managing applications using PM2:

   pm2 start app.js --name myapp  # 启动应用程序
   pm2 list  # 查看当前运行的应用程序
   pm2 restart myapp  # 重启应用程序

   PM2 provides many more commands and features that can be changed and customized according to your needs.

Through the above steps, we can use NGINX and PM2 to build a secure VPS environment. Of course, this is just a basic configuration example, you can modify and improve it according to your specific needs. Please make sure to read the relevant documentation carefully and follow the best security practices when using it.

The above is the detailed content of How to build a secure VPS environment using NGINX and PM2. For more information, please follow other related articles on the PHP Chinese website!