To follow along here you're going to need a (sub-)domain you want to use to access your Verdaccio NPM Registry. I already have a tobbe.dev domain, so I used a subdomain for this, pistachio.tobbe.dev, and pointed it to my new server IP.
Login and update
If you've followed along with Part 1 and Part 2 your server should be secure. Let's make sure it's also up to date!
pistachio@verdaccio:~$ sudo apt-get update && sudo apt-get upgrade
Answer Yes if/when it asks if you want to continue
If it asks about your sshd_config file, you want to keep your locally modified version. Press Tab to highlight <Ok> and then press Enter to continue
Following that it might ask about daemons using outdated libraries. Again, press Tab to highlight <Ok> and then press Enter to continue.
nginx installation
pistachio@verdaccio:~$ sudo apt install nginx
Again, it might ask you about daemons using outdated libraries. Select all of them and then continue
Remember that firewall we configured before? It's blocking access to nginx, so we need to update its config.
pistachio@verdaccio:~$ sudo ufw app list
Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
You might be tempted to go with HTTPS only, but we need HTTP to be able to verify our SSL setup later. Plus we will tell nginx to redirect all HTTP traffic to HTTPS, so we're going to allow "Nginx Full".
pistachio@verdaccio:~$ sudo ufw allow 'Nginx Full'
Rule added
Rule added (v6)
Check the firewall status
pistachio@verdaccio:~$ sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
You should now be able to access your web server in your browser by going to http://<IP-address>
Depending on your domain/DNS you might also be able to access it using http://your.domain.tld but since I'm using a .dev top level domain (TLD) I can't, because they require SSL
SSL
Certbot will manage our SSL certificates.
pistachio@verdaccio:~$ sudo apt install certbot python3-certbot-nginx
pistachio@verdaccio:~$ sudo certbot --nginx -d pistachio.tobbe.dev
And this is the output you want
Let's take a look at the default nginx config
pistachio@verdaccio:~$ sudo less /etc/nginx/sites-available/default
You'll see a bunch of lines with # managed by Certbot
at the end. Those were added thanks to the --nginx
command line option we used when we ran the certbot
command. The file is a bit messy with commented config, indentation a bit all over the place etc. But we'll create our own config soon, and make sure to clean it up so it's easier to follow along with what's going on.
For now we should just make sure it all works by going to https://pistachio.tobbe.dev in our web browser.
Conclusion
This was a pretty short part. We installed nginx and configured it to use SSL. We also verified that we could now access our web server using https. We'll come back to the nginx config, but first we need to install Verdaccio, and that's exactly what we'll do in the next part of this guide.
Cover Photo by Taylor Vick on Unsplash