Hosting a Verdaccio NPM Registry on Hetzner Cloud Part 3: nginx

Hosting a Verdaccio NPM Registry on Hetzner Cloud Part 3: nginx

To follow along here you're going to need a (sub-)domain you want to use to access your Verdaccio NPM Registry. I already have a tobbe.dev domain, so I used a subdomain for this, pistachio.tobbe.dev, and pointed it to my new server IP.

Login and update

If you've followed along with Part 1 and Part 2 your server should be secure. Let's make sure it's also up to date!

pistachio@verdaccio:~$ sudo apt-get update && sudo apt-get upgrade

Answer Yes if/when it asks if you want to continue

If it asks about your sshd_config file, you want to keep your locally modified version. Press Tab to highlight <Ok> and then press Enter to continue

Following that it might ask about daemons using outdated libraries. Again, press Tab to highlight <Ok> and then press Enter to continue.

nginx installation

pistachio@verdaccio:~$ sudo apt install nginx

Again, it might ask you about daemons using outdated libraries. Select all of them and then continue

Remember that firewall we configured before? It's blocking access to nginx, so we need to update its config.

pistachio@verdaccio:~$ sudo ufw app list
Available applications:
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH

You might be tempted to go with HTTPS only, but we need HTTP to be able to verify our SSL setup later. Plus we will tell nginx to redirect all HTTP traffic to HTTPS, so we're going to allow "Nginx Full".

pistachio@verdaccio:~$ sudo ufw allow 'Nginx Full'
Rule added
Rule added (v6)

Check the firewall status

pistachio@verdaccio:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

You should now be able to access your web server in your browser by going to http://<IP-address>

Depending on your domain/DNS you might also be able to access it using http://your.domain.tld but since I'm using a .dev top level domain (TLD) I can't, because they require SSL

SSL

Certbot will manage our SSL certificates.

pistachio@verdaccio:~$ sudo apt install certbot python3-certbot-nginx
pistachio@verdaccio:~$ sudo certbot --nginx -d pistachio.tobbe.dev

And this is the output you want

Let's take a look at the default nginx config

pistachio@verdaccio:~$ sudo less /etc/nginx/sites-available/default

You'll see a bunch of lines with # managed by Certbot at the end. Those were added thanks to the --nginx command line option we used when we ran the certbot command. The file is a bit messy with commented config, indentation a bit all over the place etc. But we'll create our own config soon, and make sure to clean it up so it's easier to follow along with what's going on.

For now we should just make sure it all works by going to https://pistachio.tobbe.dev in our web browser.

Conclusion

This was a pretty short part. We installed nginx and configured it to use SSL. We also verified that we could now access our web server using https. We'll come back to the nginx config, but first we need to install Verdaccio, and that's exactly what we'll do in the next part of this guide.


Cover Photo by Taylor Vick on Unsplash