-
Notifications
You must be signed in to change notification settings - Fork 0
Debian 8 Jessie VPS VM Home Installation with NGINX Let's Encrypt SSL Cert (develop branch)
This guide will walk you through setting up PokemonGo-Map on:
- Debian 8 Jessie
- On your home server
- On a VPS with SSH/root access
##Debian 8 Setup
###Initial Set up
-
Get your Debian 8 Jessie Server Set up
-
Update your system
sudo apt-get update && sudo apt-get upgrade
- If
sudo
doesn't work, install it!apt-get install sudo
- If
-
Secure your VPS: https://www.linode.com/docs/security/securing-your-server
-
Install required/optional software:
- Required
- git-core
apt-get install git-core
- python / python-pip / python-ev
sudo apt-get install python python-pip python-dev
- nodejs
sudo apt-get install nodejs nodejs-legacy npm
- grunt-cli
npm install grunt-cli -g
- node-sass
npm install node-sass
- git-core
- Optional
-
nginx (https://github.com/AHAAAAAAA/PokemonGo-Map/wiki/nginx-Reverse-Proxy)
- Download the key
wget http://nginx.org/keys/nginx_signing.key
- Install the key
sudo apt-key add nginx_signing.key
- Add the repository to your
sources.list
-
Edit with your favourite text editor
sudo nano /etc/apt/sources.list
deb http://nginx.org/packages/mainline/debian/ jessie nginx #change jessie to the version of debian you're using deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
-
CTRL+X to exit/save
-
- Update repositories
sudo apt-get update
- Install nginx
sudo apt-get install nginx
- Download the key
-
Certbot (https://certbot.eff.org/#debianjessie-nginx)
- Add
deb http://ftp.debian.org/debian jessie-backports main
tosources.list
to add backports repository sudo apt-get update
sudo apt-get install certbot -t jessie-backports
- Add
-
mariadb (MySQL) - https://downloads.mariadb.org/mariadb/repositories/ and download mariaDB
sudo apt-get install software-properties-common sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db sudo add-apt-repository 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/debian jessie main' sudo apt-get update sudo apt-get install mariadb-server
-
- Required
-
Clone the PokemonGo-Maps
- Create a directory for web stuff
mkdir /var/www
- Change to newly created directory
cd /var/www
- Clone PokemonGo-Maps develop branch
git clone https://github.com/AHAAAAAAA/PokemonGo-Map.git --branch develop
- If you want to clone to a specific directory, add it to the end e.g.
git clone https://github.com/AHAAAAAAA/PokemonGo-Map.git --branch develop YOURdirectoryNAME
- If you want to clone to a specific directory, add it to the end e.g.
- Create a directory for web stuff
-
Install requirements
- Change to PokemonGo-Maps directory
cd /var/www/PokemonGo-Maps
pip intsall -r requirements --upgrade
- Change to PokemonGo-Maps directory
-
Set up npm, run grunt
- In the PokemonGo-Maps directory, run
npm install
- Then
grunt build
- In the PokemonGo-Maps directory, run
-
Set up MySQL/MariaDB Server
- Login to your MySQL DB
mysql -p
- Enter your password if you set one
- Create the DB
CREATE DATABASE pokemongomapdb;
- Quit the MySQL command line tool
quit
- Login to your MySQL DB
-
Set up
config.ini
OR run it using runtime arguments-
config.ini set up
-
nano config/config.ini.example
-
MySQL settings are:
# Database settings #db-type: mysql # sqlite (default) or mysql #db-host: 127.0.0.1 # required for mysql #db-name: pokemongomapdb; # required for mysql #db-user: yourUserName probably root # required for mysql #db-pass: yourPassword # required for mysql
-
Make necessary changes, then CTRL+X to exit, and when it prompts for file name change it to
config.ini
(without the.example
) -
Test run your server
python runserver.py
-
-
runtime arguemnts
-
python runserver.py -l "Some Address" - k YourGoogleMapsAPIKey -H 0.0.0.0 -P 80 -a ptc OR google -u username -p password --db-type mysql --db-name pokemongomapdb --db-user root --db-pass
yourDBpassword - This will run the server and EXPOSE it to the internet. You can now access the server by going to
http://YourExternalIPAddress
(assuming you're not behind a firewall/router) - stop the server by pressing CTRL+C
-
-
This is optional, but it allows you to easily add a SSL certificate and allow you to run multiple separate instances of PokemonGo-Maps and serve them on port 80 using different domains
-
Run your PokemonGo-Map on some random port, or the default 5000
nohup python runserver.py -l "Some Address" - k YourGoogleMapsAPIKey -H 127.0.0.1 -P 5000 -a ptc OR google -u username -p password --db-type mysql --db-name pokemongomapdb --db-user root --db-pass yourDBpassword
- now your server is running in the background at
http://127.0.0.1:5000
- you can confirm this by running
curl http://127.0.0.1:5000
-
Configure NGINX
- Modify the
default.conf
. Sample config below#This is for a server running on port 80 - we want this for getting the Let's Encrypt Certificate server { listen 80; server_name www.SomeDomain.com; #This if for getting your Let's Encrypt Certificate location /.well-known/acme-challenge { default_type "text/plain"; root /var/www/certbot; } #This forces all requests from your webserver to go from HTTP to HTTPS location / { return 301 https://$host$request_uri; } } #This is for running our SSL PokemonGo-Maps server server { listen 443 ssl http2; server_name www.SomeDomain.com; #Same server_name as above #The two lines below ssl_certificate/ssl_certificate_key are commented out #until you get your certificate #After you run certbot, you will replace the location below #ssl_certificate /etc/letsencrypt/live/www.SomeDomain.com/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/www.SomeDomain.com/privkey.pem; #Explanation Here on SSL Settings https://cipherli.st/ ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling on; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; #This passes all requests from www.SomeDomain.com to your PokemonGo-Maps server you started earlier on Port 5000 location / { proxy_pass http://127.0.0.1:5000/; proxy_redirect off; include loc-settings; #Explanation here: https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html tcp_nodelay on; tcp_nopush off; sendfile on; #Explanation here: https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; proxy_buffering off; proxy_set_header Accept-Encoding ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto $scheme; add_header Front-End-Https on; } #error pages error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } }
- Modify the
-
Restart your NGINX server
sudo service nginx restart
-
Test your nginx server
- You should be able to access your maps by going to
http://www.SomeDomain.com/
- You should be able to access your maps by going to
-
Add your certificate
-
Create the certbot director
mkdir /var/www/certbot
-
Make sure nginx has access to the certbot directory
chown -R nginx:nginx /var/www/certbot
-
Request a certificate with certbot
certbot certonly --webroot -w /var/www/certbot -d www.SomeDomain.com
-
If everything ran correctly, you should get message like this:
Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/www.SomeDomain.com/fullchain.pem. Your cert will expire on 2016-XX-YY. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew all of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
-
Update your nginx with the new certificate by commenting out the two certificate lines
-
Restart nginx
sudo service nginx restart
-
-
Done! You should now have a fully running PokemonGo-Maps server using MariaDB (MySQL) running behind NGINX with a Let's Encrypt SSL Certificate