Skip to content

Debian 8 Jessie VPS VM Home Installation with NGINX Let's Encrypt SSL Cert (develop branch)

Jump to bottom Edit New page
pir2 edited this page Aug 4, 2016 · 1 revision

This guide will walk you through setting up PokemonGo-Map on:

  • Debian 8 Jessie
  • On your home server
  • On a VPS with SSH/root access

##Debian 8 Setup

###Initial Set up

  1. Get your Debian 8 Jessie Server Set up

  2. Update your system sudo apt-get update && sudo apt-get upgrade

    • If sudo doesn't work, install it! apt-get install sudo

  3. Secure your VPS: https://www.linode.com/docs/security/securing-your-server

  4. Install required/optional software:

    • Required
      • git-core apt-get install git-core
      • python / python-pip / python-ev sudo apt-get install python python-pip python-dev
      • nodejs sudo apt-get install nodejs nodejs-legacy npm
      • grunt-cli npm install grunt-cli -g
      • node-sass npm install node-sass
    • Optional

      • nginx (https://github.com/AHAAAAAAA/PokemonGo-Map/wiki/nginx-Reverse-Proxy)

        • Download the key wget http://nginx.org/keys/nginx_signing.key
        • Install the key sudo apt-key add nginx_signing.key
        • Add the repository to your sources.list

          • Edit with your favourite text editor sudo nano /etc/apt/sources.list

             deb http://nginx.org/packages/mainline/debian/ jessie nginx #change jessie to the version of debian you're using
 deb-src http://nginx.org/packages/mainline/debian/ jessie nginx

          • CTRL+X to exit/save

        • Update repositories sudo apt-get update
        • Install nginx sudo apt-get install nginx

      • Certbot (https://certbot.eff.org/#debianjessie-nginx)

        • Add deb http://ftp.debian.org/debian jessie-backports main to sources.list to add backports repository
        • sudo apt-get update
        • sudo apt-get install certbot -t jessie-backports

      • mariadb (MySQL) - https://downloads.mariadb.org/mariadb/repositories/ and download mariaDB

         sudo apt-get install software-properties-common
 sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
 sudo add-apt-repository 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/debian jessie main'
 sudo apt-get update
 sudo apt-get install mariadb-server

  5. Clone the PokemonGo-Maps

    • Create a directory for web stuff mkdir /var/www
    • Change to newly created directory cd /var/www
    • Clone PokemonGo-Maps develop branch git clone https://github.com/AHAAAAAAA/PokemonGo-Map.git --branch develop
      • If you want to clone to a specific directory, add it to the end e.g. git clone https://github.com/AHAAAAAAA/PokemonGo-Map.git --branch develop YOURdirectoryNAME

  6. Install requirements

    • Change to PokemonGo-Maps directory cd /var/www/PokemonGo-Maps
    • pip intsall -r requirements --upgrade

  7. Set up npm, run grunt

    • In the PokemonGo-Maps directory, run npm install
    • Then grunt build

  8. Set up MySQL/MariaDB Server

    • Login to your MySQL DB mysql -p
    • Enter your password if you set one
    • Create the DB CREATE DATABASE pokemongomapdb;
    • Quit the MySQL command line tool quit

  9. Set up config.ini OR run it using runtime arguments

    • config.ini set up

      • nano config/config.ini.example

      • MySQL settings are:

         # Database settings
 #db-type: mysql        # sqlite (default) or mysql
 #db-host: 127.0.0.1              # required for mysql
 #db-name: pokemongomapdb;              # required for mysql
 #db-user: yourUserName probably root              # required for mysql
 #db-pass: yourPassword              # required for mysql

      • Make necessary changes, then CTRL+X to exit, and when it prompts for file name change it to config.ini (without the .example)

      • Test run your server python runserver.py

    • runtime arguemnts

      • python runserver.py -l "Some Address" - k YourGoogleMapsAPIKey -H 0.0.0.0 -P 80 -a ptc OR google -u username -p password --db-type mysql --db-name pokemongomapdb --db-user root --db-pass yourDBpassword
      • This will run the server and EXPOSE it to the internet. You can now access the server by going to http://YourExternalIPAddress (assuming you're not behind a firewall/router)
      • stop the server by pressing CTRL+C

Set up NGINX to reverse proxy to your PokemonGo-Maps server

This is optional, but it allows you to easily add a SSL certificate and allow you to run multiple separate instances of PokemonGo-Maps and serve them on port 80 using different domains

  1. Run your PokemonGo-Map on some random port, or the default 5000

    • nohup python runserver.py -l "Some Address" - k YourGoogleMapsAPIKey -H 127.0.0.1 -P 5000 -a ptc OR google -u username -p password --db-type mysql --db-name pokemongomapdb --db-user root --db-pass yourDBpassword
    • now your server is running in the background at http://127.0.0.1:5000
    • you can confirm this by running curl http://127.0.0.1:5000

  2. Configure NGINX

    • Modify the default.conf. Sample config below 
       #This is for a server running on port 80 - we want this for getting the Let's Encrypt Certificate
 server {
 	listen       80;
 	server_name  www.SomeDomain.com;

 	#This if for getting your Let's Encrypt Certificate
 	location /.well-known/acme-challenge {
 		default_type "text/plain";
 		root /var/www/certbot;
 		}

 	#This forces all requests from your webserver to go from HTTP to HTTPS
 	location / {
 	return      301 https://$host$request_uri;
 		}

 	}

 #This is for running our SSL PokemonGo-Maps server
 server {

 	listen 443 ssl http2;
 	server_name www.SomeDomain.com; #Same server_name as above

 	#The two lines below ssl_certificate/ssl_certificate_key are commented out
 	#until you get your certificate
 	#After you run certbot, you will replace the location below 
 	#ssl_certificate   /etc/letsencrypt/live/www.SomeDomain.com/fullchain.pem;
 	#ssl_certificate_key  /etc/letsencrypt/live/www.SomeDomain.com/privkey.pem;
 	
 	#Explanation Here on SSL Settings https://cipherli.st/
 	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 	ssl_prefer_server_ciphers on;
 	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
 	ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
 	ssl_session_cache shared:SSL:10m;
 	ssl_session_tickets off; # Requires nginx >= 1.5.9
 	ssl_stapling on; # Requires nginx >= 1.3.7
 	ssl_stapling_verify on; # Requires nginx => 1.3.7
 	resolver 8.8.8.8 8.8.4.4 valid=300s;
 	resolver_timeout 5s;
 	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
 	add_header X-Frame-Options DENY;
 	add_header X-Content-Type-Options nosniff;


 	#This passes all requests from www.SomeDomain.com to your PokemonGo-Maps server you started earlier on Port 5000
 	location / {
 		proxy_pass http://127.0.0.1:5000/;
 		proxy_redirect off;
 		include loc-settings;
 		
 		#Explanation here: https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html
 		tcp_nodelay on;
 		tcp_nopush off;
 		sendfile on;
 		
 		#Explanation here: https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching
 		proxy_next_upstream             error timeout invalid_header http_500 http_502 http_503 http_504;
 		proxy_buffering                 off;
 		proxy_set_header                Accept-Encoding "";
 		proxy_set_header                Host    $host;
 		proxy_set_header                X-Real-IP       $remote_addr;
 		proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
 		proxy_set_header                X-Forwarded-Proto https;
 		proxy_set_header                X-Forwarded-Proto       $scheme;
 		add_header                      Front-End-Https on;
 		}

 	#error pages
 	error_page   500 502 503 504  /50x.html;
 	location = /50x.html {
 		root   /usr/share/nginx/html;
 		}

 	}
 }

  3. Restart your NGINX server sudo service nginx restart

  4. Test your nginx server

    • You should be able to access your maps by going to http://www.SomeDomain.com/

  5. Add your certificate

    • Create the certbot director mkdir /var/www/certbot

    • Make sure nginx has access to the certbot directory chown -R nginx:nginx /var/www/certbot

    • Request a certificate with certbot certbot certonly --webroot -w /var/www/certbot -d www.SomeDomain.com

    • If everything ran correctly, you should get message like this:

       Congratulations! Your certificate and chain have been saved at
 /etc/letsencrypt/live/www.SomeDomain.com/fullchain.pem. Your cert will expire on 2016-XX-YY.
 To obtain a new or tweaked version of this certificate in the
 future, simply run certbot-auto again. To non-interactively renew
 all of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

 Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
 Donating to EFF: https://eff.org/donate-le

    • Update your nginx with the new certificate by commenting out the two certificate lines

    • Restart nginx sudo service nginx restart

  6. Done! You should now have a fully running PokemonGo-Maps server using MariaDB (MySQL) running behind NGINX with a Let's Encrypt SSL Certificate

Add a custom footer

Go to pgm.readthedocs.io

Clone this wiki locally