{"id":13990377,"url":"https://github.com/JamesTheHacker/nodejs-server-ansible-playbook","last_synced_at":"2025-07-22T12:32:05.658Z","repository":{"id":143948960,"uuid":"95657590","full_name":"JamesTheHacker/nodejs-server-ansible-playbook","owner":"JamesTheHacker","description":"NodeJS server provisioning and application deployment using Ansible: HAProxy, Let's Encrypt, HTTPS, Secure Firewall ...","archived":false,"fork":false,"pushed_at":"2017-07-11T16:28:30.000Z","size":7,"stargazers_count":40,"open_issues_count":0,"forks_count":8,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-08-09T13:17:17.573Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JamesTheHacker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-06-28T10:30:57.000Z","updated_at":"2023-07-24T19:35:11.000Z","dependencies_parsed_at":"2024-01-18T04:17:02.645Z","dependency_job_id":"9018c51f-4b1d-405e-b42e-31b4dcb1f187","html_url":"https://github.com/JamesTheHacker/nodejs-server-ansible-playbook","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesTheHacker%2Fnodejs-server-ansible-playbook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesTheHacker%2Fnodejs-server-ansible-playbook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesTheHacker%2Fnodejs-server-ansible-playbook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JamesTheHacker%2Fnodejs-server-ansible-playbook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JamesTheHacker","download_url":"https://codeload.github.com/JamesTheHacker/nodejs-server-ansible-playbook/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227089666,"owners_count":17729520,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-09T13:02:38.960Z","updated_at":"2024-11-29T09:31:17.299Z","avatar_url":"https://github.com/JamesTheHacker.png","language":null,"funding_links":[],"categories":["Others"],"sub_categories":[],"readme":"# NodeJS Server: Digital Ocean Ansible Playbook\n\n![Network Architecutre](https://cdn-images-1.medium.com/max/800/1*TvGvibYBKv3bfMHAUrhJKg.png)\n\n**Deploy a NodeJS application to Digital Ocean with ease!** Don't have a Digital Ocean account? [Get one here and get $10 free](https://m.do.co/c/dde4646baa31) (enough to pay for 2 servers for a month).\n\nThis play will set up a single server that is well suited to small/medium NodeJS applications on Digital Ocean. I use this same playbook for setting A/B testing for my marketing campaigns and have used it on servers that recieve large traffic loads without any issues.\n\nThe playbook is an extension to a [tutorial I write](https://codeburst.io/building-a-nodejs-web-server-with-haproxy-and-lets-encrypt-on-debian-stretch-2fbf16cfba3a) on setting up a small production ready secure NodeJS server. It performs exactly the same tasks detailed in my tutorial, except it automates the entire process using Ansible.\n\n## Feautres:\n\n* NodeJS 8\n* HAProxy\n* Automatic application deployment\n* Let's Encrypt dns-01 domain verification and certificate renewal\n* Daemonized NodeJS application using `systemd`\n* Secured Firewall (Only ports 22, 80 and 443 are open)\n\n## How It Works\n\nIn this playbook the node application lives under `/var/www`. The default entry point for the application is `/var/www/server.js`. If your entry point differs this can be changed in `group_vars/all.yml`.\n\nI use `haproxy` to act like a revere proxy that load balances 3 instances of `server.createServer`, each running on port `5001`, `5002` and `5003` respectively. Ideally your application should do the same to avoid having to make configuration changes to `haproxy.j2` and `nodeapp.j2`. If you know what you're doing and would like to make modifications for a more advanced architecture you will need to edit `roles/templates/haproxy.j2` and `roles/templates/nodeapp.j2`.\n\nHTTPS is enabled by default. SSL/TLS certificates are provided by Let's Encrypt using `dns-01` and auto certificate renewal.\n\n## Prequisites\n\n* Ansible 2.4\n* A Digital Ocean account\n* A domain name\n\nThis playbook requires Ansible version 2.4. As of writing this is currently the development version. For instructions on installing 2.4 [see here](http://docs.ansible.com/ansible/intro_installation.html#running-from-source).\n\n## Configuring Playbook\n\nBefore running the playbook a couple of configuration options need to be set. Configuration options are stored in `group_vars/all.yml`. An example configuration is below:\n\n\n```\n# Domain name for your application\ndomain: yourdomain.com\n\n# Git repository for your NodeJS application\napp_repo: https://github.com/JamesTheHacker/nodebox-testapp\n\n# Application entry point\nentry_point: server.js\n\n# Digital Ocean API key\napi_token: 308ddfb93a32a22ef222de98496e981ef247d5c1f6fe17d76d8f9db30a7d5f23\n\n# SSH key id (fingerprint) to existing SSH key on Digital Ocean\nssh_key_id: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx\n\n# Unprivileged username and password\nuser: web\nuser_pass: ChangeThisPasswordToSomethingSecure\n\n# Your email address. Required for Let's Encrypt\nemail: your@email.com\n\n# 2 character country code. Required for Let's Encrypt\ncountry: GB\n```\n\n**Variables** \n\n* `domain:`: Set this to the domain name you want to link to the application. Do not include `www.`. Before running the playbook update the domains nameservers to: `ns1.digitalocean.com`, `ns2.digitalocean.com` and `ns3.digitalocean.com`.\n* `app_repo`: The playbook will automatically clone an application from a git repository (Github, Bitbucket etc).\n* `entry_point`: Entry point for your NodeJS application\n* `api_token`: Set this to your Digital Ocean API token. You can generate a token [here](https://cloud.digitalocean.com/settings/api/tokens).\n* `ssh_key_id`: This should contain the SSH fingerprint from Digital Ocean. You can find the fingerprint [here](https://cloud.digitalocean.com/settings/security)\n* `user`: Unprivilaged username\n* `password`: Unprivilaged user password\n* `email`: A valid email address. Required for Let's Encrypt\n* `country`: 2 digit country code. Required for Let's Encrypt\n\n**Note:** I recommend using [Vault](http://docs.ansible.com/ansible/playbooks_vault.html) to encrypt `all.yml` to ensure passwords are not stored in plain text.\n\n## Go!\n\nSetting up the server and deploying your application is simple! Once you've set the required configuration variables simple run the following:\n\n    cd nodejs-server-ansible-playbook\n    ansible-playbook playbook.yml\n\nIf all runs successfully you should now be able to visit your domain in the browser and see your application running :)\n\n## Help and Support\n\nIf you have an problems please file an issue. You can also catch me in the `#ansible` channel on freenode (username `jj15`), or tweet me at [@JamesTheHaxor](http://twitter.com/JamesTheHaxor)\n\n## Contributions\n\nI'm human, and mistakes/errors/issues happen. If you would like to fix any issues, or improve this playbook please submit a pull request and I will happily merge :)\n\n## Shoutouts\n\nI'd like to thank my good friend [@Radar](https://twitter.com/MichaelCRaeder) for his help and support. I would also like to thank the amazing people in the `#ansible` channel for answering my numerous questions. You guys are awesome!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJamesTheHacker%2Fnodejs-server-ansible-playbook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FJamesTheHacker%2Fnodejs-server-ansible-playbook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJamesTheHacker%2Fnodejs-server-ansible-playbook/lists"}