Starting Linux for Windows developers
I kept one foot in the Windows world as long as I could. It's impressive how many of the new technologies such as Node.js can run on Windows. Perhaps you have other Windows legacy systems, or you're limited to an existing supported Windows environment. I used to have both of these considerations.
As you start to work more with Node.js and many other emerging web technologies, you will begin to realize how much better and easier they work together when implemented in a Linux environment. Also, a majority of the helpful documentation and tutorials you find will assume you're doing things "the Linux way."
You don't need to be a Linux administrator to securely and reliably develop and host your own Linux solutions. Let's go through the process of provisioning a new Linux Virtual Machine (VM), accessing the server, setting up basic security and users, and get up to speed copying files to/from the server.
Development- For this example, I assume you develop on a Mac. You can work from Windows using a tool like PuTTY, but moving to Apple is nice because 1) the Unix-based OS helps your Linux skills, 2) most Linux tools and libraries have Mac versions, 3) the Mac terminal is nicer to use, and 4) Sublime Text 3 supports retina displays ;)
(Plus, it's the perfect excuse to get a shiny new MacBook Pro!)
Creating a Linux Virtual Server
Sign up for an account at DigitalOcean and create a new Linux "droplet." I'm using Ubuntu 13.10 x64 for this example. (If you plan to plan to network multiple VM's together via a private connection, use NYC2 for a location and enable Private Networking.)
Why DigitOcean? I agree with Jeedo's sentiments, as I also express here.
- Note: Once your droplet is created, DigitalOcean will email you your new server connection info.
Accessing and updating the server
Setting up your server to authenticate using SSH keys is considered more secure, but I find it adds confusion when you're trying to learn and creating/destroying a bunch of VM's. So just
ssh into the server as a user. You will, however, want to lock down the server to improve security and improve manageability and reliability.
A good reason do these lock down steps when you first get started is because it slightly changes the process of accessing your server and configuring your deployment process.
Terminal and basic commands- The Mac terminal has a lot of pretty themes. Find terminal in your Applications/Utilities folder and drag it to your Dock for easy access. Some quick tips:
- Open new "tabs" (Shell -> New Tab) to run multiple sessions at the same time. Standardize on using certain themes for certain servers or functions... for example, I always use Homebrew theme for sessions on my local Mac, Novel for remote VM sessions, and Grass for MySQL sessions. This can go a long way to help keep you sane.
up arrowwill bring back your last command. Press again and again to get prior commands. Nice.
- When referencing a file name in a command, type the first few letters and then
tabto autofill the rest. If there are multiple matched, (it fills as much as it can) type another letter or so, and
tabagain to fill the rest.
- Your "home" directory is represented by the
cd ~/will take you to your home folder. So it is quite helpful to keeop your main project directories right off of your home folder.
The bread and butter:
cdwill change directory, as in
cd ~/myproject. For Windows users it takes a little time to used to back slashes instead of forward slashes. Up one level is
pwdwill Present your current Working Directory - very handy.
mkdir newdirectorynamewill create a new directory at your current location
lswill list the directory files.
ls -awill show all including hidden files that start with a
ls -lshows files in a list - along with permissions and file size.
- Directories can have one or more
.in them. If a file or directory starts with a
.it will be hidden. Use
ls -ato see them.
cat filenamewill write out the contents of filename.
cat > filenamewill sit there and wait for you to type or paste text in what you want to write into filename. Use
cat >> filenameto append the text. The single
>will overwrite the file with your new content. Use
ctrl-dwhen you are done typing or pasting the text to finish. Using copy and paste, this becomes a very fast way to move small files contents around.
rm filenamedeletes a file
rmdir directorynamedeletes an empty directory
rm -rf directorynamedeletes a directory and all files and subdirectories in it
tailfilename will write out the last few lines of that file - great got log files you want to peek at. Use
-n 500to see the last 500 lines. Use
-fand it will sit there and write anything out that hits the file in real time. Example:
tail /var/log/node.log -n 500 -fUse
cp filename anotherfilenamecopies filename to a new anotherfilename
mv filename newfilenamewill rename/move the file from filename to newfilename
ssh lets you connect to your virtual server and run a session there. Use the info DigitalOcean emailed you to connect, such as:
Then type in the password they sent you when prompted. If you have a domain name pointed to that IP address, you can just
ssh email@example.com as well.
You may be asked if you want to continue to connect, just enter
yes as follows, and then enter your password from the email:
MacBook-Pro:~ sean$ ssh firstname.lastname@example.org The authenticity of host '184.108.40.206 (220.127.116.11)' can't be established. RSA key fingerprint is c2:5d:e5:d0:f5:43:d8:52:73:22:fd:b6:7e:e3:ca:34. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '18.104.22.168' (RSA) to the list of known hosts. email@example.com's password: root@nodeden:~#
root@nodeden:~# promt above shows us we're logged into the nodeden machine as root. (nodeden is what I set up as the host name when I created the droplet at DigitalOcean.) The
~ means we're in root's home directory. A quick
pwd shows is we are indeed in
Package Managers- One of the first important Linux lessons I learned when moving from Windows is how critically important package management systems are. I was initially impressed with Node's NPM package manager, but when I started to use Ubuntu's package management and Mac's Homebrew, I realized that I could not work in this new world without leveraging package managers. (A full week battle trying to manually install and build GraphicsMagick on my Mac and Linux server was replaced with one command!)
Updating Ubuntu- Once you have ssh'd into your new server as root, run these commands one at a time to upgrade Ubuntu's packages and OS using the package manager:
apt-get update apt-get upgrade apt-get dist-upgrade
"update" will update Ubuntu's package definitions, "upgrade" will upgrade the packages, and "dist-upgrade" will do any potentially more major updates that could require a server restart.
Basic Linux user management
root is the "super user" account. You will need to be
root to do certain things, but it's important to set up a new account that will generally administer the server. This will also allow you to disable
root from being able to ssh into the server - a great security improvement.
Change the root user password- Even once you disable root and create a new administrative user, you will need the root password to get root access. Log in as root and run the
passwd command to reset the root password to something you can remember and type.
Create a new user to administer the server- You can call this user anything you want:
Enter in a password for this user, and the user's name. You can enter blanks for the other questions. Now add the new user to the
usermod -aG sudo myadmin
sudo group has the ability to run most root level commands. Once your administrative user is in the sudo group, you can log in as this user and use
sudo before commands run that command with root level access. You can also change your user to "become" root using
su -, which means "substitute user root." You can become any user using su if you know the password. So when logged in as root, run
su myadmin to become myadmin. Note:
exit will return you back to the user you where when you ran
To test your new user, logout of the server using
exitand then ssh as the new user:
ssh firstname.lastname@example.org. Important- make sure you can
su -to get to root from this user, since we are about to disable the root ssh login. Also remember to use the new root user password you set up above!
Disable root ssh login
ssh into your server as root. To disable the ability for anyone to ssh as root, edit the sshd_config file using the vi editor:
Here is a nice overview on using vi to edit files: Basic vi Commands
Basically, use the down arrow to get to the line:
Arrow to the right to put the cursor on the "y". Now press the
i key to enter insert mode. Then you can type "no" and use the right/left arrow keys and the delete key to delete the "yes". The line should now look like this:
Now use the
esc key to get out of insert mode. Type the
: key to get to the command line at the bottom of the vi editor and type
wq! and then
return which means, "write the file, quit, and ! don't complain on exit." (Yes, vi takes a bit to get used to.)
Now before we can test the change, we need to restart the ssh service:
Now log off using
exit and try to ssh to your server as root. It should fail. To log in, just ssh as the administrator user you created, then you can
su - to become root whenever you need.
Note: There are some commands and tasks you can not accomplish using only
sudo, sometimes you must
su -to become root. I find it best to try everything using
sudofirst, then fall back to
su -as root when required. This helps your learn what tasks you must use root for.
Change the ssh port
ssh runs on port 22 by default. There are many debates about whether it is more or less secure to move it to a different port to gain security through obscurity. I choose to change it to limit the endless attacks you will see in your auth.log. With ssh moved to a different port, it's much easier to review the auth.log to review potential attacks. It's not essential, but if you want to change your ssh port:
Change to root
su - and edit the sshd_config file:
Just change the line right near the top where it sets the port number:
# What ports, IPs and protocols we listen for Port 22
Use any open port over 1024 and below 65537. Save your update and restart ssh using
exit and try to ssh again. It should fail. Now here is how you ssh using a different port, such as 50231 in this case:
ssh email@example.com -p 50231
Key Ubuntu directories and logs
It helps to understand where things are and what patterns other developers follow. Different technology platforms have their own somewhat standard/expected approaches. Newer technologies can mix and match these standards. For basic use, I have found the following few items to be helpful:
- Note that each system user gets a home directory. When you ssh, you start out in the user's home directory - the
~points to this home directory when you are logged in as a given user. So when I ssh as myadmin, I start off in
- The root user home directory is
- If you plan to use a Git deployment process, create a user called
gitwho will have permissions to push app updates to the server and deploy them to production. Leverage the git user's home directory and keep the git repository directory there to make the git url simple.
- Key logs are in
tail auth.log -n 500 -fReview auth.log - security access
- Nginx will have a directory for logs here
- You can log your node apps here
- /var refers to "variable" because these files can grow a lot and need to be managed/archived.
Copy files to/from your server
scp to Secure CoPy files.
scp allows you to specify your ssh logon credentials along with the server path. For example, let's copy a database backup file from the DigitalOcean VM to my local Mac development machine:
scp firstname.lastname@example.org:/home/myadmin/backup.sql /Users/sean/myproject/backup.sql
If you have moved your ssh port, you need to jump through the extra hoop of applying the
-P argument to use the correct port:
scp -P 50231 email@example.com:/home/myadmin/backup.sql /Users/sean/myproject/backup.sql
You can also copy files from your laptop to the server as well:
scp -P 50231 /Users/sean/myproject/backup.sql firstname.lastname@example.org:/home/myproject/backup.sql
For a full introduction and index to this blog: Node.js: One New Approach
Next post I will talk about Setting up a Node.js website.