Almost finished with Azure guide

Signed-off-by: Derrick Mehaffy <derrickmehaffy@gmail.com>
2025-09-02 21:32:43 +00:00 · 2020-04-09 00:02:50 -07:00 · 2020-04-09 00:02:50 -07:00 · 503fa9ebab
commit 503fa9ebab
parent 6e70f0d3b5
1 changed files with 304 additions and 2 deletions
--- a/docs/3.0.0-beta.x/deployment/azure.md
+++ b/docs/3.0.0-beta.x/deployment/azure.md
@ -11,9 +11,9 @@ This is a step-by-step guide for deploying a Strapi project to [Azure](https://a

 You will want to use an Azure Virtual Machine for Strapi deployments, the Azure web-app (IIS) deployments are not recommended.

-#### 1. Log in to your [Azure Portal](https://portal.azure.com/#home).
+#### 1. Log in to your [Azure Portal](https://portal.azure.com/#home)

-#### 2. Create a VM by clicking on `Create a resource`.
+#### 2. Create a VM by clicking on `Create a resource`

 #### 3. Basics

@ -95,3 +95,305 @@ Once you have finished verifying your config hit the `Create` button. It may tak
 These next steps will help you set up a production server and setup a non-root service account for managing your Strapi instance. You will need the administrator account you created previously and the public IP listed on your resource page.

 #### 1. SSH to your Administrator account created previously
+
+You will use the admin user created previously as well as the SSH key you added to your Azure account. For Linux/Mac users you can use your terminal, likewise for Windows users you can use the built -in SSH tool in Powershell or use an SSH client like Putty.
+
+```bash
+ssh yourAdminUser@yourAzureVMPublicIP
+
+# ssh strapiAdmin@10.0.0.1
+```
+
+#### 2. Updating packages and installing dependencies
+
+After you login via SSH we need to update the container and install any packages that Strapi may need. The following packages have been identified to be required to run Strapi on Ubuntu 18.04 LTS:
+
+- libpng-dev
+- build-essential
+- nodejs (v12 thus we will use an external apt repo)
+- yarn (optional but recommended)
+
+First we need to update existing packages, you will use the apt package manager to do this:
+
+```bash
+sudo apt update
+sudo apt upgrade -y
+```
+
+After the updates have installed, we will move on to installing required dependencies from the existing apt repos before we add any additional ones:
+
+```bash
+sudo apt install libpng-dev build-essential -y
+```
+
+For Node.js it is recommended you use the [official source](https://github.com/nodesource/distributions/blob/master/README.md#debinstall), per the instructions we will use the following commands:
+
+```bash
+curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
+sudo apt install nodejs -y
+```
+
+Likewise for Yarn we will use the instructions from the [Yarn documentation](https://classic.yarnpkg.com/en/docs/install/#debian-stable):
+
+```bash
+curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
+echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
+
+sudo apt update
+sudo apt install yarn -y
+```
+
+To verify you have everything installed properly you can run the following:
+
+```bash
+node -v && npm -v && yarn -v
+```
+
+This should print out the versions of each.
+
+#### 3. Creating the Strapi service user and creating/cloning your project
+
+A service user is defined as a user who has limited permissions and access, this user typically does not have access to `sudo` nor can modify anything else on the system.
+
+We will create the service user with a disabled login to ensure it cannot be accessed via SSH.
+
+```bash
+sudo adduser --shell /bin/bash --disabled-login --gecos "" --quiet strapi
+```
+
+We will be making the `/srv/strapi` directory to hold our project. From here we can either create a new project or clone an existing one from say a Github or Gitlab repository. For private repositories, you will likely need to setup additional SSH keys and access.
+
+First we will make the directory, then we will give the `strapi` service user access to read/write.
+
+```bash
+sudo mkdir /srv/strapi
+sudo chown strapi:strapi /srv/strapi
+```
+
+#### 4. Choosing and installing a database
+
+Strapi will need a database in order to save data to, you have multiple options for this.
+
+- Using Azure managed databases
+- Installing a database on this virtual machine
+- Using SQLite on this virtual machine (does not require any additional software)
+
+For Azure managed databases you can use the following:
+
+- Azure Cosmos DB (Not officially supported, but has an option for MongoDB based API)
+- Azure Database for MySQL
+- Azure Database for PostgreSQL
+- Azure Database for MariaDB
+
+Likewise you can use any of the following installed locally on the virtual machine:
+
+- MongoDB >= 3.6
+- MySQL >= 5.6
+- MariaDB >= 10.1
+- PostgreSQL >= 10
+- SQLite >= 3
+
+In our example we will be using MariaDB 10.4 LTS using the MariaDB apt repo. Per the [documentation](https://downloads.mariadb.org/mariadb/repositories/#distro=Ubuntu&distro_release=bionic--ubuntu_bionic&mirror=digitalocean-sfo&version=10.4) we will use the following commands:
+
+```bash
+sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
+sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu bionic main'
+
+sudo apt update
+sudo apt install mariadb-server-10.4 -y
+```
+
+Then we will need to create our Strapi database, database user, and grant the user access. We will need to enter a MySQL shell to perform these commands. MariaDB 10.4+ no longer has a root password and instead the root user is granted access via `sudo`
+
+```bash
+sudo mysql -u root
+```
+
+You should now see the following prompt `MariaDB [(none)]>`, this is the MySQL shell that allows us to give commands to the MariaDB server.
+
+```bash
+# Create the database
+create database strapi_dev;
+
+# Create the database user
+create user strapi@localhost identified by 'mysecurepassword';
+
+# Grant the database user permissions
+grant all privileges on strapi_dev.* to strapi@localhost;
+
+# Flush Privileges to reload the grant tables
+FLUSH PRIVILEGES;
+
+# Exit the MySQL shell
+exit
+```
+
+And we now have everything we need to create/start our Strapi project.
+
+### Creating or cloning our Strapi Project
+
+If you are cloning a project from Git your configuration steps may be different depending on how you store private information such as database information, JWT secret keys, and various other secrets. In our case we will be creating a new project.
+
+#### 1. Create the new project
+
+You will first need to change users into the service user created previously, and change directories to the service directory
+
+```bash
+# Change users
+sudo su strapi
+
+# Change directory
+cd /srv/strapi
+```
+
+Now we can use Yarn to create our project, this **does not** require you to install any global packages much like npx.
+
+```bash
+yarn create strapi-app mystrapiapp
+```
+
+This will bring you to an interactive command shell to enter the following information:
+
+- **Choose your installation type** - Custom (manual settings)
+- **Choose your default database client** - mysql
+- **Database name** - `strapi_dev`
+- **Host** - Keep the default of `127.0.0.1`
+- **Port** - Keep the default of `3306`
+- **Username** - `strapi`
+- **Password** - `mysecurepassword`
+- **Enable SSL connection** - Keep the default of `N`
+
+Yarn will now install the project and install all the Node.js dependencies, we can now change directory again and start the project.
+
+```bash
+# Change directory
+cd mystrapiapp
+
+# Temporary start (will build the Admin panel)
+yarn develop
+```
+
+Now you should be able to access your Strapi application on the public IP of your virtual machine via the default Strapi port of `1337`. Naturally if we close the SSH session the Strapi server will also be killed so we need to run it as a service.
+
+#### 2. Modifying configurations to be more secure
+
+By default Strapi will write the previous database settings in plain text to the `/srv/strapi/mystrapiapp/config/environments/development/database.json` file, and if you plan on pushing your project into Git you will not want these to be present. Thankfully Strapi can parse environment variables in JSON files.
+
+If we edit the above file using `nano` we can replace a few key settings:
+
+```bash
+nano /srv/strapi/mystrapiapp/config/environments/development/database.json
+```
+
+Using the following example we will remove any private information:
+
+```json
+{
+  "defaultConnection": "default",
+  "connections": {
+    "default": {
+      "connector": "bookshelf",
+      "settings": {
+        "client": "mysql",
+        "database": "${process.env.DB_NAME}",
+        "host": "${process.env.DB_HOST}",
+        "port": "${process.env.DB_PORT}",
+        "username": "${process.env.DB_USER}",
+        "password": "${process.env.DB_PASS}"
+      },
+      "options": {}
+    }
+  }
+}
+```
+
+This now allows us to set the private database information using environment variables. Likewise we will want to do the same for the JWT (JSON Web Token) secret key located in `/srv/strapi/mystrapiapp/extensions/users-permissions/config/jwt.json`
+
+Again using nano we will replace the secret key (do remember to take note of the generated one as we will need it later).
+
+```json
+{
+  "jwtSecret": "${process.env.JWT_SECRET}"
+}
+```
+
+#### 3. Installing PM2 and running Strapi as a service
+
+Now we will install [PM2](https://pm2.keymetrics.io/docs/usage/quick-start/) to run Strapi as a service, and using the PM2 ecosystem config file we can define our environment variables.
+
+::: tip
+Using the lifecycle file **is not** required and is entirely optional, you can instead define your environment variables via the CLI
+:::
+
+Using Yarn, we will install PM2 globally, and adjust our `.bashrc` file to allow us to use global Yarn packages:
+
+```bash
+# Install PM2
+yarn global add pm2
+
+# Edit our ~/.bashrc file for global Yarn packages
+nano ~/.bashrc
+```
+
+You will want to paste the following **at the end** of the `.bashrc file:
+
+```
+export PATH="$PATH:$(yarn global bin)"
+```
+
+From here you can either exit the service user and log back in for the changes to take effect or simply run:
+
+```bash
+source ~/.bashrc
+```
+
+And we will create our `ecosystem.config.js` using the `pm2 init` command, you should run this in your Strapi project directory
+
+```bash
+# Create the ecosystem file
+pm2 init
+```
+
+You should get the message `File /srv/strapi/mystrapiapp/ecosystem.config.js generated`, lets go ahead and edit this file using `nano` and add our config settings.
+
+```bash
+nano /srv/strapi/mystrapiapp/ecosystem.config.js
+```
+
+Replace the boilerplate information with something like the following:
+
+```js
+module.exports = {
+  apps: [
+    {
+      name: 'strapi-dev',
+      cwd: '/srv/strapi/mystrapiapp',
+      script: 'npm',
+      args: 'run develop',
+      env: {
+        NODE_ENV: 'development',
+        DB_HOST: 'localhost',
+        DB_PORT: '5432',
+        DB_NAME: 'strapi_dev',
+        DB_USER: 'strapi',
+        DB_PASS: 'mysecurepassword',
+        JWT_SECRET: '54265f24-b1e3-472a-a005-f681a905488f',
+      },
+    },
+  ],
+};
+```
+
+Then use the following command to start the Strapi service:
+
+```bash
+pm2 start ecosystem.config.js
+```
+
+### Optional additions
+
+#### 1. Securing your virtual machine with a firewall
+
+#### 2. Installing a proxy for SSL
+
+#### 3. File upload providers