Setting up Node.js server on Oracle Cloud Ubuntu 20.04

  1. Install Node.js
  2. Configure Networking
  3. Update firewall settings
  4. Optimize System Resources
  5. Run the server with pm2
  6. Configure Nginx as a reverse proxy
  7. Install Nginx
  8. Enable HTTPS
    1. Update Security List to allow 443 port
    2. Update iptables
    3. Configure Nginx
    4. Update DNS server

Install Node.js

  1. Update the System:
1
2
sudo apt update
sudo apt upgrade -y
  1. Install Node.js:
1
2
3
4
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
nvm install 22
nvm use 22
corepack enable
  1. Verify the installation:
1
2
3
node -v
npm -v
yarn -v

Configure Networking

By default, Node.js runs on port 3000. Open this port in the Oracle Cloud Security List:

  1. Go to Networking > Virtual Cloud Networks.
  2. Select your VCN and click Security Lists.
  3. Add an ingress rule for port 3000 (or your custom port):
    • Stateless: Checked
    • Source Type: CIDR
    • Source CIDR: 0.0.0.0/0
    • IP Protocol: TCP
    • Source port range: (leave-blank)
    • Destination Port Range: 3000

Update firewall settings

The Ubuntu firewall is disabled by default. However, you still need to update your iptables configuration to allow HTTP traffic. Update iptables with the following commands.

1
2
3
4
sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
sudo netfilter-persistent save

The commands add a rule to allow HTTP traffic and saves the changes to the iptables configuration files.

Optimize System Resources

Increase Swap Space

1
2
3
4
5
sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Edit /etc/sysctl.conf to optimize memory and network:

1
2
3
vm.swappiness = 10
vm.vfs_cache_pressure = 50
net.core.somaxconn = 4096

Apply the change:

1
sudo sysctl -p

Limit the memory used by Node.js:

1
export NODE_OPTIONS="--max-old-space-size=512"

Run the server with pm2

Install PM2 Globally:

1
yarn global add pm2

Start the Application with PM2:

1
pm2 start yarn --name "your-app-name" -- start

Verify the Application Status:

1
pm2 status

Restart the application:

1
pm2 restart your-app-name

Stop the application:

1
pm2 stop your-app-name

View application logs:

1
pm2 logs your-app-name

Configure Nginx as a reverse proxy

1
sudo apt install nginx

Install Nginx

1
sudo apt install nginx

Create a new configuration file for your application:

1
2
cd /etc/nginx/sites-available/
sudo vim your_app_name

Add the following configuration:

1
2
3
4
5
6
7
8
9
10
11
12
13
server {
    listen 80;
    server_name your_domain_or_IP;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Enable the configuration by creating a symbolic link:

1
sudo ln -s /etc/nginx/sites-available/your_app_name /etc/nginx/sites-enabled/

Test the Nginx configuration for syntax errors:

1
sudo nginx -t

If the test is successful, restart Nginx to apply the changes:

1
sudo systemctl restart nginx

Enable HTTPS

Update Security List to allow 443 port

Edit Ingress Rule

  • Stateless: Checkek
  • Source Type: CIDIR
  • Source CIDR: 0.0.0.0/0
  • IP Protocol: TCP
  • Source Port Range: (blank)
  • Destination Port Range: 443

Save changes.

Update iptables

1
2
sudo iptables -I INPUT 6 -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo netfilter-persistent save

Configure Nginx

Open /etc/nginx/sites-available/your_app_name and Add the following:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/nginx/ssl/self-signed.crt;
    ssl_certificate_key /etc/nginx/ssl/self-signed.key;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Generate a self-signed certificate: (We are going to use the SSL provided by Cloudflare, so the cerficiate here can be self-signed.)

1
2
3
4
sudo mkdir -p /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/nginx/ssl/self-signed.key \
  -out /etc/nginx/ssl/self-signed.crt

Automatically redirect HTTP to HTTPS:

Open /etc/nginx/sites-available/your_app_name and Add the following:

1
2
3
4
5
server {
    listen 80;
    server_name yourdomain.com;
    return 301 https://$host$request_uri;
}

Restart Nginx:

1
sudo systemctl restart nginx

Update DNS server

Add a subdomain on CloudFlare to point to your Ubuntu server.

  • Go to the DNS section.
  • Click Add Record.
  • Fill in the following details:
    • Type: A (for IPv4)
    • Name: Enter your subdomain.
    • IPv4 Address: Enter the IP address of your server (for A record).
    • Proxy status: Toggle the orange cloud to enable Cloudflare’s proxy (recommended for SSL and performance).
  • Click Save.

Enable SSL with Cloudflare

  • Go to the SSL/TLS Section: In your Cloudflare dashboard, go to SSL/TLS.
  • Set SSL Mode to Full.