Debian 8 Jessie VPS VM Home Installation with NGINX Let's Encrypt SSL Cert (develop branch)

This guide will walk you through setting up PokemonGo-Map on:

• Debian 8 Jessie
• On your home server
• On a VPS with SSH/root access

##Debian 8 Setup

###Initial Set up

1. Get your Debian 8 Jessie Server Set up

2. Update your system sudo apt-get update && sudo apt-get upgrade

   • If sudo doesn't work, install it! apt-get install sudo

3. Secure your VPS: https://www.linode.com/docs/security/securing-your-server

4. Install required/optional software:

   • Required
     • git-core apt-get install git-core
     • python / python-pip / python-ev sudo apt-get install python python-pip python-dev
     • nodejs sudo apt-get install nodejs nodejs-legacy npm
     • grunt-cli npm install grunt-cli -g
     • node-sass npm install node-sass
   • Optional

     • nginx (https://github.com/AHAAAAAAA/PokemonGo-Map/wiki/nginx-Reverse-Proxy)

       • Download the key wget http://nginx.org/keys/nginx_signing.key
       • Install the key sudo apt-key add nginx_signing.key
       • Add the repository to your sources.list

         • Edit with your favourite text editor sudo nano /etc/apt/sources.list

            deb http://nginx.org/packages/mainline/debian/ jessie nginx #change jessie to the version of debian you're using
            deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
           

         • CTRL+X to exit/save

       • Update repositories sudo apt-get update
       • Install nginx sudo apt-get install nginx

     • Certbot (https://certbot.eff.org/#debianjessie-nginx)

       • Add deb http://ftp.debian.org/debian jessie-backports main to sources.list to add backports repository
       • sudo apt-get update
       • sudo apt-get install certbot -t jessie-backports

     • mariadb (MySQL) - https://downloads.mariadb.org/mariadb/repositories/ and download mariaDB

        sudo apt-get install software-properties-common
        sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
        sudo add-apt-repository 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/debian jessie main'
        sudo apt-get update
        sudo apt-get install mariadb-server
       

5. Clone the PokemonGo-Maps

   • Create a directory for web stuff mkdir /var/www
   • Change to newly created directory cd /var/www
   • Clone PokemonGo-Maps develop branch git clone https://github.com/AHAAAAAAA/PokemonGo-Map.git --branch develop
     • If you want to clone to a specific directory, add it to the end e.g. git clone https://github.com/AHAAAAAAA/PokemonGo-Map.git --branch develop YOURdirectoryNAME

6. Install requirements

   • Change to PokemonGo-Maps directory cd /var/www/PokemonGo-Maps
   • pip intsall -r requirements --upgrade

7. Set up npm, run grunt

   • In the PokemonGo-Maps directory, run npm install
   • Then grunt build

8. Set up MySQL/MariaDB Server

   • Login to your MySQL DB mysql -p
   • Enter your password if you set one
   • Create the DB CREATE DATABASE pokemongomapdb;
   • Quit the MySQL command line tool quit

9. Set up config.ini OR run it using runtime arguments

   • config.ini set up

     • nano config/config.ini.example

     • MySQL settings are:

        # Database settings
        #db-type: mysql        # sqlite (default) or mysql
        #db-host: 127.0.0.1              # required for mysql
        #db-name: pokemongomapdb;              # required for mysql
        #db-user: yourUserName probably root              # required for mysql
        #db-pass: yourPassword              # required for mysql
       

     • Make necessary changes, then CTRL+X to exit, and when it prompts for file name change it to config.ini (without the .example)

     • Test run your server python runserver.py

   • runtime arguemnts

     • python runserver.py -l "Some Address" - k YourGoogleMapsAPIKey -H 0.0.0.0 -P 80 -a ptc OR google -u username -p password --db-type mysql --db-name pokemongomapdb --db-user root --db-pass yourDBpassword
     • This will run the server and EXPOSE it to the internet. You can now access the server by going to http://YourExternalIPAddress (assuming you're not behind a firewall/router)
     • stop the server by pressing CTRL+C

Set up NGINX to reverse proxy to your PokemonGo-Maps server

This is optional, but it allows you to easily add a SSL certificate and allow you to run multiple separate instances of PokemonGo-Maps and serve them on port 80 using different domains

1. Run your PokemonGo-Map on some random port, or the default 5000

   • nohup python runserver.py -l "Some Address" - k YourGoogleMapsAPIKey -H 127.0.0.1 -P 5000 -a ptc OR google -u username -p password --db-type mysql --db-name pokemongomapdb --db-user root --db-pass yourDBpassword
   • now your server is running in the background at http://127.0.0.1:5000
   • you can confirm this by running curl http://127.0.0.1:5000

2. Configure NGINX

   • Modify the default.conf. Sample config below

      #This is for a server running on port 80 - we want this for getting the Let's Encrypt Certificate
      server {
      	listen       80;
      	server_name  www.SomeDomain.com;
     
      	#This if for getting your Let's Encrypt Certificate
      	location /.well-known/acme-challenge {
      		default_type "text/plain";
      		root /var/www/certbot;
      		}
     
      	#This forces all requests from your webserver to go from HTTP to HTTPS
      	location / {
      	return      301 https://$host$request_uri;
      		}
     
      	}
     
      #This is for running our SSL PokemonGo-Maps server
      server {
     
      	listen 443 ssl http2;
      	server_name www.SomeDomain.com; #Same server_name as above
     
      	#The two lines below ssl_certificate/ssl_certificate_key are commented out
      	#until you get your certificate
      	#After you run certbot, you will replace the location below 
      	#ssl_certificate   /etc/letsencrypt/live/www.SomeDomain.com/fullchain.pem;
      	#ssl_certificate_key  /etc/letsencrypt/live/www.SomeDomain.com/privkey.pem;
      	
      	#Explanation Here on SSL Settings https://cipherli.st/
      	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      	ssl_prefer_server_ciphers on;
      	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
      	ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
      	ssl_session_cache shared:SSL:10m;
      	ssl_session_tickets off; # Requires nginx >= 1.5.9
      	ssl_stapling on; # Requires nginx >= 1.3.7
      	ssl_stapling_verify on; # Requires nginx => 1.3.7
      	resolver 8.8.8.8 8.8.4.4 valid=300s;
      	resolver_timeout 5s;
      	add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
      	add_header X-Frame-Options DENY;
      	add_header X-Content-Type-Options nosniff;
     
     
      	#This passes all requests from www.SomeDomain.com to your PokemonGo-Maps server you started earlier on Port 5000
      	location / {
      		proxy_pass http://127.0.0.1:5000/;
      		proxy_redirect off;
      		include loc-settings;
      		
      		#Explanation here: https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html
      		tcp_nodelay on;
      		tcp_nopush off;
      		sendfile on;
      		
      		#Explanation here: https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching
      		proxy_next_upstream             error timeout invalid_header http_500 http_502 http_503 http_504;
      		proxy_buffering                 off;
      		proxy_set_header                Accept-Encoding "";
      		proxy_set_header                Host    $host;
      		proxy_set_header                X-Real-IP       $remote_addr;
      		proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
      		proxy_set_header                X-Forwarded-Proto https;
      		proxy_set_header                X-Forwarded-Proto       $scheme;
      		add_header                      Front-End-Https on;
      		}
     
      	#error pages
      	error_page   500 502 503 504  /50x.html;
      	location = /50x.html {
      		root   /usr/share/nginx/html;
      		}
     
      	}
      }
     

3. Restart your NGINX server sudo service nginx restart

4. Test your nginx server

   • You should be able to access your maps by going to http://www.SomeDomain.com/

5. Add your certificate

   • Create the certbot director mkdir /var/www/certbot

   • Make sure nginx has access to the certbot directory chown -R nginx:nginx /var/www/certbot

   • Request a certificate with certbot certbot certonly --webroot -w /var/www/certbot -d www.SomeDomain.com

   • If everything ran correctly, you should get message like this:

      Congratulations! Your certificate and chain have been saved at
      /etc/letsencrypt/live/www.SomeDomain.com/fullchain.pem. Your cert will expire on 2016-XX-YY.
      To obtain a new or tweaked version of this certificate in the
      future, simply run certbot-auto again. To non-interactively renew
      all of your certificates, run "certbot renew"
      - If you like Certbot, please consider supporting our work by:
     
      Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
      Donating to EFF: https://eff.org/donate-le
     

   • Update your nginx with the new certificate by commenting out the two certificate lines

   • Restart nginx sudo service nginx restart

6. Done! You should now have a fully running PokemonGo-Maps server using MariaDB (MySQL) running behind NGINX with a Let's Encrypt SSL Certificate