emlahieu

Bản hướng dẫn triển khai Project production full trên 1 VPS

date
Dec 1, 2025
slug
ban-huong-dan-trien-khai-production
status
Published
tags
NodeJs
Backend
summary
Cách triển khai trên VPS
type
Post
Bản hướng dẫn triển khai Project production full trên 1 VPS từ trống đến chạy live, bao gồm:
  • Cài Node.js, Docker, PM2
  • Frontend Next.js PM2 cluster
  • Backend NestJS Docker, scale 2 container
  • Postgres + Redis internal
  • Nginx/Caddy multi-domain + HTTPS auto
  • SSH tunnel + GUI DB connection
  • Backup snapshot + DB dump

1️⃣ Chuẩn bị VPS

  • VPS: 4 vCPU, 8 GB RAM, 75 GB NVMe, Ubuntu 24.04 (hoặc 22.04)
  • Login bằng user deploy (không dùng root trực tiếp)
sudo adduser deploy
sudo usermod -aG sudo deploy
  • SSH key authentication: upload public key vào /home/deploy/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
  • Cập nhật hệ thống:
sudo apt update && sudo apt upgrade -y
sudo apt install curl wget git ufw -y
  • Firewall (mở 22, 80, 443):
sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable

2️⃣ Cài Node.js, PM2

curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs build-essential
node -v
npm -v

sudo npm install -g pm2
pm2 -v
  • PM2 startup:
pm2 startup systemd

3️⃣ Cài Docker + Docker Compose

sudo apt install -y docker.io docker-compose
sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker deploy
  • Logout → login lại để cập nhật nhóm docker
docker --version
docker compose version

4️⃣ Setup Backend Docker (NestJS) + Postgres + Redis

  • Tạo thư mục:
mkdir -p ~/pingtotalk/backend
cd ~/pingtotalk/backend
  • .env file:
POSTGRES_USER=pingto_user
POSTGRES_PASSWORD=StrongPass123!
POSTGRES_DB=pingtotalk
REDIS_PASSWORD=RedisStrongPass!
BACKEND_PORT=3001
  • docker-compose.yml:
version: "3.9"
services:
  postgres:
    image: postgres:15
    environment:
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_DB: ${POSTGRES_DB}
    volumes:
      - pgdata:/var/lib/postgresql/data
    networks:
      - backend

  redis:
    image: redis:7
    environment:
      REDIS_PASSWORD: ${REDIS_PASSWORD}
    networks:
      - backend

  backend:
    build: .
    ports:
      - "3001:3001"
    env_file:
      - .env
    networks:
      - backend

networks:
  backend:

volumes:
  pgdata:
  • Scale 2 container:
docker compose up -d --scale backend=2

5️⃣ Setup Frontend Next.js + PM2

  • Clone project FE:
mkdir -p ~/pingtotalk/frontend
cd ~/pingtotalk/frontend
git clone YOUR_FE_REPO .
npm install
npm run build
  • Chạy PM2 cluster:
pm2 start npm --name pingto-fe -- start -i max
pm2 save
  • Project 2: port 4000, PM2 cluster tương tự

6️⃣ Setup Nginx Reverse Proxy + Load Balancing

sudo apt install nginx -y
  • sudo nano /etc/nginx/sites-available/pingtotalk.com:
upstream backend_cluster {
    server 127.0.0.1:3001;
    server 127.0.0.1:3002;
}

server {
    listen 80;
    server_name pingtotalk.com www.pingtotalk.com;

    location /api/ {
        proxy_pass http://backend_cluster;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
  • Kích hoạt:
sudo ln -s /etc/nginx/sites-available/pingtotalk.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
  • Project 2: tương tự, port FE 4000, backend 4001/4002

7️⃣ HTTPS với Let’s Encrypt

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d pingtotalk.com -d www.pingtotalk.com
sudo certbot --nginx -d example2.com -d www.example2.com
  • HTTPS tự động, redirect HTTP → HTTPS

8️⃣ SSH Tunnel + GUI DB

  • SSH tunnel cho DB:
ssh -L 5432:localhost:5432 deploy@YOUR_VPS_IP
  • GUI: TablePlus / DBeaver / pgAdmin → connect localhost:5432
  • DB không public → bảo mật cao

9️⃣ Backup / Snapshot

  • Snapshot VPS định kỳ
  • Backup Postgres:
docker exec -t postgres pg_dumpall -c -U pingto_user > dump_$(date +%F).sql

10️⃣ Multi-domain / Multi-project

  • Nginx / Caddy → server block cho mỗi domain
  • FE PM2 + BE Docker → port riêng
  • DB + Redis → internal network, schema riêng nếu nhiều project

Hoàn thiện

  • FE PM2 cluster → tận dụng 4 CPU
  • BE Docker scale 2 container + Nginx LB
  • Postgres + Redis → internal, secure
  • Multi-domain → Nginx / Caddy
  • HTTPS → Let’s Encrypt
  • SSH Tunnel → GUI DB an toàn
  • Backup → snapshot + DB dump

More posts