# Azure
✋ CAUTION
This third-party deployment guide might not be up-to-date with Strapi v4. Contributions (opens new window) are most welcome.
This is a step-by-step guide for deploying a Strapi project to Azure (opens new window). Databases can be on a Azure Virtual Machine (opens new window), hosted externally as a service, or via the Azure Managed Databases (opens new window). Prior to starting this guide, you should have created a Strapi project. And have read through the configuration section.
# Azure Install Requirements
- You must have an Azure account (opens new window) before doing these steps.
- An SSH key to access the virtual machine
# Create a Virtual Machine
You will want to use an Azure Virtual Machine for Strapi deployments, the Azure web-app (IIS) deployments are not recommended.
# 1. Log in to your Azure Portal (opens new window)
# 2. Create a VM by clicking on Create a resource
# 3. Basics
Virtual machines are listed under the Compute
category. You will need the following options:
Project Details:
- Subscription: Can be left as the default
- Resource Group: If you have none, simply hit
Create new
Instance Details:
- Virtual machine name: This name is used as a resource identifier and the VM's hostname so try to keep it simple
- Region: Select the nearest region to you, or your target area
- Availability options: Leave as default
- Image: Ubuntu Server 18.04 LTS
- Azure Spot instance: No
- Size: B1ms (1vCPU / 2 GiB of Ram) is the recommended minimum as you need at least 2 GiB of RAM to build the Admin panel
Administrator Account:
- Authentication type: It's recommended you use
SSH public key
- Username: This is the SSH user, it can be set to whatever you like except
root
Inbound port rules:
More configuration for this will be done when we get to the Networking
tab of the VM creation for now just leave these as the defaults.
# 4. Disks
It is entirely up to you which OS Disk type you use, for the cheapest option you should select Standard HDD
with no encryption. You can also add additional disks to the virtual machine if you need additional space (such as for uploads).
# 5. Networking
For the networking configuration you will want to leave the following as defaults:
- Virtual network
- Subnet
- Public IP
- Accelerated networking
- Load Balancing (off/no)
However for the NIC network security group we will want to slect Advanced
and Create New
. You can name this whatever you like but for inbound rules we want to allow:
- SSH (TCP/22) - Already on be default
- HTTPS (Any/443)
- HTTP (Any/80)
- Strapi (Any/1337)
For each of the ports to allow, you will hit create new and enter the following information:
- Source: Any
- Source port ranges:
*
- Destination: Any
- Destination port ranges: The port from above (80, 443, or 1337)
- Protocol: Any
- Action: Allow
- Priority: This should be auto-filled for you
- Name: something to easily describe this rule such as
HTTPS_Port
orStrapi_Port
# 6. Management
Entirely optional but you can enable the OS guest diagnostics
to configure alerting later on, everything else on this tab is also entirely optional. For now let's leave everything as the default options.
# 7. Advanced
If you are familiar with standard Linux Cloud init
you are welcome to add in any configuration script to jump-start your virtual machine with some pre-configured packages, however we will leave everything here as default.
# 8. Tags, Review + Create
You are welcome to tag this virtual machine to easily identify it and others part of your "Project" later on.
Finally review you configuration and wait for Azure to validate the configuration, on this page you will also see the price of your VM per hour. This price will vary based on the region and size of virtual machine you selected (along with any additional options).
Once you have finished verifying your config hit the Create
button. It may take a few minutes for your deployment to complete, you will see a log of the deployment on the next page. When it's finished you will see Your deployment is complete
, simply hit Go to resource
.
# Logging in and installing Strapi dependencies
These next steps will help you set up a production server and setup a non-root service account for managing your Strapi instance. You will need the administrator account you created previously and the public IP listed on your resource page.
# 1. SSH to your Administrator account created previously
You will use the admin user created previously as well as the SSH key you added to your Azure account. For Linux/Mac users you can use your terminal, likewise for Windows users you can use the built -in SSH tool in Powershell or use an SSH client like Putty.
ssh yourAdminUser@yourAzureVMPublicIP
# ssh strapiAdmin@10.0.0.1
# 2. Updating packages and installing dependencies
After you login via SSH we need to update the container and install any packages that Strapi may need. The following packages have been identified to be required to run Strapi on Ubuntu 18.04 LTS:
- libpng-dev
- build-essential
- nodejs (v12 thus we will use an external apt repo)
- yarn (optional but recommended)
First we need to update existing packages, you will use the apt package manager to do this:
sudo apt update
sudo apt upgrade -y
After the updates have installed, we will move on to installing required dependencies from the existing apt repos before we add any additional ones:
sudo apt install libpng-dev build-essential -y
For Node.js it is recommended you use the official source (opens new window), per the instructions we will use the following commands:
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt install nodejs -y
Likewise for Yarn we will use the instructions from the Yarn documentation (opens new window):
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt update
sudo apt install yarn -y
To verify you have everything installed properly you can run the following:
node -v && npm -v && yarn -v
This should print out the versions of each.
# 3. Creating the Strapi service user and creating/cloning your project
A service user is defined as a user who has limited permissions and access, this user typically does not have access to sudo
nor can modify anything else on the system.
We will create the service user with a disabled login to ensure it cannot be accessed via SSH.
sudo adduser --shell /bin/bash --disabled-login --gecos "" --quiet strapi
We will be making the /srv/strapi
directory to hold our project. From here we can either create a new project or clone an existing one from say a Github or Gitlab repository. For private repositories, you will likely need to setup additional SSH keys and access.
First we will make the directory, then we will give the strapi
service user access to read/write.
sudo mkdir /srv/strapi
sudo chown strapi:strapi /srv/strapi
# 4. Choosing and installing a database
Strapi will need a database in order to save data to, you have multiple options for this.
- Using Azure managed databases
- Installing a database on this virtual machine
- Using SQLite on this virtual machine (does not require any additional software)
For Azure managed databases you can use the following:
- Azure Database for MySQL
- Azure Database for PostgreSQL
- Azure Database for MariaDB
Likewise you can use any of the following installed locally on the virtual machine:
- MySQL >= 5.7.8
- MariaDB >= 10.2.7
- PostgreSQL >= 10
- SQLite >= 3
In our example we will be using MariaDB 10.4 LTS using the MariaDB apt repo. Per the documentation (opens new window) we will use the following commands:
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu bionic main'
sudo apt update
sudo apt install mariadb-server-10.4 -y
Then we will need to create our Strapi database, database user, and grant the user access. We will need to enter a MySQL shell to perform these commands. MariaDB 10.4+ no longer has a root password and instead the root user is granted access via sudo
sudo mysql -u root
You should now see the following prompt MariaDB [(none)]>
, this is the MySQL shell that allows us to give commands to the MariaDB server.
# Create the database
create database strapi_dev;
# Create the database user
create user strapi@localhost identified by 'mysecurepassword';
# Grant the database user permissions
grant all privileges on strapi_dev.* to strapi@localhost;
# Flush Privileges to reload the grant tables
FLUSH PRIVILEGES;
# Exit the MySQL shell
exit
And we now have everything we need to create/start our Strapi project.
# Creating or cloning our Strapi Project
If you are cloning a project from Git your configuration steps may be different depending on how you store private information such as database information, JWT secret keys, and various other secrets. In our case we will be creating a new project.
# 1. Create the new project
You will first need to change users into the service user created previously, and change directories to the service directory
# Change users
sudo su strapi
# Change directory
cd /srv/strapi
Now we can use Yarn to create our project, this does not require you to install any global packages much like npx.
yarn create strapi-app mystrapiapp
This will bring you to an interactive command shell to enter the following information:
- Choose your installation type: Custom (manual settings)
- Choose your default database client: mysql
- Database name:
strapi_dev
- Host: Keep the default of
127.0.0.1
- Port: Keep the default of
3306
- Username:
strapi
- Password:
mysecurepassword
- Enable SSL connection: Keep the default of
N
Yarn will now install the project and install all the Node.js dependencies, we can now change directory again and start the project.
# Change directory
cd mystrapiapp
# Temporary start (will build the Admin panel)
yarn develop
Now you should be able to access your Strapi application on the public IP of your virtual machine via the default Strapi port of 1337
. Naturally if we close the SSH session the Strapi server will also be killed so we need to run it as a service.
# 2. Modifying configurations to be more secure
By default Strapi will predefine environment variables to use with your database config.
If we edit the ./config/database.js
file using nano
we can replace a few key settings:
nano /srv/strapi/mystrapiapp/config/database.js
Using the following example we will remove any private information:
module.exports = ({ env }) => ({
defaultConnection: 'default',
connections: {
default: {
connector: 'bookshelf',
settings: {
client: 'mysql',
database: env('DB_NAME'),
host: env('DB_HOST'),
port: env('DB_PORT'),
username: env('DB_USER'),
password: env('DB_PASS'),
},
options: {},
},
},
});
# 3. Installing PM2 and running Strapi as a service
Now we will install PM2 (opens new window) to run Strapi as a service, and using the PM2 ecosystem config file we can define our environment variables.
💡 TIP
Using the lifecycle file is not required and is entirely optional, you can instead define your environment variables via the CLI
Using Yarn, we will install PM2 globally, and adjust our .bashrc
file to allow us to use global Yarn packages:
# Install PM2
yarn global add pm2
# Edit our ~/.bashrc file for global Yarn packages
nano ~/.bashrc
You will want to paste the following at the end of the `.bashrc file:
export PATH="$PATH:$(yarn global bin)"
From here you can either exit the service user and log back in for the changes to take effect or simply run:
source ~/.bashrc
And we will create our ecosystem.config.js
using the pm2 init
command, you should run this in your Strapi project directory
# Create the ecosystem file
pm2 init
You should get the message File /srv/strapi/mystrapiapp/ecosystem.config.js generated
, lets go ahead and edit this file using nano
and add our config settings.
nano /srv/strapi/mystrapiapp/ecosystem.config.js
Replace the boilerplate information with something like the following:
module.exports = {
apps: [
{
name: 'strapi-dev',
cwd: '/srv/strapi/mystrapiapp',
script: 'npm',
args: 'start',
env: {
NODE_ENV: 'development',
DB_HOST: 'localhost',
DB_PORT: '5432',
DB_NAME: 'strapi_dev',
DB_USER: 'strapi',
DB_PASS: 'mysecurepassword',
JWT_SECRET: 'aSecretKey',
},
},
],
};
You can also set your environment variables in a .env
file in your project like so:
DB_HOST=localhost
DB_PORT=5432
DB_NAME=strapi_dev
DB_USER=strapi
DB_PASS=mysecurepassword
JWT_SECRET=aSecretKey
We recommend you continue setting the NODE_ENV
variable in the ecosystem.config.js
file.
Then use the following command to start the Strapi service:
pm2 start ecosystem.config.js
The Strapi PM2 service is now set-up to use an ecosystem.config.js
to manage your application.
OPTIONAL: You may see your project and set-up your first administrator user, by creating an admin user.
# 4. Starting Strapi on boot and persisting service between reboots
Follow the steps below to have your app launch on system startup.
- Generate and configure a startup script to launch PM2, it will generate a Startup Script to copy/paste, do so:
pm2 startup systemd
[PM2] Init System found: systemd
[PM2] To setup the Startup Script, copy/paste the following command:
sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u your-name --hp /home/your-name
For the following command we want to be using your virtual machine admin user not the service user, to exit from the service user you can simply run the command exit
to return to your admin user.
- Copy/paste the generated command as the virtual machine admin user (DO NOT use the below command as you need to replace the service user name, the previous command will give you exactly what you need):
sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u your-name --hp /home/your-name
[PM2] Init System found: systemd
Platform systemd
. . .
[PM2] [v] Command successfully executed.
+---------------------------------------+
[PM2] Freeze a process list on reboot via:
$ pm2 save
[PM2] Remove init script via:
$ pm2 unstartup systemd
Now as the service user run the following (again use sudo su yourserviceuser
to change back)
- Next,
Save
the new PM2 process list and environment.
pm2 save
[PM2] Saving current process list...
[PM2] Successfully saved in /home/your-name/.pm2/dump.pm2
- OPTIONAL: You can test to see if the script above works whenever your system reboots with the
sudo reboot
command. You will need to login again with your service user and then runpm2 list
andsystemctl status pm2-your-name
to verify everything is working.
# Optional additions
Below are some optional additions to secure your virtual machine and Strapi service.
# 1. Securing your virtual machine with a firewall
Azure virtual machines come with a firewall at the host level (see previous instructions here). However it is recommended that you use the built in Ubuntu firewall as well known as UFW or Uncomplicated Firewall.
See the following DigitalOcean guide (opens new window) to see some examples of using UFW.
# 2. Installing a proxy for SSL
There are many different types of proxy services you could use, anything from load balancing, offloading SSL, to fault tolerance. You can view a few examples based around Strapi and basic SSL offloading.
# 3. File upload providers
There are many options for storing files outside of your virtual machine, Strapi have built a few and the community is constantly building new ones. See the following guide on searching for options as well as installing them.