Setting up a Solana Metaplex NFT Storefront in the Cloud
This is a detailed tutorial on how to set up a Metaplex NFT Storefront on a cloud hosted virtual server.
If you are frustrated with the lackluster performance of GitHub’s free site hosting take heart that for a small monthly fee you can set up your own private and dedicated web server. If you need more performance out of your site you can simply change your cloud subscription and pay for more performance as your Metaplex Storefront grows!
This tutorial is designed for people that want to quickly set up a robust and scalable storefront without getting too deep into the weeds with server configuration. We will start from scratch and assume that the reader has no knowledge of how to set up a web server. We do put the ownership on you to know how to install applications on your local computer.
Readers that are familiar with Linux will notice that some of the finer points of server hardening have been glossed over, but you will be able to adjust this recipe according to your taste.
Let the fun begin!
Download and Install Putty
First you need to download and install Putty, which is a handy little program that will allow you to do two critical things:
- Log in and execute commands on your cloud hosted web server
- Generate a SSH SHA 256 keypair
Once you have installed Putty on your local computer open up PuTTYGen (the one with the key icon). This will allow you to generate an encryption key pair that we will use later to encrypt the communication between your local computer and the cloud server you will be setting up later. Why? Because security, that’s why.
Now that you have opened PuTTYGen (the one with the key icon) just click the “Generate” button. You will then be asked to wiggle your mouse over the application to help generate random noise for your key generation. Go ahead and do it and you will see the progress bar move along. Who says cryptography isn’t fun?
Once your keypair has been generated, click on the Key menu at the top and select “Parameters for saving key files…”
Now click on the PPK file version radio button next to the number 2 and click ok.
Enter a key passphrase and then enter it again below in the confirm passphrase section. Our password iscatsAreGreat
. Don’t try to remember ours, its just for demonstration purposes. You should remember your password for later though.
Now click on the “Save Private Key” button and save your key to your local computer. Keep track of where you saved it, you will need that later.
Leave PuTTYGen open, we will need it again in just a moment.
⚠️ Security Tip
Instead of saving your key to your computer’s hard drive, try saving it to a USB drive. If you ever need to log back into your web server just plug your USB drive in and use the key. Only plug in the USB drive when you need it. This is called “air gapping” and reduces the attack surface that a hacker can use against you.
Choose a Cloud Provider
There are many cloud providers out there to choose from, if you already have a favorite please go ahead and skip this section. For those readers that are unfamiliar with cloud hosting, we are recommending two rather simple, pay-for-what-you-get cloud providers: VULTR and Digital Ocean.
We will be using VULTR for this tutorial so the screen shots will all be from VULTR. If you want to try Digital Ocean, please do so. You won’t have any challenges with following this tutorial because both providers websites are almost identical to each other. Heads up, on Digital Ocean they call a virtual server a “Droplet”.
Cloud Account Setup
Register for an account and enter your credit card information. Skeptics fear not, you are charged an hourly prorated amount. So if you struggle through this tutorial and throw your hands up and quit after 5 hours, you will only pay for the time and resources you used. For a $20/month server that is 15 cents.
So go for it even if you feel like you are in over your head. Just make sure to destroy your server if you decide this is not for you. You will keep being charged if you don’t destroy it.
Provision a Virtual Server
Once you are on the main page, click on the Plus button and Deploy a New Server.
Select a Cloud Compute instance and then select the location of the data center where you want the server to be deployed. For this example, we chose Miami because it made us think of the beach. Frankly it does not really matter where you deploy the server, have fun.
From there select a 64 bit Ubuntu instance with the highest version available. If you are unsure, select Version 21.04 x64.
Now choose the $20/month instance which equates three cents per hour. You can probably get away with the next level down at $10/month. If you go lower than that, the performance will be just like GitHub’s free site hosting functionality.
If you want, this is a good time to sign up for DDoS protection for an additional $10 per month. This is totally optional and you can always add that on to your subscription later on if your website suddenly gets attacked. Why anyone would DDoS a Metaplex Storefront is beyond us, but who will ever know. Really, you can skip this and feel safe. It’s irresponsible for us not to let you know the feature is there.
Now click the “Add New” button under the SSH Keys section.
Give your keypair a nickname like “Metaplex” and then you will need to copy the Public Key out of PuTTYGen and paste it into the blank SSH Key field. Make sure you select and copy the entire public key our of PuTTYGen. It is common to miss a little bit of the front or back of the public key. A proper RSA key will always start with ssh-rsa
and always end with the date it was generated on.
Once you have pasted in the public key, click “Add SSH Key”.
You will then be back on your server config page. Now select your newly created key.
Do not bother with your firewall configuration as we will come back to that later. Go ahead and name your server and make sure you like it because you will have to look at it forever. Click “Deploy Now” once you have settled on a nice name.
While your cloud provider is busy deploying your new server, now is the time to set up your domain name.
Get a Domain Name
Go to your favorite domain name registrar and purchase the domain name of your dreams. We use Google Domains, so the screen shots will be from there. The DNS config that we will do will be the same for all domain registrars. If you already have one, just keep reading.
In your domain registry account, click on your domain name and click on the DNS configuration.
You will need to add two custom records as shown below. Use the IP address of the server that you just provisioned. Now save the records.
It will take some time for this information to propagate through the internet. So instead of just waiting around, we will configure some more… and more… and more…
Log into your Server
Close PuTTYGen and open up PuTTY (the one with two computers on it).
Once PuTTY is open, you will need to navigate to Connection>SSH>Auth
and then Browse for the private key file that you saved earlier, hopefully on a USB drive.
In PuTTY, navigate to the Session
section. Copy the IP address of your new server into the Host Name field. Now type in a nickname for this PuTTY session in the Saved Sessions field and then click Save. Once you have saved the session, click Open at the bottom and you will connect to your new server.
You will probably get a security warning when you connect for the first time. Click ACCEPT
.
Your username is root
(all lowercase please, Linux is quite case sensitive) and your password is the password that you gave to the SSH key that you made in PuTTYGen. If you remember (you were politely asked not to), our password was catsAreGreat
. A successful login will look like this:
Server Config
Now for the actual server configuration. Just copy and paste the commands into PuTTY as we go along. You can paste text into PuTTY by left clicking and then hitting enter. Copy and paste the entire block of text into the terminal, don’t do it one line at a time!
Update System
sudo apt-get update -y && sudo apt-get upgrade -y && sudo apt install fail2ban -y && sudo apt install nginx -y
As these packages install and update you will occasionally see a purple screen. Just hit the ENTER
button.
Update Snap and Install Certbot
sudo snap install core; sudo snap refresh core
sudo apt-get remove certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Check to make sure that nginx installed properly and that the service is running.
systemctl status nginx
Config Local Firewall
ufw (Uncomplicated Fire Wall) will ask you if you want to proceed, press the Y
key.
sudo ufw allow proto tcp from any to any port 22
sudo ufw allow proto tcp from any to any port 80
sudo ufw allow proto tcp from any to any port 3000
sudo ufw enable
sudo ufw allow 'Nginx HTTP'
Install nvm
nvm is a package manager for Node.Js, which is the web server software that we will be using. This needs to be downloaded and installed.
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
source ~/.bashrc
Check the version of nvm. It will be a very old version, usually v0.38.0.
nvm — version
Now we will look to see what the latest version of nvm is and then upgrade to it.
nvm ls-remote
You will see a long list of version numbers appear, use the highest version you see in the next command (it will always be at the very bottom). At the time of this writing v16.8.0 is the latest version of nvm.
nvm install v16.8.0
Update Local Repo
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt update
Install Yarn
sudo apt install yarn -y
If you see a purple screen just hit ENTER
Clone Metaplex
git clone https://github.com/metaplex-foundation/metaplex.git
There is no need to fork the Metaplex code into your own GitHub repo like some other Metaplex tutorials do. Just run the above command and move on.
Edit the .env File
You now need to enter your Solana wallet information into the .env file so that Metaplex knows who owns the storefront.
In order to navigate the cursor in the text editor, use the arrow keys and paste your address(es) into the terminal. Welcome to Linux!
sudo nano ~/metaplex/js/packages/web/.env
If you mess up too bad, press Ctl+X
and then the N
key. Then run the command above and try again.
Once you correctly paste your address(es) in, press Ctl + X
, then the Y
key, then the ENTER
key.
Compile Website
cd metaplex/js/
yarn
Now bootstrap yarn
yarn bootstrap
Test to make sure the site runs
yarn start
A successful launch of the Metaplex site on Node.Js will look like this. Press Ctl + C
to exit.
Configure nginx Reverse Proxy
This sounds much harder than it actually is. The Node.Js webserver that you just launched with Yarn can only communicate on port 3000 on the localhost. In other words, it can’t directly talk to the internet by design. The nginx reverse proxy will catch internet traffic and internally redirect it to your Node.Js server. This is an internet safety thing.
sudo nano /etc/nginx/sites-available/default
Scroll down until you see the server_name
parameter. Delete the underscore and enter your domain name and your domain name with a www in front of it. Now delete the try_files
line and replace it with
proxy_pass http://127.0.0.1:3000/;
The file should look like this when you are complete.
If you mess up too bad, press Ctl+X
and then the N
key. Then run the command above and try again.
Once you correctly paste your address(es) in, press Ctl + X
, then the Y
key, then the ENTER
key.
Now we will check your work for typos. If this command comes back with an error, you need to edit the file again and make it look like the above screenshot.
sudo nginx -t
If there are no errors, restart the nginx service.
sudo systemctl restart nginx
A Quick Test
yarn start
Once the Node.Js server loads like the previous test, go to your web browser and navigate to your domain name. You will see your terminal window update with an event. Wait for a minute, it takes awhile for your Node.Js server to compile the website for the first time. Eventually your Metaplex store will load! Rejoice!
But Wait!
What the heck is this?! You told me to rejoice!
Well, we need to enable SSL on our website. It makes sense that we need to have an HTTPS site, we don’t want anyone snooping your traffic. HTTPS is another one of those internet safety things.
Install a SSL certificate
Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
sudo certbot --nginx
You will need to enter an email (real or not) and agree to some terms. Once you do that the certbot will attempt to install a security certificate on to your server.
If this process fails, you didn’t set up your webserver properly. You need to go back double check all of the steps up to this point. Ooof, sorry.
Once it completes, update your firewall so that it only accepts HTTPS traffic on your web server.
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
Now, tell the certbot that you want it to auto renew your certificates.
sudo certbot renew --dry-run
Set up Node.Js as a Service
You’re almost there. We need to set up your webserver as a service so that if the server reboots or the webserver crashes, Linux will know to automatically restart it.
Run the command to install pm2 for Node.Js
npm install pm2@latest -g
Now tell pm2 to run yarn as a subprocess with metaplex
for a nickname
pm2 start yarn --interpreter bash --name metaplex -- start
Now autoconfig pm2 to run as a systemd service
pm2 startup systemd
pm2 save
Type exit
and unplug your USB drive.
One Last Step, Config your Cloud Firewall
The last thing you need to do is configure your cloud firewall as an extra layer of security.
Go back to your account home page on your cloud provider and click on Firewall and then Add Firewall Group.
Name your firewall group and click Add Firewall Group
Add a firewall rule for the SSH protocol and make sure to set the Source to My IP
. Click the +
button. This will only allow your local computer to log in to your webserver. Most home ISPs will change your IP regularly, so you may need to log back in to your cloud provider and update this IP from time to time.
Add the remaining rules as shown below:
Once the rules are added, click on the Linked Instances pane and select your Metaplex server from the dropdown. Then click the +
button.