Meteor.js is a framework for JavaScript that allows web developers to write JavaScript code once and reuse it both client and server-side. This is possible thanks to Meteor’s unique build process (read more about structuring your application code and code sharing). This also solves the problem of needing a complicated deployment process between development mode, where developers code and debug, and production mode, that is secure enough for the public-facing version of the app. The Meteor framework provides a way for client-code and server-code as well as development and production to be closely related. It’s probably the easiest way for client-side developers to start working on server-side code!
To see this in action, you may want to view the introductory video on Meteor’s website.
Meteor.js allows you to develop projects like a website (web application), HTML5-based web-browser application (using AppCache), or mobile application (through integration with PhoneGap). All you need is knowledge of Javascript and HTML. Meteor includes support for MongoDB (a NoSQL database). Atmosphere hosts packages that can provide complete building blocks for your application to speed up the development even more.
At the end of this tutorial, we will have:
Throughout this tutorial, if you don’t have your own Meteor application yet, you can use the “Todo List” example application from the Meteor website.
You should have:
An existing Meteor app on a separate development computer (you can view the example “Todo List” app here; instructions are provided later in the tutorial)
A fresh Ubuntu 14.04 server; existing Meteor installations should work in most cases
root access to the server to execute commands
Updated package lists. Execute:
apt-get update
Replace with the domain name you are actually using (or leave it if you don’t have a domain and will be using an IP address instead)
Replace todos (without .net) with the name of your application
We will install and set up Nginx because it allows us to encrypt web traffic with SSL, a feature that Meteor’s built-in web server does not provide. Nginx will also let us serve other websites on the same server, and filter and log traffic.
In our configuration, we will secure our site with an SSL certificate and redirect all traffic from HTTP to HTTPS. We will also utilize a few new security practices to enhance the security of the SSL connection.
In order to install Nginx we execute:
apt-get install nginx
Create a virtual host configuration file in /etc/nginx/sites-available
Below is an annotated config file which we can create as /etc/nginx/sites-available/todos
with the following contents. Explanations for all of the configuration settings are included in the comments in the file:
server_tokens off; # for security-by-obscurity: stop displaying nginx version
# this section is needed to proxy web-socket connections
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
server {
listen 80 default_server; # if this is not a default server, remove "default_server"
listen [::]:80 default_server ipv6only=on;
root /usr/share/nginx/html; # root is irrelevant
index index.html index.htm; # this is also irrelevant
server_name; # the domain on which we want to host the application. Since we set "default_server" previously, nginx will answer all hosts anyway.
# redirect non-SSL to SSL
location / {
rewrite ^ https://$server_name$request_uri? permanent;
# HTTPS server
server {
listen 443 ssl spdy; # we enable SPDY here
server_name; # this domain must match Common Name (CN) in the SSL certificate
root html; # irrelevant
index index.html; # irrelevant
ssl_certificate /etc/nginx/ssl/todos.pem; # full path to SSL certificate and CA certificate concatenated together
ssl_certificate_key /etc/nginx/ssl/todos.key; # full path to SSL key
# performance enhancement for SSL
ssl_stapling on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
# safety enhancement to SSL: make sure we actually use a safe cipher
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# config to enable HSTS(HTTP Strict Transport Security)
# to avoid ssl stripping
add_header Strict-Transport-Security "max-age=31536000;";
# If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
# This works because IE 11 does not present itself as MSIE anymore
if ($http_user_agent ~ "MSIE" ) {
return 303;
# pass all requests to Meteor
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # allow websockets
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
# this setting allows the browser to cache the application in a way compatible with Meteor
# on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
# the root path (/) MUST NOT be cached
if ($uri != '/') {
expires 30d;
If you’d like to adapt the configuration file to your needs, and for more explanation, have a look at this tutorial on Nginx virtual hosts.
As seen in the virtual host config file, Nginx will expect a valid SSL certificate and key in /etc/nginx/ssl
. We need to create this directory and secure it:
mkdir /etc/nginx/ssl
chmod 0700 /etc/nginx/ssl
Then we can create the files containing the certificate (and chain certificate if required) and the key in the locations we defined in the configuration above:
If you do not have an SSL certificate and key already, you should now create a self-signed certificate using this tutorial on creating self-signed SSL certificates for Nginx. Remember that you’ll want to use the same names from the configuration file, like todos.key as the key name, and todos.pem as the certificate name. While a self-signed certificate is fine for testing, it is recommended to use a commercial, signed certificate for production use. A self-signed certificate will provoke Nginx warnings connected to ssl_stapling, and a security warning in the web browser.
When you’re done creating or obtaining your certificate, make sure you have the todos.pem
and todos.key
files mentioned above.
Next, we should disable the default vhost:
rm /etc/nginx/sites-enabled/default
And enable our Meteor vhost:
ln -s /etc/nginx/sites-available/todos /etc/nginx/sites-enabled/todos
Test that the vhost configuration is error free (you will see an error related to ssl_stapling if you have a self-signed certificate; this is okay):
nginx -t
If everything is looking good we can apply the changes to Nginx:
nginx -s reload
At this point, you can use your web browser to visit (or your IP address). It will show us 502 Bad Gateway. That is OK, because we don’t have Meteor running yet!
We will install MongoDB from the regular Ubuntu repository. The standard configuration should be fine. There is no authentication required to connect to the database, but connections are only possible from localhost. This means that no external connections are possible, and thus the database is safe, as long as we don’t have untrusted users with SSH access to the system.
Install the MongoDB server package:
apt-get install mongodb-server
This is everything we need to do to get MongoDB running. To be sure that access from external hosts is not possible, we execute the following to be sure that MongoDB is bound to Check with this command:
netstat -ln | grep -E '27017|28017'
Expected output:
tcp 0 0* LISTEN
tcp 0 0* LISTEN
unix 2 [ ACC ] STREAM LISTENING 6091441 /tmp/mongodb-27017.sock
In order to have daily backups available in case something goes wrong, we can optionally install a simple command as a daily cron job. Create a file /etc/cron.d/mongodb-backup
@daily root mkdir -p /var/backups/mongodb; mongodump --db todos --out /var/backups/mongodb/$(date +'\%Y-\%m-\%d')
First, we need to install Node.js. Since Meteor typically requires a version of Node.js newer than what’s available in the standard repository, we will use a custom PPA (at the time of writing, Ubuntu 14.04 provides nodejs=0.10.25~dfsg2-2ubuntu1 while Meteor 0.8.3 requires Node.js 0.10.29 or newer).
Execute the following to add a PPA with Node.js, and confirm by pressing Enter:
add-apt-repository ppa:chris-lea/node.js
Evented I/O for V8 javascript. Node's goal is to provide an easy way to build scalable network programs
More info:
Press [ENTER] to continue or ctrl-c to cancel adding it
gpg: keyring `/tmp/tmphsbizg3u/secring.gpg' created
gpg: keyring `/tmp/tmphsbizg3u/pubring.gpg' created
gpg: requesting key C7917B12 from hkp server
gpg: /tmp/tmphsbizg3u/trustdb.gpg: trustdb created
gpg: key C7917B12: public key "Launchpad chrislea" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Now we must refresh the repository cache, and then we can install Node.js and npm (Node.js package manager):
apt-get update
apt-get install nodejs
It’s a good practice to run our Meteor application as a regular user. Therefore, we will create a new system user specifically for that purpose:
adduser --disabled-login todos
Adding user `todos' ...
Adding new group `todos' (1001) ...
Adding new user `todos' (1001) with group `todos' ...
Creating home directory `/home/todos' ...
Copying files from `/etc/skel' ...
Changing the user information for todos
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
Now we are ready to create the Upstart service to manage our Meteor app. Upstart will automatically start the app on boot and restart Meteor in case it dies. You can read more about creating Upstart service files in this tutorial.
Create the file /etc/init/todos.conf
. Once again, it is annotated in-line:
# upstart service file at /etc/init/todos.conf
description "Meteor.js (NodeJS) application"
author "Daniel Speichert <>"
# When to start the service
start on started mongodb and runlevel [2345]
# When to stop the service
stop on shutdown
# Automatically restart process if crashed
respawn limit 10 5
# we don't use buil-in log because we use a script below
# console log
# drop root proviliges and switch to mymetorapp user
setuid todos
setgid todos
export PATH=/opt/local/bin:/opt/local/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export NODE_PATH=/usr/lib/nodejs:/usr/lib/node_modules:/usr/share/javascript
# set to home directory of the user Meteor will be running as
export PWD=/home/todos
export HOME=/home/todos
# leave as for security
export BIND_IP=
# the port nginx is proxying requests to
export PORT=8080
# this allows Meteor to figure out correct IP address of visitors
# MongoDB connection string using todos as database name
export MONGO_URL=mongodb://localhost:27017/todos
# The domain name as configured previously as server_name in nginx
export ROOT_URL=
# optional JSON config - the contents of file specified by passing "--settings" parameter to meteor command in development mode
export METEOR_SETTINGS='{ "somesetting": "someval", "public": { "othersetting": "anothervalue" } }'
# this is optional:
# commented out will default to no email being sent
# you must register with MailGun to have a username and password there
# export MAIL_URL=smtp://
# alternatively install "apt-get install default-mta" and uncomment:
# export MAIL_URL=smtp://localhost
exec node /home/todos/bundle/main.js >> /home/todos/todos.log
end script
One thing to notice in this configuration file is the METEOR_SETTINGS
parameter. If you use meteor --settings config.json
when launching Meteor’s development mode, then you should paste the contents of config.json
as a variable in METEOR_SETTINGS
must be a valid SMTP URL only if you plan to use Meteor’s Email package. You can use MailGun (as recommended by Meteor), a local mail server, etc.
As we can see in the file, the log will be saved to /home/todos/todos.log.
This file will not rotate and WILL GROW over time. It’s a good idea to keep an eye on it. Ideally, there should not be a lot of content (errors) in it. Optionally, you can set up log rotation or replace >>
with >
at the end of Upstart scripts in order to overwrite the whole file instead of appending to the end of it.
Don’t start this service yet as we don’t have the actual Meteor application files in place yet!
Optional: If you do not have a Meteor project yet
If you don’t have a Meteor project yet and would like to use a demo app, that’s not a problem!
Do this next step on your home computer or a development Linux server. Commands may vary based on your OS. Move to your home folder:
cd ~
First, install Meteor’s development version:
curl | /bin/sh
Then create an application from an example, called Todo List:
meteor create --example todos
Now enter the directory of your application and you are ready to continue:
cd todos
All Meteor projects
It’s time to create a production-version bundle from our Meteor app. The following commands should be executed on your home computer or development Linux server, wherever your Meteor application lives. Go to your project directory:
cd /app/dir
And execute:
meteor build .
This will create an archive file like todos.tar.gz
in the directory /app/dir
. Copy this file to your ~
directory on your Droplet.
scp todos.tar.gz
Now go back to your Droplet. Create a project directory and move the archive project file into it. Note that this is the home folder for the project user that we created previously, not your root home folder:
mkdir /home/todos
mv todos.tar.gz /home/todos
Move into the project directory and unpack it:
cd /home/todos
tar -zxf todos.tar.gz
Take a look at the project README:
cat /home/todos/bundle/README
The bundle includes a README
file with contents:
This is a Meteor application bundle. It has only one external dependency:
Node.js 0.10.29 or newer. To run the application:
$ (cd programs/server && npm install)
$ export MONGO_URL='mongodb://user:password@host:port/databasename'
$ export ROOT_URL=''
$ export MAIL_URL='smtp://user:password@mailhost:port/'
$ node main.js
Use the PORT environment variable to set the port where the
application will listen. The default is 80, but that will require
root on most systems.
Find out more about Meteor at
This recipe is reflected in our /etc/init/todos.conf
file. There is still one more thing mentioned in the README that we need to do.
Now we need to install some required npm modules. To be able to build some of them, we also need to install g++ and make:
apt-get install g++ make
cd /home/todos/bundle/programs/server
npm install
You should see output like this:
npm WARN package.json meteor-dev-bundle@0.0.0 No description
npm WARN package.json meteor-dev-bundle@0.0.0 No repository field.
npm WARN package.json meteor-dev-bundle@0.0.0 No README data
> fibers@1.0.1 install /home/todos/bundle/programs/server/node_modules/fibers
> node ./build.js
`linux-x64-v8-3.14` exists; testing
Binary is fine; exiting
underscore@1.5.2 node_modules/underscore
semver@2.2.1 node_modules/semver
source-map-support@0.2.5 node_modules/source-map-support
└── source-map@0.1.29 (amdefine@0.1.0)
fibers@1.0.1 node_modules/fibers
The reason we need to do this is because our application bundle does not contain modules and libraries that are platform-dependent.
We are almost ready to run the application, but since we operated on files as root, and they should be owned by the todos
user, we need to update the ownership of the project directory:
chown todos:todos /home/todos -R
At this point we have everything we need to run our Meteor application:
To start our application, let’s execute this command from the project directory:
start todos
Now you should be able to view your application in the browser at
When you make changes in the development mode (and you will; we are developers after all!), you can simply repeat Step Five (starting from meteor build
) and go through most of the steps until the restart todos
command, which will reload your application via Upstart.
This way you can push a new version with no downtime. Clients (visitors to your website) will automatically pull the new version of code and refresh their page - that is Meteor’s magic!
If you want to test this, you can make a simple change to the text in the todos/client/todos.html
page in your development copy of the app on your home computer or development server.
Development server:
meteor build /app/dir
scp todos.tar.gz
Production server:
tar -zxf /home/todos/todos.tar.gz
Move into the project folder:
cd /home/todos/bundle/programs/server
Update the npm modules (you may see a few warnings):
npm install
Restart the app:
restart todos
If something goes wrong, here are a few hints on where to look for problems:
if your application starts and dies; it should throw an appropriate error message (e.g. in case of a programming error)./var/log/nginx/error.log
if you see an HTTP error in stead of your application./var/log/mongodb/mongodb.log
if you think there might a problem with the database.Finally, check if all services are running:
status todos
service nginx status
status mongodb
Great article, very helpful.
I always end up with this error though:
Any ideas?
Never mind - that only seems to happen with the meteor-boilerplate project. Just running a simple meteor app totally works. :)
Thanks again for the guide.
If anyone else has an issue like this with bcrypt - the app probably has its own copy in /home/yourapp/bundle/programs/server/npm/npm-bcrypt/node_modules/bcrypt/
delete that noise. Then do this.
then start your app and enjoy the meteory goodness.
You are my hero!
I also made a Dockerfile embedding this awesome fix!
I also got problem with bcrypt. Followed your instruction, but seems like command "cp -r <source> <destination> " is not correct, you should remove “bcrypt/” at the end of <destination> path, then your fix works perfectly. Anyway thank you, saved my Sunday evening.
This fix worked for me also with the tweak from @golojads. Thanks guys.
I tried the above with the tweak and am getting this error in the logs:
/home/todos/bundle/programs/server/node_modules/fibers/future.js:173 throw(ex); ^ Error: Can’t find npm module ‘bcrypt’. Did you forget to call ‘Npm.depends’ in package.js within the ‘npm-bcrypt’ package? at Object.Npm.require (/home/todos/bundle/programs/server/boot.js:117:17) at Package (packages/npm-bcrypt/wrapper.js:1:1) at /home/todos/bundle/programs/server/packages/npm-bcrypt.js:21:4 at /home/todos/bundle/programs/server/packages/npm-bcrypt.js:30:3 at /home/todos/bundle/programs/server/boot.js:175:10 at Array.forEach (native) at Function..each..forEach (/home/todos/bundle/programs/server/node_modules/underscore/underscore.js:79:11) at /home/todos/bundle/programs/server/boot.js:86:5
Any ideas on how to fix greatly appreciated.
The “cp -r” fix just worked for me. Thanks! :)
Thanks, it works!
I’m getting this error
trying to configure nginx without ssl, here is my config:
can you help me figure out this issue?
This error is expected at that point. Continue to the end of the article and it will start working.
For people getting this error after completing the tutorial (I did), here are some tips that helped me figure it out.
meteor build .
. Instead, dometeor build --architecture os.linux.x86_64
. Like before, you’ll upload the tarball it generates onto your droplet and unpack it in the/home/your-app folder
. You will again need to head into/home/todos/bundle/programs/server
and thennpm install
error log (no idea why). You’ll have a much easier time debugging the issues with starting meteor if you try starting it yourself – that way you’ll see errors as they happen and you can troubleshoot them. So, Instead of doingstart your-app
, go ahead and run the corresponding script that upstart uses to start meteor, found within the script section of/etc/init/your-app.conf
. I.e. run these commands directlyHTH
I have finished all the other steps, everything seems to be running, but i get a 502 Bad Gateway, with the error from my previous post in the log
Check the logs mentioned in “Troubleshooting” as well as /var/log/upstart/todos.log
/home/todos/todos.log is empty and all services are running, any thoughts?
Btw, I did not do this step “add-apt-repository ppa:chris-lea/node.js”, the nodeJS version seems be the latest on the droplet already
hmm looks like the same issue as will751517 mentioned, let me try to fix, thanks for the help
I also have that problem… How do I solve it?
I was having the same problem… after 4 hours it is now working!
Here is what I did: A- make sure when you delete the “SSH” part, that the remaining “location” is enclosed inside the “Server” bracket… this typo took me a while to notice!
B- if that doesn’t solve it:
1 - check /var/log/upstart, look for <your-app-name>.log 2- in my case, the error matched what will751517 described above 3- I deleted the entire “bcrypt” folder from the “npm” folder 4- I did the “npm install bcrypt command” 5- Did NOT do anything else (did not copy to npm folder)
Hope it works for you!
I was having this same problem and @stenio123’s solution solved it for me, thanks so much!
what is failing you is nginx itself. you deleted the part that sets a value for $connection_upgrade, so nginx cant fill in the parameter. Hope it helps anyone with that error.
if you guys were working on mac osx it might be that bcrypt “broke”.
remove bcrypt folder in todos/bundle/programs/server/npm and todos/bundle/programs/server/node_modules
reinstal npm install bcrypt
restart service
Hope it helps. :)
MUP (Meteor Up) can replace step 4 and when you need to redeploy just run
mup deploy
instead of step 5.
Actually if you are going to use MUP you might want to look at this article because although this digitalocean article is very detailed it is also much more complicated than a deployment using MUP would be.
Thanks for posting this. I was wondering if mup could simplify a few of the steps here.
Now Meteor UP has the SSL support. Check this guide. it’s pretty simple and just a two lines of configuration.
I am receiving this repeated error:
Error: listen EADDRINUSE at errnoException (net.js:904:11) at Server._listen2 (net.js:1042:14) at listen (net.js:1064:10) at net.js:1146:9 at dns.js:72:18 at process._tickCallback (node.js:419:13)
I think the problem is with the nginx configuration. Any ideas?
That means that there is already a process listening on port 8080 so Meteor.js isn’t able to bind to it. You can find out what that process is by running:
I was using the same port in another app. Fixed.
Why it s complex?) I will recommend you to create for example chief or puppet recipes for every tutorial)) I am tired after doing these all steps.
Hi, no matter what, I get a 502 bad gateway error. I think it’s because of step 5:
Now go back to your Droplet. Create a project directory and move the archive project file into it. Note that this is the home folder for the project user that we created previously, not your root home folder:
All of your steps at this point like mkdir /home/projectname force the creation of the folder in the root’s home folder (because of the slash in front of it), so how are we supposed to use the project user’s home folder?
Thanks, -Gabe
It’s the other way, actually :) If the path begins with a slash, it means that it’s an absolute path, so
points to/home/projectname
, not/root/home/projectname
.Try starting the service:
If that fails, check the log file for errors:
Hi Kamaln,
Thanks, but that still didn’t work. The log file says everything has started, and the status says start/running (some random number).
My only other solution that successfully works in this regard is cloning the (unbundled) files from a Github repository, and then in the app directory running
meteor --port 8080
inside of a tmux session.How could it be that this works but your method doesn’t?
Can you please post the output of the following command?
Whereas before if I ran cat todos.log it showed a bunch of ’ ~ ''s and that the process started, it now shows nothing. The terminal goes right to the next command line. Conversely, if I run start todos again, the output is now:
(croud is the name of my app/user)
ggaabe, I was able to get it working by cutting:
down to simply:
in the “/etc/nginx/sites-enabled/todos” file.
I don’t know what I’m sacrificing as a result of doing that, though. I don’t know if your error was the same as mine. Let me know if that does anything for you.
Thanks. Unfortunately, it still didn’t work :-(
Hi again,
So I managed to get ahold of the error logs. (Tried deploying with mup):
@ggaabe hey, getting the same error. how did you fix this?
Same here. And the error.log file says something like:
[error] 4546#0: *17 connect() failed (111: Connection refused) while connecting to upstream
I really hope we can get this figured out soon, but it’s the same error listed by ran818145 on Oct. 8, and still no solution, posted here at least.
A connection refused error means that your meteor.js app is not running. Do you get any errors when you start to start the todos service?
If that doesn’t work, check the error log for errors:
There were no errors in my version of “home/todos/todos.log”.
However, I was able to get it working by cutting:
down to simply:
in the “/etc/nginx/sites-enabled/todos” file. I don’t know what I’m sacrificing as a result of doing that, though.
Interestingly, I get the following error after adding a json string to my METEOR_SETTINGS environment variable. I’ve not been able to find a solution to this yet. I’m on DO, using a Ubuntu 14 droplet. Works fine locally, and worked fine on the server until I added this:
root@dev:/home/qdev# echo $METEOR_SETTINGS { “public”: { }, “firstUser”: { “id”: “oPMfpAuwQ3nuTdpTA” } } root@dev:/home/qdev#
Here’s the error:
module.js:340 throw err; ^ Error: Cannot find module ‘underscore’ at Function.Module._resolveFilename (module.js:338:15) at Function.Module._load (module.js:280:25) at Module.require (module.js:364:17) at require (module.js:380:17) at Object.<anonymous> (/home/qdev/bundle/programs/server/boot.js:5:9) at Module._compile (module.js:456:26) at Object.Module._extensions…js (module.js:474:10) at Module.load (module.js:356:32) at Function.Module._load (module.js:312:12) at Module.require (module.js:364:17)
Hopefully this helps someone else… I figured out that I had to go into the upstart configuration file (i.e. /etc/init/<appname>.conf and add the:
export METEOR_SETTINGS=“$(cat /path/to/settings.json)”
Now everything works swimmingly.
I’m running into the same problem as a couple folks above have. I’m getting this:
2014/11/23 20:33:31 [error] 2949#0: *16 connect() failed (111: Connection refused) while connecting to upstream, client:, server:, request: “GET / HTTP/1.1”, upstream: “”, host: “”
in /var/log/nginx/error.log
I’ve also tried this change:
With no success.
netstat -plutn | grep 8080
Returns nothing.
status todos returns:
todos start/running, process 10232
Any suggestions on this?