OWASP juice shop

Eran Goldman-Malka · September 6, 2023

OWASP juice shop - digitalocean server installation

I’ve needed an OWASP Juice Shop server for a webinar and couldn’t find any strait forward instructions fo DigitalOcean Droplets The installation process takes about 40 minutes because the npm install takes really long time.

  1. start ubuntu server on DigitalOcean (click the badge to get 200$ referral credit) DigitalOcean Referral Badge
  2. ssh into the server
  3.  apt update && apt upgrade -y
     apt install nginx nodejs npm certbot python3-certbot-nginx -y
     git clone https://github.com/juice-shop/juice-shop.git --depth 1
     cd juice-shop
     npm install --no-audit --progress=false
  4. vim /etc/nginx/sites-available/default
  5. change line 51 from
         try_files $uri $uri/ =404;


     # try_files $uri $uri/ =404;
     client_max_body_size 512M;
     proxy_pass http://localhost:3000;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
  6. restart nginx
    nginx -t
    service nginx restart
  7. get ssl cert
     certbot --nginx --domain 
  8. Run Juice Shop
     npm start

Errors and bugs

  • Wrong Node.js version :
    apt-get install -y ca-certificates curl gnupg
    echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
    curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
    apt-get update
    apt-get install nodejs -y
  • No NPM installed
    curl https://www.npmjs.com/install.sh | sudo sh
  • Error: Could not locate the bindings file. Tried:
    npm i --package-lock-only
    npm audit fix --force
    npm ci

Twitter, Facebook