Node

From Wiki2
Revision as of 09:19, 18 October 2014 by Tim (talk | contribs)

token authentication

http://www.kdelemme.com/2014/03/09/authentication-with-angularjs-and-a-node-js-rest-api/


        1. forever
   forever stop server2.js

   ps al
   kill -KILL pid 

   root@node1:/home/stuff2getapi/s2g-api# (master) forever list
   info:    Forever processes running
   data:        uid  command                      script     forever pid   logfile                 uptime
   data:    [0] DykF /root/.nvm/v0.10.25/bin/node server2.js 28939   28944 /root/.forever/DykF.log 1:1:2:21.834

   tail -f /root/.forever/DykF.log

require, exports and module.exports

when to use node

node cors

Nginx

quick up on server

letsencrypt

/root/README16.04.md in sitebuilt.net has the docs on letsencrypt commands that have been run


letsencrypt certonly -a webroot --webroot-path=/home/tryit/public_html -d tryit.sitebuilt.net

letsencrypt certonly -a webroot --webroot-path=/var/www/html -d sitebuilt.net -d tryit.sitebuilt.net


  • put your code in some directory
  • modify sites-available
  • nginx -s reload

forward proxy

http://blog.abarbanell.de/raspberry/2016/01/09/arduino-nginx/

me: Doesn't the nginx proxy need crt's and key's? Will it just work like a browser and encrypt deencrypt automagically?

Tobias Abarbanell Hi Tim, in this process the nginx is a server receiving requests over http and then on the encrypted side it is a client, so it does not need to have certificates.

If you want traffic coming the other direction, from the outside to your devices you would need certificates on the nginx and I would recommend using letsencrypt (https://letsencrypt.org) for this purpose.

Hi Tobias,

Thanks. BTW I think I had already solved the "traffic coming the other direction" problem. I've been loving mqtt as a lightweight protocol to have my esp8266's converse with the world. On my outside nginx vps I am running mosca inside a node app. Mosca is a broker. Devices an clients subscribe and publish to topics and mosca routes them. So my guess is having the pi handle the tls stuff, I'd be able to get data in too.

Meanwhile if I've discovered (after lots of error and error) if I limit the ciphers and keysize I can get TLSv1.1 working rather reliably straight from the esp8266. I haven't dropped a handshake in an hour now. Having WiFiClientSecure just use a fingerprint of the certificate (512 bit certificate) it verifies and accepts the cert. Instead of letting node run with its TLSv1.2 super secure big bloated ciphers I start node like this: node --tls-cipher-list='TLS_RSA_WITH_AES_128_CBC_SHA:RC4-MD5' lib/index.js. Ok so I won't win any awards for TLS and can't use AWS IOT(req TLSv1.2 and big ciphers), but the sensors and relays all over my house and yard will be very hard to mess with nonetheless.

Mosca sends mqtt to web clients using websockets. That's the final piece of the puzzle for me to tackle, wss for apache(windows testmachine) and nginx(ubuntu16.04vps)

Your idea is brilliant and I can't wait to try it on a pi.

tcp proxy

http://yaoweibin.github.io/nginx_tcp_proxy_module/

https://serversforhackers.com/compiling-third-party-modules-into-nginx

https://github.com/imZack/docker-nginx-tcp-proxy 

wget http://github.com/yaoweibin/nginx_tcp_proxy_module/tarball/master
tar -xvf master
cd yaoweibin-nginx_tcp_proxy_module-7d70702
cp -R yaoweibin-nginx_tcp_proxy_module-7d70702 /opt
sudo apt-get install -y dpkg-dev
sudo apt-get install libpcre++-dev
sudo mkdir /opt/rebuildnginx
cd /opt/rebuildnginx
sudo apt-get source nginx
cd /opt/rebuildnginx/nginx-1.10.0/
patch -p1 < /opt/yaoweibin-nginx_tcp_proxy_module-7d70702/tcp.patch
./configure --add-module=/opt/yaoweibin-nginx_tcp_proxy_module-7d70702
make
make install

that puts it in the middle of nowhere with no systenctl or usr/sbinin

in ls -al /etc/systemd/system/multi-user.target.wants/ there should be nginx.service -> /lib/systemd/system/nginx.service and there should be the file nginx.service which looks like this

since you meessed with a systemd file 

systemctl daemon-reload

# Stop dance for nginx
# =======================
#
# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
# and sends SIGTERM (fast shutdown) to the main process.
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
#
# nginx signals reference doc:
# http://nginx.org/en/docs/control.html
#
[Unit]
Description=A high performance web server and a reverse proxy server
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target

and since nginx isn't there you need 

ln -s /usr/local/nginx/sbin/nginx /usr/sbin/

websocket reverse proxy

https://www.nginx.com/blog/websocket-nginx/

http://stackoverflow.com/questions/36521858/nginx-reverse-proxying-wss-client-sent-invalid-method-while-reading-client-req

restart nginx

   nginx -s reload

allow directory reads

edit 

  /etc/nginx/sites-available/default

add autoindex on here 

   location / {
       try_files $uri $uri/ =404;
       autoindex on;
   }

restart 

   nginx -s reload

install

https://anturis.com/blog/nginx-vs-apache/

http://superuser.com/questions/93437/aptitude-vs-apt-get-which-is-the-recommended-aka-the-right-tool-to-use


https://www.digitalocean.com/community/tutorials/how-to-host-multiple-node-js-applications-on-a-single-vps-with-nginx-forever-and-crontab

SSL

https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-nginx-on-ubuntu-12-04

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com sudo ln -s /etc/nginx/sites-available/cascada.parleyvale.com /etc/nginx/sites-enabled/cascada.parleyvale.com 


server {

        listen   443;
        server_name stuff2get.parleyvale.com;

        root /home/stuff2get/www;
        index index.html index.htm;

        ssl on;
        ssl_certificate /etc/nginx/ssl/stuff2get.parleyvale.com/server.crt;
        ssl_certificate_key /etc/nginx/ssl/stuff2get.parleyvale.com/server.key;
}

server {

        listen   443;
        server_name stuff2get.parleyvale.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

        ssl on;
        ssl_certificate /etc/nginx/ssl/stuff2get.parleyvale.com/server.crt;
        ssl_certificate_key /etc/nginx/ssl/stuff2get.parleyvale.com/server.key;
}

express

http://expressjs-book.com/forums/topic/express-js-sessions-a-detailed-tutorial/

http://stackoverflow.com/questions/18708428/how-to-do-authentication-with-node-js-and-mean-stack

win7

https://github.com/joyent/node/wiki/Installation

64bit version: http://nodejs.org/dist/latest/x64/node.exe

  • is in /wamp/bin/node
  • installed npm there too
  • added it to path
  • to test: from git bash> node hellonode.js starts server, see page at http://127.0.0.1:8124/

homebuntu

http://ariejan.net/2011/10/24/installing-node-js-and-npm-on-ubuntu-debian/

yeoman

Retrieved from "https://wiki2.sitebuilt.net/index.php?title=Node&oldid=7260"