Node.js e Plesk Giacomo Lanzi

Node.js via SOD hosting panel

If you are interested in hosting Node.js apps on your web space, we have good news! The control panel offered by SOD, based on Plesk, is equipped with a Node.js extension that allows you to easily manage applications. In this article we see how it is possible to integrate Node through the control panel.

Host a Node.js application from the Plesk panel

To verify that everything is working, let’s try hosting a Node.js application in the panel. We will use a generic “Hello, World” application. To do this, we will use the Git extension that you find directly from the panel. It would also be possible to upload the application directly to the server, but I thought that implementing a second extension could also be useful for the purposes of this mini guide.

Once you have accessed the SOD Plesk panel, you will need to create a destination folder for the application. Select the “Files” tab, create a “hello-world” folder. From the “Websites & Domains” tab, among the available components, select Git. If you own more than one domain, be sure to select the option under the correct one.

Create Folder by Application

The second screen on where to find the Git icon:

Git icon

Setting up a local repository

Now let’s set up a local repository as a clone of a remote one to download the code to the folder you created a moment ago. The URL of the repository we will clone is: https://github.com/plesk/node-hello-world.git

To do this, click on the Git icon, set the URL in the space provided and select the “hello-world” folder you created a while ago.

Repository settings

Differences between “Application root” and “Document root” folders

The next step is to change the Document root folder for the domain. Note that the Document root and Application root folders are not the same. When we talk about web apps (such as those based on Node.js), the document root is the position where the static resources are located, while the application root is the root directory where the app. In most cases, the Document root is a folder within the Application root.

Right now we need to change the document root. To do this, go to the “Websites & Domains” panel, select the correct site and go to “Hosting Settings” (right above Git) and click the link:

Root of documents - Node.js

Change the current “Document root” to hello-world/public.

Enable support for Node.js

Before running the “Hello World” app, the last thing you need to do is enable support for Node.js on the domain. Then go to the “Websites & Domain” panel and click on the appropriate option. Here you can see some information about the app. Click on “Enable Node.js” and in a few moments this will be enabled.

Enable Node.jsAbilitato

At this point, if everything went well, clicking on the “Application URL” you should see a screen that says “Hello World!”. Congratulations, you have just installed and run an app on your domain.

Applications with dependencies

Applications built with Node.js, more often than not, must satisfy dependencies that are defined in the package.json file, which is installed in the “node_modules” directory.

Let’s look at another ExpressJS-based application. You can find it in its repository, upload it manually, or repeat the steps described in the previous section. Here is the repository: https://github.com/plesk/node-express.git. Once you have things sorted out, you will find yourself as in the screenshot below, assuming you have cloned the repository in the express-demo folder:

Node.js Express-demo

Install the dependencies and change the startup file

Before trying to access the app, you need to initialize it. Let’s start by installing the dependencies. Fortunately, in the Plesk panel of SOD, there is a simple “NPM install” button. This is done to install app dependencies based on the “package.json” file. Install the dependencies this way, for convenience.

Finally, we need to set up the app’s startup file. Plesk uses the Phusion Passenger server application to service the Node.js apps. In the demonstration repository, there is a file called “server.js”. This, which is not a common part of ExpressJS-based apps, contains a few lines of code necessary to make the app work:

const app = require (‘./ app’);
const http = require (‘http’);

http.createServer (app) .listen (process.env.PORT);
You can use the idea behind this file when hosting other Node.js applications, for example based on a different framework. The last thing you have to do is change the “Application Startup File” option and set it to “server.js”.

Node.js Startup File

At this point, browsing to the address that hosts the app, you should see the ExpressJS welcome screen.

Solve problems

For every Node.js developer it is essential to know how to identify problems to find a solution. To do this, here are a couple of tips that might help you Debug.

Checking the log file

The first thing to do when debugging a Node.js application is to check the log files. For example, if you forget to install the dependencies for the Express demo app, the server error log will contain the error “cannot find module ‘express'”. Unfortunately, due to how Phusion Passenger works, server level error logs are used instead of per domain error logs. In this case, end users will see a simple generic error message.

To check the server log messages, go to the “Websites & Domain” panel, under the domain concerned, look for the log option. Clicking on it will give you access to a screen of the logged messages.

 

See messages directly on the app screen

It can be very useful to see the error messages directly on the app website, without looking for the option in the control panel. Go to the Node.js app settings screen and change the application mode to “development”. The next time a problem occurs, the error will be shown in the browser window.

Furthermore, if the app is in “development” mode, it is not necessary to restart the app every time you change the contents of a file.

Conclusions

As we have seen, implementing Node.js applications on your domain is really simple with the Plesk control panel of the SOD hosting service, which is once again very flexible, intuitive and easy to use.

If you want to try this and other features, you can test the demo version by simply clicking here.

Useful links:

VPS hosting services – Cloud server

 

 

 

 

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • Backdoor.Win32.Hellza.120 / Authentication Bypass September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Authentication Bypass Description: The malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can logon using any username/password combination....
  • Backdoor.Win32.Hellza.120 / Unauthorized Remote Command Execution September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/2cbd0fcf4d5fd5fb6c8014390efb0b21.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hellza.120 Vulnerability: Unauthorized Remote Command Execution Description: The malware listens on TCP ports 12122, 21. Third-party adversarys who can reach infected systems can issue commands made available by the...
  • Trojan.Ransom.Ryuk.A / Arbitrary Code Execution September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/5ac0f050f93f86e69026faea1fbb4450.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Ransom.Ryuk.A Vulnerability: Arbitrary Code Execution Description: The ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a vuln DLL execute our own code, […]
  • Trojan-Dropper.Win32.Corty.10 / Insecure Credential Storage September 20, 2022
    Posted by malvuln on Sep 19Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022 Original source: https://malvuln.com/advisory/f72138e574743640bdcdb9f102dff0a5.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Corty.10 Vulnerability: Insecure Credential Storage Description: The malware stores its credentials in cleartext within the Windows registry. Family: Corty Type: PE32 MD5: f72138e574743640bdcdb9f102dff0a5 Vuln ID:...
  • Re: over 2000 packages depend on abort()ing libgmp September 20, 2022
    Posted by Matthew Fernandez on Sep 19What is the security boundary being violated here? As a maintainer of some of the packages implicated here, I’m unsure what my actionable tasks are. The threat model(s) for my packages does not consider crashes to be a security violation. On the other side, things like crypto code frequently […]
  • SEC Consult SA-20220915-0 :: Local Privilege Escalation im SAP® SAPControl Web Service Interface (sapuxuserchk) September 16, 2022
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 15SEC Consult Vulnerability Lab Security Advisory < 20220915-0 > ======================================================================= title: Local privilege escalation product: SAP® SAPControl Web Service Interface (sapuxuserchk) vulnerable version: see section "Vulnerable / tested versions" fixed version: see SAP security note 3158619 CVE number: CVE-2022-29614...
  • SEC Consult SA-20220914-0 :: Improper Access Control in SAP® SAProuter September 16, 2022
    Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 15SEC Consult Vulnerability Lab Security Advisory < 20220914-0 > ======================================================================= title: Improper Access Control product: SAP® SAProuter vulnerable version: see section "Vulnerable / tested versions" fixed version: see SAP security note 3158375 CVE number: CVE-2022-27668 impact: high homepage:...
  • over 2000 packages depend on abort()ing libgmp September 16, 2022
    Posted by Georgi Guninski on Sep 15ping world libgmp is library about big numbers. it is not a library for very big numbers, because if libgmp meets a very big number, it calls abort() and coredumps. 2442 packages depend on libgmp on ubuntu20. [email protected]:~/prim$ apt-cache rdepends libgmp10 | wc -l 2442 gawk crash: [email protected]:~/prim$ gawk […]
  • APPLE-SA-2022-09-12-5 Safari 16 September 12, 2022
    Posted by Apple Product Security via Fulldisclosure on Sep 12APPLE-SA-2022-09-12-5 Safari 16 Safari 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213442. Safari Extensions Available for: macOS Big Sur and macOS Monterey Impact: A website may be able to track users through Safari web extensions Description: A logic issue […]
  • APPLE-SA-2022-09-12-4 macOS Monterey 12.6 September 12, 2022
    Posted by Apple Product Security via Fulldisclosure on Sep 12APPLE-SA-2022-09-12-4 macOS Monterey 12.6 macOS Monterey 12.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213444. ATS Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. […]

Customers

Newsletter