Giacomo Lanzi
Node.js via SOD hosting panel
If you are interested in hosting Node.js apps on your web space, we have good news! The control panel offered by SOD, based on Plesk, is equipped with a Node.js extension that allows you to easily manage applications. In this article we see how it is possible to integrate Node through the control panel.
Host a Node.js application from the Plesk panel
To verify that everything is working, let’s try hosting a Node.js application in the panel. We will use a generic “Hello, World” application. To do this, we will use the Git extension that you find directly from the panel. It would also be possible to upload the application directly to the server, but I thought that implementing a second extension could also be useful for the purposes of this mini guide.
Once you have accessed the SOD Plesk panel, you will need to create a destination folder for the application. Select the “Files” tab, create a “hello-world” folder. From the “Websites & Domains” tab, among the available components, select Git. If you own more than one domain, be sure to select the option under the correct one.
The second screen on where to find the Git icon:
Setting up a local repository
Now let’s set up a local repository as a clone of a remote one to download the code to the folder you created a moment ago. The URL of the repository we will clone is: https://github.com/plesk/node-hello-world.git
To do this, click on the Git icon, set the URL in the space provided and select the “hello-world” folder you created a while ago.
Differences between “Application root” and “Document root” folders
The next step is to change the Document root folder for the domain. Note that the Document root and Application root folders are not the same. When we talk about web apps (such as those based on Node.js), the document root is the position where the static resources are located, while the application root is the root directory where the app. In most cases, the Document root is a folder within the Application root.
Right now we need to change the document root. To do this, go to the “Websites & Domains” panel, select the correct site and go to “Hosting Settings” (right above Git) and click the link:
Change the current “Document root” to hello-world/public.
Enable support for Node.js
Before running the “Hello World” app, the last thing you need to do is enable support for Node.js on the domain. Then go to the “Websites & Domain” panel and click on the appropriate option. Here you can see some information about the app. Click on “Enable Node.js” and in a few moments this will be enabled.
At this point, if everything went well, clicking on the “Application URL” you should see a screen that says “Hello World!”. Congratulations, you have just installed and run an app on your domain.
Applications with dependencies
Applications built with Node.js, more often than not, must satisfy dependencies that are defined in the package.json file, which is installed in the “node_modules” directory.
Let’s look at another ExpressJS-based application. You can find it in its repository, upload it manually, or repeat the steps described in the previous section. Here is the repository: https://github.com/plesk/node-express.git. Once you have things sorted out, you will find yourself as in the screenshot below, assuming you have cloned the repository in the express-demo folder:
Install the dependencies and change the startup file
Before trying to access the app, you need to initialize it. Let’s start by installing the dependencies. Fortunately, in the Plesk panel of SOD, there is a simple “NPM install” button. This is done to install app dependencies based on the “package.json” file. Install the dependencies this way, for convenience.
Finally, we need to set up the app’s startup file. Plesk uses the Phusion Passenger server application to service the Node.js apps. In the demonstration repository, there is a file called “server.js”. This, which is not a common part of ExpressJS-based apps, contains a few lines of code necessary to make the app work:
const app = require (‘./ app’);
const http = require (‘http’);
http.createServer (app) .listen (process.env.PORT);
You can use the idea behind this file when hosting other Node.js applications, for example based on a different framework. The last thing you have to do is change the “Application Startup File” option and set it to “server.js”.
At this point, browsing to the address that hosts the app, you should see the ExpressJS welcome screen.
Solve problems
For every Node.js developer it is essential to know how to identify problems to find a solution. To do this, here are a couple of tips that might help you Debug.
Checking the log file
The first thing to do when debugging a Node.js application is to check the log files. For example, if you forget to install the dependencies for the Express demo app, the server error log will contain the error “cannot find module ‘express'”. Unfortunately, due to how Phusion Passenger works, server level error logs are used instead of per domain error logs. In this case, end users will see a simple generic error message.
To check the server log messages, go to the “Websites & Domain” panel, under the domain concerned, look for the log option. Clicking on it will give you access to a screen of the logged messages.
See messages directly on the app screen
It can be very useful to see the error messages directly on the app website, without looking for the option in the control panel. Go to the Node.js app settings screen and change the application mode to “development”. The next time a problem occurs, the error will be shown in the browser window.
Furthermore, if the app is in “development” mode, it is not necessary to restart the app every time you change the contents of a file.
Conclusions
As we have seen, implementing Node.js applications on your domain is really simple with the Plesk control panel of the SOD hosting service, which is once again very flexible, intuitive and easy to use.
If you want to try this and other features, you can test the demo version by simply clicking here.
Useful links:
VPS hosting services – Cloud server
Share
RSS
More Articles…
- Hadoop Open Data Model: “open” data collection
- Pass the Ticket: how to mitigate it with a SOCaaS
- Use cases of a SOCaaS for companies part 2
- Use cases of a SOCaaS for companies part 1
- NIST Cybersecurity Framework
- “Left of boom” and “right of boom”: having a winning strategy
- Smishing: a fraud similar to phishing
- Network Traffic Analyzer: an extra gear for the Next Gen SIEM
Categories …
- Backup as a Service (2)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (18)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (14)
- Cyber Threat Intelligence (CTI) (3)
- Ethical Phishing (8)
- SOCaaS (24)
- Vulnerabilities (84)
- Web Hosting (15)
Tags
Dark Reading
- Microsoft Adds Emergency Threat Mitigation to Its Exchange Server Software September 27, 2021The built-in service automates mitigations to known Exchange Server threats.
- Microsoft Warns of 'FoggyWeb' Malware Targeting AD FS Servers September 27, 2021The group tracked as Nobelium uses multiple tactics to steal credentials with the goal of gaining admin access to Active Directory Federation Services.
- 7 Ways to Thwart Malicious Insiders September 27, 2021Malicious insider incidents may be less frequent than inadvertent user missteps, but they can cost organizations big time.
- Women and People of Color Experience More Cyber Threats September 27, 2021Researchers explore how people across different demographics feel about their privacy and security online, with worrying results.
- Thoma Bravo Completes Strategic Investment in Intel 471 September 27, 2021Intel 471 is a provider of cyber threat intelligence for leading enterprises and governments.
- BloodyStealer: Advanced New Trojan Targets Accounts of Popular Online Gaming Platforms September 27, 2021Kaspersky researchers have discovered an advanced Trojan, dubbed BloodyStealer, sold on darknet forums and used to steal gamers’ accounts on popular gaming platforms, including Steam, Epic Games Store, and EA Origin.
- Cloudflare Ventures into Simplifying Email Security September 27, 2021The company adds complex email security technologies — including the alphabet soup of SPF, DKIM, and DMARC — as part of its service.
- Zero Trust Comes to Industry's Broadest Cybersecurity Platform September 27, 2021Trend Micro Zero Trust Risk Insights continuously reveals and prioritizes risks for better decision making.
- Telos, Splunk, stackArmor, AWS Announce FASTTR Initiative to Accelerate Compliance September 27, 2021FASTTR initiative enhances stackArmor's ThreatAlert by building on market-leading Telos' Xacta for security compliance documentation and Splunk for security information and event management.
- How to Get Started With Zero Trust in a SaaS Environment September 27, 2021Given current business conditions and the prevalence of SaaS technologies, now is the time to take steps toward zero trust.
Full Disclosure
- APPLE-SA-2021-09-23-1 iOS 12.5.5 September 24, 2021Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2021-09-23-1 iOS 12.5.5 iOS 12.5.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212824. CoreGraphics Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing a maliciously […]
- APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina September 24, 2021Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina Security Update 2021-006 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212825. XNU Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of […]
- openvpn-monitor Cross-Site Request Forgery (CSRF) September 24, 2021Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-011 # CVE ID: CVE-2021-31604 # Subject: Cross-Site Request Forgery (CSRF) # Severity: Medium # Effect: Denial of Service #...
- openvpn-monitor OpenVPN Management Socket Command Injection September 24, 2021Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-010 # CVE ID: CVE-2021-31605 # Subject: OpenVPN Management Socket Command Injection # Severity: High # Effect: Denial of...
- openvpn-monitor Authorization Bypass September 24, 2021Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-009 # CVE ID: CVE-2021-31606 # Subject: Authorization Bypass # Severity: Medium # Effect: Denial of Service # Author:...
- Backdoor.Win32.Minilash.10.b / Remote Denial of Service (UDP Datagram) September 21, 2021Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3c407448a00b2d53b2418f53b66d5b6b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Minilash.10.b Vulnerability: Remote Denial of Service (UDP Datagram) Description: The Minilash malware listens on TCP 6711 and UDP port 60000. Third-party attackers who can reach infected systems can send a specially […]
- Backdoor.Win32.Hupigon.asqx / Unauthenticated Open Proxy September 21, 2021Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/a344b767d58b6c83b92bb868727e021c.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.asqx Vulnerability: Unauthenticated Open Proxy Description: The malware listens on TCP port 8080. Third-party attackers who can connect to the infected system can relay requests from the original connection to the...
- Trojan.Win32.Agent.xaamkd / Insecure Permissions September 21, 2021Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/095651e1704b501123b41ea2e9736820.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.xaamkd Vulnerability: Insecure Permissions Description: The malware creates an dir with insecure permissions under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename the...
- APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows September 21, 2021Posted by product-security-noreply--- via Fulldisclosure on Sep 21APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows iTunes 12.12 for Windows addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212817. ImageIO Available for: Windows 10 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with […]
- APPLE-SA-2021-09-20-9 iTunes U 3.8.3 September 21, 2021Posted by product-security-noreply--- via Fulldisclosure on Sep 21APPLE-SA-2021-09-20-9 iTunes U 3.8.3 iTunes U 3.8.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212809. iTunes U Available for: iOS 12.4 and later or iPadOS 12.4 and later Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: […]
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 5 minutes With the advent of big data platforms, IT security companies can now make guid… https://t.co/aTv41eq2Ir
-
SecureOnlineDesktop
Estimated reading time: 5 minutes Ogni anno cresce costantemente il numero di attacchi che minacciano la sicurezz… https://t.co/e1g9VBSYq9
-
SecureOnlineDesktop
Estimated reading time: 5 minutes Every year the number of attacks that threaten the security of devices, comput… https://t.co/MnoEKRNMwk
-
SecureOnlineDesktop
Estimated reading time: 7 minutes Il vishing è una particolare tipologia di phishing che sfrutta la tecnologia Vo… https://t.co/q9OO03jSHj
-
SecureOnlineDesktop
Estimated reading time: 5 minutes Come abbiamo già affrontato precedentemente negli scorsi articoli, i ransomware… https://t.co/O8xUUJocYc
Newsletter
Products and Solutions
Partners
Cloud Models
News
- Hadoop Open Data Model: “open” data collection September 8, 2021
- Pass the Ticket: how to mitigate it with a SOCaaS September 6, 2021
- Use cases of a SOCaaS for companies part 2 August 18, 2021
- Use cases of a SOCaaS for companies part 1 August 16, 2021
- NIST Cybersecurity Framework August 2, 2021
Google Reviews
About
Copyright © 2011 Secure Online Desktop s.r.l. All Rights Reserved.
VAT: 07485920966 “Cloud Computing services - Software cloud - Cloud server - VPS” Terms of ServicePrivacy Policy
ISO Certifications