Giacomo Lanzi
Node.js via SOD hosting panel
If you are interested in hosting Node.js apps on your web space, we have good news! The control panel offered by SOD, based on Plesk, is equipped with a Node.js extension that allows you to easily manage applications. In this article we see how it is possible to integrate Node through the control panel.
Host a Node.js application from the Plesk panel
To verify that everything is working, let’s try hosting a Node.js application in the panel. We will use a generic “Hello, World” application. To do this, we will use the Git extension that you find directly from the panel. It would also be possible to upload the application directly to the server, but I thought that implementing a second extension could also be useful for the purposes of this mini guide.
Once you have accessed the SOD Plesk panel, you will need to create a destination folder for the application. Select the “Files” tab, create a “hello-world” folder. From the “Websites & Domains” tab, among the available components, select Git. If you own more than one domain, be sure to select the option under the correct one.
The second screen on where to find the Git icon:
Setting up a local repository
Now let’s set up a local repository as a clone of a remote one to download the code to the folder you created a moment ago. The URL of the repository we will clone is: https://github.com/plesk/node-hello-world.git
To do this, click on the Git icon, set the URL in the space provided and select the “hello-world” folder you created a while ago.
Differences between “Application root” and “Document root” folders
The next step is to change the Document root folder for the domain. Note that the Document root and Application root folders are not the same. When we talk about web apps (such as those based on Node.js), the document root is the position where the static resources are located, while the application root is the root directory where the app. In most cases, the Document root is a folder within the Application root.
Right now we need to change the document root. To do this, go to the “Websites & Domains” panel, select the correct site and go to “Hosting Settings” (right above Git) and click the link:
Change the current “Document root” to hello-world/public.
Enable support for Node.js
Before running the “Hello World” app, the last thing you need to do is enable support for Node.js on the domain. Then go to the “Websites & Domain” panel and click on the appropriate option. Here you can see some information about the app. Click on “Enable Node.js” and in a few moments this will be enabled.
At this point, if everything went well, clicking on the “Application URL” you should see a screen that says “Hello World!”. Congratulations, you have just installed and run an app on your domain.
Applications with dependencies
Applications built with Node.js, more often than not, must satisfy dependencies that are defined in the package.json file, which is installed in the “node_modules” directory.
Let’s look at another ExpressJS-based application. You can find it in its repository, upload it manually, or repeat the steps described in the previous section. Here is the repository: https://github.com/plesk/node-express.git. Once you have things sorted out, you will find yourself as in the screenshot below, assuming you have cloned the repository in the express-demo folder:
Install the dependencies and change the startup file
Before trying to access the app, you need to initialize it. Let’s start by installing the dependencies. Fortunately, in the Plesk panel of SOD, there is a simple “NPM install” button. This is done to install app dependencies based on the “package.json” file. Install the dependencies this way, for convenience.
Finally, we need to set up the app’s startup file. Plesk uses the Phusion Passenger server application to service the Node.js apps. In the demonstration repository, there is a file called “server.js”. This, which is not a common part of ExpressJS-based apps, contains a few lines of code necessary to make the app work:
const app = require (‘./ app’);
const http = require (‘http’);
http.createServer (app) .listen (process.env.PORT);
You can use the idea behind this file when hosting other Node.js applications, for example based on a different framework. The last thing you have to do is change the “Application Startup File” option and set it to “server.js”.
At this point, browsing to the address that hosts the app, you should see the ExpressJS welcome screen.
Solve problems
For every Node.js developer it is essential to know how to identify problems to find a solution. To do this, here are a couple of tips that might help you Debug.
Checking the log file
The first thing to do when debugging a Node.js application is to check the log files. For example, if you forget to install the dependencies for the Express demo app, the server error log will contain the error “cannot find module ‘express'”. Unfortunately, due to how Phusion Passenger works, server level error logs are used instead of per domain error logs. In this case, end users will see a simple generic error message.
To check the server log messages, go to the “Websites & Domain” panel, under the domain concerned, look for the log option. Clicking on it will give you access to a screen of the logged messages.
See messages directly on the app screen
It can be very useful to see the error messages directly on the app website, without looking for the option in the control panel. Go to the Node.js app settings screen and change the application mode to “development”. The next time a problem occurs, the error will be shown in the browser window.
Furthermore, if the app is in “development” mode, it is not necessary to restart the app every time you change the contents of a file.
Conclusions
As we have seen, implementing Node.js applications on your domain is really simple with the Plesk control panel of the SOD hosting service, which is once again very flexible, intuitive and easy to use.
If you want to try this and other features, you can test the demo version by simply clicking here.
Useful links:
VPS hosting services – Cloud server
Share
RSS
More Articles…
- The SOAR benefits: simplifying investigation and response
- Security Code Review: How the service works
- Integration of the automated response: the automations in SOCaaS
- Coordination between CTI and SOC: how to further raise the defenses
- New Cloud Server: redundant internet
- Quality certificate for the SOCaaS of SOD
- Managed Detection and Response: a new preventive approach
- CLUSIT: our collaboration for better services
Categories …
- Backup as a Service (17)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (21)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (15)
- Security (170)
- Cyber Threat Intelligence (CTI) (6)
- Ethical Phishing (8)
- SOCaaS (55)
- Vulnerabilities (84)
- Web Hosting (15)
Tags
Dark Reading
- ChromeLoader Malware Hijacks Browsers With ISO Files May 27, 2022The malware’s abuse of PowerShell makes it more dangerous, allowing for more advanced attacks such as ransomware, fileless malware, and malicious code memory injections.
- Physical Security Teams' Impact Is Far-Reaching May 27, 2022Here's how physical security teams can integrate with the business to identify better solutions to security problems.
- Taking the Danger Out of IT/OT Convergence May 27, 2022The Colonial Pipeline attack highlighted the risks of convergence. Unified security provides a safer way to proceed.
- Microsoft Unveils Dev Box, a Workstation-as-a-Service May 26, 2022Microsoft Dev Box will make it easier for developers and hybrid teams to get up and running with workstations already preconfigured with required applications and tools.
- Broadcom Snaps Up VMware in $61B Deal May 26, 2022Massive merger will put Broadcom's Symantec and VMware's Carbon Black under one roof.
- Lacework Announces Layoffs, Restructuring May 26, 2022The cloud-security company blames "seismic" market shifts for shakeup.
- Third-Party Scripts on Websites Present a 'Broad & Open' Attack Vector May 26, 2022Nearly half of the world's largest websites use externally generated JavaScript that makes them ripe targets for cyberattackers interested in stealing data, skimming credit cards, and executing other malicious actions.
- Twitter Fined $150M for Security Data Misuse May 26, 2022Twitter is charged with using emails and phone numbers ostensibly collected for account security to sell targeted ads.
- The FDA's New Cybersecurity Guidance for Medical Devices Reminds Us That Safety & Security Go Hand in Hand May 26, 2022The new draft guidance on premarket submissions incorporates quality system regulations and doubles down on a life-cycle approach to product security.
- VMware, Airline Targeted as Ransomware Chaos Reigns May 26, 2022Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.
Full Disclosure
- Disclosing Vulnerability of CLink Office 2.0 May 23, 2022Posted by chan chan on May 23Dear Sir/Madam, I would like to submit a vulnerability found on CLink Office 2.0. I had contacted the vendor 60 days before but in vain. # Exploit Title: Multiple blind SQL injection vulnerabilities in in CLink Office 2.0 Anti-Spam management console # Date: 30 Mar 2022 # Exploit Author: […]
- [tool] tplink backup decryptor. May 23, 2022Posted by retset on May 23Yet another "tool" to decrypt a backup configs for some tplink wifi routers. Only tested on latest fw for "Archer C7". I hope that it will be useful for someone. https://github.com/ret5et/tplink_backup_decrypt_2022.bin
- SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP® Application Server, ABAP and ABAP® Platform (Different Software Components) May 18, 2022Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 18SEC Consult Vulnerability Lab Security Advisory < 20220518-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: SAP® Application Server ABAP and ABAP® Platform (Different Software Components) vulnerable version: see section "Vulnerable / tested versions" fixed version: see SAP security notes...
- PHPIPAM 1.4.4 - CVE-2021-46426 May 18, 2022Posted by Rodolfo Augusto do Nascimento Tavares via Fulldisclosure on May 18=====[ Tempest Security Intelligence - ADV-03/2022 ]========================== PHPIPAM - Version 1.4.4 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents ]================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ Vulnerability […]
- LiquidFiles - 3.4.15 - Stored XSS - CVE-2021-30140 May 18, 2022Posted by Rodolfo Augusto do Nascimento Tavares via Fulldisclosure on May 18=====[ Tempest Security Intelligence - ADV-12/2021 ]========================== LiquidFiles - 3.4.15 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents]================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ Vulnerability...
- Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale! May 18, 2022Posted by malvuln on May 18Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale! https://www.youtube.com/watch?v=eg3l8a_HSSU
- github.com/malvuln/RansomDLLs / Catalog of current DLLs affecting vulnerable Ransomware strains. May 18, 2022Posted by malvuln on May 18Reference list for my Ransomware exploitation research. Lists current DLLs I have seen to date that some ransomware search for, which I have used successfully to hijack and intercept vulnerable strains executing arbitrary code pre-encryption. https://github.com/malvuln/RansomDLLs
- APPLE-SA-2022-05-16-2 macOS Monterey 12.4 May 17, 2022Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-2022-05-16-2 macOS Monterey 12.4 macOS Monterey 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213257. AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed […]
- APPLE-SA-2022-05-16-6 tvOS 15.5 May 17, 2022Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-2022-05-16-6 tvOS 15.5 tvOS 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213254. AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel […]
- APPLE-SA-2022-05-16-5 watchOS 8.6 May 17, 2022Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-2022-05-16-5 watchOS 8.6 watchOS 8.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213253. AppleAVD Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free […]
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Security Awareness, la sicurezza aziendale parte dai dipendenti. L'ingegneria sociale fa spesso leva sull'ignoranza… https://t.co/nGAs70Ofn5
-
SecureOnlineDesktop
Torna all'inizio Scopri i nostri servizi di Cyber SecurityTroverai sicuramente quello che fa al caso tuo Se vuoi m… https://t.co/Emm5kUfFc4
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Today we see one of the latest additions to our SOCaaS, the Autonomous Threat… https://t.co/QNvHnKbEqq
-
SecureOnlineDesktop
Estimated reading time: 6 minutes The Security Code Review (SCR) service is increasingly used by companies l… https://t.co/rJmYXr1oCj
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il servizio di Security Code Review (SCR) è sempre più utilizzato dalle aziende… https://t.co/g2ho2C8FYh
Newsletter
Products and Solutions
Partners
Cloud Models
News
- The SOAR benefits: simplifying investigation and response April 18, 2022
- Security Code Review: How the service works April 13, 2022
- Integration of the automated response: the automations in SOCaaS April 11, 2022
- Coordination between CTI and SOC: how to further raise the defenses April 6, 2022
- New Cloud Server: redundant internet March 23, 2022
Google Reviews
About
Copyright © 2011 Secure Online Desktop s.r.l. All Rights Reserved.
VAT: 07485920966 “Cloud Computing services - Software cloud - Cloud server - VPS” Terms of ServicePrivacy Policy
ISO Certifications