Running secure nodejs apps on Plesk 12.5
This article will cover how to setup nodejs apps on a Server with Plesk 12.5. We will use nginx as a reverseproxy, keep the app running with pm2 and encrypt everything with automaticly renewed ssl-certificates from let’s encrypt.
I’ll assume you have ssh access to your Server and have nodejs installed.
install pm2
pm2 is a processmanager for nodejs to keep our app running forever, it also enables us to restart our apps after a server reboot.
npm install pm2 -g
write the app
If you don’t allready have an exiting app yourself you can copy this
var http = require('http');
http.createServer(function (request, response) {
response.writeHead(200, {'Content-Type': 'text/plain'});
response.end('Hello World\n');
}).listen(8888);
console.log('Server running at http://127.0.0.1:8888/');
into app.js and save it in your subdomains document-root.
configure nginx as reverse proxy
To configure nginx enter your subdomains Apache&Nginx Settings
and paste the following code
location ~ / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:8888;
}
in the additional nginx directives field and save it.
This will send all request to your nodejs app running on http://localhost:8888.
run the app with pm2
Now let’s start our app. ssh into your document-root and run:
pm2 start app.js
If you open your subdomain you should see your app running.
install let’s encrypt plesk extension
You can simply install the letsencrypt extension from the Extension Catalog.
For all your regular domains that are served by apache you can now create ssl-certificates with just a few clicks.
The extension uses a folder called .well-known in your document-root to verify that you are the owner of the domain. But because our app is served by nodejs we can’t serve this folder from our document root at the moment.
modify nginx config
We need to add the following snippet to our additional nginx directives
location ^~ /.well-known {
alias /var/www/vhosts/webnugget.de/httpdocs/.well-known;
}
This will serve the .well-known folder as expected by the let’s encrypt extension.
create certificates
Now we can create our certificates with just a few clicks. In your domain settings click the Let’s Encrypt button.
Enter your email adress and install the certificate.
Your app is available via https:// now!
redirect http:// to https://
If you wan’t to use https:// only you can add the following snippet on top of your additional nginx directives.
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
This will redirect all http-requests to https.
Btw. this is how i serve my ghost blog:)
keep it running
You can use pm2 to make your apps rebootsafe, so they will be restarted on serverreboot.
To generate the startupscripts simply run: pm2 startup
To view currently running apps: pm2 monit
To save your current running apps to be restarted on reboot run: pm2 save