diff --git a/.gitignore b/.gitignore index 573fa1e..4ae44f0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ +redirects.json +vhosts .*.sw* # Logs diff --git a/SETUP.md b/SETUP.md new file mode 100644 index 0000000..e41aead --- /dev/null +++ b/SETUP.md @@ -0,0 +1,24 @@ +# secure the server with https://coolaj86.com/articles/securing-your-vps-for-the-semi-paranoid.html + +# install walnut +sudo mkdir /srv/walnut +sudo chown walnut:walnut -R /srv/walnut +pushd /srv/walnut +git init +git remote origin add git@github.com:daplie/walnut.git +git pull +npm install + +# copy uid and guid to ./walnut.js +id +vim walnut.js + +# configure redirects +rsync -av redirects.sample.json redirects.json + +# TODO create dummy certs + +# create and start upstart service +sudo rsync -av upstart-walnut /etc/init/walnut.conf +# for init.d: sudo rsync -av init.d-walnut /etc/init.d/walnut +sudo service walnut restart diff --git a/bin/walnut b/bin/walnut index 5461f7d..98bdd02 100755 --- a/bin/walnut +++ b/bin/walnut @@ -4,7 +4,7 @@ require('../walnut.js'); function eagerLoad() { - var PromiseA = require('bluebird').Promise + var PromiseA = require('bluebird').Promise; var promise = PromiseA.resolve(); [ 'passport' @@ -67,7 +67,7 @@ function eagerLoad() { }, 4); }); }); - }) + }); promise.then(function () { console.log('Eager Loading Complete'); diff --git a/package.json b/package.json index a111137..dcee18e 100644 --- a/package.json +++ b/package.json @@ -40,6 +40,7 @@ "accepts": "^1.2.5", "bluebird": "2.x", "body-parser": "1.x", + "bookshelf": "^0.7.9", "btoa": "1.x", "bytes": "^1.0.0", "compression": "1.x", @@ -74,6 +75,7 @@ "inherits": "^2.0.1", "jarson": "1.x", "json-storage": "2.x", + "knex": "^0.6.23", "lodash": "2.x", "media-typer": "^0.3.0", "methods": "^1.1.1", diff --git a/upstart-walnut b/upstart-walnut new file mode 100644 index 0000000..0f789a4 --- /dev/null +++ b/upstart-walnut @@ -0,0 +1,24 @@ +# sudo rsync -av upstart-walnut /etc/init/walnut.conf +# sudo service walnut restart + +description "WALNUT application host" +version "1.0" +author "AJ ONeal" + +# Upstart has nothing in $PATH by default +env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +# Keep the server running on crash or machine reboot +respawn +respawn limit 10 120 +start on runlevel [2345] + +# Start the server using spark and redirect output to log files +script + DATE=`date '+%F_%H-%M-%S'` + cd /srv/walnut/ + mkdir -p logs + exec node bin/walnut \ + > "./logs/access.${DATE}.log" \ + 2> "./logs/error.${DATE}.log" +end script diff --git a/walnut.js b/walnut.js index 0e286cd..329cc93 100644 --- a/walnut.js +++ b/walnut.js @@ -20,6 +20,7 @@ fs.readFileSync = function (filename) { }; */ +var PromiseA = require('bluebird').Promise; //var config = require('./device.json'); var securePort = process.argv[2] || 443; var insecurePort = process.argv[3] || 80; @@ -61,11 +62,11 @@ function phoneHome() { holepunch.run(require('./redirects.json').reduce(function (all, redirect) { if (!all[redirect.from.hostname]) { all[redirect.from.hostname] = true; - all.push(redirect.from.hostname) + all.push(redirect.from.hostname); } if (!all[redirect.to.hostname]) { all[redirect.to.hostname] = true; - all.push(redirect.to.hostname) + all.push(redirect.to.hostname); } return all; @@ -73,7 +74,12 @@ function phoneHome() { console.error("Couldn't phone home. Oh well"); }); } -require('./lib/insecure-server').create(securePort, insecurePort, redirects); -require('./lib/vhost-sni-server.js').create(securePort, certsPath, vhostsdir) - //.then(phoneHome) - ; + +PromiseA.all([ + require('./lib/insecure-server').create(securePort, insecurePort, redirects) +, require('./lib/vhost-sni-server.js').create(securePort, certsPath, vhostsdir) +]).then(function () { + // TODO use `id' to find user's uid / gid and set to file + process.setgid(1000); + process.setuid(1000); +});//.then(phoneHome);