From 3d53d03461a99d0b4fbf36534cd2b21ab87e61ef Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 1 Apr 2015 16:46:11 +0000 Subject: [PATCH 1/5] add upstart script, setup instructions --- .gitignore | 2 ++ SETUP.md | 22 ++++++++++++++++++++++ upstart-walnut | 24 ++++++++++++++++++++++++ walnut.js | 13 +++++++++---- 4 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 SETUP.md create mode 100644 upstart-walnut diff --git a/.gitignore b/.gitignore index 573fa1e..4ae44f0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ +redirects.json +vhosts .*.sw* # Logs diff --git a/SETUP.md b/SETUP.md new file mode 100644 index 0000000..256b29f --- /dev/null +++ b/SETUP.md @@ -0,0 +1,22 @@ +# secure the server with https://coolaj86.com/articles/securing-your-vps-for-the-semi-paranoid.html + +# install walnut +sudo mkdir /srv/walnut +sudo chown walnut:walnut -R /srv/walnut +pushd /srv/walnut +git init +git remote origin add git@github.com:daplie/walnut.git +git pull +npm install + +# copy uid and guid to ./walnut.js +id +vim walnut.js + +# configure redirects +rsync -av redirects.sample.json redirects.json + +# create and start upstart service +sudo rsync -av upstart-walnut /etc/init/walnut.conf +# for init.d: sudo rsync -av init.d-walnut /etc/init.d/walnut +sudo service walnut restart diff --git a/upstart-walnut b/upstart-walnut new file mode 100644 index 0000000..0f789a4 --- /dev/null +++ b/upstart-walnut @@ -0,0 +1,24 @@ +# sudo rsync -av upstart-walnut /etc/init/walnut.conf +# sudo service walnut restart + +description "WALNUT application host" +version "1.0" +author "AJ ONeal" + +# Upstart has nothing in $PATH by default +env PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + +# Keep the server running on crash or machine reboot +respawn +respawn limit 10 120 +start on runlevel [2345] + +# Start the server using spark and redirect output to log files +script + DATE=`date '+%F_%H-%M-%S'` + cd /srv/walnut/ + mkdir -p logs + exec node bin/walnut \ + > "./logs/access.${DATE}.log" \ + 2> "./logs/error.${DATE}.log" +end script diff --git a/walnut.js b/walnut.js index 0e286cd..e0da315 100644 --- a/walnut.js +++ b/walnut.js @@ -73,7 +73,12 @@ function phoneHome() { console.error("Couldn't phone home. Oh well"); }); } -require('./lib/insecure-server').create(securePort, insecurePort, redirects); -require('./lib/vhost-sni-server.js').create(securePort, certsPath, vhostsdir) - //.then(phoneHome) - ; + +PromiseA.all( + require('./lib/insecure-server').create(securePort, insecurePort, redirects) +, require('./lib/vhost-sni-server.js').create(securePort, certsPath, vhostsdir) +).then(function () { + // TODO use `id' to find user's uid / gid and set to file + process.setgid(1000); + process.setuid(1000); +})//.then(phoneHome); From b45e009e419c596f0ddf49691a57f04af7b3920a Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 1 Apr 2015 17:46:56 +0000 Subject: [PATCH 2/5] lint --- bin/walnut | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/walnut b/bin/walnut index 5461f7d..98bdd02 100755 --- a/bin/walnut +++ b/bin/walnut @@ -4,7 +4,7 @@ require('../walnut.js'); function eagerLoad() { - var PromiseA = require('bluebird').Promise + var PromiseA = require('bluebird').Promise; var promise = PromiseA.resolve(); [ 'passport' @@ -67,7 +67,7 @@ function eagerLoad() { }, 4); }); }); - }) + }); promise.then(function () { console.log('Eager Loading Complete'); From 2e515b890fa81832c396eb6761fa159be19d3e83 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 1 Apr 2015 17:47:08 +0000 Subject: [PATCH 3/5] add missing modules --- package.json | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package.json b/package.json index 7d3d381..1c404bb 100644 --- a/package.json +++ b/package.json @@ -40,6 +40,7 @@ "accepts": "^1.2.5", "bluebird": "2.x", "body-parser": "1.x", + "bookshelf": "^0.7.9", "btoa": "1.x", "bytes": "^1.0.0", "compression": "1.x", @@ -74,6 +75,7 @@ "inherits": "^2.0.1", "jarson": "1.x", "json-storage": "2.x", + "knex": "^0.6.23", "lodash": "2.x", "media-typer": "^0.3.0", "methods": "^1.1.1", From 16bee8ae76fd0eb3caf4be415ecab07c86147139 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 1 Apr 2015 17:47:26 +0000 Subject: [PATCH 4/5] lint, bugfix --- walnut.js | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/walnut.js b/walnut.js index e0da315..329cc93 100644 --- a/walnut.js +++ b/walnut.js @@ -20,6 +20,7 @@ fs.readFileSync = function (filename) { }; */ +var PromiseA = require('bluebird').Promise; //var config = require('./device.json'); var securePort = process.argv[2] || 443; var insecurePort = process.argv[3] || 80; @@ -61,11 +62,11 @@ function phoneHome() { holepunch.run(require('./redirects.json').reduce(function (all, redirect) { if (!all[redirect.from.hostname]) { all[redirect.from.hostname] = true; - all.push(redirect.from.hostname) + all.push(redirect.from.hostname); } if (!all[redirect.to.hostname]) { all[redirect.to.hostname] = true; - all.push(redirect.to.hostname) + all.push(redirect.to.hostname); } return all; @@ -74,11 +75,11 @@ function phoneHome() { }); } -PromiseA.all( +PromiseA.all([ require('./lib/insecure-server').create(securePort, insecurePort, redirects) , require('./lib/vhost-sni-server.js').create(securePort, certsPath, vhostsdir) -).then(function () { +]).then(function () { // TODO use `id' to find user's uid / gid and set to file process.setgid(1000); process.setuid(1000); -})//.then(phoneHome); +});//.then(phoneHome); From 9b70e7ee71879bbc3c0c1e7b726519850c052aee Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Wed, 1 Apr 2015 17:47:38 +0000 Subject: [PATCH 5/5] add todo --- SETUP.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SETUP.md b/SETUP.md index 256b29f..e41aead 100644 --- a/SETUP.md +++ b/SETUP.md @@ -16,6 +16,8 @@ vim walnut.js # configure redirects rsync -av redirects.sample.json redirects.json +# TODO create dummy certs + # create and start upstart service sudo rsync -av upstart-walnut /etc/init/walnut.conf # for init.d: sudo rsync -av init.d-walnut /etc/init.d/walnut