I have 3 websites each running a different application I produced using socket.io and/or node.js. I need help with SSL/HTTPS setup for them.

February 26, 2017 455 views
Security CentOS

The server is mine and has 64G, 8TB, 8 i7's and is running over 100 domains on a single IP.
I use cloudflare for SSL for most of them.
My problem is this... in order to run my apps, currently I have to use https://<hostIP>:port to access them. I need to be able to access them through the domain they are intended for... as in... https://domainname:port or https://www.domainname:port.
I have CenTOS7, WHM, cPanel and a loooong time ago was a good linux admin and DNS guy, but I'm really feeling out-of-date today.
If someone could either give me a 1,2,3 step by step procedure to do what I need to do or do it for me on the cheap, I'd really appreciate it!

4 Answers

You should be using a reverse proxy which connects the domain to the node app.
I would recommend setting up Nginx as a reverse proxy, so it handles all the domain stuff. You can follow the bottom part of this guide, but just use 127.0.0.1 as IP, since you only have a single server (from what I can understand).
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-node-js-application-for-production-on-centos-7

In this tutorial, we will cover setting up a production-ready Node.js environment that is composed of two CentOS 7 servers; one server will run Node.js applications managed by PM2, while the other will provide users with access to the application through an Nginx reverse proxy to the application server.

@jjosserand

When it comes to cPanel, tasks that would normally be relatively simple on a server running Apache or NGINX become more of a headache as cPanel doesn't currently support NodeJS. Installation on a cPanel server would most likely void any support from their team as well.

The post below was updated 8 months ago stating that it's on their radar, not their roadmap.

https://features.cpanel.net/topic/nodejs-hosting

So what can you do? Well, you could install NGINX in front of Apache using Engintron. NGINX would act as a reverse proxy to Apache. As long as you can modify server blocks, you could turn the block created for each site in to a reverse proxy for the NodeJS app. This, again, however, would not be supported by cPanel and may also void support from their team because it's not stock.

Engintron: https://engintron.com/

General Warning

The above script would be install at your own risk. Since you have over 100 domains on the server, I would highly recommend testing the above on a non-production server first.

Since cPanel won't provide support for third-party modifications, you'd be on your own if something screws up.

Other Options

If you need to run NodeJS, you'd be far better off deploying a Droplet here at DigitalOcean and then installing NGINX + NodeJS on the Droplet and skip Apache altogether. It's far easier to do a simple setup than it would be to modify an existing production cPanel server -- you're also mitigating risk.

Running NGINX as a reverse proxy to NodeJS apps is really simple and takes very little time to get up and running. You'd simply install NodeJS, make sure your apps are responding on the port they should be and then you could setup the proxy with NGINX and boom, no port in the URL.

Setting up SSL on NGINX is also pretty simple. The longest part of the process is really generating the certificates -- more so if you don't use LetsEncrypt, but if you do, then it's pretty quick altogether.

I appreciate the lengthy response and it makes a lot of sense.
However, I am using apache2 (easyapache4 through cpanel) and have no knowledge of nginx, nor how to set up a droplet at digitalocean.
My node stuff runs fine, with the exception of the issues described.
Also, if I go the droplet route, it increases my costs... and... my apps, though peer-to-peer, might someday have a high user load.
Can you or someone reading this thread help me with any solution so I don't have to do it myself and not charge me an arm and a leg, as it were? I don't mind paying for help, but have already invested most of my savings in this project.

  • @jjosserand

    The biggest issue is cPanel in your case.

    Currently, it's not designed to provide you with an environment to host NodeJS apps. Sure, you can install NodeJS, upload an application, and even run it, but if you go about tinkering with the cPanel configuration and something breaks, you're most likely going to be on your own...

    ...or hiring a sysadmin to fix what broke due to updates performed by cPanel every night/day. And when you need to go about upgrading Apache, which is common, you may find yourself redoing all the work you just had done -- or paying for it again if you forget.

    From a cost perspective, it'd be far cheaper to hire a sysadmin to setup a server that's only for your NodeJS apps. At the low end of the spectrum, you'll run $25-$50/hour and on the higher end, $100-$200/hour. That's far cheaper than paying a sysadmin to diagnose cPanel issues as a result of running something that wasn't designed to run and as a result, brought down the other 100+ websites on your server.

    Note, I'm not saying NodeJS wasn't designed to run on CentOS, I'm saying it wasn't designed to run simultaneously with cPanel and then integrated with it as a part of a proxy setup with either Apache or NGINX (which is what you need to drop the port from the URL). Even the plugin I mentioned isn't supported by cPanel, so if you install it, they won't help you fix issues with it. They'll tell you to uninstall it and then they'll help.

    If you'd like to dive a little deeper, my e-mail is in my profile. You're more than welcome to get in touch with me anytime and I can provide more information as to what it'd take to set up what I've described (i.e. time, cost, etc).

    I'm recommending this route to save you money and future headaches. I've worked with cPanel for about 8-9 of the last 16 years and there are some things that you're just better of doing without it -- and I can honestly say that without hesitation.

Hi @jtittle,
I planned to test the integration of Node.js/Node-RED in an application developed by my company.
It's a LAMP environment application with extensive use of js.

Now we need to test Node.js/Node-RED but, our servers are all on WHM/cPanel infracstructure.

I really interesting about your suggestion.
Make use of DigitalOcean to implement and test the Node part and, if it's possible, let it collaborate with the platform instance hosted on our server.

When the test end successfully, build a new dedicated server without any panel (I have enough skill on *nix and Bash) and rebuild the production environment.

Could you lead us into this scenario? on the System side, of course :)

Maurizio

  • @ocmox

    My e-mail is in my profile, feel free to get in touch :-).

    ...

    If the intent is to run NodeJS applications, you'd most likely be far better off running without a control panel at all and allowing NGINX to proxy incoming requests to the NodeJS application.

    You can use Apache if you feel the need, though I find the setup to be far easier to work with if NGINX is used. NGINX can handle PHP and NodeJS at the same time, or you can branch them off and use one server or Droplet exclusively for NodeJS and the other for PHP.

    There's a number of ways to do it, how I'd go about doing it all depends on what you need.

Have another answer? Share your knowledge.