I'm trying to figure out the best workflow for producing an app I can have hosted on one of the various public Node environments. The sticking point seems to be that my app opens two ports: one for HTTP and another for WebSockets.
Here's the code which executes great on my own system, but runs into EADDRINUSE errors on hosted services. (NOTE: this is regardless of changes in port number)
CODE: http://pastebin.com/zjJKbj2U
QUESTION: Am I wrong in my approach of searching for a Node service that provides this ability, or should I be going about this in a different way?
Do you have a specific reason you think you need a different port for HTTP and web sockets? They are designed to work fine using the same port, and as you are seeing, things are much easier if you just use them that way. Your app can access both regular web resources as well as opening a web socket connection to the server at the same time over a single port. There's an example of using express for your web site and ws for websockets on the same port here.
Related
I am building a web portal to interact with internal databases and potentially run ssh commands. I chose NodeJS with Express for this purpose.
Light weight server-side interactions such as templating or routing I managed with Node and Express but I am looking for ways to do heavy tasks such as DB work (insert/update/delete) or run node code with the click of a button from client-side.
My research brought a couple of ideas however I want to use the one which is future-proof, secure (but not vulnerable to security configurations) and scaleable. Please share your thoughts and guidance on the matter?
Socket IO (may not be scaleable)
REST API
AJAX (Has issues with AJAX and CORS in the past)
Other approaches????
Thanks
For what you are trying to accomplish, you should be looking into the MEAN stack. I would recommend that you use Angular4, Loopback (Built on top of Express), MySQL, and of course Node. It is very easy to make an angular sdk that will allow you to use the same loopback models that your server side will be using. As a result you will be able to do your heavy tasks such as DB work :)
I have a Meteor app A and another application B, not using Meteor, but making some data exchange with the app A. It works fine when I launch A on a machine in my local network, but when I deploy it on meteor.com hosting it doesn't. Server doesn't reply.
B uses code new WebSocket("ws://" + host + ":3000/websocket") for connection (DDP protocol).
But when I change ws to wss it doesn't work any more even with the machine in LAN - it doesn't reply.
I saw that main page of app A when I open it in browser uses URLs like
wss://ddp--6774-{my host name}.meteor.com/sockjs/465/asf0b7da/websocket.
Questions:
How can I make B to use secure WebSocket (wss) for connection?
How can I make connect it to A hosted on {my host name}.meteor.com?
How can force A to reply to requests using fixed URL, for example, ws://{my host name}.meteor.com:3000/websocket ? How can I force it to use ws instead of wss?
Should I specify something in config.js or settings.js?
Is there any way to specify environment variables for meteor.com hosting, for example, DDP_DEFAULT_CONNECTION_URL, NODE_OPTIONS?
The websocket server is handled by sockjs, so as long as you use a standard wss it should 'just work' (see https://github.com/sockjs/sockjs-node). If you're websocket implementation on your client is built to use websockets it should be ok. The atmosphere/meteorite projects use the node-ddp client with secure sockets (there were a couple of issues but I think theyre sorted). (In turn which depends on the faye-websockets library)
I'm not too sure which language you're coding your app B in, but you need to use a DDP client to connect to your server, or you could write one, the DDP spec is fairly open and reversible.
There are a couple of DDP implementations out there, some might need to be brought up to date to the pre-1 release spec:
Java (https://github.com/kutrumbo/java-ddp-client)
Ruby (https://github.com/tmeasday/ruby-ddp-client)
NodeJS (https://github.com/oortcloud/node-ddp-client) - Up to date
Objective-C (https://github.com/boundsj/ObjectiveDDP)
.NET (C#/VB.NET) (https://github.com/sonyarouje/DDPClient.NET)
Additionally you might run into trouble, as you discovered a connection to new WebSocket("ws://" + host + ".meteor.com/websocket") is fruitless, this is because meteor deploy hosting uses a ddp proxy (which is accessed via ddp--xxxx-{my host name}.meteor.com, but the xxxx also always changes when you make a new deployment, you have to access the html file and parse out what the ddp server is or make a note of it every time you deploy your app.
If you connect on port 443 it should be wss. I'm not too sure websockets do redirects. This is a server side thing, so if you're using meteor deploy you wont have control over this yet (perhaps when they release galaxy this might change). Perhaps the force-ssl package might help? Not too sure if it also enforces the websockets part of the connection too, though.
For DDP there aren't any known settings you can specify in the settings
For meteor deploy hosting you can't alter the DDP server to use another one or alter the environmental variables (see https://github.com/oortcloud/unofficial-meteor-faq).
Keep in mind meteor deploy hosting is very young & the guys who make meteor still haven't released their galaxy solution so this might all change in the future.
Btw sorry about the layout/spacing, I can't get the hang of this markdown thing.
There is a server I need to talk to that publishes a protocol over TCP/IP for querying data from a database and listening on a socket to receive notifications when data is updated. The sever guys provide a Java API which uses this TCP protocol. This means I could easily write a Swing App to talk to this server.
I would like a browser based solution. As the protocol is known to me, could I do this in JavaScript? My app will have to display the data in a table. I have heard of Web Sockets but I'm not sure if it will allow this two way communication. Is it feasible? Is there a better way that is cross platform and will work in most browsers? Should I be considering a Java Swing based solution that runs inside a browser?
EDIT: What about changing the code in my C++ server to add an additional interface that my Javascript code can communicate directly with it?
The WebSocket protocol differs from TCP/IP sockets. You will have to write something to link them together.
You can do this perfectly well in JavaScript: use Node.js. There's enough tutorials to be found on the subject. The best way to link it to your in-browser JS is through Socket.IO.
Create a Node.js server that connects to the api
Make the server talk to your web app
Use it :)
This will work cross-platform and cross-browser (Socket.IO can use/emulate websockets even on IE6(!!)). You'll have to run a server-app (the Node.js app) though.
My personal opinion is that if you want a web/browser based solution, you should use native technology, and not Java.
Hope this helps :)
I'm exploring using the node-http-proxy proxy server so that I can have our proxy server on port 80 forward requests to our app server on port 8000. However, I'm a little confused as to why this is a good idea, and what exactly this set up would protect against security-wise.
The note-http-proxy documentation discusses a lot about using it as a way to forward requests to an app with multiple ports or ip addresses. This obviously would be very useful, particularly with a basic round-robin load balancer strategy. However, we only have one app on one port, so there is no need for us to do this.
If there is an important security reason why we should be using this proxy-server, then I'd love to know what types of attacks it protects against. Also, we're using socket.io, so if there is something that the proxy does to help the websocket server scale up, I'd like to understand that as well. We're having trouble figuring out how to run our app without sudo (since all ports below 1024 require root access), so if there really is no good reason to use a proxy server at this point, we're just going to scrap at. If anyone knows how to run this app with the proxy server on port 80 without root access, that'd be very helpful as well. Thanks!
The reasons for running a reverse proxy are:
You have limited IP ports open and need to run many Node services each of which needs it's own port
Your back-end service does not support HTTPS but you need it (e.g. Derby)
To add some other feature to the request that cannot be easily done with the back end such as adding Basic Authentication or some form of common logging/auditing
To enforce an addition or change to outgoing responses common across several back end services
To provide a load-balancing service
Unless your needs are quite simple, it would be better to use a dedicated proxy such as HAproxy since node-http-proxy is rather simplistic.
Well, if you're only running one instance of server, then theres not really a reason. The node-http-proxy docs mention using a single SSL certificate across multiple apps, which is very possible. You can also load balance across several HTTP and web socket servers (say, run 10 socket.io servers for real time data but only 1 HTTP server to serve out assets and REST APIs). Of course with one instance these don't provide any benefits.
If you want to run node servers without sudo, maybe you could try setting up IP tables port forwarding from port 80 to a port above 1024. See Can I run Node.JS with low privileges?
We use mainly the http-proxy to have multiple back-end server behind a single IP, but we also use it to forward https to http. It strengthens our app.
Security wise, you may have more confidence on the good quality of http-proxy than on your app. The proxy build by nodejitsu is ready for production and it should be harder for attaquants to gain privileges (like reading the private key files) on a http-proxy instead of your own app (of course this depends on your security development skill and your trust in the open source http-proxy project).
I am just getting to grips with socket.IO and nodeJS. Got my web app working ok with them. I then got a friend to try it out at work on an office machine and found that it failed to connect.
I set up these two test cases:
http://thebeer.co/labs/rt/chat.php (server JS here) - This is an exact copy of the socket.IO chat example.
http://thebeer.co/labs/rt/test.php (server JS here)
Both of them fail for him. I also got a friend to try on a University computer and that too failed to connect! I've tried node servers listening on ports 8100, 8080, and 81-90 after being told that lower port numbers are less likely to be blocked by secure networks.
Really don't understand, it is very important that that real-time functionality is accessible to everyone, what am I doing wrong?
How can I get socket.IO to connect within secure Office and University networks?
A lot of big corporate networks will block everything other than port 80 (http) and port 443 (https) for most of their users. Try and put everything over one of those two for maximum compatibility.
Even when you get the everything running on port 80, also keep in mind that a lot enterprisey networks run HTTP traffic through content filters or other proxies that might not understand the websockets Upgrade header... you might want to try forcing socket.io to use one of the background compatibility transports and see if that helps.
FWIW, +1 to Colin Pickard because he is probably right... I just thought I would add this point just in case.
Take a look at both these links. I helped another so member who wanted the same.
I'm running nodejs on port 80 and I have no issues with corporate networks. (One thing I needed to have working as a priority)
How do I run Node.js on port 80?
https://serverfault.com/questions/273143/binding-apache-to-specific-ip-address/273181#273181