Serving two sites (Apache and Node.JS) from one server - apache

I am on Dreamhost VPS with root access. It runs Apache, and is hosting a site "www.example.com". At the same time, I am developing a Node.js web site, and binding Node.js to port 3456 (for example). So the Node.js site is accessible by typing "www.example.com:3456".
These are two distinct websites. I don't ever want users of the "www.example.com" accessing my Node.js website (which will be migrated to Nodejitsu after development).
Will I run into any problems with this setup?

I do not believe this will be a problem, unless one of your visitors happens to end up at port 3456. To mitigate this, you should think about writing your own small piece of middleware to whitelist your IP (thus rejecting anyone else). You can see an example at: http://www.hacksparrow.com/how-to-write-midddleware-for-connect-express-js.html. I'm sure you wont have a problem modifying this to your needs.

Related

Inconsistent Connection to Site (Apache, Nextcloud,OpenCMS)

So I'm pretty new to the server and website dev. Self "taught".
I recently setup a home server running Apache on Ubuntu 20.04(MicroK8s, Linux Server). Postgres database. Nextcloud Cloud server. TomCat and OpenCMS system. And Postfix.
I have a domain name pointing to my address. When I'm home, i.e. physically near my server. And I connect to my subdomain. Cloud.example.com I get nextcloud. When I connect to the 8080 port(www.example.com:8080) I get tomcat and OpenCMS. So far, so good.
When I use a VPN, or am not near my server, and go to the subdomain,I sometimes get one of those random "ad" sites that says "this site may be able to purchase".
After more testing it seems like the number of connected users also changes whether I get the rando site or the intended one.
My server is... Old. Likely slow (4GBram and a Core 2 Duo, it's the fastest old tower I had laying around). So I think it's a timeout error within OpenCMS, that serves a rando site when it can't get nextcloud to respond fast enough. But honestly, I'm not even sure where to start, or what to even ask/say or what you would need to see to even start diagnostic...
When I connect to mydomain.com from the vpn i get a 404. Which makes sense, as I haven't built it yet in OpenCMS.
Any pointers on where to start?
What am I missing?
Do I need to delete my /var/www sites or Virtual Hosts, and let OpenCMS handle all the routing?
I'm confused as to how my server knows to point 8080 to tomcat/OpenCMS, as I never setup a virtual host. How will it eventually know to point mydomain.com to the sites I build in OpenCMS? Or will OpenCMS deploy them to /var/www? Will I need to transfer the netcloud site to the OpenCMS directory?
I know this is a lot of free help to ask for, but I'm doing this mostly for fun and to learn, and don't have anyone who knows. I don't want to pay it out as I'd rather learn it. I'm not even sure where to start asking, but have browsed stack overflow for A LOT of excel, Apache, Linux, and other answers in the past, so thought I would ask here first.

Is nginx needed if Express used

I have a nodeJS web application with Express running on a Digital Ocean droplet.The nodeJs application provides back-end API's. I have two react front-ends that utilise the API's with different domains. The front-ends can be hosted on the same server, but my developer tells me I should use another server to host the front-ends, such as cloudflare.
I have read that nginX can enable hosting multiple sites on the same server (i.e. host my front-ends on same server) but unsure if this is good practice as I then may not be able to use cloudflare.
In terms of security could someone tell me If I need nginx, and my options please?
Thanks
This is a way too open-ended question but I will try to answer it:
In terms of security could someone tell me If I need nginx, and my
options please?
You will need Nginx (or Apache) on any scenario. With one server or multiple. Using Express or not. Express is only an application framework to build routes. But you still need a service that will respond to network requests. This is what Nginx and Apache do. You could avoid using Nginx but then your users would have to make the request directly to the port where you started Express. For example: http://my-site.com:3000/welcome. In terms of security you would better hide the port number and use a Nginx's reverse proxy so that your users will only need to go to http://my-site.com/welcome.
my developer tells me I should use another server to host the
front-ends, such as cloudflare
Cloudflare does not offer hosting services as far as I know. It does offer CDN to host a few files but not a full site. You would need another Digial Ocean instance to do so. In a Cloudflare's forum post I found: "Cloudflare is not a host. Cloudflare’s basic service is a DNS provider, where you simply point to your existing host.".
I have read that nginX can enable hosting multiple sites on the same
server
Yes, Nginx (and Apache too) can host multiple sites. With different names or the same. As domains (www.my-backend.com, www.my-frontend.com) or subdomains (www.backend.my-site.com, www.my-site.com) in the same server.
... but unsure if this is good practice
Besides if it is a good or bad practice, I think it is very common. A few valid reasons to keep them in separated servers would be:
Because you want that if the front-end fails the back-end API continues to work.
Because you want to balance network traffic.
Because you want to keep them separated.
It is definitively not a bad practice if both applications are highly related.

Domain name and SSL for tomcat web app

The question I am raising here has been asked couple of times and I went through most of them, including stackoverflow posts and other blog posts. The case is that I couldn't find something which fits to my requirement and I'm not gonna play around in our product environment with suggestions.
So the situation is, we have multiple web applications hosted in our tomcat server, deployed in Amazon AWS. Currently we access them like http://<ip-address>:8080/webapp1. Now,
We have sub domains to point at our web apps. So something like portal.example.com will point the above URL.
We have wildcard SSL to implement for domains and sub domains.
Now, first I have to sort the domain pointing thing, which I found 2 separate ways.
Install Apache and do a Virtual Proxy (https://www.digitalocean.com/community/questions/how-to-tie-domain-name-with-application-running-on-tomcat)
Edit Serverl.xml (How to map tomcat 7 webapp to my domain)
Now my questions.
Can someone please advice which method is the best (If non is good, I'm open for others as well).
Which method makes the SSL implementation easy?
If I chose the Apache Virtual Proxy, where should I install SSL? In apache or in Tomcat?
If I chose Server.xml, where should I install SSL? In apache or in Tomcat?

Hosting Slim Framework Rest API in Windows

I created an api using SLIM framework, but the services are not accessible to public as they are limited to localhost. how to host the services on a realtime server, so that, they can be accessible from anywhere?
please some one help me
This question requires more detail in order to answer properly.
If you are hosting your API on a windows server, then it is likely you have configured some kind of "WAMP" stack, correct? Or maybe serving PHP through IIS? This are important questions because we need to know what port you have bound your web application server to, which leads us to the next question...
Where are you hosting the server which is running the application which bound to what port?
Ultimately, a public, external IP will need to be either:
a. NAT'ed to the internal IP of your web server instanced
b. Port-forwarded to the internal IP of the server running your web application
Still, we are making a lot of assumptions here because getting a web application "accessible from anywhere" will require different work depending on your environment.
Here is the most basic example:
You are at home, running this API on your Windows workstation and will like to be able to hit it from a remote location.
Ensure Windows firewall allows inbound traffic to the port on which your application is running (probably port 80/HTTP, maybe 443/HTTPS).
Log into your ISP's router and configure port-forwarding to ensure inbound traffic on, say, port 80, is routed to the internal IP of the workstation running the API.
That's all there is to it.
Keep in mind that this also assumes that your ISP even allows you to expose your own web server to the internet on port 80 (or 443). Also, since we know nothing about your environment, this is all pure conjecture. Please provide more information you would like a real answer.
The most traditional way to host Slim Framework, would be through Apache. Install Apache and be sure you have the proper network settings to allow inbound connections, but more information about your setup could be needed for proper guidance.
http://httpd.apache.org/docs/2.4/platform/windows.html
When Apache is installed and working, you need to set Rewrite rules on the URL, information on that can be found on http://docs.slimframework.com/routing/rewrite/.
Your question on the verge of off topic, it probaly is, but read up on what questions can be asked and not, here on Stackoverflow, hope i could help.

Why do some setups front-end Glassfish with Apache?

I've been trying to mug up on Glassfish and one thing that keeps coming up is the "how-to" on fronting Glassfish with Apache. Unfortunately, I have yet to find a description of why you would want to do this!
From my experimentation, Glassfish seems like a pretty fully featured web server-type service; but I might be missing a lot. So, is the notion of front-ending Glassfish more of a solution to integrate it with an existing architecture, or does front-ending (in a pure Java environment) provide extra benefits?
There's also another valid use case as to why we front Glassfish with Apache. Apache in this instance would function as a reverse proxy for increased security of your Glassfish. The RP is configured to allow only certain URLs to be passed through to the application server. For e.g., you may have app contexts /myApp and /myPrivApp deployed in Glassfish. In the RP server, you only configure /myApp to be passed to Glassfish. Anybody requesting for /myPrivApp would see a 404 'cos the request stops right at the RP level.
In one of my deployments, I have a bunch of WARs deployed, some for users coming from the internet, some for intranet only. I have 2 RPs running, one for internet users and the other for intranet. I configure the internet RP to only allow URLs for approved internet applications to pass through while intranet users get to see everything.
Hope that helps.
It is usually used to speed things up. Since apache is a very fast web server it is used to deliver static content. Like images, CSS files and so on. Glassfish serves the dynamic content (servlets, JSPs) in this scenario.
Another reason for using Apache as a frontend to Glassfish is the possibility to provide load balancing across a Glassfish cluster. See http://tiainen.sertik.net/2011/03/load-balancing-with-glassfish-31-and.html for details.
A other reason is that glassfish cannot run (easily) on port 80, without giving it root rights of course.
So, for most users it's easer to run a proxy (apache, nginx, varnish) some sort in front of apache and have both servers run under a normal user.
Then you have a other advantage of some configurations options of your front end. Like others mentioned, caching for example.