Running secure nodejs apps on Plesk 12.5

This article will cover how to setup nodejs apps on a Server with Plesk 12.5. We will use nginx as a reverseproxy, keep the app running with pm2 and encrypt everything with automaticly renewed ssl-certificates from let's encrypt.

I'll assume you have ssh access to your Server and have nodejs installed.

install pm2

pm2 is a processmanager for nodejs to keep our app running forever, it also enables us to restart our apps after a server reboot.

npm install pm2 -g  

write the app

If you don't allready have an exiting app yourself you can copy this

var http = require('http');

http.createServer(function (request, response) {  
  response.writeHead(200, {'Content-Type': 'text/plain'});
  response.end('Hello World\n');
}).listen(8888);

console.log('Server running at http://127.0.0.1:8888/');  

into app.js and save it in your subdomains document-root.

configure nginx as reverse proxy

To configure nginx enter your subdomains Apache&Nginx Settings

and paste the following code

location ~ / {  
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_pass http://localhost:8888;
}

in the additional nginx directives field and save it.

This will send all request to your nodejs app running on http://localhost:8888.

run the app with pm2

Now let's start our app.
ssh into your document-root and run:

pm2 start app.js  

If you open your subdomain you should see your app running.

install let's encrypt plesk extension

You can simply install the letsencrypt extension from the Extension Catalog.

For all your regular domains that are served by apache you can now create ssl-certificates with just a few clicks.

The extension uses a folder called .well-known in your document-root to verify that you are the owner of the domain.
But because our app is served by nodejs we can't serve this folder from our document root at the moment.

modify nginx config

We need to add the following snippet to our additional nginx directives

location ^~ /.well-known {  
    alias /var/www/vhosts/webnugget.de/httpdocs/.well-known;
}

This will serve the .well-known folder as expected by the let's encrypt extension.

create certificates

Now we can create our certificates with just a few clicks.
In your domain settings click the Let's Encrypt button.

Enter your email adress and install the certificate.

Your app is available via https:// now!

redirect http:// to https://

If you wan't to use https:// only you can add the following snippet on top of your additional nginx directives.

if ($scheme = http) {  
    return 301 https://$server_name$request_uri;
}

This will redirect all http-requests to https.

Btw. this is how i serve my ghost blog:)

keep it running

You can use pm2 to make your apps rebootsafe, so they will be restarted on serverreboot.

To generate the startupscripts simply run:
pm2 startup

To view currently running apps:
pm2 monit

To save your current running apps to be restarted on reboot run:
pm2 save

Christian

Read more posts by this author.