Skip to content

Latest commit

 

History

History
128 lines (85 loc) · 3.48 KB

nodejs.md

File metadata and controls

128 lines (85 loc) · 3.48 KB

Debugging

NPM

Update module versions in package.json

Use any of the below methods from Stack Overflow.

# Replace version strings with "*", close package.json, then...
npm update --save

# Update a specific package without modifying package.json
npm install PACKAGE_NAME@* --save

# Check update util
npm install -g npm-check-updates
npm-check-updates -u
npm install

Debian

apt-get install build-essential checkinstall

adduser --system --no-create-home --home /srv/node --group nodejs
# Map nodejs user to SELinux user_u to limit privileges
semanage login -a -s user_u -r s0 nodejs
# Update ownership node dir
chown -R nodejs:nodejs /srv/node

wget -N http://nodejs.org/dist/node-latest.tar.gz
tar xzvf node-latest.tar.gz && cd node-v*

# Configure node to install in /opt/node
./configure --prefix=/opt/node

# If using SELinux, temporarily allow execstack
setsebool allow_execstack 1

# Create a dpkg package and install it
# Remove the "v" in front of the version number in the dialog
checkinstall 

# Turn off execstack
setsebool allow_execstack 0

# uninstall 
dpkg -r node

# reinstall
dpkg -i node_*

# Add /opt/node/bin to PATH
vim /etc/profile
PATH=$PATH:/opt/node/bin

# Add /opt/node/bin to sudo secure_path
visudo
Defaults  secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/node/bin"

# Setup init.d script
# See /etc/init.d/nodejs
# Make sure node pid directory exists
mkdir -Z system_u:object_r:initrc_var_run_t:SystemLow node

!!!!!! need security info about npm packages

!!!!!! sudo npm install? what about ownership of files as selinux?

As of v0.3, it's recommended to run npm as root. Npm will automatically downgrade to the nobody user while building and testing packages.

sudo npm install

Create SELinux Policy

apt-get install selinux-policy-dev
policygentool nodejs /opt/node/bin

# Modify the nodejs.te file as needed

# Make and install policy
make
semodule -i nodejs.pp

Remove Packages Installed by build-essentials and checkinstall

apt-get purge build-essential checkinstall

apt-get purge cpp cpp-4.7 dpkg-dev fakeroot g++ g++-4.7 gcc gcc-4.7 libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libc-dev-bin libc6-dev libdpkg-perl
libfile-fcntllock-perl libgmp10 libitm1 libmpc2 libmpfr4 libquadmath0 libstdc++6-4.7-dev libtimedate-perl linux-libc-dev manpages-dev

apt-get autoremove --purge

Production Node.js

  • Use cluster module
    • Master monitors and kill workers
    • Workers die early on errors
  • Or use pm2 to manage workers
  • Use monit to keep node alive
  • Use nvm or nave if multiple versions of node are needed

Reference

Deploying Node.js with Systemd

  • Alternative to monit or forever
  • Systemd is not installed on Debian by default