安装并部署node应用

** 官方安装包**
Install an LTS Node
Install node 4, the current LTS release.
The lovely people at NodeSource make official packages of node for most distros. We've included the more popular instructions below.
RHEL / CentOS

$ sudo curl -sL https://rpm.nodesource.com/setup | sudo bash -
$ sudo yum install -y nodejs
$ sudo yum install -y gcc-c++ make

使用淘宝npm镜像

  1. 通过config命令

npm config set registry https://registry.npm.taobao.org
npm info underscore (如果上面配置正确这个命令会有字符串response)

  1. 命令行指定

npm --registry https://registry.npm.taobao.org info underscore

  1. 安装cnpm镜像

npm i -g cnpm

使用 npm shrinkwrap 来管理项目依赖

npm shrinkwrap

  • HTTPS
    You should really be using HTTPS these days.有两个选择,对于小型应用,不用到两个以上实例的App服务器,可以使用node自带的https技术栈,对于大型应用,需要用到负载平衡的,需要有专门的负载平衡服务器,例如nginx和HAProxy或阿里云的负载平衡服务器。

利用node自带的https技术栈

参考
关于HTTPS
https://github.com/certsimple/ssltest

生成自签名证书

openssl genrsa -out key.pem
openssl req -new -key key.pem -out csr.pem
openssl x509 -req -days 9999 -in csr.pem -signkey key.pem -out cert.pem
rm csr.pem

** give an executable permission to run on low ports**
Want to make your web app be able to access port 443 or 80 without running it as root? Linux added the ability a decade ago, which is actually super recent in Unix time:
We use node in this example, but you can (and should) use this for anything else.
# Since this might be a symlink, and capabilities only apply to real files

NODE_EXECUTABLE=$(readlink -f $(which node))

Then add the cap_net_bind_service
capability:
# ep is 'effective, permitted' - see http://linux.die.net/man/3/cap_from_textsudo

setcap 'cap_net_bind_service=+ep' $NODE_EXECUTABLE

You can see the capability applied with:

getcap $NODE_EXECUTABLE
/usr/local/node-v4.1.1-linux-x64/bin/node = cap_net_bind_service+ep

Your executable now has permission to bind to low ports as a regular user.

Check your work at SSL Labs - you should get at least an A.

大型应用

Nginx

参考(https://www.liberiangeek.net/2014/10/install-latest-version-nginx-centos-7/)安装最新版nginx

sudo vi /etc/yum.repos.d/nginx.repo

nginx isn’t part of CentOS default repositories. In order to get Nginx, you must install and add additional external repositories.
Then copy and paste the lines below into the file and save it.

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

If you want Nginx stable version, then here’s the repository for it.

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

issue command to install it

sudo yum install -y nginx
sudo systemctl enable nginx

sudo systemctl start nginx

Allowing HTTP Traffic

By default HTTP traffic is not allowed to CentOS 7. To enable it, open the firewall to allow it through. To do that, run the commands below.

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload

配置
to be continue.

上传代码

  • Putting some code on your server
    For the purpose of this article we are going to use our base-express repository. It’s a repository that anyone can use to start his Node web project with the Express web framework.

cd /opt/
sudo mkdir app
sudo chown linyuan app
git clone git@github.com:nodejsnewbie/base-express.git app
cd app
npm install

  • Little customization
    First replace the app.js file in the root of the folder with the following

var express = require('express') ,
app = express() ,
port = process.env.PORT || 3000
app.set('views', __dirname + '/views')
app.engine('jade', require('jade').__express)
app.set('view engine', 'jade')
app.use(require('./controllers'))
app.listen(port, function() {
console.log('Listening on port ' + port)
})

After the changes our node application can no more serve by itself its static files in the public/ folder.
Next, please replace the views/index.jade with the following

doctype html
html
head
title Your basic web app structure
link(href="/public/css/style.css", rel="stylesheet")
body
h1 Welcome to your basic web app structure
p
| If the title above is red
| then Nginx is serving static files!

The last file to change is public/css/styles.css

h1 { color: red;}

  • Running 24x7

Services on all popular Linux distributions now use systemd. This means we don’t have to write shell scripts, explore the wonders of daemonization, changing user accounts, clearing environment variables, set up automatic restarts, log to weird syslog locations like ‘local3', and a bunch of other stuff.
Instead, we just make a .service file for the app and let the OS take care of these things. Here’s an example one, called myapp.service:

[Service]
ExecStart=/usr/bin/node /opt/app/app.js
Restart=always
StandardOutput=syslog
StandardError=syslogSyslog
Identifier=node-app-1
User=your_app_user_name
Group=your_app_user_name
Environment=NODE_ENV=production
PORT=5000

[Install]
WantedBy=multi-user.target

this small file tells systemd to restart the service when it dies, to use syslog for logging all output and to provide 5000 as a port, as well as a few other things.

  1. Put this in /etc/systemd/system/node-app-1.service but don’t forget to replace your_app_user_name with the appropriate user name.

2.Then create one more file as the above in /etc/systemd/system/node-app-2.servicewith two minor differences. Instead of SyslogIdentifier=node-app-1
use SyslogIdentifier=node-app-2
and change PORT=5000 to PORT=5001

Then run the following to start both instances of our node application

systemctl start node-app-1
systemctl start node-app-2

The first instance will be accepting requests at port 5000, where as the other one at port 5001. If any of them crashes it will automatically be restarted.

To make your node app instances run when the server starts do the following

systemctl enable node-app-1
systemctl enable node-app-2

In case there are problems with any of the following commands above you can use any of these two:

sudo systemctl status node-app-1
sudo journalctl -u node-app-1

The first line will show your app instance current status and whether it is running. The second command will show you all logging information including output on standard error and standard output streams from your instance.
Use the first command right now to see whether your app is running or whether there has been some problem starting it.

  • 添加 http 服务到public区域

firewall-cmd --permanent --zone=public --add-service=http

  • 对于nodejs应用,如果监听端口为5000,可执行命令:

firewall-cmd --permanent --zone=public --add-port=5000/tcp

  • 重新加载

firewall-cmd --reload

  • Re-deploying your app

if we have some new application code in our repository, all you have to do is the following:

cd /opt/app
git pull
sudo systemctl restart node-app-1
sudo systemctl restart node-app-2

And the latest version will be ready to serve your users.

  1. 安装mongodb
    参考
  • Configure Nginx

Listening on ports 5000 & 5001 is nice but by default browsers are looking at port 80. Also in our current setup no static files are served by our application.

Here is our nginx configuration

upstream node_server {
server 127.0.0.1:5000 fail_timeout=0;
server 127.0.0.1:5001 fail_timeout=0;
}
server { listen 80 default_server;
listen [::]:80 default_server;
index index.html index.htm;
server_name _;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off; proxy_buffering off;
proxy_pass http://node_server;
}
location /public/ { root /opt/app;
}
}

This configuration will make available all static files from /opt/app/public/ at the /public/ path. It will forward all other requests to the two instances of our app listening at the ports 5000 and 5001. Basically, Nginx is both a web server and load balancer.
To use this configuration save it in /etc/nginx/conf.d/node-app.conf and then in your /etc/nginx/nginx.conf file remove completely the default server section below the include /etc/nginx/conf.d/*.conf line.
All you have to do now is to restart nginx for your latest configuration to take effect.

$ sudo systemctl restart nginx

  • Websockets

If the application uses websockets, the following lines have to be added to the Nginx configuration:

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;

and Nginx has to be reloaded:

systemctl reload nginx

  • Where to go from here?

This is just the tip of the iceberg when hosting and deploying node applications.

One thing that can be improved is to create a new user specifically for the node app. This will make the application more secure, as it will have very minimal access besides what it needs.

Something else which you could do, is take everything above and create an Ansible playbook out of it.

Ansible is a great tool to configure and orchestrate servers. It’s really simple. Using this playbook you will be able to launch & deploy even hundreds of servers.
We've now got a working, basic environment! Want to build an Ansible playbook or Dockerfile from the above? Go for it - and let us know!

©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 214,444评论 6 496
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 91,421评论 3 389
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 160,036评论 0 349
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 57,363评论 1 288
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 66,460评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 50,502评论 1 292
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,511评论 3 412
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 38,280评论 0 270
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,736评论 1 307
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 37,014评论 2 328
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 39,190评论 1 342
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,848评论 5 338
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,531评论 3 322
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 31,159评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,411评论 1 268
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 47,067评论 2 365
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 44,078评论 2 352

推荐阅读更多精彩内容