Start NodeJS through pm2 with sudo privileges to access SSL keys - node.js

I have a digital ocean droplet running Ubuntu 16.04. I followed this guide to use HTTPS with my NodeJS server.
In short
I used certbot to create an SSL certificate, which meant that at this directory /etc/letsencrypt/live/yourdomain.com/, 3 files were created:
privkey.pem
cert.pem
chain.pem
So in my server code, I have to fetch these files, which I do:
// Certificate
const privateKey = fs.readFileSync('/etc/letsencrypt/live/yourdomain.com/privkey.pem', 'utf8');
const certificate = fs.readFileSync('/etc/letsencrypt/live/yourdomain.com/cert.pem', 'utf8');
const ca = fs.readFileSync('/etc/letsencrypt/live/yourdomain.com/chain.pem', 'utf8');
The Problem
When I tried to run my server using the command node server, or using pm2 start server I got this error message:
{ Error: EACCES: permission denied, open '/etc/letsencrypt/live/yourdomain.com/privkey.pem'
at Object.fs.openSync (fs.js:646:18)
at Object.fs.readFileSync (fs.js:551:33)
at Object.<anonymous> (/home/myuser/mywebsite/lib/server-configurations.js:13:21)
at Module._compile (module.js:653:30)
at Object.Module._extensions..js (module.js:664:10)
at Module.load (module.js:566:32)
at tryModuleLoad (module.js:506:12)
at Function.Module._load (module.js:498:3)
at Module.require (module.js:597:17)
at require (internal/module.js:11:18)
errno: -13,
code: 'EACCES',
syscall: 'open',
path: '/etc/letsencrypt/live/yourdomain.com/privkey.pem' }
BUT
When I tried launching it using sudo node server it did work without any problems.
Small Notice
I know I can change the permissions on the files but I would rather not do that as I have read multiple times that it is better not to change the permissions on these files.
And most importantly...
Thank you for your help :)

I did change permissions according to Let's encrypt SSL couldn't start by "Error: EACCES: permission denied, open '/etc/letsencrypt/live/domain.net/privkey.pem'"
That worked for running
node file.js
Still now pm2's process somehow can't access the certs even though it should be running as the same user as node... perplexing.

You can use this certbot script.
More info on certbot renewals might be helpful, as well as other solutions for this issue on the Let's Encrypt forums.

Related

EACCESS error when running meteor on Windows 10's VSCode

I tried to deploy my project, but this error still happens. I have restarted net driver, disabled Windows Defender, changed permission on my directory, let VSCode have admin right, but this error still persists. I could not even run on CMD with admin rights. I could deploy using WSL it takes a very long time for deployment. How can I fix this?
Error: EACCES: permission denied, stat 'C:\Users\mq003\Documents\myproject\.meteor\local\dev_bundle'
at Object.statSync (fs.js:1132:3)
at statOrNull (C:\Users\mq003\AppData\Local\.meteor\packages\meteor-tool\2.8.1\mt-os.windows.x86_64\tools\cli\dev-bundle.js:94:21)
at getDevBundleDir (C:\Users\mq003\AppData\Local\.meteor\packages\meteor-tool\2.8.1\mt-os.windows.x86_64\tools\cli\dev-bundle.js:32:25)
at Object.<anonymous> (C:\Users\mq003\AppData\Local\.meteor\packages\meteor-tool\2.8.1\mt-os.windows.x86_64\tools\cli\dev-bundle.js:142:20)
at Object.<anonymous> (C:\Users\mq003\AppData\Local\.meteor\packages\meteor-tool\2.8.1\mt-os.windows.x86_64\tools\cli\dev-bundle.js:145:3)
at Module._compile (internal/modules/cjs/loader.js:1085:14)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
at Module.load (internal/modules/cjs/loader.js:950:32)
at Function.Module._load (internal/modules/cjs/loader.js:790:12)
at Module.require (internal/modules/cjs/loader.js:974:19) {
errno: -4092,
syscall: 'stat',
code: 'EACCES',
path: 'C:\\Users\\mq003\\Documents\\myproject\\.meteor\\local\\dev_bundle'
}
I see some options:
try deploy on docker.
restart winnat following this answer
https://stackoverflow.com/a/67968597/6398044
remove other processes on your meteor port (eg using kill-port npm package)
change port of your meteor app
Generally in linux this error is connected with access to files, but on windows it seems to be connected with network issues. In all other threads winnat is mentioned, so if this will not help please add more context about your winnat config.
Node.js port permission denied in Windows 10
https://superuser.com/questions/1437780/how-to-fix-listen-eacces-permission-denied-on-any-port
You can read about deployment meteor on windows here and compare it with your:
Deploy Meteor on Windows
https://forums.meteor.com/t/one-deployment-method-for-a-meteor-application-on-windows/13928

EACCES: permission denied with Node JS

I get below error when write a file (file name is book) with Node.js, could you please help?
Error: EACCES: permission denied, open '/book'
at Object.openSync (fs.js:443:3)
at Object.writeFileSync (fs.js:1163:35)
at Object.<anonymous> (/home/ubuntu/remoteserver/ionicappGate.js:375:6)
at Module._compile (internal/modules/cjs/loader.js:689:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:700:10)
at Module.load (internal/modules/cjs/loader.js:599:32)
at tryModuleLoad (internal/modules/cjs/loader.js:538:12)
at Function.Module._load (internal/modules/cjs/loader.js:530:3)
at Function.Module.runMain (internal/modules/cjs/loader.js:742:12)
at startup (internal/bootstrap/node.js:266:19)
The code is as below
const fs = require('fs');
const path = "/book";
//do whatever required after initialize
fs.writeFileSync(path, "hello book");
app.use("/", router);
app.listen(4000, () => console.log('Platform Server running on port 4000'))
You're trying to write to the root of your file system "/book". This is probably write protected (default in Linux). If you really mean to write to that directory, check to make sure the user running the node process has write permissions to that folder. Otherwise, change to the path relative to the script such as ./book and again make sure the user running the node process has write permissions to that folder.
I hope the script command below may resolve your problem:
chmod -R 755 book/*
Try to check permissions to file with fs.access(path[, mode], callback).
Also check your folder permissions. Read more detail about file system permissions here

node-sass error deploying react to elastic beanstalk

I am trying to deploy a reactjs app to an elastic beanstalk instance and seem to be encountering several issues.
1) I am receiving this error in the health section for elastic beanstalk:
/opt/elasticbeanstalk/containerfiles/ebnode.py --action npm-install
node-sass#4.9.3 install /tmp/deployment/application/node_modules/node-sass
node scripts/install.js
Unable to save binary
/tmp/deployment/application/node_modules/node-sass/vendor/linux-x64-57
: { Error: EACCES: permission denied, mkdir
'/tmp/deployment/application/node_modules/node-sass/vendor' at
Object.fs.mkdirSync (fs.js:885:18) at sync
(/tmp/deployment/application/node_modules/mkdirp/index.js:71:13) at
Function.sync
(/tmp/deployment/application/node_modules/mkdirp/index.js:77:24) at
checkAndDownloadBinary
(/tmp/deployment/application/node_modules/node-sass/scripts/install.js:114:11)
at Object.
(/tmp/deployment/application/node_modules/node-sass/scripts/install.js:157:1)
at Module._compile (module.js:652:30) at Object.Module._extensions..js
(module.js:663:10) at Module.load (module.js:565:32) at tryModuleLoad
(module.js:505:12) at Function.Module._load (module.js:497:3) errno:
-13, code: 'EACCES', syscall: 'mkdir', path: '/tmp/deployment/application/node_modules/node-sass/vendor' }
2) At the same time it appears as if node and npm are claiming all of the resources for my ec2 instance and this seems to continue even after the deployment fails.
What could be the cause of this failure? The other packages seems to be deploying as they are in the node_modules folder? Additionally, why would node take up resources in this fashion?
The reactjs app is using webpack and node-sass ^4.9.3 and node version 8.11.3 which works on my local environment.
Update: .npmrc solved the permission issue. I am still having a problem with the cpu being 100%. In the build script, the code is not getting past this line, I adding console.log lines at various points in the code:
let compiler = webpack(config);
After this line is hit, I am not seeing any advancement. Could this be a webpack issue?
I think this might the same issue described here
So apparently npm install takes too long during automated deployments
on t1.micro instances, bumping to a t2.small gives enough power to get
the task done.
There is an alternative js only module just called sass. Seems to work ok, but not as up to date as none-sass.

Node JS app on OpenShift gives error 503

So I created a NodeJS app for a college project which monitors page loading speed. In order to record said speed I need people to go to the web application, go to a certain page and hit a button a couple of times.
So I looked up a way to host this app, free of charge, and came up with OpenShift.
After figuring out how it all worked I managed to setup an OpenShift git-repository and I am able to push my changes to the server.
However upon visiting my page I kept getting error 503. Initially I thought it was a node modules error so I found npm shrinkwrap which solved npm version issues. The error, is still around.
When I run the app locally, I get no errors whatsoever and all modules are installed correctly. They are also in a package.json file (I used npm install --save for all my modules, so no manual editing was performed).
These are the first couple of lines from using the tail-command and whopping the result into a text file.
==> app-root/logs/nodejs.log <==
at Connection.connect (/var/lib/openshift/550db5624382ecf8f400000f/app>root/runtime/repo/node_modules/mysql/lib/Connection.js:109:18)
at Object.<anonymous> (/var/lib/openshift/550db5624382ecf8f400000f/approot/runtime/repo/server.js:28:12)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
DEBUG: Program node server.js exited with code 8
DEBUG: Starting child process with 'node server.js'
I also found this:
==> app-root/logs/nodejs.log <==
Error: connect ECONNREFUSED
at errnoException (net.js:901:11)
at Object.afterConnect [as oncomplete] (net.js:892:19)
--------------------
at Protocol._enqueue (/var/lib/openshift/550db5624382ecf8f400000f/app-root/runtime/repo/node_modules/mysql/lib/protocol/Protocol.js:135:48)
at Protocol.handshake (/var/lib/openshift/550db5624382ecf8f400000f/app-root/runtime/repo/node_modules/mysql/lib/protocol/Protocol.js:52:41)
at Connection.connect (/var/lib/openshift/550db5624382ecf8f400000f/app-root/runtime/repo/node_modules/mysql/lib/Connection.js:109:18)
at Object.<anonymous> (/var/lib/openshift/550db5624382ecf8f400000f/app-root/runtime/repo/server.js:28:12)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
DEBUG: Program node server.js exited with code 8
Any idea's?
Mine did the same when I first pushed to OpenShift. I think I had to review some references and make some slight changes. My log on OpenShift indicated that such-and-such file couldn't be found. Yours might, too, if you review the entire thing.
For example, this is the "after" version of something I edited:
self.app.set('views', path.join(__dirname, 'views'));
I might have had just this before:
self.app.set('views', '/views');
Hope that helps.
Well... you've got...
Error: connect ECONNREFUSED
...which suggests that Express couldn't connect to the database. Maybe you've got dev versus prod credentials going on and the code's trying to use the local credentials, the local database name, the local username, the local server, etc.
I'm using MongoDB (no credentials locally) and have created a /db.js file to store all that. And then my /server.js selects which variable:
if (typeof process.env.OPENSHIFT_NODEJS_IP === "undefined") { mongoose.connect(dbConfig.devurl); } else { mongoose.connect(dbConfig.produrl); }
Note the two different variables after dbConfig.varname.

Yo angular generator throwing error

Having trouble getting yo angular generator to run, have had no problem on other computers, this is a fresh install on this one. Here is the error
/usr/local/lib/node_modules/yo/node_modules/configstore/node_modules/mkdirp/index.js:89
throw err0;
^
Error: EACCES, permission denied '/Users/Alex/.config/configstore'
at Error (native)
at Object.fs.mkdirSync (fs.js:751:18)
at Function.sync (/usr/local/lib/node_modules/yo/node_modules/configstore/node_modules/mkdirp/index.js:70:13)
at Object.create.all.get (/usr/local/lib/node_modules/yo/node_modules/configstore/index.js:41:13)
at Object.Configstore (/usr/local/lib/node_modules/yo/node_modules/configstore/index.js:27:44)
at new Insight (/usr/local/lib/node_modules/yo/node_modules/insight/lib/index.js:36:34)
at Object.<anonymous> (/usr/local/lib/node_modules/yo/lib/cli.js:122:15)
at Module._compile (module.js:460:26)
at Object.Module._extensions..js (module.js:478:10)
at Module.load (module.js:355:32)
The odd thing about this is when I go to my users/alex/.config there is no configstore folder.
Probably it´s because you have the .config folder and subsequent ones with root ownership. Try changing the ownership of that folder to your user recursively (to include subfolders). In order to do that:
sudo chown -R $(whoami):staff /Users/Alex/.config/
After that, yeoman should run and you'll be able to see the folder.
Hope that helps.

Resources