ReactJS, Express application self hosting on internal dedicated IP server - node.js

I know we can host our ReactJS application on Amazon, Microsoft Azure, Heroku etc.
But what are the important steps and security precautions required to do in order to setup on an internal hosting server.
What are pros and corn of having Linux or Windows based server. (also which versions are relevant)
How to setup an SSL on local hosting server. What are options.
What are the security precautions to be made.
An internet line with dedicated IP from ISP can be connected, but do need to have any security hardware in middle in the network?
How to setup/connect a purchased domain name (www.mydomain.com) to an internal hosting server.
How to have multiple IPs to an internal hosting server, so if one server fails or one network fails the other keeps working with the purchased domain name.
How to log IP(visitors) access log in hardware level to keep server secure.
How to setup internal code version control system (using any local version control system and also GitHub), so if one deployment fails or creates any trouble; we can then restore to older code version.
How to setup a mailing server to send and receive emails and also how can we setup different emails on local hosting server.

Just had a look at the following link which contains most of the details related to most common server setup practice. Hopefully this will answer the question related to the server environment setup.
https://www.digitalocean.com/community/tutorials/5-common-server-setups-for-your-web-application
In the Related Articles Section (at end of the above article) there are lots of information on setting on NodeJS appliction on Ubunto etc. Hopefully the discussion there will clarify the concepts in more depth. e.g. How To Deploy a Node.js and MongoDB Application with Rancher on Ubuntu 16.04

Related

Mobile Application Revese Gateway recomendation

I have a mobile application that communicates with a REST based web-service. The web-service lives behind the firewall and talks to other systems. Currently this web-service requires a firewall port to be opened and a SSL cert generated for each installation. Mobile apps sends login credentials so web-services can login to custom back-end systems.
Recently a customer approached us asking how could we deploy this to 50 offices. As we don't want to say modify every firewall in every office, we're looking for options.. This is a list of possible solutions and my thoughts on each one:
Open firewall port and expose https webservice - This is our current
solution but we dont want to have to contact 50 network admins and explain why we need to do this.
VPN - Too heavy weight, complex and expensive, we only need access
to one server. Does not solve problem as firewall needs to be
modified.
Microsoft Azure Hybrid Connection Manager - This provides a managed
service where the Azure cloud will expose an end point. Azure will
also expect connections from a easy to install application that
lives behind the firewall. When a REST call is made to the cloud
end-point, the request is forward down socket that was initiated by
the software behind the firewall. This does what we want but as its
a Microsoft Solution there might impose other requirements that our
customers might not want. Currently the simple Hybrid Connection Manager is free. But for how long?
Jscape MFT Gateway - Similar to Azure but you can host their server anywhere. Not that expensive but is not opensource.
Netty - A async java library/toolkit where this type of application could easily be build. Client and server apps would need to be build and deployed. Dont know what we dont know about Netty.
MDM, AirWatch, BlackBerry BES - A MDM based solution would work expect that MDM's are centrally managed and are not often in every office where the backend services are located. Airwatch has an AppTunnle but im not sure about the specifics.
At this point the Microsoft and Jscape systems are possible solutions.
But most likely these solutions will require us to modify the mobile software to work around issues such as:
How does the user know which server to login to? A locator service
needs to be built such that, an email address is used to lookup their
office, or they need to select their office location from a list.
While the connection is SSL many company might want some additional protection since network login information will be send down the pipe.
How is load balancing and fail-over managed?
So, at this point i'm looking for more options. The best option would be a commercial product that offers some level of customization. Second, would like a well used open-source product that could be installed in Aws and customized.
Thanks
The best approach we found was to use the PUTTY API and setup a reverse proxy.

Choosing shared Linux AMI machine image for AWS

I know next to nothing about server management and just got started with Amazon Web Services.
I want to deploy a Linux server which runs Apache, MySQL, phpMyAdmin as well as email capabilities (account mgmt and webmail interface) and backup capabilities. I want to administer the server with a nice web user interface like cPanel, doing things like file management, email account management, access to phpMyAdmin.
Therefore I thought about deploying a shared Linux AMI, instead of building and configuring the server myself. I want to make my life easy, that is, deploying something pre-existing which is easy to manage (web user interface) since I haven't got time to learn all about server management right now.
I found this list of images. Which one of these would fit my requirements?
This is an inappropriate use case for EC2. As Amazons CTO Werner Vogels said a few months ago "an EC2 instance is not a server, it's a building block." EC2 is used to provide computing resources to an application that spans multiple, loosely-coupled services. It's not a drop in replacement for a standard VPS.
That's not to say that a lot of people aren't using EC2 instances as servers. However, these are often the same people who bitterly complain about excessive downtime on AWS without realizing that it's mostly their own fault. An application must be designed to be deployed in a cloud-based environment when it's built on an IaaS platform like AWS. If your application is not aware of autoscaling groups and other high-availability features then traditional dedicated hosting will be cheaper, less complex, and more durable than AWS.
I am aware of AMI's for webmin, but not for cPanel. Here is the link:
https://www.virtualmin.com/documentation/aws/virtualmin_gpl_ami
I would echo the comments made by #jamieb however in that this is really not a good use case for EC2. You are limited to a single elastic IP per instance, so you have no ability to do IP-based virtual hosts as you would with a typical VPS.

How to restrict user access to only deployments via Capistrano? (deployment workflow issue)

I look for good practices for deploying with capistrano.
I would like to start out with a short description how I used to do deployment.
capistrano is installed locally on a developer's computer. I deploy thought gateway with capistrano option :gateway. Firstly, I thought that with :gateway option I need to have ssh connection only to gateway host, but it turns out that I need ssh connection (public key) to all hosts where I want to deploy to.
I would like to find a convenient and secure way to deploy application.
For example, in case when new developer starts working, is much more convinient to put his *public_key* only on gateway server and not on all applications servers. On the other hand I don't want him to have any connection to servers in particular ssh to gateway, just because he is developer, he needs to do only deployments.
If you are aware of good practices for deploying with capistrano, please, let me know.
Create special user accounts for every developer on the gateway machine as well as on the rest of the server machines. This you will have to do using the abilities your OS and ssh gives you. Make the developer accounts don't have the ability to login via a shell to the gateway etc.
I can't provide you with all the details, but I think I might have directed you in the right direction. You can ask on Server Fault for the details how it is possible to allow an user to login and do only certain tasks on the server.
Digression/Opinion: It's better to have developers which you trust to do the deployments. If you do not trust a dev, better do not let him do crucial things like i.e. deployment to a production server.

Connecting to multiple client's local SQL servers from Cloud based IIS

I am developing a web app that is not doing anything fancy. The parent company wants to use a cloud based IIS service to support the web app and then submit the information to the client's local SQL servers through the internet and the client's firewalls.
Traffic isn't that much of an issue, we are talking about probably no more than 10 submissions daily per client. My question is with regard to connecting to the client's SQL servers and running the Stored Proc on each server.
We already have admin privileges on the firewalls and servers to do what we need to do to make anything happen.
What would be my best/reliable/secure method to implement this service?
Page asks for 10 items of info then submits to Stored Proc, that's it... with a local IIS server there is no problem, works nice. I want to make sure that the information stays secured, not just for the 10 items, but the SQL server and any security between it and the IIS server.
Any recommendations?
I would recommend setting up a VPN tunnel between the remote IIS server and the in-house SQL server. With a VPN tunnel, the SQL server is just like any other server on the network to the app.

Best place to host my Sproutcore app backed up by Cloudant CouchDB?

I have a Sproutcore application which uses CouchDB hosted by Cloudant. In devenv I'm using Sproutcore proxy to forward requests to Cloudant (due to single origin policy I obviously can't call a arbitrary hosts from my JavaScript).
What would be your suggestion on hosting the app. CouchApps loading script is failing with obscure error (please note Sproutcore app is around 40 MB of JavaScript and resources).
The thing about hosting an app that talks directly to couchdb is that you are restricted by the same origin policy, so the server that serves up your SproutCore app, has to be on the same domain as you access your couchDB database. If your host provides a static file server, you could use that, but your best bet is probably just to save it as a couch app.
The Key with deploying SC as a couch app, is that you have to set up the URL's that sc-build generates to point to the correct location. This can be done with the buildfile setting something like this:
:url_prefix => '<database>/_design/<designDocument>/'
This way the links point to the right location.
You can also setup CouchDB url rewrites to get simpler urls if you wish. Have a look here for more discussion on this:
https://groups.google.com/d/topic/sproutcore/-D-5T5yPg3A/discussion
PS: 40mb seems overly large! do you have many images? I'd be concerned if you had that much JS/CSS.
Cloudant hosts its clusters (mainly) on EC2 in the us-east-1b or us-west-1b availability zones. If you cannot deploy as a CouchApp you should try to colocate your application layer next to your DB cluster. That will minimize the latency between the web server and the databases.
You can do this yourself by getting an EC2 instance and running a web server on it, or you can use a third party host that hosts on AWS (e.g. Heroku).
In both cases, you will need to run a small proxy from your web server to the database. That's why simply hosting on S3 is not an option at the moment.
Once you deploy your app to a web server, don't forget to check that your web server and your database are in the same AWS availability zone. If they're not, just ask Cloudant to move your account.

Resources