Hohenheim
Hohenheim is a web server and reverse proxy for node.js
Requirements
Node.js
Hohenheim requires at least node.js version 10.21.0
Mongodb
You will need a mongodb server.
n
Although technically not required, you can configure your sites to use a specific node.js version installed through the n node version manager
Capabilities
Hohenheim requires that your node.js binary has some extra capabilities. These are:
cap_setuid
: for setting the uid of the instances it spawnscap_setgid
: for setting the gid of the instances it spawnscap_kill
: for killing spawned instances with another uid than its owncap_net_bind_service
: for binding to privileged ports, like port 80 & 443
(If you prefer to route port 80 & 443 to another port, you can drop cap_net_bind_service
)
It's best to give hohenheim its own node executable, otherwise all scripts running would have these capabilities.
Here's an easy example on how to create a new node binary (your locations may differ)
sudo cp /usr/local/bin/node /usr/local/bin/hohenode
That's easy. Now give it the required capabilities:
sudo setcap 'cap_kill,cap_setuid,cap_setgid,cap_net_bind_service=+ep' /usr/local/bin/hohenode
Should you ever want to remove all capabilities from the binary, you can do so like this:
sudo setcap -r /usr/local/bin/hohenode
Configuration
You will need to configure the following files
app/config/local.js
module.exports = {
proxyPort: 80,
proxyPortHttps: 443,
environment: 'live',
fallbackAddress: 'http://localhost:8080',
redirectHost: 'localhost',
firstPort: 4748,
port: 2999,
letsencrypt: true,
letsencrypt_email: 'your@email.address',
ipv6Address: ''
};
app/config/dev/database.js or app/config/live/database.js
You'll find the database settings here, by default these are:
Datasource.create('mongo', 'default', {
host : '127.0.0.1',
database : 'hohenheim-live',
login : false,
password : false
});
Admin interface
Once you have everything configured and running, you can go to the admin interface at http://localhost:2999/chimera
The default credentials are admin:admin
HTTPS & HTTP/2
If you want https & http/2 support, you need to set letsencrypt: true
in your local configuration.
If you want to use your own certificates (and not letsencrypt), the greenlock
module we use lets you do that.
You just need to put your own certificate files into the correct directory.
Eg: if you have your own certificates for the domain example.com
, you can put them here:
~/hohenheim/temp/letsencrypt/etc/acme/live/example.com/privkey.pem
~/hohenheim/temp/letsencrypt/etc/acme/live/example.com/cert.pem
~/hohenheim/temp/letsencrypt/etc/acme/live/example.com/chain.pem
~/hohenheim/temp/letsencrypt/etc/acme/live/example.com/fullchain.pem
~/hohenheim/temp/letsencrypt/etc/acme/live/example.com/bundle.pem
Systemd
Keep hohenheim running by setting up a Systemd service, for example:
sudo nano /etc/systemd/system/hohenheim.service
And then enter
[Unit]
Description=Hohenheim site dispatcher
After=mongodb.service
[Service]
WorkingDirectory=/home/www-data/hohenheim/
ExecStart=/usr/local/bin/hohenode /path/to/your/hohenheim/server.js
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=hohenheim
User=www-data
Group=www-data
Environment=NODE_ENV=production
[Install]
WantedBy=multi-user.target
You will need to change:
After
: Other services to wait for (in this case mongodb)WorkingDirectory
: The path to the directory where the server.js file isExecStart
: The path to the capabilities-enabled node binary + the server.js fileUser
and Group
: The user you want to run hohenheim asEnvironment
: Your own environment variables
Finally, enable it:
sudo systemctl enable hohenheim.service
Using screen
Another interesting way to run hohenheim is to add screen
. This will give you access to hohenheim through janeway
:
[Unit]
Description=hohenheim
[Service]
Type=forking
User=skerit
Restart=always
ExecStart=/usr/bin/screen -d -m -S hohenheim -d -m /usr/local/bin/hohenode server.js
ExecStop=/usr/bin/killall -w -s 2 hohenheim
WorkingDirectory=/home/www-data/hohenheim/
[Install]
WantedBy=multi-user.target
Now, if you want to access the hohenheim shell, you can do:
screen -r hohenheim
Node versions
You can configure your websites to use a specific node.js version, these versions are available:
- The system node binary (
which node
result) - The binary
/usr/bin/node
if available - The binary
/usr/local/bin/node
if available - All global installed versions through the
n
module
If a configured version is not found, the system node binary will be used.
Thanks
Many thanks go out to Félix "passcod" Saparelli who allowed me to use the hohenheim
package name on npm.