I have a PHP application running on my own server (not localhost but a real server accessible via internet), and I want to add Node.js server to it. I came across this article saying about Reverse Proxy. At the end of the article, it mentions that this particular approach has performance cost and therefore only suitable for specific cases.
It’s worth to note that this approach is suitable for a specific role with limited number of users. But if you want to have the performance scalablity, you’ll need to to run both apache and node.js separately and use something like nginx to do the reverse proxy instead.
Now I'm wondering how and why that is and if I should move away from this approach because I have a lot of users using my service. If anyone has better suggestion than this approach, please enlighten me! Thank you in advance.
I use such an approach myself and as far as you don't need a low latency I don't see the necessity of this.
The best solution for getting around the Proxy would be using a different port.
Due to Apache managing the domain resolving.
It might also be worth noting that apache does compression and SSL which is something you would have to worry about your NPM running on a possibly different port than 443.
Related
My (Windows) computer is connected with OpenVPN to my VPN provider. That means that everything goes through it, alternatively using its proxies as well for a little bit of variation.
In many situations, I don't want it to go through the VPN (or any proxy) when making a request. For example, when I use PHP to log in to my bank. Or when all proxies/VPNs are blocked from downloading a file, or loading a webpage, etc., which happens frequently. But then I'm stuck, because to the best of my knowledge, there is no way to tell PHP to "bypass the VPN and use my home IP address directly".
I would like something like:
php_bypass_VPN();
/* make cURL requests here */
php_restore_VPN();
Is it possible at all? If not, why is this not a major problem for anyone else? Or is it? It has caused countless issues for me, and not just in PHP context. For example, I would want the buffering local Internet radio station to go through my normal IP address as well, but no software I've ever seen provides any means to "bypass VPN".
If the solution involves hacking the OS and/or installing a bunch of spyware, I'll not be happy. Please tell me there is some simple way to do this, such as:
shell_exec('somebinary bypassvpntemporarily');
That would be swell, although a cross-platform solution would be vastly preferred.
Most VPNs work in a way that they install a new network interface driver on your PC and make sure all traffic goes through it so it can encrypt it on the way out.
I guess you could try to go through a specific interface but I'm not sure that will overcome the VPN (heres how to get a specific interface how to bind raw socket to specific interface).
Other than that you could create your own driver...
I'm hosting a couple of sites for my friends, which they can edit using SFTP. But I recently stumbled upon something quite alarming.
Using: <? echo $realIP = file_get_contents("http://ipecho.net/plain"); ?>
They are able to get the real IP of the server. I'm using CloudFlare to "mask" the IP from the outside, so that's quite safe. I know that I can use a VPN for this, but that a quite expensive option. Is there any way to avoid, them using this certain methodes to gain the real server IP?
I would just generally secure the server in a way that is similar to typical shared hosting accounts.
While this is on the edge of what I know, I am by no means an expert on server security I do know a few things I have ran into over the years.
disable using stream file wrappers for remote files. This is controlled by the allow_url_fopen setting in PHP, and disables opening remote files using fopen, file_get_contents and their like.
disable some of the more dangerous PHP functions these include but are not limited to shell_exec, exec, eval, popen. These likewise can be disabled in the PHP ini file by adding them to the disabled_functions list.
remove shell access for the users. They will still be able to authenticate for sFTP, for file transfers. But they will not be able to login via SSH through something like putty you can modify the users like this usermod -s /sbin/nologin myuser for more details see this post on Unix.StackExchange
setup a test account with the same access your clients (people you provide hosting for) have and test what works and what doesn't. This will give you a bit of an idea what they can and cant do, and it gives you a place to test some configuration changes before applying them globally.
I am sure there are many more things you can do, and I can't really go into a whole article on server security. As I said I am by no means an authority on the subject. So the last thing I would say is do as much research as you can and see what others are doing for shared hosting servers as this is basically what you have.
I did find this Post on 14 best practices on server security.
http://www.hostingadvice.com/how-to/web-hosting-security-best-practices/
This just gives a high level overview of some of the concerns and doesn't really get to overly technical.
This is a pretty big topic, with many pitfalls, but I hope my limited knowledge at least gets you started down the road of securing your server. And remember, it's your server you get to say what the policies are on it.
That said it is very important to communicate with your users about any policy changes. They have pretty much had free reign up to this point. But if you explain to them that it's in their interest because it not only protects the server but also protects their data, it may go over a bit easier. They do have a right to know, and you do have an obligation to tell them. This way they can make any necessary changes to their code. But again, it is your server ultimately and it's your responsibility to make it as secure as you can.
Good Luck!
This is complicated, and not necessarily one question. I'd appreciate any possible help.
I've read that is is possible to have websockets without server access, but I cannot seem to find any examples that show how it is. I've come to that conclusion (that I believe I need this) based on the following two things:
I've been struggling for the past several hours trying to figure out how to even get websockets to work with the WAMP server I have on my machine, which I have root access. Installed composer, but cannot figure out how to install the composer.phar file to install ratchet. Have tried other PHP websocket implementations (would prefer that it be in PHP), but still cannot get them to work.
My current webhost I'm using to test things out on is a free host, and doesn't allow SSH access. So, even if I could figure out to get websockets with root access, it is a moot point when it comes to the host.
I've also found free VPS hosts by googling (of course, limited everything) but has full root access, but I'd prefer to keep something that allows more bandwidth (my free host is currently unlimited). And I've read that you can (and should) host the websocket server on a different subdomain than the HTTP server, and that it can even be run on a different domain entirely.
It also might eventually be cheaper to host my own site, of course have no real clue on that, but in that case I'd need to figure out how to even get websockets working on my machine.
So, if anyone can understand what I'm asking, several questions here, is it possible to use websockets without root access, and if so, how? How do I properly install ratchet websockets when I cannot figure out the composer.phar file (I have composer.json with the ratchet code in it but not sure if it's in the right directory), and this question is if the first question is not truly possible. Is it then possible to have websocket server on a VPS and have the HTTP server on an entirely different domain and if so, is there any documentation anywhere about it?
I mean, of course, there is an option of using AJAX and forcing the browser to reload a JS file every period of time that would use jQuery ajax to update a series of divs regardless of whether anything has been changed, but that could get complicated, and I'm not even sure if that is possible (I don't see why it wouldn't be), but then again I'd prefer websockets over that since I hear they are much less resource hungry than some sort of this paragraph would be.
A plain PHP file running under vanilla LAMP (i.e. mod_php under Apache) cannot handle WebSocket connections. It wouldn't be able to perform the protocol upgrade, let alone actually perform real-time communication, at least through Apache. In theory, you could have a very-long-running web request to a PHP file which runs a TCP server to serve WebSocket requests, but this is impractical and I doubt a shared host will actually allow PHP to do that.
There may be some shared hosts that make it possible WebSocket hosting with PHP, but they can't offer that without either SSH/shell access, or some other way to run PHP outside the web server. If they're just giving you a directory to upload PHP files to, and serving them with Apache, you're out of luck.
As for your trouble with Composer, I don't know if it's possible to run composer.phar on a shared host without some kind of shell access. Some hosts (e.g. Heroku) have specific support for Composer.
Regarding running a WebSocket server on an entirely different domain, you can indeed do that. Just point your JavaScript to connect to that domain, and make sure that the WebSocket server provides the necessary Cross-Origin Resource Sharing headers.
OK... you have a few questions, so I will try to answer them one by one.
1. What to use
You could use Socket.IO. Its a library for developing realtime web application based on JavaScript. It consists of 2 parts - client side (runs on the visitor browser) and server side. Basic usage does not require almost any background knowledge on Node.js. Here is an example tutorial for a simple chat app on the official Socket.IO website.
2. Hosting
Most of the hosting providers have control panel (cPanel) with the capebility to install/activate different Apache plugins and so on. First you should check if Node.js isn't available already, if not you could contact support and ask them if including this would be an option.
If you don't have any luck with your current hosting provider you could always switch hosts quickly as there are a lot of good deals out there. Google will definitely help you here.
Here is a list containing a few of the (maybe) best options. Keep in mind that although some hosting deals may be paid there are a lot of low cost options to choose from.
3. Bandwidth
As you are worried about "resource hungry" code maybe you can try hosting some of your content on Amazon CloudFront. It's a content delivery network that is widely used and guarantees quick connection and fast resource loading as the files are loaded from the closest to the client server. The best part is that you only pay for what you actually use, so if you don't have that much traffic it would be really cheap to run and still reliable!
Hope this helps ;)
Earlier today, I asked a question on the Programmers StackExchange: Is it bad practice to run Node.js and apache in parallel?
My end application can be considered a social network in which I want to have a chat feature and a normal status update feature.
For the chat feature, I'd like to use Node.js because I want to push data from the server to the client instead of polling the server frequently. For the status update, I want a normal apache and PHP installation, because I'm way more familiar with that and don't see why I'd use Node.js for that.
However, that would mean I'd have to run Node.js and apache in parallel. Whilst that is possible and not considered bad practice according to the answer on Programmers.SE, I do see a few technical problems:
I'd need two ports open - could give a problem with open networks that don't have all ports open
I can't use my shared-server because I'm not allowed to open a port there, so I'd have to buy a VPS
I don't care too much about the second one, more about the first one. So are there really no solutions to combine both features on one port?
Or is there some workaround for the ports? Could I, for example, redirect subdomain.domain.com:80 to domain.com:x where x is the port of Node.js? Would that be possible and solve my problem? This solution was given in this Programmers.SE answer, but how would I go about implementing it?
You could proxy all requests to node.js through the Apache (using mod_proxy), so you won't have any troubles will multiple open ports. This also allows to remap everything to subfolders or subdomains.
This is performance-wise not the best solution, but if you are on a shared web-space it doesn't really matter. (Shared servers usually are pretty slow, and if you get a larger user base you need to move to a separate server either way sooner or later.)
As #TheHippo said you can do this with Apache's mod_proxy.
nGinx however may act faster especially if you're running PHP >= 5.4 with FastCGI.
nGinx is also a better forwarding proxy than apache and it's event based model is in line with Node's event based I/O. With the propper setup this could mean better overall performance.
If you're in a restricted environment (like shared server or no ability to change the webserver) then you should go with Apache and mod_proxy.
I am developing a server application that is mostly used to registered users and gives services upon request.
It was built from scratch, and I am not fundamentally a PHP developer.
I must say that this is the first time I am deploying a production to the web.
The end of phase 1 is drawing near and I would like to know what do you think is the best approach to deploying this server.
How do I debug on a production server ? how do I log all my actions to log files ?
How should I handle the resources and traffic? how would I know if the server is reaching its limits ?
Any approaches to evening out the load ? I have one DB, is it possible to let another server use the same DB to take off the load from the first one ?
(Of course these are general and long shot questions, but I'd like to have a bigger picture of what I am doing here)
Is there anything I should know about security measures other than my own code ? like if I can trace down a hacking attempt for example?
If you are asking all these basic question, then you should not be deploying a production server. But needless to say, you are.
It's usually never a good idea to debug on a Production server, that is what QA or Development or Testing servers are for. If you are deploying a combination of Apache, PHP, MySQL, usually for PHP, there is a php_error.log file for you to look at. The location of that is base on your httpd.conf
Handling resource traffic is based on your volume, you have to answer that question yourself. Google MySQL configuration optimization and you'll find many helpful tips to correctly configure and optimize it's speed, and when you hit your limit, you'll know.
Security, that is another very vague question, security differ base on your needs, such as a bank vs a mom and pop website. I guess research network secure, and always keep in mine this, don't over kill, security is good enough when it accomplish the task.
As mentioned you shouldn't debug on a production server, all testing should have been completed in your development environment. However, of course you should thoroughly test everything once it is on the production server and fix any issues that may appear. By making sure your development environment is as close as possible to the live one in terms of settings etc you can mitigate the risks but you can never totally eradicate any potential issues.
Depending on your server you can try running a command such as "top" or "topaz" at the command line, this works on a Unix box if it has the correct installation and will tell you how much CPU is free and how much is being used. This would give a rough idea if it can handle the traffic you are throwing at it. Handling traffic and managing resources is a huge area in itself, there's a lot that can be done such as load balancing for example if you have multiple servers, you may find VMWare is helpful here also. There are also call-gapping techniques that can be employed depdending on what your application is for and who is using it. And yes you can have one database shared between more than one server.
There is professional monitoring sofware you can buy to show how busy your servers are that may help, just search for "monitoring software" for example.
Security is another huge area and the solutions would depend on what you are deploying and who is going to use it. You should be aware of all the likely methods of attack that your application is likely to be subjected to and have planned your code to cope with this, for example SQL injection, session hijacking etc.
You need contingency plans in case hackers compromise your site and ideally disaster recovery plans as well, depending on how critical your application is.
Best advice is to plan everything thoroughly before you start and get your bosses to approve the plans to cover yourself.
If you have more precise questions I can give more precise answers, I used to work for a global bank and have experience of releasing critical code to production servers with all the red-tape that goes with that
;-)