Hohenheim
Requirements
Node.js
Hohenheim requires at least node.js version 10.21.0
Mongodb
You will need a mongodb server.
n
Although technically not required, you can configure your sites to use a specific node.js version installed through the n node version manager
Capabilities
Hohenheim requires that your node.js binary has some extra capabilities. These are:
-
cap_setuid
: for setting the uid of the instances it spawns -
cap_setgid
: for setting the gid of the instances it spawns -
cap_kill
: for killing spawned instances with another uid than its own -
cap_net_bind_service
: for binding to privileged ports, like port 80 & 443
(If you prefer to route port 80 & 443 to another port, you can drop cap_net_bind_service
)
It's best to give hohenheim its own node executable, otherwise all scripts running would have these capabilities.
Here's an easy example on how to create a new node binary (your locations may differ)
sudo cp /usr/local/bin/node /usr/local/bin/hohenode
That's easy. Now give it the required capabilities:
sudo setcap 'cap_kill,cap_setuid,cap_setgid,cap_net_bind_service=+ep' /usr/local/bin/hohenode
Should you ever want to remove all capabilities from the binary, you can do so like this:
sudo setcap -r /usr/local/bin/hohenode
Configuration
You will need to configure the following files
app/config/local.js
module.exports = {
// The main port to listen on
proxyPort: 80,
// The main port to listen on for HTTPS/http2 traffic
proxyPortHttps: 443,
// Your current environment. Can be dev, preview or live
environment: 'live',
// When no sites match, this address will be tried last
// (This can be your apache server, for instance)
fallbackAddress: 'http://localhost:8080',
// The host hohenheim will use to access the spawned node sites,
// this should probably remain "localhost"
redirectHost: 'localhost',
// The first port to use for child node instances
firstPort: 4748,
// This is the port the admin interface listens on
port: 2999,
// Set to true to enable letsencrypt
letsencrypt: true,
// The default e-mail address to use for letsencrypt registrations
letsencrypt_email: 'your@email.address',
// Add the ipv6 address you want to listen on
ipv6Address: ''
};
app/config/dev/database.js or app/config/live/database.js
You'll find the database settings here, by default these are:
Datasource.create('mongo', 'default', {
host : '127.0.0.1',
database : 'hohenheim-live',
login : false,
password : false
});
Admin interface
Once you have everything configured and running, you can go to the admin interface at http://localhost:2999/chimera
The default credentials are admin:admin
HTTPS & HTTP/2
If you want https & http/2 support, you need to set letsencrypt: true
in your local configuration.
If you want to use your own certificates (and not letsencrypt), the greenlock
module we use lets you do that.
You just need to put your own certificate files into the correct directory.
Eg: if you have your own certificates for the domain example.com
, you can put them here:
~/hohenheim/temp/letsencrypt/etc/acme/live/example.com/privkey.pem
~/hohenheim/temp/letsencrypt/etc/acme/live/example.com/cert.pem
~/hohenheim/temp/letsencrypt/etc/acme/live/example.com/chain.pem
~/hohenheim/temp/letsencrypt/etc/acme/live/example.com/fullchain.pem
~/hohenheim/temp/letsencrypt/etc/acme/live/example.com/bundle.pem
Systemd
Keep hohenheim running by setting up a Systemd service, for example:
sudo nano /etc/systemd/system/hohenheim.service
And then enter
[Unit]
Description=Hohenheim site dispatcher
After=mongodb.service
[Service]
WorkingDirectory=/home/www-data/hohenheim/
ExecStart=/usr/local/bin/hohenode /path/to/your/hohenheim/server.js
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=hohenheim
User=www-data
Group=www-data
Environment=NODE_ENV=production
[Install]
WantedBy=multi-user.target
You will need to change:
-
After
: Other services to wait for (in this case mongodb) -
WorkingDirectory
: The path to the directory where the server.js file is -
ExecStart
: The path to the capabilities-enabled node binary + the server.js file -
User
andGroup
: The user you want to run hohenheim as -
Environment
: Your own environment variables
Finally, enable it:
sudo systemctl enable hohenheim.service
Using screen
Another interesting way to run hohenheim is to add screen
. This will give you access to hohenheim through janeway
:
[Unit]
Description=hohenheim
[Service]
Type=forking
User=skerit
Restart=always
ExecStart=/usr/bin/screen -d -m -S hohenheim -d -m /usr/local/bin/hohenode server.js
ExecStop=/usr/bin/killall -w -s 2 hohenheim
WorkingDirectory=/home/www-data/hohenheim/
[Install]
WantedBy=multi-user.target
Now, if you want to access the hohenheim shell, you can do:
screen -r hohenheim
Node versions
You can configure your websites to use a specific node.js version, these versions are available:
- The system node binary (
which node
result) - The binary
/usr/bin/node
if available - The binary
/usr/local/bin/node
if available - All global installed versions through the
n
module
If a configured version is not found, the system node binary will be used.
Thanks
Many thanks go out to Félix "passcod" Saparelli who allowed me to use the hohenheim
package name on npm.