hailiang-wang / nuwa

a dianping service platform for micro-plastic surgery.
0 stars 0 forks source link

Install middlewares in cloud vm for staging #2

Closed hailiang-wang closed 9 years ago

hailiang-wang commented 9 years ago

Cloud VM

https://github.com/arrking/nuwa-docs/issues/3

Install Middlewares

Steps can be found in https://github.com/arrking/wildfire-docs/tree/master/get_started

  • Nginx
  • Redis v=2.8.17

Enable Auth with PASS, port 6511

Steps can be found in https://github.com/arrking/wildfire-docs/tree/master/get_started

  • NodeJS v0.11.16

Steps can be found in https://github.com/arrking/wildfire-docs/tree/master/get_started

  • ionic v1.3.19

Steps can be found in https://github.com/arrking/wildfire-docs/tree/master/get_started

  • bower v1.4.1

Steps can be found in https://github.com/arrking/wildfire-docs/tree/master/get_started

  • pm2 v0.12.10

Steps can be found in https://github.com/arrking/wildfire-docs/tree/master/get_started

  • gulp v3.8.11
hailiang-wang commented 9 years ago

@lymanlai NodeJS, ionic, MongoDB, Redis 安装参考 https://github.com/arrking/wildfire-docs/tree/master/get_started

lymanlai commented 9 years ago
apt-get install screen
apt-get install nginx
lymanlai commented 9 years ago

MongoDB

https://trello.com/c/SZQOSs5x/9-mongodb

use admin
db.createUser({
    user: "sysAdmin",
    pwd: "venovWiep6",
    roles: [{ role: "userAdminAnyDatabase", db: "admin" },
                { role: "dbAdminAnyDatabase", db: "admin" },
                { role: "readWriteAnyDatabase", db: "admin" }]
})
use nuwa
db.createUser(
    {
        "user": "james",
        "pwd": "VAtjUAdKel3",
        "roles":[
            {
                "role": "dbOwner",
                "db": "nuwa"
            }
        ]
    }
)

## MongoDB Connection
ip: 182.92.64.180
port: 27017
admin: sysAdmin / venovWiep6
user: james / VAtjUAdKel3
lymanlai commented 9 years ago

Redis

https://trello.com/c/j1sdaFd6/7-redis

for security stuff, I think we can just bind it to 127.0.0.1 then use ssh key to access it from other host to proxy to local

http://redis.io/topics/security The goal of the authentication layer is to optionally provide a layer of redundancy. If firewalling or any other system implemented to protect Redis from external attackers fail, an external client will still not be able to access the Redis instance without knowledge of the authentication password. The AUTH command, like every other Redis command, is sent unencrypted, so it does not protect against an attacker that has enough access to the network to perform eavesdropping.

@lymanlai the problem is a bit complicated here. We need to share some keys cross machines. So we must enable the AUTH feature. For example, to integrate with wechat, we have to cache the ACCESS_TOKEN and JS_API_TOKEN, it means, during development or production, we just save the value into one redis database and retrieve the value from anywhere.

finaly result

redis-cli -h 182.92.64.180 -p 6379 -a O0uMsLmKMZ66PxhC/wnfWIoKHXP4158imIT4c9l4+wTQznKlVe6x933MylxzBTl3

lymanlai commented 9 years ago

Node.js

https://trello.com/c/wsnHkHVA/8-node-js

lymanlai commented 9 years ago
npm install -g ionic bower pm2 gulp
hailiang-wang commented 9 years ago

@lymanlai Should enable user name and password for mongodb. Do not see the connection credentials in your trello board, also, redis should enable password too.

lymanlai commented 9 years ago

pm2

pm2 start nuwa.js -i 0 pm2 link 40ql7x1al199fu7 be8u2b65r8q8148 #check the pm2 monit here: https://app.keymetrics.io/#/bucket/556eee47bbb6b0f476a950a9/dashboard

lymanlai commented 9 years ago

nginx

http://ourjs.com/detail/nodejs-on-nginx-%E4%BD%BF%E7%94%A8nginx%E5%8F%8D%E5%90%91%E4%BB%A3%E7%90%86%E5%A4%84%E7%90%86%E9%9D%99%E6%80%81%E9%A1%B5%E9%9D%A2

cd /etc/nginx/sites-available vim nuwa.conf

server {
    listen 80;

    server_name nuwa-staging.arrking.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
    location /www {
        root /root/git/nuwa/client/www;  // for ionic building, we can visit http://nuwa-staging.arrking.com/www to see if our new build is all right
        index index.html;
    }
    location /m {
        root /root/git/nuwa/client/m;  // for production, that our user use this path to use our product.
        index index.html;
    }
}

cd /etc/nginx/sites-enabled ln -s /etc/nginx/sites-available/nuwa.conf . service nginx restart

lymanlai commented 9 years ago

http://nuwa-staging.arrking.com/ for nodeclub site http://nuwa-staging.arrking.com/www for gulp auto generate test result http://nuwa-staging.arrking.com/m for production env that end user can see from mobile

lymanlai commented 9 years ago

redis remote login setup

ufw allow 6379 vim /etc/redis/6379.conf

#bind 127.0.0.1  #comment this line
requirepass O0uMsLmKMZ66PxhC/wnfWIoKHXP4158imIT4c9l4+wTQznKlVe6x933MylxzBTl3  #add this line

service redis_6379 stop service redis_6379 start

=== from local redis-cli -h 182.92.64.180 -p 6379 -a O0uMsLmKMZ66PxhC/wnfWIoKHXP4158imIT4c9l4+wTQznKlVe6x933MylxzBTl3

hailiang-wang commented 9 years ago

login-nuwa-staging-redis

#! /bin/bash
###########################################
# Login Redis Server from cli
###########################################

# constants
baseDir=$(cd `dirname "$0"`;pwd)
PASS=O0uMsLmKMZ66PxhC/wnfWIoKHXP4158imIT4c9l4+wTQznKlVe6x933MylxzBTl3
# functions

# main
[ -z "${BASH_SOURCE[0]}" -o "${BASH_SOURCE[0]}" = "$0" ] || return

echo WX_ACCESS_TOKEN WX_JSPAPI_TICKET
redis-cli -h 182.92.64.180 -p 6379 -a $PASS
lymanlai commented 9 years ago

remote login monogo db

use sysAdmin need to fill the Database as admin use james need to fill the Data ase as nuwa

screen shot 2015-06-04 at 1 13 59 pm

lymanlai commented 9 years ago

get server blocked!

  1. nodejs progress just have big load
  2. it trying to connect to redis, but failed, our code need to fix this problem
  3. server can not response to ssh service
Error: Ready check failed: NOAUTH Authentication required.
  at RedisClient.on_info_cmd (/root/git/nuwa/server/node_modules/redis/index.js:380:35)
  at Command.callback (/root/git/nuwa/server/node_modules/redis/index.js:430:14)
  at RedisClient.return_error (/root/git/nuwa/server/node_modules/redis/index.js:571:25)
  at ReplyParser.<anonymous> (/root/git/nuwa/server/node_modules/redis/index.js:317:18)
  at ReplyParser.emit (events.js:107:17)
  at ReplyParser.send_error (/root/git/nuwa/server/node_modules/redis/lib/parser/javascript.js:296:10)
  at ReplyParser.execute (/root/git/nuwa/server/node_modules/redis/lib/parser/javascript.js:181:22)
  at RedisClient.on_data (/root/git/nuwa/server/node_modules/redis/index.js:547:27)
  at Socket.<anonymous> (/root/git/nuwa/server/node_modules/redis/index.js:102:14)
  at Socket.emit (events.js:107:17)
  at readableAddChunk (_stream_readable.js:163:16)
  at Socket.Readable.push (_stream_readable.js:126:10)
  at TCP.onread (net.js:529:20)

solution

  1. pm2 do not make it into start up service, so while sysmte reboot, we can turn back.
  2. handle redis connection code, make it better.
hailiang-wang commented 9 years ago

@lymanlai pm2 should not restart application after OS Reboot. Agree.