How is a Nodejs application distributed to customers?

Asked

Viewed 517 times

0

I’m taking a look at Nodejs and a question has arisen about its distribution.

Assuming I have a company, and I use Express/Nodejs to create a simple REST service for my main application. To install this server on a client, would I need to install Nodejs on that server? Isn’t there a... main server (thing like Wildfly, Apache, Xamp, etc...) to support a Nodejs server? And the client, could simply edit the . js files from Node?

  • Yes you need to install nodejs on the server just like you would have to do with aqualquer backend language (js is not backend but Node runs on the backend), but I didn’t understand the problem just like the client can change the files. js he could edit the files . php and etc

  • Oh yes, PHP also has this problem... only Java THINK has the generations of . War that prevent editing, it is not?

  • If it’s like Amazon, you can install Node.js and then the packages, if you want to hire something different then you can hire an already supported Node.js server, like Kinghost, Uol ... if I’m not mistaken Heroku.com also supports Node.js, as well as supports Rubyonrails and Python (I don’t remember, it’s been a while since I used).

  • then you want a compiled and unenterpreted language, like js

  • @Guilhermecostamilam Responding to your first comment: JS runs yes on server-side, with Node.js, there are many websites so you can create a site from scratch, controlling http yourself by your Javascript, or use a framework that facilitates like "Express".

  • @Rafaelmoreira the best solution to prevent the client from editing the files from my point of view would be to keep the hosting with you and he pay or pay for you, because even if it was Java or encrypted applications, there is the possibility of "reverse engineering".

  • @Rafaelmoreira Just to mention one more detail, if you have control over the ports of your server and can install anything, like Amazon EC2 for example, you could install anything and release the port, or even use Fast-cgi with Node.js (so apache would communicate with Node.js) and point to a REST-only domain.

  • @Guilhermenascimento meant that js does not run naturally on the server side but can run with using Node

  • @Guilhermecostamilam is much more common than you think and is totally natural, just as there are even executables written in C or C++ that are compiled into executables and run via Fast-CGI (or even in CGI, which is a very obsolete "port").

  • @Guilhermenascimento then was js created to be used on the server side? I always thought that the initial idea was a language that would be interpreted by the browser

  • @Guilhermecostamilam there are many Javascript engines, even before Javascript was popular, when JS was something optional and we usually had to manually activate (mid 1995 to 1998, at that time internet was not even something known right in Brazil), Microsoft created a Javascript own (since Javascript was created for Netscape, old Firefox) called Jscript (yes the name is similar), at the time PHP was not even popular either and was in the beginning yet, almost everything was done in Perl and C and compiled to run via CGI (it is a "door" that today is obsolete), then a few years later...

  • ... microsoft created its ASP environment for web (in 1996) and with it it was possible to create applications with Vbscript, Jscript or Perlscript, all ports of existing languages, ie in a way yes, Javascript could already be run on servers, almost the same time it started to become popular on the front end. Properly web languages like PHP only came to be more popular a few years later, ie web before that was all via CGI port that technically can run anything written to communicate with it and with the HTTP protocol...

  • ... Nowadays we have many web solutions and Node.js is one of them, is as natural as PHP and as Java for web. Note that PHP was created in 1994, but it was something more of personal use and was only become something even for use on servers in version 2 and 3, which was a few years later... If today the servers have PHP ready to use it does not mean that it is because it is natural, but because the hosts configure them to be so, as well as have hosting configured for Python, Rails, Scala and several other technologies. @Guilhermecostamilam there is a lot of history in the evolution of the web.

  • Thanks for the history lesson, I didn’t know about this microsoft Jscript

  • @Guilhermecostamilam then Javascript actually belongs to Mozilla, which other browsers use are their own engines with identical languages and all follow ECMA (https://www.ecma-international.org/publications/standards/Ecma-262.htm). We call Javascript because simply Netscape has been the first to implement, it’s like calling every steel sponge "good Ril", actually good Ril is brand, there are different steel sponges, but as it is very popular and old brand, so we end up using this as name :)

Show 10 more comments

1 answer

3


With Node.js (which allows you to create applications for server-side) and assuming you have control over the following aspects of your server:

  • Entry and exit doors
  • SSH (or can directly install anything on your server)

You could simply release the ports to create a server for your API, or you could use something like:

Thereby I believe that you could communicate with Apache or Ngnix, then create a Virtualhost in Apache or a host in Nginx.conf to port to the Fastcgi port that is running your application written for Node.js

Or if you are using Express (which is much more likely), you could simply use the ProxyPass (https://httpd.apache.org/docs/2.4/mod/mod_proxy.html) with VirtualHost in the Apache, so:

<VirtualHost api.site.com:80>   
     ServerName api.site.com 
     ProxyPass "/" "http://localhost:5000/"
</VirtualHost>

This way I think it is much easier to use any module for Node.js, because it would be enough to use what you already have, of course in this case also depends on you have control over the server.

PS: http://localhost:5000/ would be the local host and port for the Express application


And the client, could simply edit the . js files from Node?

The customer could only edit his .js or .php if he has access to the server, if he has it he can "screw it up," or modify it, or ask whoever it is to modify it, but if his intention is to protect the codes, then encryption could be a possible attempt, however not even encrypted or compiled codes are "saved", there is reverse engineering, there is still the possibility if the client bought from you the code is his and if he requires you will have to provide, I will not go into this matter, because it goes to the legal side, of which I have no knowledge to speak.

Back to what matters, as I said, nothing is really free, reverse engineering is complicated but not impossible, so if your goal is to prevent you from breaking the application the solution I propose to you is simply to be the one who controls the server, with ProxyPass for example you can hire a hosting party and your client’s server point to the address of this other server.

<VirtualHost api.sitedocliente.com:80>   
     ServerName api.sitedocliente.com 
     ProxyPass "/" "http://hospedagemapartequecontratei.com/"
</VirtualHost>

Of course this goes to the side of "security", if the goal is that the customer only access via api.sitedocliente.com and wishes to prevent access to hospedagemapartequecontratei.com then a simple and minimal solution would be to check the IP of the server that requested the other, would be like this:

  • On your server with Node.js you should check the value of request.connection.remoteAddress, assuming that your client has a fixed IP on the server, this way could limit access only to this IP.

  • If you do not have a fixed IP, or this is impracticable you can then try to limit access with x-headers, which are automatically configured by Proxypass, so would check if X-Forwarded-Host contains the name api.sitedocliente.com (this is an example), but note that this can be easily circumvented.

I didn’t test the ProxyPass under these conditions (both local and on different servers), if something fails let me know that I will edit the answer.

  • Excellent, a very simple solution to a very common problem, worked perfectly, remembering that usually the application uses port 8080.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.