Run Node.js app on Ubuntu Server using pm2

I work with Node.js and some other JavaScript technologies in last months. One important think is – how run ready application on production server? It wasn’t easy question, because earlier I used only development mode in IDE (with automatic rebuild and generation in background). After some research I found pm2 – great package to run Node.js application in background. With that manager we can start, stop or restart many applications. Let’s see how we can easily run Node.js app.

Continue reading “Run Node.js app on Ubuntu Server using pm2”

Nginx – Tips & tricks

It’s time to add next and last episode for our Nginx blog series. This time post will not describe specific thing, but few different tips and tricks. You can use them to improve your site performance, add additional monitoring, or just serve some files only for special users. If you have any other ideas, feel free to comment and feedback – I can add your suggestions to this blog post, or create next episode. Fine, go to our configuration files.

Continue reading “Nginx – Tips & tricks”

Nginx – SSL/TLS configuration

We have ready Nginx server, ready PHP deamons with tweaked configuration so… what next? It’s time to secure our websites. With Nginx it’s very simple to run SSL/TLS connections and also HTTP/2 – faster protocol, great for mobile devices and new web browsers. Like in previous chapters, we will make changes not only to enable secure connections, but also tweak default settings – be aware, these recommendations will not work with old browsers like Opera 12, Internet Explorer 7 or old Android (2.x) build-in browsers. I thinks is isn’t any drawback, these browsers are obsolote for a long time. Ok, let’s start with Nginx configuration.

Continue reading “Nginx – SSL/TLS configuration”

Express.js and Vue.js – secure forms using CSRF token

Yes it’s something new on this blog – not only PHP, but also Node.js and Vue.js because I work on new project and use these technologies. Many, many things are completly new for me, but some of them are not. Good example is forms security: we must prevent attackers to make CSRF attacks and use tokens. Simple to say and now, in PHP world, very simple in usage – most of frameworks, most of template systems already have build-in solutions. With Express.js and Vue.js we can use available node modules, but we must still remember about some things. This post is about how use CSRF in that connection.

Continue reading “Express.js and Vue.js – secure forms using CSRF token”

PHP-FPM – config improvements

We’ve already installed Nginx web server, PHP, run wrappers and configure php.ini settings. Next step will be some small improvements on global PHP-FPM configuration and also, additional settings on websites wrappers. Today we will edit /etc/php-fpm/version/fpm/php-fpm.conf file. It’s PHP-FPM main configuration file. Not PHP like php.ini from last chapter, but for FastCGI Process Manager. There is no time for unnecessary descriptions, let’s edit this file.

Continue reading “PHP-FPM – config improvements”