程序员笔记: July 2018

Express 4.0

The correct way to start your Express app is:

npm start

========================================
**************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

install node.js

putty login 104.238.125.233

cd ~

wget https://nodejs.org/dist/v10.7.0/node-v10.7.0-linux-x64.tar.xz

tar xvf node-v10.7.0-linux-x64.tar.xz

mv node-v10.7.0-linux-x64 nodejs

mkdir ~/bin

cp nodejs/bin/node ~/bin

cd ~/bin

ln -s ../nodejs/lib/node_modules/npm/bin/npm-cli.js npm

node --version

npm --version

*************************************
===========================================

No need to install and run nginx

sudo service nginx start

sudo service nginx stop

========================================

******** start node.js app****************

if you want to use nodemon, fist install it

npm install -g nodemon

Installing PM2


$ npm install pm2 -g

cd /home/transparentgov/public_html/arcgis_viewer/

PM2 now supports npm start:

pm2 start npm -- start

http://pm2.keymetrics.io/

pm2 list

list all process.......

pm2 stop 0
pm2 restart 0
pm2 delete 0

******** start node.js app****************

========================================

node express add SSL

1)
download private key file from cpanel ----- ssl/STL ---- private key---
click edit, copy encoded part into a new file. Save to /bin/www/private.key

2)
download certificate file, from godaddy, my product, SSL,
click download button, choose other type.

Only 1 file xxxx.crt is the one we need, copy to /bin/www/public.cert

3)
/bin/www file add https code.

// readFileSync function must use __dirname get current directory
// require use ./ refer to current directory.

// -----  https  ----------

const https = require('https');

const fs = require('fs');

// readFileSync function must use __dirname get current directory

// require use ./ refer to current directory.

const options = {

key: fs.readFileSync(__dirname + '/private.key', 'utf8'),

cert: fs.readFileSync(__dirname + '/public.cert', 'utf8')

};

var port = normalizePort(process.env.PORT || '3200');

app.set('port', port);

// Create HTTPs server.

var server = https.createServer(options, app);

// ----- End ------   https  ----------

********* only renew ***********

1) download certificate zip file from godaddy,
only 6e1dce9c9beeeed6.crt is we need.

Note: Never put private.key file at this folder, Only public.cer file
otherwise, goDaddy will revoke this SSL

2) upload crt file to cpanel. cpanel -- ssl , click certificate(CRT)

upload a new certificate, click choose file, choose xxx.crt(just downloaded).

3) install new crt, by click install.

---------------------------

4) node.js

copy xxx.crt from cpanel, to node.js
/bin/www/public.cert

Done

******************** full steps ***********************

godaddy SSL

ON Server

1) cpanel --------- click SSL/TLS

2) click

Certificate Signing Requests (CSR)

click Generate

3) copy first part: encoded CSR

ON godaddy

my product ------------ SSL certificate ----- click manage button

you should see your ssl certificate, click it.

Re-Key

Top menu, click repository,

3 big button, download, re-key, xxx. click re-key

3 plus + sign, click first +, past your CSR here.

Click Save button

at bottom, click "generate certificate" button.

Wait .................. hours? days?.........................

You got a email from godaddy, follow download link to download zip file.

zip file has 2 crt file.

Upload 2 crt file at cpanel. click SSL/STL

click

Certificates (CRT)

Upload a New Certificate

choose file, 2 crt.

then you upload crt.

at SSL/STL click

Manage Installed SSL Websites

click

Browse certificate, choose the new one you just uploaded.

then install.

Done

****** check certificate ******

https://ssltools.godaddy.com/views/certChecker

node express add SSL

1)
download private key file from cpanel ----- ssl/STL ---- private key---
click edit, copy encoded part into a new file. Save to /bin/www/private.key

2)
download certificate file, from godaddy, my product, SSL,
click download button, choose other type.

Only 1 file xxxx.crt is the one we need, copy to /bin/www/public.cert

you can copy past encoded certificate from cpanel---ssl , click Certificate(CRT), click edit,
copy encoded certificate

3)
/bin/www file add https code.

// readFileSync function must use __dirname get current directory

// require use ./ refer to current directory.

==================== redirect http:// to https:// ===============================

Because of domain transparentgov.net bind to IP, by default, user will get http://transparentgov.net
We must redirect all http://.... to https://..........

Other urls are automatically without this .htaccess file.
http://agv1.transparentgov.net will forward to https://transparentgov.net:3000 at google domain.

http://ms1.transparentgov.net will forward to https://transparentgov.net/mapserver1/viewer at google domain

pdfbay.org domain forward to https://transparentgov.net/glassgov1

so only .htaccess under cleargov1 need to update redirect.

cpanel ----- file manager ------

public_html/cleargov1/ folder,

setting (top right corner) ---- show hidden files

htaccess file must be at the folder you want redirect really happen !
Not public_html ( root ) folder.

update file

`.htaccess`

add following code, to bottom

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?transparentgov\.net
RewriteRule ^(.*)$ https://transparentgov.net/$1 [R,L]

cleargove1/.htaccess

Options -Indexes
DirectoryIndex index.php

RewriteEngine On
#RewriteBase /
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . %1/%2 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ index.php?qa-rewrite=$0&%{QUERY_STRING} [L]

RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?transparentgov\.net
RewriteRule ^(.*)$ https://transparentgov.net/cleargov1/$1 [R,L]

https://www.godaddy.com/help/redirect-my-website-to-https-in-cpanellinux-27870

Effect by restart apache service -----

whm ------ search 'restart'  ----- find restart service section,

 click 'HTTP server (apache)'   --- click Yes.

https://www.webhostinghub.com/help/learn/website/ssl/force-website-to-use-ssl

==============End ====== redirect http://  to https:// ===============================



How do I Force my Website to use SSL?


Written by John-Paul Briones

Views: 95,480

Published: Jul 24, 2018

Comments: 10




  


From time to time we are asked how you can force your website visitors to view your website over https. For example, if a visitor access http://domain.com, you can force them to https://domain.com so that they are always using the SSL certificate.

Please note, if you use the Premium Website Builder to create your site, please see our article on How to Force your Premium Website Builder site to use SSL.


The following instructions gives you code to add to an .htaccess file. If your .htaccess file has existing code, then you shoud place the following code examples above the existing code of your .htaccess file so that the newly added code is executed first.


How to force your visitors to use your Shared SSL Certificate

To force your visitors to use your Shared SSL certificate:

log into your cPanel and access the redirects section
Set Type to Permanent (301)
Next to http://(www.)? choose the domain name you are working with
Next to redirects to, enter your website's url using the Shared SSL Certificate
We recommend having Redirect with or without www. selected, so that the user will be forced to use SSL whether they use domain.com or www.domain.com
Ensure Wild Card Redirect is selected
Click Add


When testing, we were redirecting example.com to https://secure21.webhostinghub.com/~whhsup5/

You can see below how the rewrite was setup before we clicked "Add"





When you save this redirect, cPanel actually sets up the redirect by editing your .htaccess file. You don't need to do anything further from here (other than test). If you were actually looking for the .htaccess code to perform this type of redirect, cPanel added the following code to the .htaccess file:


RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.com$
RewriteRule ^(.*)$ "https\:\/\/secure21\.webhostinghub\.com\/\~whhsup5\/$1" [R=301,L]


How to force your visitors to use your Dedicated SSL certificate

If you try to setup a Dedicated SSL redirect using the same steps above, cPanel will fail with an error message, similar to:


Redirecting to https://www.example.com/ will cause a redirection loop because 'http://example.com/'

which is located at /home/whhsup5/public_html/

is above 'https://www.example.com/'

which is located at /home/whhsup5/public_html/


The following changes to the .htaccess file will require that you make use of the edit options available within the cPanel. You will need to edit the .htaccess file to force the re-direct. Depending on your situation, you may need to re-direct all website traffic, only a specific domain, or a folder to use HTTPS.

Forcing a specific domain to use HTTPS

To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^abcd\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.xyz.com/$1 [R,L]


In the .htaccess code above, if abcd.com website is accessed, it will re-direct to https://xyz.com You will need to replace abcd\.com with the domain name you're forcing to https and also replace www.xyz.comwith the domain name to where the website traffic will be re-directed. Here's an example:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^test-site\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.some-website.com/$1 [R,L]


In the example above, any one typing in http://test-site.com will automatically be re-directed to https://some-website.com.

Forcing all website traffic to use HTTPS

In order to force all web traffic to use HTTPS, use the following code in your .htaccess file. If you are hosting multiple websites on your account, it is possible to have an .htaccess file for each website. Make sure that you are editing the .htaccess file that is in the root folder where you want the re-direct to occur.
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]


Be sure to replace www.yourdomain.com with your actual domain name.

Forcing SSL on a specific folder

If you want to force SSL on a specific folder you can insert the code below into a .htaccess file placed in that specific folder:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder 
RewriteRule ^(.*)$ https://www.yourdomain.com/folder/$1 [R,L]


Make sure you change the folder reference to the actual folder name. Then be sure to replace www.yourdomain.com/folder with your actual domain name and folder you want to force the SSL on.

If you need further assistance please feel free to ask a question on our support center website.

==================================================================================

free SSL install letsencrypt

Set --- apache default website.

1) whm ----- search for apache configuration

2) click -- DirectoryIndex Priority

3) add --- /cleargov1

4) move up to top

5) restart apache

6) google domain DNS, can add A record @ , only need to put ip address, no sub-folder needed

------------------------------

7) install letsencrypt https://certbot.eff.org/lets-encrypt/centos6-apache

wget https://dl.eff.org/certbot-auto

chmod a+x certbot-auto

sudo /home/hoogw/certbot-auto --apache

..............follow screen...........

type 3 for transparentgov.net

type 1 for no- redirect

then you should successfully get ssl free certificate.

IMPORTANT NOTES:

- We were unable to set up enhancement redirect for your server,

however, we successfully installed your certificate.

- Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/transparentgov.net/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/transparentgov.net/privkey.pem

Your cert will expire on 2018-10-21. To obtain a new or tweaked

version of this certificate in the future, simply run certbot-auto

again with the "certonly" option. To non-interactively renew *all*

of your certificates, run "certbot-auto renew"

Renew: just run

sudo /home/hoogw/certbot-auto --apache certonly

Automating renewal

try simulate renew

sudo /home/hoogw/certbot-auto renew --dry-run

if above works fine, we schedule job ( Not do yet, don't know how)

/home/hoogw/certbot-auto renew

google search for "cpanel cron job"

***************************************************

****************************************************

*****************************************************

putty:

// check domain ip

[hoogw@server ~]$ dig +short transparentgov.net

104.238.125.233

// check subdomain ip
[hoogw@server ~]$ dig +short ms1.transparentgov.net

ghs.googlehosted.com.

172.217.11.83

//above means subdomain ms1 not right.

// check name server

[hoogw@server ~]$ dig +short transparentgov.net ns

ns-cloud-a4.googledomains.com.

ns-cloud-a2.googledomains.com.

ns-cloud-a3.googledomains.com.

ns-cloud-a1.googledomains.com.

//above means use google name server, not use cpanel subdomain.

//so you have to setup A record on google domain

程序员笔记

Thursday, July 26, 2018

centOS node SSL

No need to install and run nginx

Installing PM2

Tuesday, July 24, 2018

centOS SSL

Certificate Signing Requests (CSR)

Re-Key

Certificates (CRT)

Upload a New Certificate

Manage Installed SSL Websites

`.htaccess`

How do I Force my Website to use SSL?

How to force your visitors to use your Shared SSL Certificate

How to force your visitors to use your Dedicated SSL certificate

Forcing a specific domain to use HTTPS

Forcing all website traffic to use HTTPS

Forcing SSL on a specific folder

free SSL install letsencrypt

7) install letsencrypt https://certbot.eff.org/lets-encrypt/centos6-apache

Automating renewal

Wednesday, July 18, 2018

mysql auto backup daily

Blog Archive