I'm a little unclear on if it's possible to remotely access the dashboard through https or not when parse is running stand-alone on a server? Whenever I see the question asked I seem to see people suggesting adding the allowInsecureHTTP option.
I can make that work but since everything else is running through https I would prefer the dashboard to as well. Is there some setting I am missing that tells it to go ahead and look for it at https://myserver/parse instead of only seeing it at http?
background details:
I have migrated an iOS app's backend from the Parse server to a Digital Ocean server that is running Ubuntu following this guide: https://www.digitalocean.com/community/tutorials/how-to-migrate-a-parse-app-to-parse-server-on-ubuntu-14-04
Thanks
generate self signed certificate
$ openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem
$ openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out server.crt
try the following
var fs = require('fs');
var http = require('http');
var https = require('https');
var express = require('express');
var ParseServer = require('parse-server').ParseServer;
var ParseDashboard = require('parse-dashboard');
var app = express();
var port = 1337;
var options = {
key: fs.readFileSync('./key.pem', 'utf8'),
cert: fs.readFileSync('./server.crt', 'utf8'),
};
var parse = new ParseServer({
databaseURI: 'mongodb://localhost:27017/dev', // Connection string for your MongoDB database
//cloud: './cloud/main.js', // Absolute path to your Cloud Code
appId: 'APPLICATION_ID',
masterKey: 'MASTER_KEY', // Keep this key secret!
//fileKey: 'optionalFileKey',
serverURL: 'https://localhost:1337/parse' // Don't forget to change to https if needed
});
var dashboard = new ParseDashboard({
"apps": [{
"serverURL": "https://localhost:1337/parse",
"appId": "APPLICATION_ID",
"masterKey": "MASTER_KEY",
"appName": "MyApp"
}],
"users": [{
"user": "admin",
"pass": "myPwd"
}]
});
app.use('/parse', parse);
app.use('/dashboard', dashboard);
var server = https.createServer(options, app).listen(port, function() {
console.log("server listening on port " + port);
});
the --allowInsecureHttp flag allows you to tell parse-dashboard that it should allow running un HTTP.
This is generally used when you're serving it behind a reverse proxy for ex:
It's usually recommended to use a reverse proxy in the front of your node processes and let that proxy handle HTTPS termination.
You should not in any case let HTTP traffic go to your node process if you're running with --allowInsecureHttp
@flovilmart perhaps you intended to comment on this issue instead?
@diego-vieira Is that a separate script that I run, or is that a preexisting script that I need to edit?
Also, Thanks.
@BrandenSandahl ah I thought that you were using express to run your dashboard.
In your case tho, you gotta need a certificate to run via https, unfortunately I'm not running dashboard as command line so not sure how to get that going.
@diego-vieira
Sorry I was probably a little unclear on that. I tried to edit my question to make it a bit more clear.
Can I just install express and have express run it or will that interfere with my parse server that is running?
@BrandenSandahl then, yes you can run your dashboard on one server and your parse server in another server for instance or both on the same server as long as you run on two different ports if you're running them separately.
I have no experience with DigitalOcean but this should get you going.
var port = 1337 to your dashboard port. e.g. 443https://yourserver:1337/parse to your parse server url.var fs = require('fs');
var https = require('https');
var express = require('express');
var ParseDashboard = require('parse-dashboard');
var app = express();
var port = 1337;
var options = {
key: fs.readFileSync('./key.pem', 'utf8'),
cert: fs.readFileSync('./server.crt', 'utf8'),
};
var dashboard = new ParseDashboard({
"apps": [{
"serverURL": "https://yourserver:1337/parse",
"appId": "APPLICATION_ID",
"masterKey": "MASTER_KEY",
"appName": "MyApp"
}],
"users": [{
"user": "admin",
"pass": "myPwd"
}]
});
app.use('/dashboard', dashboard);
var server = https.createServer(options, app).listen(port, function() {
console.log("server listening on port " + port);
});
If I'm not clear enough, please do let me know.
@BrandenSandahl What I did was to place parse dashboard behind an nginx server. I configured the nginx to use https security using letsencrypt certificates and redirected it to parse-dashboard using local http.
@drorsun
I think that is the step I am missing. I don't suppose you could throw the code you used for that up here could you?
@BrandenSandahl - I tried to write here more or less what I did. I edited a company doc into this short version so it may have some holes.
For the certificate issue you need to followup on the link I provided below for nginx configuration.
Hope it helps !
General
We configure here Nginx to proxy all https requests to local 4040 - on which parse-dashboard is listening. For security credentials this uses parse-dashboard configuration but we should better setup user & password in nginx as the current parse-dashboard credentials are minimal.
Create a server
on aws a T2 micro is good enough
Security group - allow HTTPS in as well as ssh 22
Ubuntu 14.04
Update name and DNS
Wherever you manage DNS - create a CNAME record to point to the server name (in aws - the ec2 server name)
Edit /etc/hostname → Use the prefix to the cname
Edit /etc/hosts → add lines
127.0.0.1 localhost
127.0.0.1
sudo service hostname restart
Update packages
sudo apt-get update
Install nodejs
curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
sudo apt-get install -y nodejs
Setup nginx
_Setting up https with letsencrypt_
Source: digital ocean - secure nginx with lets encrypt
_Get GIT_
sudo apt-get update
sudo apt-get -y install git bc
_Clone letsencrypt_
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
_Generate certificate_
sudo -i
cd /opt/letsencrypt
./letsencrypt-auto certonly -d <cname>
_Additional security_
Generate Strong Diffie-Hellman Group:
To further increase security, you should also generate a strong Diffie-Hellman group. To generate a 2048-bit group, use this command:
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Update nginx configuration according to the source - https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04
_Setup auto-renewal for Certificates_
Run this to create a renew configuration for letsencrypt:
/opt/letsencrypt/letsencrypt-auto renew
sudo crontab -e
30 2 * * 6 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
35 2 * * 6 /etc/init.d/nginx reload
This will try to renew the certificate every Saturday, 2:30-35
Edit nginx configuration to pass to 4040
Add “allow all” to nginx configuration (not sure it is needed)
sudo vi /etc/nginx/nginx.conf
server {
…
location ~ /.well-known {
allow all;
}
…
}
_Add “proxy_pass” to nginx configuration_
sudo vi /etc/nginx/sites-available/default
server {
...
listen 443 ssl;
...
server_name;
...
location / {
proxy_pass http://127.0.0.1:4040;
}
sudo nginx -s reload
Install parse-dashboard
sudo apt-get install npm
sudo npm install -g parse-dashboard
Later when you need to update parse use sudo npm install -g parse-dashboard
Edit dashboard.cfg.js with dashboard configuration of your apps and users
Manually run the dashboard by
parse-dashboard --config ~/dashboard.cfg.js
Monitor the process with pm2
sudo npm install pm2 -g
Create json file - pm2dashapp.json
{
"apps" : [{
"name" : "Whatever",
"script" : "parse-dashboard",
"args" : "--config /home/ubuntu/dashboard.cfg.js",
"watch" : true,
“merge_logs" : true,
"cwd" : "/home/ubuntu"
}]
}
pm2 start pm2dashapp.json
pm2 save
@drorsun
Thanks dude.
So, is it the proxy_pass line in nginx that allows the dashboard to run on https?
Oh hey also, in your dashboard config file, what does your serverURL path look like? Something like this?
"serverURL": "https://284.221.124.443:1337/parse",
@BrandenSandahl
Yes regarding proxy_pass line.
Also yes regarding that serverURL. I preferred to use DNS instead of explicit IP address but it is basically the same. You are also correct that you have to add the /parse (unless you set up the parse server with a different path somehow).
Most helpful comment
@BrandenSandahl - I tried to write here more or less what I did. I edited a company doc into this short version so it may have some holes.
For the certificate issue you need to followup on the link I provided below for nginx configuration.
Hope it helps !
General
We configure here Nginx to proxy all https requests to local 4040 - on which parse-dashboard is listening. For security credentials this uses parse-dashboard configuration but we should better setup user & password in nginx as the current parse-dashboard credentials are minimal.
Create a server
on aws a T2 micro is good enough
Security group - allow HTTPS in as well as ssh 22
Ubuntu 14.04
Update name and DNS
Wherever you manage DNS - create a CNAME record to point to the server name (in aws - the ec2 server name)
Edit /etc/hostname → Use the prefix to the cname
Edit /etc/hosts → add lines
sudo service hostname restartUpdate packages
sudo apt-get updateInstall nodejs
Setup nginx
_Setting up https with letsencrypt_
Source: digital ocean - secure nginx with lets encrypt
_Get GIT_
_Clone letsencrypt_
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt_Generate certificate_
_Additional security_
Generate Strong Diffie-Hellman Group:
To further increase security, you should also generate a strong Diffie-Hellman group. To generate a 2048-bit group, use this command:
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048Update nginx configuration according to the source - https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04
_Setup auto-renewal for Certificates_
Run this to create a renew configuration for letsencrypt:
/opt/letsencrypt/letsencrypt-auto renewsudo crontab -eThis will try to renew the certificate every Saturday, 2:30-35
Edit nginx configuration to pass to 4040
Add “allow all” to nginx configuration (not sure it is needed)
sudo vi /etc/nginx/nginx.conf_Add “proxy_pass” to nginx configuration_
sudo vi /etc/nginx/sites-available/defaultsudo nginx -s reloadInstall parse-dashboard
Later when you need to update parse use
sudo npm install -g parse-dashboardEdit dashboard.cfg.js with dashboard configuration of your apps and users
Manually run the dashboard by
parse-dashboard --config ~/dashboard.cfg.jsMonitor the process with pm2
sudo npm install pm2 -gCreate json file - pm2dashapp.json