Parse-dashboard: Getting dashboard to run through https

Created on 22 Jun 2016  Â·  12Comments  Â·  Source: parse-community/parse-dashboard

I'm a little unclear on if it's possible to remotely access the dashboard through https or not when parse is running stand-alone on a server? Whenever I see the question asked I seem to see people suggesting adding the allowInsecureHTTP option.

I can make that work but since everything else is running through https I would prefer the dashboard to as well. Is there some setting I am missing that tells it to go ahead and look for it at https://myserver/parse instead of only seeing it at http?

background details:
I have migrated an iOS app's backend from the Parse server to a Digital Ocean server that is running Ubuntu following this guide: https://www.digitalocean.com/community/tutorials/how-to-migrate-a-parse-app-to-parse-server-on-ubuntu-14-04

Thanks

Most helpful comment

@BrandenSandahl - I tried to write here more or less what I did. I edited a company doc into this short version so it may have some holes.
For the certificate issue you need to followup on the link I provided below for nginx configuration.
Hope it helps !

General
We configure here Nginx to proxy all https requests to local 4040 - on which parse-dashboard is listening. For security credentials this uses parse-dashboard configuration but we should better setup user & password in nginx as the current parse-dashboard credentials are minimal.

Create a server
on aws a T2 micro is good enough
Security group - allow HTTPS in as well as ssh 22
Ubuntu 14.04

Update name and DNS
Wherever you manage DNS - create a CNAME record to point to the server name (in aws - the ec2 server name)
Edit /etc/hostname → Use the prefix to the cname
Edit /etc/hosts → add lines

127.0.0.1 localhost
127.0.0.1

sudo service hostname restart

Update packages
sudo apt-get update

Install nodejs

curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
sudo apt-get install -y nodejs

Setup nginx
_Setting up https with letsencrypt_
Source: digital ocean - secure nginx with lets encrypt
_Get GIT_

sudo apt-get update
sudo apt-get -y install git bc

_Clone letsencrypt_
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

_Generate certificate_

sudo -i
cd /opt/letsencrypt
./letsencrypt-auto certonly -d <cname>

_Additional security_
Generate Strong Diffie-Hellman Group:
To further increase security, you should also generate a strong Diffie-Hellman group. To generate a 2048-bit group, use this command:

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Update nginx configuration according to the source - https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04
_Setup auto-renewal for Certificates_
Run this to create a renew configuration for letsencrypt:
/opt/letsencrypt/letsencrypt-auto renew

sudo crontab -e

30 2 * * 6 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
35 2 * * 6 /etc/init.d/nginx reload

This will try to renew the certificate every Saturday, 2:30-35

Edit nginx configuration to pass to 4040
Add “allow all” to nginx configuration (not sure it is needed)

sudo vi /etc/nginx/nginx.conf

server {
…
location ~ /.well-known {
allow all;
}
…
}

_Add “proxy_pass” to nginx configuration_

sudo vi /etc/nginx/sites-available/default

server {
...
listen 443 ssl;
...
server_name ;
...
location / {
proxy_pass http://127.0.0.1:4040;
}

sudo nginx -s reload
Install parse-dashboard

sudo apt-get install npm
sudo npm install -g parse-dashboard

Later when you need to update parse use sudo npm install -g parse-dashboard

Edit dashboard.cfg.js with dashboard configuration of your apps and users
Manually run the dashboard by
parse-dashboard --config ~/dashboard.cfg.js

Monitor the process with pm2
sudo npm install pm2 -g
Create json file - pm2dashapp.json

{
"apps" : [{
"name" : "Whatever",
"script" : "parse-dashboard",
"args" : "--config /home/ubuntu/dashboard.cfg.js",
"watch" : true,
“merge_logs" : true,
"cwd" : "/home/ubuntu"
}]
}

pm2 start pm2dashapp.json 
pm2 save

All 12 comments

generate self signed certificate

$ openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem
$ openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out server.crt

try the following

var fs = require('fs');
var http = require('http');
var https = require('https');
var express = require('express');
var ParseServer = require('parse-server').ParseServer;
var ParseDashboard = require('parse-dashboard');

var app = express();

var port = 1337;

var options = {
    key: fs.readFileSync('./key.pem', 'utf8'),
    cert: fs.readFileSync('./server.crt', 'utf8'),
};

var parse = new ParseServer({
    databaseURI: 'mongodb://localhost:27017/dev', // Connection string for your MongoDB database
    //cloud: './cloud/main.js', // Absolute path to your Cloud Code
    appId: 'APPLICATION_ID',
    masterKey: 'MASTER_KEY', // Keep this key secret!
    //fileKey: 'optionalFileKey',
    serverURL: 'https://localhost:1337/parse' // Don't forget to change to https if needed
});

var dashboard = new ParseDashboard({
    "apps": [{
        "serverURL": "https://localhost:1337/parse",
        "appId": "APPLICATION_ID",
        "masterKey": "MASTER_KEY",
        "appName": "MyApp"
    }],
    "users": [{
        "user": "admin",
        "pass": "myPwd"
    }]
});

app.use('/parse', parse);
app.use('/dashboard', dashboard);

var server = https.createServer(options, app).listen(port, function() {
    console.log("server listening on port " + port);
});

the --allowInsecureHttp flag allows you to tell parse-dashboard that it should allow running un HTTP.

This is generally used when you're serving it behind a reverse proxy for ex:

  • behind nginx / apache when the ssl is handled by those programs
  • on a hosted service like Elastic Beanstalk or GCP or Heroku etc...

It's usually recommended to use a reverse proxy in the front of your node processes and let that proxy handle HTTPS termination.

You should not in any case let HTTP traffic go to your node process if you're running with --allowInsecureHttp

@flovilmart perhaps you intended to comment on this issue instead?

@diego-vieira Is that a separate script that I run, or is that a preexisting script that I need to edit?

Also, Thanks.

@BrandenSandahl ah I thought that you were using express to run your dashboard.
In your case tho, you gotta need a certificate to run via https, unfortunately I'm not running dashboard as command line so not sure how to get that going.

@diego-vieira
Sorry I was probably a little unclear on that. I tried to edit my question to make it a bit more clear.

Can I just install express and have express run it or will that interfere with my parse server that is running?

@BrandenSandahl then, yes you can run your dashboard on one server and your parse server in another server for instance or both on the same server as long as you run on two different ports if you're running them separately.

I have no experience with DigitalOcean but this should get you going.

  • Change var port = 1337 to your dashboard port. e.g. 443
  • Change https://yourserver:1337/parse to your parse server url.
  • Change key.pem to your pem file and server.crt to your server.crt file.
var fs = require('fs');
var https = require('https');
var express = require('express');
var ParseDashboard = require('parse-dashboard');

var app = express();

var port = 1337;

var options = {
    key: fs.readFileSync('./key.pem', 'utf8'),
    cert: fs.readFileSync('./server.crt', 'utf8'),
};

var dashboard = new ParseDashboard({
    "apps": [{
        "serverURL": "https://yourserver:1337/parse",
        "appId": "APPLICATION_ID",
        "masterKey": "MASTER_KEY",
        "appName": "MyApp"
    }],
    "users": [{
        "user": "admin",
        "pass": "myPwd"
    }]
});

app.use('/dashboard', dashboard);

var server = https.createServer(options, app).listen(port, function() {
    console.log("server listening on port " + port);
});

If I'm not clear enough, please do let me know.

@BrandenSandahl What I did was to place parse dashboard behind an nginx server. I configured the nginx to use https security using letsencrypt certificates and redirected it to parse-dashboard using local http.

@drorsun
I think that is the step I am missing. I don't suppose you could throw the code you used for that up here could you?

@BrandenSandahl - I tried to write here more or less what I did. I edited a company doc into this short version so it may have some holes.
For the certificate issue you need to followup on the link I provided below for nginx configuration.
Hope it helps !

General
We configure here Nginx to proxy all https requests to local 4040 - on which parse-dashboard is listening. For security credentials this uses parse-dashboard configuration but we should better setup user & password in nginx as the current parse-dashboard credentials are minimal.

Create a server
on aws a T2 micro is good enough
Security group - allow HTTPS in as well as ssh 22
Ubuntu 14.04

Update name and DNS
Wherever you manage DNS - create a CNAME record to point to the server name (in aws - the ec2 server name)
Edit /etc/hostname → Use the prefix to the cname
Edit /etc/hosts → add lines

127.0.0.1 localhost
127.0.0.1

sudo service hostname restart

Update packages
sudo apt-get update

Install nodejs

curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash -
sudo apt-get install -y nodejs

Setup nginx
_Setting up https with letsencrypt_
Source: digital ocean - secure nginx with lets encrypt
_Get GIT_

sudo apt-get update
sudo apt-get -y install git bc

_Clone letsencrypt_
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

_Generate certificate_

sudo -i
cd /opt/letsencrypt
./letsencrypt-auto certonly -d <cname>

_Additional security_
Generate Strong Diffie-Hellman Group:
To further increase security, you should also generate a strong Diffie-Hellman group. To generate a 2048-bit group, use this command:

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Update nginx configuration according to the source - https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04
_Setup auto-renewal for Certificates_
Run this to create a renew configuration for letsencrypt:
/opt/letsencrypt/letsencrypt-auto renew

sudo crontab -e

30 2 * * 6 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
35 2 * * 6 /etc/init.d/nginx reload

This will try to renew the certificate every Saturday, 2:30-35

Edit nginx configuration to pass to 4040
Add “allow all” to nginx configuration (not sure it is needed)

sudo vi /etc/nginx/nginx.conf

server {
…
location ~ /.well-known {
allow all;
}
…
}

_Add “proxy_pass” to nginx configuration_

sudo vi /etc/nginx/sites-available/default

server {
...
listen 443 ssl;
...
server_name ;
...
location / {
proxy_pass http://127.0.0.1:4040;
}

sudo nginx -s reload
Install parse-dashboard

sudo apt-get install npm
sudo npm install -g parse-dashboard

Later when you need to update parse use sudo npm install -g parse-dashboard

Edit dashboard.cfg.js with dashboard configuration of your apps and users
Manually run the dashboard by
parse-dashboard --config ~/dashboard.cfg.js

Monitor the process with pm2
sudo npm install pm2 -g
Create json file - pm2dashapp.json

{
"apps" : [{
"name" : "Whatever",
"script" : "parse-dashboard",
"args" : "--config /home/ubuntu/dashboard.cfg.js",
"watch" : true,
“merge_logs" : true,
"cwd" : "/home/ubuntu"
}]
}

pm2 start pm2dashapp.json 
pm2 save

@drorsun
Thanks dude.
So, is it the proxy_pass line in nginx that allows the dashboard to run on https?

Oh hey also, in your dashboard config file, what does your serverURL path look like? Something like this?
"serverURL": "https://284.221.124.443:1337/parse",

@BrandenSandahl
Yes regarding proxy_pass line.
Also yes regarding that serverURL. I preferred to use DNS instead of explicit IP address but it is basically the same. You are also correct that you have to add the /parse (unless you set up the parse server with a different path somehow).

Was this page helpful?
0 / 5 - 0 ratings

Related issues

monajafi picture monajafi  Â·  4Comments

guilhermevini picture guilhermevini  Â·  6Comments

grassland-curing-cfa picture grassland-curing-cfa  Â·  6Comments

badboy-tian picture badboy-tian  Â·  8Comments

yagotome picture yagotome  Â·  3Comments