In this post, I’m going to show the issues which I faced during deploying my testing MEAN app in Alibaba Cloud Elastic Compute Service (ECS) and ways how to fix them.
My application includes the server and the client part. The first one is built by means of:
- Node.js.
- Express.js
- Mongoose.js.
The server part uses Angular Universal for prerendering pages, gets data from MongoDB and handles requests got from web browsers.
The second one is built by means of Angular 6.
I chose the server Nginx to be the proxy server. It should pass all requests generated by the browser to the server-side part of the app.
OS of the instance (virtual machine) is Linux Ubuntu 14.04.
To upload files to the instance, I decided to use such an FTP server as vsftpd. The configuration of it caused lots of problems.
Issues with the FTP
I wanted to configure vsftpd for the secure transmission of files. For that, I opened the file /etc/vsftpd.conf and set values of these options:
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
After saving this file, I created the folder for storing SSL and generated SSL by running the commands in the PuTTY (the connection with an instance was created through SSH):
sudo mkdir /etc/ssl/certificates
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/certificates/vsftpd.pem -out /etc/ssl/certificates/vsftpd.pem
Then I added these lines to the file /etc/vsftpd.conf:
rsa_cert_file=/etc/ssl/certificates/vsftpd.pem
rsa_private_key_file=/etc/ssl/certificates/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
Also I opened port 21 by adding new rule to Security Groups of the instance.
Next, I restarted the vsftpd and connected to the FTP server using Filezilla. The connection was succesful but the creation of folders and the passing of files to the instance failed. FileZilla didn’t show the correct error.
I found out the reason of that by disabling SSL:
ssl_enable=NO
Filezilla showed the notification: error 500 OOPS: vsftpd: refusing to run with writable root inside chroot(). I other words, I didn’t have permissions to create folders and files in the primary directory of the user with sudo privileges.
The solution of this error demands running this commands:
sudo chmod a-w /home/user_name/
sudo mkdir /home/user_name/my_folder
sudo chown user_name:user_name /home/user_name/my_folder/
where user_name is the name of user, my_folder is the name of folder, which is intended to be filled by files passed through FTP.
The first command corrects permissions for the user_name’s home directory. The second one creates the folder for needed files (my_folder in this case).
The third command sets the owner of the my_folder.
These actions allowed me to pass data in an insecure way. But after setting the value of ssl_enable to YES, another issue appeared: server sent passive reply with unroutable address. FileZilla showed no directory in the section Remote site.
The problem had gone, when I expanded the content of the file /etc/vsftpd.conf by these lines:
pasv_max_port=10100
pasv_min_port=10090
and created the new rule for ports 10090/10100 in Security Groups of my instance.
However, FileZilla still shows the same warning, it gets the remote directory and allows to load files to the virtual machine created in ECS.
Another issue is 227 Entering Passive Mode (149,129,138,13,233,79). It’s quite rare but I faced it while solving the problem described above. It can appear in the case when listen_ipv6=YES. By default, listen_ipv6 is set to NO. However, it’s better to check its value. Also, we should pay attention to the option listen. If we disable listen_ipv6, we have to enable listen.
Issues with Node.js
Firstly, I installed the default version of Node.js. It’s v0.10.25. Later I installed NVM and used it for getting the LTS version of Node.js. The LTS version was set as default for the OS. I always followed the documentation provided by creators NVM. But when I ran npm install pm2, I got the message:
npm WARN engine pm2@3.0.4: wanted: {"node":">=4.0.0"} (current: {"node":"v0.10.25","npm":"1.3.10"})
NPM didn’t see the new default version of Node.js.
I removed v0.10.25 and tried to install PM2 again. This time console showed another issue: there’s no v0.10.25. It couldn’t find the LTS version of Node.js installed on the instance by NVM. I wasn’t in the good mood to dig more, so I removed LTS version and NVM.
Then I found the page Installing Node.js via package manager, where another way was proposed for installing Node.js:
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
sudo apt-get install -y nodejs
sudo apt-get install -y build-essential
This helped me. After PM2 was installed successfully.
Issue with PM2
Running the command pm2 start dist/server.js for the first time failed because of the error eacces permission denied mkdir '/.pm2'.
The solution is:
sudo chown user:user ~/.pm2.
The user is the name of the user.
The issue with MongoDB 3.6
Some days later after installing MongoDB, I couldn’t manage MongoDB. Running commands sudo service mongod stop or sudo service mongod start finished by words stop: Unknown instance: or start: Unknown instance:.
To find out the problem, I ran the command:
sudo vim /var/log/mongodb/mongod.log
and found the error:
2018-09-13T03:57:21.311-0400 E NETWORK [initandlisten] Failed to unlink socket file /tmp/mongodb-27017.sock errno:1 Operation not permitted
2018-09-13T03:57:21.311-0400 I - [initandlisten] Fatal Assertion 40486 at src/mongo/transport/transport_layer_assio.cpp 169
The issue appears after we type:
sudo apt-get upgrade
This initiates upgrading the MongoDB and changing the ownership of the socket file /tmp/mongodb-27017.sock to the root.
To find the owner, run:
ls -lsah /tmp/mongodb-27017.sock
If the output is srwx------ 1 root root 0 Aug 24 03:56 /tmp/mongodb-27017.sock, the owner of the file is root.
We want the owner to be mongodb. To change the owner, we need to delete the .sock file by running the command:
sudo rm -rf /tmp/mongodb-27017.sock
sudo service mongod start
My testing Angular app is available on http://www.surf-app.tech. The link will be actual until 05.10.2018.