Considerations for Hosting a NODE Application

Spotted a question on Dev.to basically asking “How do you put a Node application in production?” and thought I’d copy my response here.

I’ll preface this by saying that although I’ve dabbled with Node, I don’t have anything in production right now that uses it. That being said, the way a Node web application runs – as a long-running external application instead of a module that’s part of the web server – is familiar enough for me to feel comfortable with the general principles.

How to use Node in production is actually a fairly broad topic, and a lot of it depends on exactly what the application is trying to do. It’s probably going to be useful to do some reading on Dev’s #node tag, but here’s my best high-level guidance.

Architecture
So, what’s your Node app doing? Is it running a public web site? Responding to URLs for a publicly available service? Or is it an application that your front end application just calls for specific calculations? This impacts literally everything else.

Hosting
A commodity PHP host won’t cut it for Node. You’re going to need one which allows for long-running applications. Generally that means a custom VM, or perhaps something that just allows you to deploy containers. That doesn’t have to be Digital Ocean or Heroku, though they do have the kind of set up you’re looking for.

Front end web server
There’s no requirement for a traditional web server, but it’s a common configuration. You can add middleware to Express to serve up static files, but it’s generally faster (and already written) to use Apache, Nginx, or something else to serve up files and act as a reverse proxy for the specific routes your application is handling.

Ports
This is a bit of a low-level implementation detail, but seeing as how others have touched on it…. I believe Express defaults to port 5000, but you can set it listen on whatever you want. If you’re using a front end server, you’d let the front end server handle port 80 and 443. If Express is handling all the traffic, then the Node app will need to handle those ports instead. (And note, I’m only assuming you’re using Express, that’s not required for a Node app that responds to HTTP requests; it’s just a very popular solution.)

Development vs. Production
I find it’s helpful if, to the extent possible, the development environment matches the production environment. You won’t install a compiler or an IDE on the production environment, but if the production environment will have a front end web server, it’s helpful to have the same front end web server running in the development environment. (I highly recommend you read about “The twelve-factor app for more about this topic, and other helpful guidance.)

Deployment
Automate all the things.” This has nothing to do with Node. If you can’t automate everything, automate as much as you can. Can’t use Travis, Jenkins, or a similar Continuous Integration tool? Go with a shell script.

I have personal experience with deployments which took three hours per environment and tended to result in production outage because the deployment instructions were a 12 page Word document. Those same deployments dropped to three minutes and stopped breaking production once we wrote a script to handle the config file changes.

Turning off the Home Assistant Cloud integration

Over the New Year holiday, I resurrected the Raspberry Pi I’d been using for Home Assistant. It crashed in early 2019 and when a reboot didn’t fix it, I thought perhaps a power spike had killed the Pi. So I put it aside with the intent of reformatting the micro SD card to see if that would fix it, but then Drupal happened at work and I didn’t get back to it for a very long time.

The new theory is that the Pi is just fine and the memory card got corrupted. It’s up and running now with the latest Home Assistant on HassOS 3.7.

Things have changed in the past year and one of the things I noticed was that the default configuration.yaml had a lot fewer entries. That’s fine in itself, but when I went to the main Configuration screen, I couldn’t figure out how to turn off the “Home Assistant Cloud” integration – previously, you would turn that off by removing the cloud property from the configuration.yaml, but the new leaner version of the file didn’t have that entry.

I eventually found a forum post asking the very question on my mind: “How can I disable the cloud component?” The answer, it turns out, is to remove one of the few default entries in the configuration.yaml.

Near the top of the file, there’s an entry for default_config. What this does is automatically enable more than a dozen other configurations for things you’d most likely want to have: along with the cloud integration, it also enables the front end, history, logbook, system_health and more.

So what you can do is remove the entry for default_config and add back the integrations you want. Don’t want the cloud integration? Don’t copy it in.

Here’s the whole list, suitable for copy and paste to your configuration:

automation:
cloud:
config:
frontend:
history:
logbook:
map:
mobile_app:
person:
script:
ssdp:
sun:
system_health:
updater:
zeroconf:

A number of these weren’t in the configuration file a year ago, which meant they couldn’t be turned off. Now they can be, though you should definitely check the individual integration’s detail page to make sure you know what the consequences are – it might be better to remove them from the UI instead.

Turn off Chrome notification pop-ups.

Talking to my Dad over the weekend, I learned he’d recently started seeing ads appear on his computer. These days, everyone’s used to seeing ads pop up in the web browser, but these were in the lower right corner of the screen, and would stick around if you moved the browser window.

My first thought was some sort of malware infection, but there didn’t seem to be any unusual processes running. The vital clue was when Dad mentioned that the ads only showed up when Chrome was running, and would disappear if you closed all the Chrome windows. An online search revealed a new suspect – Chrome’s browser notifications.

If you’ve used Chrome at all in the past year or two, you’ve very likely seen the browser display a message asking for permission from one site or another (or dozens) to display notifications. The idea behind notifications is that even if you aren’t actively browsing a particular site, you can still let it put up a message about an important update (e.g. event tickets going on sale). In this case, someone had decided to use notifications to display ads and Mom or Dad had accidentally given the site permission to display them.

Fortunately, once you know what’s going on, it’s pretty easy to turn notifications back off.

The steps below turn notifications off altogether; you should’t even be prompted anymore. I generally try to avoid distractions, but if you don’t want to turn them completely off, you can stop at step 6 to review and edit the list of sites where they’re allowed and/or blocked.

  1. In the upper right corner of the Chrome browser, click on the three vertical dots.
  2. Near the bottom of the menu, click settings.
  3. Scroll to the bottom of the page and click “Advanced.”
  4. Go to the “Privacy and Security” section and click “Site Settings”.
  5. Find the line for “Notifications” (there will be a small bell to the left).
  6. Click Notifications.
  7. At the top of the page, where it says “Ask before sending (recommended)”, click on the blue “slider” button.  It will turn gray.
  8. At the top, click on  the “Notifications” arrow.
  9. Click on the “Site Settings” arrow.

Done.

Code Review Checklist

Recently, I’ve been doing code reviews for a group of junior devs. I’m pleased to have the opportunity, but I find we’re spending more time on fundamentals than the actual stories.

To address this, I’ve put together a checklist of things to check before submitting your code to be reviewed. It’s not meant to be exhaustive, just a short list intended to help us spend less time reviewing the basics and more on the parts the basics are supporting.

Are there other items you’d include on this list?

  • Is the code up to date with master?
  • Does the code run? Do all the tests pass? (This also means no “expected failures.”)
  • Do all the classes and methods have comments?
  • Have you removed all of your “debugging” code (e.g. System.out, console.log, or other platform equivalent).
  • There should not be any outstanding changes from previous reviews.
  • There should not be changes which aren’t part of the specific ticket you’re working on.
  • There should be no blocks of commented out code.

Dynamic Type Selection in PHP

So, check out this block of PHP code:

class MyClass {
  public function doSomething() {
    echo "Hello there.";
  }
}
$class = "MyClass";
$method = "doSomething";
$instance = new $class();
$instance->$method();

The “new” statement is using a string variable to specify the class being instantiated! What’s more, on the very next line, another string variable is being used, this time to specify the method being invoked.

My background is C-like languages (C, C++, C# and Java), so I was somewhat surprised to discover that this not only executes, but does so without errors. Turns out, this is just how PHP’s new statement works.

In Java, you’d use Class<T> to get the class object, retrieve a specific constructor, and then call the newInstance method, passing any required parameters. So the above example would end up looking something like this:

package myprogram;

import java.lang.Class;
import java.lang.reflect.Method;

class MyClass {
    public MyClass() {}
    public void doSomething() {
        System.out.println("Hello there.");
    }

    public static void main(String[] args) {
        String className = "myprogram.MyClass";
        Class<?> class = Class.forName(className);
        MyClass instance = class.getConstructor().newInstance();

        Method method = class.getMethod("doSomething");
        method.invoke(instance);
    }
}

In a more complex code sample (e.g. passing arbitrary class objects into a method to be instantiated and used in a callback), the Java version has definite advantages in terms of compile time type checking.

But I can’t deny that the simplicity of the PHP version also has some appeal.

Resetting Your Password

You can change your password on any enterprise system by following these simple steps:

  1. Login to the password reset page by answering security questions anyone with Google can look up.
  2. Generate a strong password, such as
    yK5*BDbYv91xAaU!BukN
  3. Discover you can’t paste the secure password into the form.
  4. Click your password manager’s “Generate password” icon which generates a password into the field.
  5. Click Save.
  6. Discover that your password manager was blocked from saving the new password and that you no longer know your password.
  7. Discover that you can’t reset your password twice in one day.
  8. Email the system administrator, requesting that your account be unlocked.
  9. Login to the password page again, using those same easily Googable security questions.
  10. Set your password to
    P@$$word123

(Pro-tip: Substituting a dollar sign for each ‘s’ makes it extra secure.)

Composting

A while back, a friend posted on Facebook that her family was building a compost bin and she was looking for tips. She also mentioned that she was saving kitchen scraps (but no meat or dairy) and what do people think about the “compostable” bags?

Whoo. I try to be a well-rounded geek, and I spend a lot of time doing yard work, gardening, and of course, collecting leaves for the compost pile (to the point where in the fall, the neighbors have started bringing leaves directly to me, skipping the step where I “steal” them from the curb.

The quick version of what I posted on Facebook is:

  • No meat/dairy – because it attracts vermin, it attracts flies, and it stinks.
  • No kitchen waste – that’s apple cores, wilted lettuce, etc. Why? Because it attracts vermin. If you’re lucky, it’s just flies and mice. If you’re unlucky? Rats and raccoons.
  • The aforementioned kitchen waste is awesome however for a worm bin.
  • So what does go in the compost bin? Fall leaves, non-diseased pieces of non-woody plants, and more fall leaves.
  • Coffee grounds are also good in the compost pile. They help the leaves turn to humus much faster.

For the “compostable bags” though… it depends on what they are. If it’s brown paper bags, technically, you could compost them. But recycling is probably a better choice. (I’ve composted cardboard in the past, but unless you tear it up into small pieces, it’s gonna take a long time to break down And any other paper should definitely be recycled, with one exception: shredded newspaper is good for worm bins.

On other hand, if the bags are those so-called “compostable plastic” bags (or any other sort of “compostable” plastic), then they don’t belong in a home compost pile. Those things require an industrial composter and won’t break down in your garden compost pile.

Related reading:

If you’ve read this far, you could do far worse than to visit the You Bet Your Garden question of the week archive, type “compost” into the search box (the one in the middle of the page, not at the top), and read everything that comes up.

For starters, check out the Compost 101 article .

There’s a good starting point for reading about worm bins.

(Image by flickr user kake_pugh licensed via CC BY-NC-SA 2.0)

They Keep Killing Glenn – You Only Hurt the Ones You Love

If “you only hurt the ones you love,” then Glenn Hauman has been loved like few others. Loved to death in fact. Repeatedly. A different way each time.
 
They Keep Killing Glenn is a collection of short stories with one thing in common, in each story, Glenn Hauman dies. One might be forgiven for thinking that this would only be entertaining for people who actually know Glenn (and there is a joke or two which make more sense that way) but overall, the stories should appeal to anyone who enjoys a bit of lighthearted entertainment, regardless of whether Glenn has crossed their path.
 
(Full Disclosure: I know Glenn, and many of the people who killed him. Through some cosmic error, my own tale of his death was also included.)

Finders Keepers

Finders Keepers by Russ Colchamiro is most definitely a fun read.

A pair of cosmic engineers, responsible for constructing The Earth, have misplaced a jar of Cosmic Building Material, essentially, the universe’s DNA. And with the inventory due to be taken, they need to get it back quickly or face the ultimate punishment.

Meanwhile on Earth, a pair of young backpackers are travelling across Europe, looking for someone who can tell them about a mysterious jar found in a cave in New Zealand, unaware that others, exiled from Eternity, will stop at nothing to take it from them.

It’s a entertaining story, broken into small chunks which can be read as time allows (helpful if you find it difficult to carve out an hour or two at a time). Even the minor characters are fleshed out enough to make them part of the story instead of props. And as the story wraps up with some surprising twists, even the most villainous of the characters begins to show signs of redemption.

Numbers in man page references

I’m always forgetting what they mean and how to use them.

There’s a great answer at: https://unix.stackexchange.com/a/3587/223606

For me, the important parts are:

MANUAL SECTIONS
    The standard sections of the manual include:

    1      User Commands
    2      System Calls
    3      C Library Functions
    4      Devices and Special Files
    5      File Formats and Conventions
    6      Games et. al.
    7      Miscellanea
    8      System Administration tools and Daemons

    Distributions customize the manual section to their specifics,
    which often include additional sections.

And the syntax:

$ man 1 printf
$ man 3 printf
$ man -a printf