How to Install node.js on a cPanel Server

node js

Installation of node.js is  not yet officially supported by cPanel.However It’s still a feature request .

(Discussion at Official cPanel Forum too )

What is Node.Js?

Node.js is an application development software written in and for javascript for real-time event-driven applications,more at

The Installation Procedure:

Installing node.js on a cPanel VPS  doesn’t involve any complex tasks.  Prior beginning the installation make sure following requirements are met:

GCC 4.2 or newer
Python 2.6 or 2.7
GNU Make 3.81 or newer

Run and Update for any software in the above list (If not up to date).

Initially download latest version from .


Next, extract the node.js tarball and install it:

tar -xzvf  node-v0.11.9.tar.gz
cd node-v0.11.9
make && make install

The installation will take a while to complete . Now upon completion we could test it working.Check the version

[root@sh csf]# node -v

[root@sh csf]# which node
[root@sh csf]# /usr/local/bin/node --help

Usage: node [options] [ -e script | script.js ] [arguments] node debug script.js [arguments]

-v, --version print node's version
-e, --eval script evaluate script
-p, --print evaluate script and print result
-i, --interactive always enter the REPL even if stdin
does not appear to be a terminal
--no-deprecation silence deprecation warnings
--trace-deprecation show stack traces on deprecations
--v8-options print v8 command line options
--max-stack-size=val set max v8 stack size (bytes)
Environment variables:
NODE_PATH ':'-separated list of directories
prefixed to the module search path.
NODE_MODULE_CONTEXTS Set to 1 to load modules in their own
global contexts.
NODE_DISABLE_COLORS Set to 1 to disable colors in the REPL

Documentation can be found at

Testing the  Installation:

Just scroll to  cd /usr/local/cpanel/htdocs

vi server.js

var http = require("http");
http.createServer(function(request, response) {
response.writeHead(200, {"Content-Type": "text/plain"});
response.write("Hello Test");

save and quit

Open the port 8080 in your firewall via csf conf .

vi /etc/csf/csf.conf

TCP IN, OUT ===>8080
save and quit

csf -r

(from the dir/usr/local/cpanel/htdocs execute below )
/usr/local/bin/node server.js

Now access

You will get a confirmation message in your browser that says “Hello World”.

If you need to direct traffic for our domain to the node.js build, you could implement it using via the .htaccess file by following rules.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.domain\.com$
RewriteRule ^(.*) "http\:\/\/127\.0\.0\.1\:8080\/$1" [P,L]

Your domain name replaces “domain” in the above example. Just visit your domain again!

The above installation is tested under latest cpanel .

[root@sh]# cat /usr/local/cpanel/version

Let us know whether any sort of change or modification  is needed for  above installation, suggestions are invited!

SSL and Related CyberSecurity Threats:An Outlook

ssl security

“Change is a challenge and an opportunity, not a threat”, – (words coined by Prince Philip,Duke of Edinburgh)  And readers Iam just  yelling up on  the Cyber security threats revolving frequently against SSL,  as It normally compel the Cyber Experts to accept frequent challenges.

Recently in October 14 the web world witnessed yet another Internet bug that threatens to make your private conversations public. The new enemy: “Poodle” attacks.Previous attacks like  Heartbleed and Shellshock allowed hacks against servers while POODLE allows hacking clients (your web-browsers) .

“My browser outputs the padlock and voila… I am secure” , Is it So ? Do you get my point ? Of course you do , Most of You will be familiar with the padlock icon to indicate the connection is secure while we visit a secured site as it highlights the ‘https’ text in green. But those green indicator have already blown up the several organizations security strategies.

What is SSL/TLS ? (A Roll back into it’s basics)

The TLS (Transport Layer Security) protocol and its predecessor, the SSL (Secure Sockets Layer)  protocol, are a core part of HTTPS (Hypertext Transfer Protocol Secure), the primary method of securing communications on the Web. SSL is probably the most important security protocol on the  Internet. We mostly refer to SSL by the dual moniker SSL/TLS, since the protocol suite known as Secure Sockets Layer was upgraded and renamed to Transport Layer Security back in 1999.

SSL/TLS Version History

  • SSL 1.0: Dates back to the early 90s and was never publicly released (originally developed by Netscape)
  • SSL 2.0: From 1995 and met a need in a rapidly emerging web world, but was rather buggy
  • SSL 3.0: Launched in ‘96 and solved a bunch of issues from 2.0 via a complete redesign
  • TLS 1.0: Came into being in ‘99 and was an evolutionary improvement on SSL, albeit one without interoperability
  • TLS 1.1: RFC from 2006 and contains various defences against attacks on earlier versions
  • TLS 1.2: This time from ‘08 with a bunch of features to strengthen the cryptographic implementation.

The DTLS (Datagram Transport Layer Security) protocol is based on TLS and used for encrypting connections between applications that communicate over UDP (User Datagram Protocol).The comparison of TLS implementations  could be  viewed at  Comparison_of_TLS_implementations

Is there a Bad SSL Certificate?

SSL users can also get help through a recently started SSL Blacklist , an  online and downloadable resource of SSL certificates associated with malware or botnet activities.

How a Normal SSL or Man – In – Middle Attacks works ?

Say the connection between your browser and the destination server at the URL you’re visiting is  supposed to be encrypted. But due to the fact the certain types of SSL certificates (which help handle the encryption) can be forged, an attacker could set up their fake server that pretends to the be the real destination server, and thus insert themselves in the middle of the connection. When that is done, the attacker has control over the connection and the data, and can thus decrypt your data, manipulate it, and/or pass it on to the real intended destination server.

Does SSL Matters?

Yes it’s now white clear with the recent PODDLE – ( Padding Oracle On Downgraded Legacy  Encryption ) attack [CVE-2014-3566], SSL got poked again which intruded and created a gap hole  in several organizations security strategy.Even with a trusted SSL connection the SSL attacks could  gain administrator access to cloud servers. You could view the vulnerabilities reported recently via  OpenSSL [OpenSSL is an open-source implementation of  the SSL and TLS protocols.] .Though Transport Layer Security (TLS) has taken over it’s predecessor SSL ,still globally SSL is widely used.

To an extend with the PODDLE attacks reported, firmly resulted SSL3 as almost a dead face ,and it seems that browser vendors are not interested in that approach. Firefox said they would disable SSL  3 in Firefox 34. Google now plans to remove SSL 3.0 altogether from its client software, including the Chrome browser, in the coming months.

Research Exposes the Gaping hole

A POODLE attack could use techniques similar to those used in the BEAST attacks (Browser Exploit Against SSL TLS-This attack was revealed at the Ekoparty Security Conference in 2011) to implement man-in-the-middle type attacks and intercept session cookies used to log on to web mail and other online accounts, so the attacker can access the encrypted data.

Prior to the POODLE Attack was the Heartbleed vulnerability in OpenSSL— (around from 2011)  —is in use in nearly 20% of the world’s web servers. These numbers ironically exposes the impact of a single vulnerability has on all organizations when keys and certificates are exposed.  You could view the SSL pulse rate ,  [a project  created by Qualys to monitor the quality of SSL/TLS support across the Web].

Another attack that had global impact was the the Mask APT operators ( identified as “one of the most advanced threats” )  Compromising a rampage on organizations. The most funny (ironical)  thing was it was around 7 years, Mask attacks went undiscovered, stealing credentials such as SSL, VPN, and SSH cryptographic keys and digital certificates.

About 25 to 30% of all Enterprise Network Traffic is encrypted with SSL/TLS currently.  According to Gartner [ the world’s leading information technology research and advisory company]  SSL traffic will grow 25% every year. While FireEye, Inc. (Cyber Security & Malware Protection Inc.) upon analysing the most downloaded free apps in Google Play,confirmed that nearly 68 percent were impacted by secure sockets layer (SSL) vulnerabilities.These popular apps allow an attacker to intercept data exchanged between the Android device and a remote server.

New Approaches : Keyless SSL

Cloud security vendor CloudFlare is out recently with a new technology approach called Keyless SSL that aims to overcome a key barrier to organizations’ adoption of the cloud.CloudFlare provides a  cloud-based security service that can protect organizations against multiple forms of attack, including large-scale distributed denial-of-service (DDoS) attacks. More at   Keyless SSL

Alternatives to SSL?

Partially we have to admit the efforts employed by SSL Developers , though the SSL security involve decreasing risks , lots of  enhancements and improvements are being made in the SSL/TLS protocols (servers and client systems ) to protect and reduce the impact of vulnerabilities and exploits. Mostly the packages included by operating system and application vendors to manage and support SSL and its supporting systems have been drastically improved.Also most security vendors and experts indicates that POODLE attack brings some positive changes too as it has sounded the death knell for the older version of the SSL protocol for encrypted communications.

If you reached at this point under this article , readers , definitely I have a query to you : If SSL is “broken”, is there a technology that replace it and be more effective? Is there a more secure alternative? Do you have any predictions for what the next generation of online security might be?

How to add ssl certificate for a domain in Tomcat 8 server

tom cat ssl certificate

The following procedure will help you to add an ssl certificate in your tomcat 8 server.

Let us assume /opt/tomcat will be the tomcat installation folder and we are going to install it for a doamin

Step 1 : Generate a Certificate Signing Request (CSR) for your domain

# mkdir /opt/tomcat/ssl
# cd /opt/tomcat/ssl
# keytool -genkey -alias -keyalg RSA -keysize 2048 -keystore fun_com.jks -dname ",OU=Technical, O=Fun Technologies Limited, L=Talvia, ST=kbgrp, C=IN" && keytool -certreq -alias -file fun_com.csr -keystore fun_com.jks

Step 2 . Use the CSR file fun_com.csf for purchasing a real ssl certificate , let us say I bought it from comodo. Now we need to add all th CA root and other trust certificate to the above keystore file fun_com.jks as follows,

#keytool -import -trustcacerts -alias ExternalCARoot -file AddTrustExternalCARoot.crt -keystore /opt/tomcat/ssl/fun_com.jks

#keytool -import -trustcacerts -alias ComodoAddTru -file COMODORSAAddTrustCA.crt -keystore /opt/tomcat/ssl/fun_com.jks

Step 3 : Add the certificate file too to the keystore

# keytool -import -trustcacerts -alias fun -file fun_com.crt -keystore /opt/tomcat/ssl/fun_com.jks

Step 4 : Now check the keystore and you can see all certificate and chain crts are added to the keystore

#keytool -list -keystore /opt/tomcat/ssl/fun_com.jks

Now open the server.xml ( in /opt/tomcat/conf/server.xml ) file and enable the following sections

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/tomcat/ssl/fun_com.jks" keystoreType="JKS" keystorePass="changeit"/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Now restart the tomcat server

/etc/init.d/tomcat restart

You may now verify your ssl by calling your domain name over https from your browser.

Danginx version 5.1 available for update

A new version of Danginx , v5.1 ,is available with the following bug fix / features

Bug fix : Fixed issue related with “Apache functioning normally ” in new domain / subdomains

Details : Recent versions of directadmin looks need a restart after making change to /usr/local/directadmin/conf/directadmin.conf . Otherwise the directadmin works with the old settings. So if you change directadmin apache port variable port_80 and forget to restart directadmin , then it will work with old port for updating /usr/local/directadmin/data/users/USERNAME/httpd.conf file. This will result in showing “Apache functioning normally” for adding new domains or subdomains from your directadmin control panel.

We added option to restart directadmin service after making update in directadmin.conf . This fixed the current issue.

We recommend to update to danginx 5.1 if you are updating your directadmin.

cPremote version 7.10 is available for update

An updated version of cPremote , v7.10 is available for update. This version have a security fix related with poodle ssl vulnerability. It is recommend to update to the latest version.