Saturday, May 4, 2013

Node, Ubuntu Security POC

For my Ubuntu configuration of Node.js, there were six parts...listed below.  

The basic flow is for a router to forward to the port where the proxy is listening.  The iptables configuration allows non-LAN originated traffic to connect only to this proxy port.  This port is configured only for SSL.  

When the user hits the proxy port the user's browser is requested to provide its SSL client certificate.  If successful, the user attempts to authenticate with the primary Node.js application using the Node.js Passport module.  Authentication will be discussed in a later post.

1.  Node-http-proxy:

2.  SSL:

3.  Node SSL configuration:

4.  Browser SSL configuration:

  • The client certificates from step 2 will need to be manually loaded into each user's browser.  On the iPad, it seems that the certificates are only recognized by the Safari browser and not Chrome.

5.  Upstart Script:

6.  Monit Script:

  • To monitor the server, the Node-http-proxy, and the primary Node.js processes, I used Monit.  The instructions at the following link were helpful:
  • See my Monit script on my Monit Script page in the nav bar.