Node.js – Lesson 2: Start server, install dependencies

Next step of creating Node.js application is installing additional frameworks and dependencies that facilitate work with the project.

In our lesson we will use popular web framework “Express” and utility “Nodemon”, that will monitor for any changes in your source and automatically restart your server.

To install this dependencies in console write commands:

npm install express
npm install -D nodemon

Flag -D means that this is developer dependency and it not used in production project.

In section “scripts” write create script “start” and “dev”:

"start": "node index.js",
"dev": "nodemon index.js"

Node.js – Lesson 1: Create first application

First of all You need to install Node.js. On Windows computers go to https://nodejs.org/en/ website, download latest version and install it.

On Linux (Debian, Ubuntu Mint) add PPA repository of Node.js:

curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -

And install nodejs package

sudo apt-get install nodejs

To check Node.js version use command:

node -v
v12.18.3

Now let’s create new application. We will use Visual Studio Code editor. Open terminal and initialize NPM by command:

npm init

This command will create package.json configuration file. This file contains information about all packages, used in application.

How to create and compare md5 checksum of files

To create md5 checksum of all files in folder use command:

md5sum /etc/*

This comment will show all md5 checksum in /etc directory:

To write this checksum in text document use command:

md5sum /etc/* >> /file.txt

To compare checksum of files in folder with checksum of files in text document use command:

md5sum -c /file.txt

If checksums match, near the file will be record “Success”, it means that the file has not changed. Otherwise it means that the file was edited by someone.

To check your system, regularly create checksum files for directories: /etc, /bin, /sbin, / lib

Use md5sub recursive in sub-directories

If You want to create md5 checksum of all files in all sub-directories use next command, it will create md5 checksum of all files in /etc directory:

find -type f -exec md5sum '{}' \; > md5sum.txt

Send Passwords and Restricted Data Securely

Never send your passwords and restricted data openly to other people! All social networks and messengers always save your data on servers and some third persons possibly can read your messages.

If you need to send secret data – send encrypted link that can only be viewed once. Don’t write from which service is this password, tell it to other person by phone or in other messenger.

In this case, the connection between the service and the password is broken and no one will be able to get the password, except to whom you sent the message.

One of such service, that encrypt your messages and delete it immediately after reading is: One Time Self Destructing Links (https://note.uax.cloud/en)

This service with open source and MIT license encrypt your message and generate special URL link, that you can send in social network or messenger to other people, after reading your message it will be automatically destroyed and no one will be able to read your message again.

Cambium ePMP 1000 configure 30 km wireless link

To build 30 km point-to-point wireless connection on speed 100 Mbit/s we used two Cambium ePMP 1000 and two 27 dBi parabolic MIMO antennas.

To create point-to-point wireless link we need to configure first antenna as Access Point and the second antenna as Station. First of all make sure there are no interference in front of the antennas:

Let’s configure access point, to log in to the configuration panel open in your web browser address: 192.168.0.1 (Access Point) or 192.168.0.2 (Station). By default enter login: admin and password: admin

We will configure our link based on this schema:

On Access Point select SSID, your country code, work frequency, channel width (20 or 40 mHz) and security password:

Also to achieve the best result select TDD wireless protocol.

On the other side on Station antenna select the same parameters, but in Radio Mode select Subscriber Module.

Don’t forget to change default administrator passwords on both antennas and change your own static or dynamic IP addresses.

On page Monitor->Wireless make sure that your Station connected to Access Point:

Mikrotik – block access between two networks

We have two local networks on Mikrotik router, for example:
Network1: 192.168.1.0/24 on ether1 interface
Network2: 192.168.2.0/24 on ether2 interface

Let’s prevent access between devices of this two networks.

In Mikrotik terminal go to Firewall Filter:

/ip firewall filter

And create this two rules:

add chain=forward action=drop src-address=192.168.2.0/24 dst-address=192.168.1.0/24
add chain=forward action=drop src-address=192.168.1.0/24 dst-address=192.168.2.0/24

That’s all, now Mikrotik will block all traffic from computers in Network1 to computers in Network2 and from Network2 to Network1.

All other traffic to Internet will be working normally.

If You want to block traffic only from Network2 to Network1 – write only one rule:

add chain=forward action=drop src-address=192.168.2.0/24 dst-address=192.168.1.0/24

Mikrotik firewall DNS attach prevent

If You have white IP on Your mikrotik You can watch high transmit traffic on the WAN interface.

To prevent this – block DNS traffic to 53 port on Your WAN interface (IP > Firewall > Filter):

On graph we can see that after blocking 53 port transmit traffic fell from 25 Mbit/s to 5 Mbit/s:

How To Set Up Apache Virtual Hosts on Ubuntu Linux

You will need to have Apache installed in order to work through these steps. If you haven’t already done so, you can get Apache installed on your server through apt-get:

sudo apt-get update
sudo apt-get install apache2

For example let’s create virtual Apache host test.host. Create host directory:

sudo mkdir -p /var/www/test.host/public_html

Now we have the directory structure for our files, but they are owned by our root user. If we want our regular user to be able to modify files in our web directories, we can change the ownership by doing this:

sudo chown -R $USER:$USER /var/www/test.host/public_html

We should also modify our permissions a little bit to ensure that read access is permitted to the general web directory and all of the files and folders it contains so that pages can be served correctly:

sudo chmod -R 755 /var/www

Virtual host files are the files that specify the actual configuration of our virtual hosts and dictate how the Apache web server will respond to various domain requests.

Apache comes with a default virtual host file called 000-default.conf that we can use as a jumping off point. We are going to copy it over to create a virtual host file for each of our domains.

We will start with one domain, configure it, copy it for our second domain, and then make the few further adjustments needed. The default Ubuntu configuration requires that each virtual host file end in .conf. Start by copying the file for the first domain:

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/test.host.conf

Open the new file in your editor with root privileges:

sudo nano /etc/apache2/sites-available/test.host.conf

Change this file look something like this:

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName test.host
    ServerAlias www.test.host
    DocumentRoot /var/www/test.host/public_html

    <Directory /var/www/test.host/public_html>
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Now that we have created our virtual host files, we must enable them. Apache includes some tools that allow us to do this.

sudo a2ensite test.host.conf

Next, disable the default site defined in 000-default.conf:

sudo a2dissite 000-default.conf

When you are finished, you need to restart Apache to make these changes take effect:

sudo service apache2 restart

Mikrotik create SSTP server

1. Create CA certificate on Mikrotik:

On tab “Key Usage” leave only crl sign and key cert. sign

2. Create server certificate:

On tab “Key Usage” uncheck all options:

3. Open certificate CA and Sign it:

CA CRL Host – host where your certificate will be checked, write there IP address or domain name of Your Mikrotik.

Field CA need to be empty.

4. Now we signed root certificate, let’s sign Server certificate: open Server certificate, click Sign, in field CA select certificate CA.

That’s all we created our certificates, now let’s create SSTP Server on Mikrotik

5. Creating SSTP Server on Mikrotik.

And now create Your user profile: go to PPP > Secrets, click Add (+) and write user name, password, service, IP address like on screenshot:

Configure SSTP client in Windows 10

First go to the System > Certificates and Export CA certificate:

Download certificate from Mikrotik > Files to Your PC and install it:

Now create new VPN connection:

Also You can use this SSTP connection in Linux – How to install SSTP Client in Linux read in this article: Connect to SSTP server from Linux

Connect to SSTP server from Linux

SSTP is Microsofts Remote Access Solution (RAS) for PPP over SSL. It can be used instead of PPTP or L2TP, and is only available with Windows Vista/7 connecting to a Windows 2008 Server. The advantage of SSTP compared to PPTP and L2TP is that it cannot be easily blocked by firewalls since the traffic is transmitted over HTTPS on port 443.

In Ubuntu Linux we can connect to SSTP by using SSTP-Client project on SourceForge.

To install SSTP-Client on Ubuntu add PPA repository:

sudo add-apt-repository ppa:eivnaes/network-manager-sstp

Then update package list and install packages sstp-client, network-manager-sstp by commands:

sudo apt update
sudo apt install sstp-client network-manager-sstp

Package network-manager-sstp is used only on Linux with graphic interface, on console Linux You don’t need to install this package.