PencilBlue on Fedora 20

Tom Callaway (spot) mentioned a company local to the Raleigh area, publishing an open source CMS, called PencilBlue. PencilBlue is written with Node.js, a server environment leveraging Javascript.

You might wonder why I’m even considering trying a different platform. After all, I’m already a user of WordPress; I also work for a company that produces some killer middleware (that actually has commercial support).

Well, there are a few reasons why I’d be interested in kicking PencilBlue’s tires:

WordPress works, but as a CMS it’s somewhat lacking. Plus, it’s PHP – and I feel dirty even typing that. I have to admit, I like WordPress’ ecosystem; that’s why I use it in the first place… but I’m always hunting for the next thing.

WildFly is awesome; I really like working with it, and unlike Glassfish, you’re not hoping that Oracle will continue to support it. (Hint: they probably won’t, because Glassfish eats users from their cash cows. This is my opinion only.) However… My VPS isn’t all that large, and while WildFly’s pretty light, it’s still going to be heavy for the virtual server I’m using. The list of WildFly features my websites use is… very small. Not enough to justify the deployment on a public website for me. Your websites – especially if they’re not hobbyist things like mine – would not have this consideration; it’d likely be worth it for you to use WildFly.

I like to try new things – and PencilBlue gives me a chance to dip my toes in Node.js’ waters as well as checking out a new open source product. (Because open source is a Good Thing, you know?)

Installation of PencilBlue was very straightforward, with three steps:

Install PencilBlue

Open up a console on Fedora, and use the following commands:

sudo yum install npm nodejs git mongodb-server sudo systemctl enable mongodb sudo systemctl start mongodb

This installs git, Node.js, and MongoDB, and starts a MongoDB instance.

Change to where you want to install the application – let’s say /srv/develop/ for my test instance – and check out the PencilBlue repository; then let’s have Node.js install PencilBlue’s dependencies.

su - # change to a user with write access mkdir /srv # if it doesn't already exist cd /srv mkdir logs git clone https://github.com/pencilblue/pencilblue.git develop chown -R apache:apache /srv/* cd develop npm install cp sample.config.json config.json

We’ll want to edit that config.json file: it has a value for "siteRoot" that we’ll want to change to our actual host, so I set the line to this:

"siteRoot": "http://developerstorm.com",

We also might want to change the site port or otherwise firewall it off.

We actually have a site that we can use at this point, but we’re relying on manual startup and we can’t actually reach the system without specifying the (to-be-closed) port. What we need to do now is configure systemd to start our application automatically, and then configure nginx to forward to our application.

Configure systemd

systemd is how Fedora manages system services; what we need to do is write the service, and then tell systemd to manage it for us. (We already did this for MongoDB, when we prepared our system for PencilBlue; what we’re going to do is write the part that tells systemd how to manage our installation.)

It’s really simplicity itself. What I did was created a file, /usr/lib/systemd/system/developerstorm.service with the following contents:

[Service] ExecStart=/bin/node /srv/develop/pencilblue.js Restart=always StandardOutput=syslog StandardError=syslog SyslogIdentifier=nodejs User=apache Group=apache Environment=NODE_ENV=production [Install] WantedBy=multi-user.target

Using the apache user and group like this is not very wise. Make sure to harden your deployment.

I have nginx configured to run with the apache user and group; I made sure to set the directory ownership to apache, when I installed the PencilBlue app.

Believe it or not, we’re actually ready to start our application (and make sure it’s restarted if the server should reboot):

sudo systemctl enable developerstorm sudo systemctl start developerstorm

If we haven’t closed off port 8080 to external access, we should be able to hit the application at this point.

Want to block port 8080? In Linux, use the following commands to block 8080 from external addresses while allowing the port forwarding to work: sudo iptables -A INPUT -p tcp --dport 8080 -s 127.0.0.1 -j ACCEPT sudo iptables -A INPUT -p tcp --destination-port 8080 -j DROP sudo service iptables save

Configure nginx

At last, it’s time to actually set up our site. First, let’s look at the site configuration file, which I have as /etc/nginx/sites-available/develop.local :

server { server_name developerstorm.com; access_log /srv/develop/logs/access.log; error_log /srv/develop/logs/error.log; root /srv/www/develop/public_html; location / { proxy_pass http://localhost:8080/; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

I then linked this file to another configuration directory:

sudo mkdir /etc/nginx/sites-enabled # if it doesn't exist sudo ln -s /etc/nginx/sites-available/develop.local /etc/nginx/sites-enabled/develop.local

Lastly, I altered /etc/nginx/conf . Look for include /etc/nginx/conf.d/*.conf; and add a line:

# Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*;

After we’ve done that, all we need to do is restart nginx:

sudo systemctl restart nginx

And we’re done! We should be able to hit our url (in my case, http://developerstorm.com), set up our initial user, and start playing with PencilBlue.

I haven’t actually done anything with it yet – as of this writing, if you go to that URL it gives you a blank site – but it’s installed and running. Next I’ll see how it manages content.

Important Note

For one thing, the names and details have been changed – this setup works, but it’s not entirely secure or trustworthy. I’ll work on hardening it – this was mostly to get a server up and running to try it out.

Share this: Facebook

Reddit

Twitter

Pinterest

LinkedIn



Like this: Like Loading...