Best practices for configuring, monitoring, and extending
This is a high performance tool, and like all such engineering efforts, you can get yourself into trouble when you try out new features. Here are some best practices to follow as you build out your server.
If you are unable to reach the server on port 443, check your firewall settings. If you are able to use a high port like 8443, but not 443, execute this command:
setcap 'cap_net_bind_service=+ep' /usr/bin/node
When using a hostname alias, remember that it will only work if you have a "wildcard" SSL certificate, which includes both the hostname and its aliases. Examine your certificate's "Certificate Subject Alt Name" section.
cURL will refuse to connect with a self-signed certificate. Adding an
-k option to the command line will override this.
If the logger reports a file permission violation, review the correct settings for ownership and permissions at File Permissions.
By default, the Linux package managers (
dnf for Fedora/CentOS/RedHat and
apt for Ubuntu/Debian) install the node executable to
/usr/bin/node. Standard RWSERVE installations are compatible with this.
If you install a newer version of node using
n, they will be installed to
/usr/local/bin/node instead, and you will need to edit the
/usr/lib/systemd/system/rwserve.service configuration to point to that location.
ExecStart=/usr/local/bin/node /usr/lib/node_modules/rwserve/dist/main.js /etc/rwserve/rwserve.conf
Be sure to save the file with Linux line endings (LF) not Windows line endings (CRLF). Then, issue these commands to reload systemd, grant network capabilities, and restart the HTTP/2 server:
setcap 'cap_net_bind_service=+ep' /usr/local/bin/node
systemctl restart rwserve
Failure to supply a valid customer number and access key will be reported in the logger upon startup. See Registration for how to specify these. Repeated failures will eventually disable the server.
Simultaneously using the same access key on more than one server will be reported in the logger upon startup. (Transferring the access key from one device to another is allowed and will not be reported, when not abused.)
Licenses have a limited lifetime. Notices are issued 15 days before expiration. An additional 7 day grace period is allowed for continued operation under an expired license.
When fixing customer-number and access-key issues, allow 1 hour to lapse before trying again.
Invalid customer-numbers and invalid access-keys are treated as forgeries which prevent the server from starting.
Registration settings are verified the first time the server is started, and thereafter on an infrequent basis, whenever checking for outdated versions or the availability of security updates.
See Configuration Syntax for details.
These mistakes are common:
- Always use GRAVE-ACCENTS to delimit filenames and paths.
- Attribute names always begin with an ASTERISK.
- Always use APOSTROPHES or QUOTATION-MARKS to delimit configuration attribute values that contain spaces or that begin with an initial ASTERISK or FULL-STOP.
Check that all sections and subsections of the configuration file have matched opening and closing curly braces. Only the "One True Brace" syntax is allowed; "Allman style" braces are not allowed.
Remember that host settings are merged with server settings by default. See Merged Configurations for how these rules are implemented.
Carefully check that subsections are inside the correct section. See Config Hierarchy for quick reference.
Use the command line
--verify option to check your configuration for possible problems before restarting the server with
modules configuration section is a master switch, and should always be checked when diagnosing why the server is not responding as expected. Two common mistakes are:
- having the module turned on, but forgetting to add its configuration rules;
- having a module's section correctly configured, but neglecting to turn the module on.
The Logging facility is your friend. When troubleshooting request/response problems adjust what's logged to provide greater visibility into the request/response cycle.
- Always examine the log after startup to look for unusual "config" entries.
- To better understand requests that don't respond as expected, enable "staging" to see processed WorkOrder data.
- When you can't understand why a response code is not
200, enable "information" header logging.
- To see TLS rejections, enable "'network" logging.
- To monitor cluster worker startup/shutdown, enable "cluster" logging.
- Enable "debug" logging, and add debug statements to your plugin with
log.debug(method, message)to trace the flow of your plugin's execution.
Use the command
journalctl -u rwserve -f to continuously monitor the request/response cycle.
Use cURL 7.47.0 or later to automatically issue HTTP/2 requests; specify
--http2 for earlier versions.
When using the Node.js inspector, configure multiple ports starting at 9229 for the master worker and 9230, 9231, ... for the workers. Add
'debugger;' statements to your plugin code to halt execution at targeted breakpoints. For debugging convenience, limit the
cluster-size to 1 or 2, to reduce the confusion surrounding breakpoints.
- Use a private
gitrepository (or another version control system) to track changes to your configuration settings.
- Turn on logging of "staging" and "information" during initial testing.
- Limit cluster size when using Node.js inspector while debugging plugins.