Best practices for configuring, monitoring, and extending



This is a high performance tool, and like all such engineering efforts, you can get yourself into trouble when you try out new features. Here are some best practices to follow as you build out your server.

Port 443

If you are unable to reach the server on port 443, check your firewall settings. If you are able to use a high port like 8443, but not 443, execute this command:

setcap 'cap_net_bind_service=+ep' /usr/bin/node

SSL Certificates

When using a hostname alias, remember that it will only work if you have a "wildcard" SSL certificate, which includes both the hostname and its aliases. Examine your certificate's "Certificate Subject Alt Name" section.

cURL will refuse to connect with a self-signed certificate. Adding an --insecure or -k option to the command line will override this.

File permissions

If the logger reports a file permission violation, review the correct settings for ownership and permissions at File Permissions.

Node.js® location

By default, the Linux package managers (dnf for Fedora/CentOS/RedHat and apt for Ubuntu/Debian) install the node executable to /usr/bin/node. Standard RWSERVE installations are compatible with this.

If you install a newer version of node using nvm or n, they will be installed to /usr/local/bin/node instead, and you will need to edit the /usr/lib/systemd/system/rwserve.service configuration to point to that location.

ExecStart=/usr/local/bin/node /usr/lib/node_modules/rwserve/dist/main.js /etc/rwserve/rwserve.conf

Be sure to save the file with Linux line endings (LF) not Windows line endings (CRLF). Then, issue these commands to reload systemd, grant network capabilities, and restart the HTTP/2 server:

systemctl daemon-reload
setcap 'cap_net_bind_service=+ep' /usr/local/bin/node
systemctl restart rwserve


Failure to supply a valid customer number and access key will be reported in the logger upon startup. See Registration for how to specify these. Repeated failures will eventually disable the server.

Simultaneously using the same access key on more than one server will be reported in the logger upon startup. (Transferring the access key from one device to another is allowed and will not be reported, when not abused.)

Licenses have a limited lifetime. Notices are issued 15 days before expiration. An additional 7 day grace period is allowed for continued operation under an expired license.

When fixing customer-number and access-key issues, allow 1 hour to lapse before trying again.

Invalid customer-numbers and invalid access-keys are treated as forgeries which prevent the server from starting.

Registration settings are verified the first time the server is started, and thereafter on an infrequent basis, whenever checking for outdated versions or the availability of security updates.

Config Syntax

See Configuration Syntax for details.

These mistakes are common:

  • Always use GRAVE-ACCENTS to delimit filenames and paths.
  • Attribute names always begin with an ASTERISK.
  • Always use APOSTROPHES or QUOTATION-MARKS to delimit configuration attribute values that contain spaces or that begin with an initial ASTERISK or FULL-STOP.

Check that all sections and subsections of the configuration file have matched opening and closing curly braces. Only the "One True Brace" syntax is allowed; "Allman style" braces are not allowed.

Remember that host settings are merged with server settings by default. See Merged Configurations for how these rules are implemented.

Carefully check that subsections are inside the correct section. See Config Hierarchy for quick reference.

Use the command line --verify option to check your configuration for possible problems before restarting the server with systemctl.


The modules configuration section is a master switch, and should always be checked when diagnosing why the server is not responding as expected. Two common mistakes are:

  • having the module turned on, but forgetting to add its configuration rules;
  • having a module's section correctly configured, but neglecting to turn the module on.


The Logging facility is your friend. When troubleshooting request/response problems adjust what's logged to provide greater visibility into the request/response cycle.

  • Always examine the log after startup to look for unusual "config" entries.
  • To better understand requests that don't respond as expected, enable "staging" to see processed WorkOrder data.
  • When you can't understand why a response code is not 200, enable "information" header logging.
  • To see TLS rejections, enable "'network" logging.
  • To monitor cluster worker startup/shutdown, enable "cluster" logging.
  • Enable "debug" logging, and add debug statements to your plugin with log.debug(method, message) to trace the flow of your plugin's execution.

Use the command journalctl -u rwserve -f to continuously monitor the request/response cycle.

Developing plugins

Use cURL 7.47.0 or later to automatically issue HTTP/2 requests; specify --http2 for earlier versions.

When using the Node.js inspector, configure multiple ports starting at 9229 for the master worker and 9230, 9231, ... for the workers. Add 'debugger;' statements to your plugin code to halt execution at targeted breakpoints. For debugging convenience, limit the cluster-size to 1 or 2, to reduce the confusion surrounding breakpoints.


Best practices:

  • Use a private git repository (or another version control system) to track changes to your configuration settings.
  • Turn on logging of "staging" and "information" during initial testing.
  • Limit cluster size when using Node.js inspector while debugging plugins.
Read Write Tools icon

Smart tech


Read Write Hub icon

Templates & Content



Rediscover HTML



Best practices for configuring, monitoring, and extending

🔗 🔎