The .pkg
file is for OSX. There are some repositories that have binaries for Debian, but it is probably easiest to download and compile the code. NodeJS is updated very frequently - so most repositories have very outdated versions. You will need some development tools (compiler, etc.) to be able to build the source.
sudo apt-get update
sudo apt-get install curl build-essential openssl libssl-dev
You can either download the source from the Node.JS site or pull it from github. The advantage of the latter is ease of maintenance.
NodeJS:
If you wish, you can install node to a directory other than the default, by adding --prefix /path/to/install/directory to your configure line, below. (Only use one of the following, not both)
From GitHub:
sudo apt-get install git-core
cd /usr/local/src ##or whatever directory you like#
git clone https://github.com/joyent/node.git && cd node
./configure
make
sudo make install
From source - tarball:
cd /usr/local/src ##or whatever directory you like#
wget http://nodejs.org/dist/v0.6.6/node-v0.6.6.tar.gz
tar -xzvf node-v0.6.6.tar.gz
cd node-v0.6.6
./configure
make
sudo make install
NPM:
NPM is already included with recent versions of node. Verify that it is installed with npm -v. If a version is displayed, there is no need to do the step below. If the 'easy install' doesn't work for you, you can also download the code and make install.
curl http://npmjs.org/install.sh | sudo sh
So, here are the answers in case anyone comes across this in their own journey:
When you're setting SSL up in node, especially with SPDY, it asks for:
var options = {
key: fs.readFileSync(__dirname + '/keys/spdy-key.pem'),
cert: fs.readFileSync(__dirname + '/keys/spdy-cert.pem'),
ca: fs.readFileSync(__dirname + '/keys/spdy-ca.pem'),
};
It seems that you can use the csr (certificate signing request) as the ca in the SSL setup for self-signed certificates. However, doing that on a production server, means that the certificate chain has problems (the certificate you bought, like RapidSSL, is chained to a lower-level certificate, like GeoTrust. The chain needs to go all the way back since GeoTrust is the one trusted by the browser.) If you don't do the ca file (intermediate certificate file) it's ok in most cases - it'll say that the chain is broken in https://www.ssllabs.com/ssltest but the browsers didn't seem to care. But the correct way is to put the intermediate certificate in the ca spot.
As for node and couch, the problem definitely was permissions. I added couchdb user to the deploy usergroup but since the permissions on the key files are 600, the group still doesn't have access. In my case, I just created a self-signed certificate specially for couchDB.
That means that I have to tell node to trust it by using this config flag:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
So now couch and node talk and use SSL.
As for some of the other questions:
Basic openssl usage seems to work fine with couchdb, so no issues with certain certificate types or anything like that I've come across
I cannot seem to turn on certificate verification for couch in this setup. I just get
SSL: hello: tls_handshake.erl:285:Fatal error: internal error
So leaving that set to false works
It seems that you can safely remove the http server from couchdb's couch.uri file (found at /var/run/couchdb/couch.uri
) and just have the https one.
Hope this helps someone out,
Paul
Best Answer
RHEL is RPM based Linux and apt-get is used for Deb based Linux .Yum is the Package Updater for RPM based Linux.
However you can download the latest NOdeJS package and compile it on your RHEl6
Or, if you'd like to install from the repository