• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Node.JS and SSL - Permission denied while trying to get certificates

PiTiNiNjA

PiTiNiNjA

New Pleskian
Hello,

I'm trying to setup a NodeJs application on my Plesk server.

I have an error while trying to run the script through the NodeJs extension:

Error: EACCES: permission denied, open '/usr/local/psa/var/modules/letsencrypt/etc/live/[MyDomain]/privkey.pem'

I understand that the user running the NodeJs application doesn't have the proper permissions to read the certificates.

How can I get my NodeJS app to access the certificate files? Should I manually edit the permissions (this doesn't seem right to me because of security)? Or is there any other way?

Thanks.
 
Same problem here, I altered the permissions of the file using chmod +r {path to pem files}, I get a green padlock but the code fails with an error
Error: EACCES: permission denied

Further down it states https in enabled. on the error page
 
I'm not sure changing the file permission is the solution here, because I think it will eventually be overwritten by the certificate renewal.
I'm pretty sure there must be a way to give permission to the user running the NodeJS script, but I don't know how to do it properly.
 
Hi, thank you for your time Ruslan.

I have a Debian 9 server with Plesk 17.8 preview and the NodeJS extension.
I added a domain (let's say my.domain.com) with web hosting and put my NodeJS app files in the httpdocs folder.

The SSL/HTTPS code in my index.js looks like this:

//[...]
//https
var https = require('https');
//ssl options
var sslPath = '/etc/letsencrypt/live/my.domain.com/';
var options = {
key: fs.readFileSync(sslPath+'privkey.pem'),
cert: fs.readFileSync(sslPath+'fullchain.pem')
};
//init https server
var server = https.createServer(options, app);
//[...]

When I start my application, it throws an error:
Error: EACCES: permission denied, open '/usr/local/psa/var/modules/letsencrypt/etc/live/my.domain.com/privkey.pem'

The error seems legit since the certificate files are well protected and that's a good thing.
Though I don't know how I can get to read them in order to secure my app?

I've tried so far to create symbolic links in my app folder pointing to the certificate files, then chown the links with the --no-dereference option to keep the original files untouched.
Unfortunalty it didn't fix anything since the ownership is not the only issue, I also have to chmod but it's impossible to chmod with --no-dereference and I certainly don't want to change any original file permission which would be I guess a security issue.

I hope I have explained well, sorry for the long potato post.
 
There is no need to setup SSL certification parameters inside your Node.js app. SSL certificate should be configured using Plesk web interface.
Node.js app acts behind Phusion Passenger application server bundled with nginx or Apache (depends on your Plesk setup). It means if you open your website in browser request goes to nginx, then to Passenger and only then to your Node.js app. So you makes no sense to have SSL certificate details inside Node.js app, because it should be configured on upsteam webserver.

You can find ready-to-use example of small Node.js app suitable for Plesk here: node-hello-world/app.js at master · plesk/node-hello-world · GitHub
 
SibProgrammer said:
There is no need to setup SSL certification parameters inside your Node.js app. SSL certificate should be configured using Plesk web interface.
Node.js app acts behind Phusion Passenger application server bundled with nginx or Apache (depends on your Plesk setup). It means if you open your website in browser request goes to nginx, then to Passenger and only then to your Node.js app. So you makes no sense to have SSL certificate details inside Node.js app, because it should be configured on upsteam webserver.

You can find ready-to-use example of small Node.js app suitable for Plesk here: node-hello-world/app.js at master · plesk/node-hello-world · GitHub
Click to expand...

Dear SibProgrammer, huge thanks for explaining this. I will try asap and let you know.

EDIT
It is working! As pointed by SibPogrammer, no need to setup SSL within the NodeJS sript, Plesk/Nginx takes care of that for you. Good to know! Many thanks.
 
Last edited:
You must log in or register to reply here.

Similar threads

I
Issue Websocket connection failing on Plesk server
Replies
1
Views
2K
Kaspar
K
K
Issue Cannot access vite config file
Replies
3
Views
2K
scsa20
scsa20
M
Issue node permissions problem
Replies
3
Views
3K
kylexu22
K
J
Issue Permission Denied Error with Auto Login Button Using Plesk API on Debian 10
Replies
3
Views
1K
Kaspar@Plesk
Kaspar@Plesk
P
Question Plesk login 8443 cannot be called up
Replies
8
Views
892
Kaspar@Plesk
Kaspar@Plesk
Back
Top