README.md 49.7 KB
Newer Older
Aral Balkan's avatar
Aral Balkan committed
1
# Site.js
Aral Balkan's avatar
Aral Balkan committed
2

Aral Balkan's avatar
Aral Balkan committed
3
[![Screenshot of the Site.js web site header](images/site.js.jpeg)](https://sitejs.org)
4

Aral Balkan's avatar
Aral Balkan committed
5
6
## Develop, test, and deploy your secure static or dynamic personal web site with zero configuration.

Aral Balkan's avatar
Aral Balkan committed
7
__Site.js is a [small](https://ar.al/2019/03/04/small-technology/) personal web tool for Linux, macOS, and Windows 10.__
Aral Balkan's avatar
Aral Balkan committed
8

Aral Balkan's avatar
Aral Balkan committed
9
Most of our tools today are built for the needs of startups and enterprises – Site.js is built for people.
Aral Balkan's avatar
Aral Balkan committed
10
11
12

## Features

Aral Balkan's avatar
Aral Balkan committed
13
14
  - Zero-configuration – It Just Works 🤞™.

Aral Balkan's avatar
Aral Balkan committed
15
16
17
18
19
20
  - Seamless single binary [install](#install) (thanks to [Nexe](https://github.com/nexe/nexe)).

  - Automatically provisions locally-trusted TLS for development (courtesy of [mkcert](https://github.com/FiloSottile/mkcert) seamlessly integrated via [Nodecert](https://source.ind.ie/hypha/tools/nodecert)).

  - Automatically provisions globally-trusted TLS for staging and production (courtesy of [Let’s Encrypt](https://letsencrypt.org/) seamlessly integrated via [ACME TLS](https://source.ind.ie/hypha/tools/acme-tls) and [systemd](https://freedesktop.org/wiki/Software/systemd/). Your server will score an A on the [SSL Labs SSL Server Test](https://www.ssllabs.com/ssltest).)

Aral Balkan's avatar
Aral Balkan committed
21
  - Supports static web sites, dynamic web sites written in JavaScript, and hybrid sites (via integrated [Node.js](https://nodejs.org/) and [Express](https://expressjs.com)).
Aral Balkan's avatar
Aral Balkan committed
22

Aral Balkan's avatar
Aral Balkan committed
23
  - Can be used as a proxy server (via integrated [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware)).
Aral Balkan's avatar
Aral Balkan committed
24

Aral Balkan's avatar
Aral Balkan committed
25
  - Supports WebSockets (via integrated [express-ws](https://github.com/HenningM/express-ws), which itself wraps [ws](https://github.com/websockets/ws)).
Aral Balkan's avatar
Aral Balkan committed
26

27
  - Supports [DotJS](#dotjs) (PHP-like simple routing for Node.js to quickly prototype and build dynamic sites).
Aral Balkan's avatar
Aral Balkan committed
28

29
  - And, for full flexibility, you can define your HTTPS and WebSocket (WSS) routes entirely in code in the traditional way for Express apps.
Aral Balkan's avatar
Aral Balkan committed
30

31
32
  - Live reload on static pages.

Aral Balkan's avatar
Aral Balkan committed
33
  <ins>Note:</ins> Live deployments via startup daemons are only supported on Linux distributions with systemd.
Aral Balkan's avatar
Aral Balkan committed
34

35
## Install
Aral Balkan's avatar
Aral Balkan committed
36

Aral Balkan's avatar
Aral Balkan committed
37
38
Copy and paste the following commands into your terminal:

39
### Native binaries
Aral Balkan's avatar
Aral Balkan committed
40

41
42
43
__Before you pipe any script into your computer, always view the source code ([Linux and macOS](https://site.js/install), [Windows](https://site.js/windows)) and make sure you understand what it does.__

#### Linux
Aral Balkan's avatar
Aral Balkan committed
44

45
```shell
Aral Balkan's avatar
Aral Balkan committed
46
wget -qO- https://sitejs.org/install | bash
Aral Balkan's avatar
Aral Balkan committed
47
48
```

49
50
51
52
53
54
#### macOS

```shell
curl -s https://sitejs.org/install | bash
```

Aral Balkan's avatar
Aral Balkan committed
55
#### Windows 10 with PowerShell running under Windows Terminal
56
57

```shell
58
iex(iwr -UseBasicParsing https://sitejs.org/install.txt).Content
59
60
```

Aral Balkan's avatar
Aral Balkan committed
61
62
### Node.js

63
```shell
Aral Balkan's avatar
Aral Balkan committed
64
npm i -g @small-tech/site.js
Aral Balkan's avatar
Aral Balkan committed
65
66
```

67
68
69
70
## System Requirements

### Linux

Aral Balkan's avatar
Aral Balkan committed
71
Any recent Linux distribution should work. However, Site.js is most thoroughly tested on Ubuntu 19.04/Pop!_OS 19.04 (development and staging) and Ubuntu 18.04 LTS (production) at [Small Technology Foundation](https://small-tech.org).
72

73
There are builds available for x64 and ARM (tested and supported on armv6l and armv7l only. Tested on Rasperry Pi Zero W, 3B+, 4B).
74

75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
For production use systemd is required.

### macOS

macOS 10.14 Mojave and macOS 10.15 Catalina are supported (the latter as of Site.js 12.5.1).

_Production use is not possible under macOS._

### Windows 10

The current version of Windows 10 is supported with PowerShell running under [Windows Terminal](https://github.com/Microsoft/Terminal).

__Windows Subsystem for Linux is _not_ supported.__

_Production use is not possible under Windows._

91
92
## Dependencies

93
Site.js tries to install the dependencies it needs seamlessly while running. That said, there are certain basic components it expects on a Linux-like system. These are:
94
95
96
97
98
99
100
101

  - `sudo`
  - `libcap2-bin` (we use `setcap` to escalate privileges on the binary as necessary)

If it turns out that any of these are a widespread reason for first-run breakage, we can look into having them installed automatically in the future. Please open an issue if any of these is an issue in your deployments or everyday usage.

Of course, you will need `wget` (or `curl`) installed to download the install script. You can install `wget` via your distribution’s package manager (e.g., `sudo apt install wget` on Ubuntu-like systems).

Aral Balkan's avatar
Aral Balkan committed
102
103
104
105
106
107
108
109
110
111
## Update (as of v12.9.5)

To seamlessly update the native binary if a newer version exists:

```shell
site update
```

This command will automatically restart a running Site.js daemon if one exists. If you are running Site.js as a regular process, it will continue to run and you will run the newer version the next time you launch a regular Site.js process.

112
113
114
115
116
## Uninstall

To uninstall the native binary (and any created artifacts, like TLS certificates, systemd services, etc.):

```shell
Aral Balkan's avatar
Aral Balkan committed
117
site uninstall
118
119
```

120
## Use
121

122
123
124
### Development (servers @localhost)

#### Regular server
125

126
Start serving the current directory at https://localhost as a regular process using locally-trusted certificates:
127
128

```shell
Aral Balkan's avatar
Aral Balkan committed
129
$ site
130
131
```

132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
This is a shorthand for the full form of the `serve` command which, for the above example, is:

```shell
$ site serve . @localhost:443
```

#### To serve on a different port

Just specify the port explicitly as in the following example:

```shell
$ site @localhost:666
```

That, again, is shorthand for the full version of the command, which is:

```shell
$ site serve . @localhost:666
```

152
#### Proxy server
153

Aral Balkan's avatar
Aral Balkan committed
154
You can use Site.js as a development-time reverse proxy for HTTP and WebSocket connections. For example, if you use [Hugo](https://gohugo.io/) and you’re running `hugo server` on the default HTTP port 1313. You can run a HTTPS reverse proxy at https://localhost [with LiveReload support](https://source.ind.ie/hypha/tools/web-server/blob/master/bin/web-server.js#L237) using:
155
156

```shell
Aral Balkan's avatar
Aral Balkan committed
157
$ site :1313
158
159
```

160
161
162
163
164
165
Again, this is a convenient shortcut. The full form of this command is:

```shell
$ site serve :1313 @localhost:443
```

166
167
168
169
This will create and serve the following proxies:

  * http://localhost:1313 → https://localhost
  * ws://localhost:1313 → wss://localhost
170

171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
### Testing (servers @hostname)

#### Regular server

Start serving the _my-site_ directory at your _hostname_ as a regular process using globally-trusted Let’s Encrypt certificates:

```shell
$ site my-site @hostname
```

#### Proxy server

Start serving `http://localhost:1313` and `ws://localhost:1313` at your _hostname_:

```shell
$ site :1313 @hostname
```

189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
#### macOS notes

To set your hostname under macOS (e.g., to `example.small-tech.org`), run the following command:

```shell
$ sudo scutil --set HostName example.small-tech.org
```

#### Windows 10 notes

On Windows 10, you must add quotation marks around `@hostname` and `@localhost`. So the first example, above, would be written in the following way on Windows 10:

```shell
$ site my-site "@hostname"
```

205
Also, Windows 10, unlike Linux and macOS, does not have the concept of a hostname. The closest thing to it is your _full computer name_. Setting your full computer name is a somewhat convoluted process so we’ve documented it here for you.
206
207
208
209
210
211
212
213
214
215

##### How to set your full computer name on Windows 10

Say you want to set your hostname to `my-windows-laptop.small-tech.org`:

1. Control Panel → System And Security → System → Change Settings link (next to Computer name) → [Change…] Button
2. Under Computer name, enter your _subdomain_ (`my-windows-laptop`)
3. [More…] Button → enter your _domain name_ (`small-tech.org`) in the Primary DNS suffix of this computer field.
4. Press the various [OK] buttons to dismiss the various modal dialogues and restart your computer.

216
217
218
#### Making your server public

Use a service like [ngrok](https://ngrok.com/) (Pro+) to point a custom domain name to your temporary staging server. Make sure you set your `hostname` file (e.g., in `/etc/hostname` or via `hostnamectl set-hostname <hostname>` or the equivalent for your platform) to match your domain name. The first time you hit your server via your hostname it will take a little longer to load as your Let’s Encrypt certificates are being automatically provisioned by ACME TLS.
Aral Balkan's avatar
Aral Balkan committed
219

220
221
222
223
224
When you start your server, it will run as a regular process. It will not be restarted if it crashes or if you exit the foreground process or restart the computer.

### Deployment (live and one-time sync)

Site.js can also help you when you want to deploy your site to your live server with its sync feature. You can even have Site.js watch for changes and sync them to your server in real-time (e.g., if you want to live blog something or want to keep a page updated with local data you’re collecting from a sensor):
Aral Balkan's avatar
Aral Balkan committed
225
226

```shell
Aral Balkan's avatar
Aral Balkan committed
227
$ site my-demo --sync-to=my-demo.site
Aral Balkan's avatar
Aral Balkan committed
228
229
```

Aral Balkan's avatar
Aral Balkan committed
230
231
232
The above command will start a local development server at _https://localhost_. Additionally, it will watch the folder _my-demo_ for changes and sync any changes to its contents via rsync over ssh to the host _my-demo.site_.

If don’t want Site.js to start a server and you want to perform just a one-time sync, use the `--exit-on-sync` flag.
Aral Balkan's avatar
Aral Balkan committed
233
234

```shell
Aral Balkan's avatar
Aral Balkan committed
235
$ site my-demo --sync-to=my-demo.site --exit-on-sync
Aral Balkan's avatar
Aral Balkan committed
236
237
```

Aral Balkan's avatar
Aral Balkan committed
238
Without any customisations, the sync feature assumes that your account on your remote server has the same name as your account on your local machine and that the folder you are watching (_my-demo_, in the example above) is located at _/home/your-account/my-demo_ on the remote server. Also, by default, the contents of the folder will be synced, not the folder itself. You can change these defaults by specifying a full-qualified remote connection string as the `--sync-to` value.
Aral Balkan's avatar
Aral Balkan committed
239

Aral Balkan's avatar
Aral Balkan committed
240
The remote connection string has the format:
Aral Balkan's avatar
Aral Balkan committed
241

Aral Balkan's avatar
Aral Balkan committed
242
243
```
remoteAccount@host:/absolute/path/to/remoteFolder
Aral Balkan's avatar
Aral Balkan committed
244
245
```

Aral Balkan's avatar
Aral Balkan committed
246
For example:
Aral Balkan's avatar
Aral Balkan committed
247

Aral Balkan's avatar
Aral Balkan committed
248
249
250
251
252
```shell
$ site my-folder --sync-to=someOtherAccount@my-demo.site:/var/www
```

If you want to sync a different folder to the one you’re serving or if you’re running a proxy server (or if you just want to be as explicit as possible about your intent) you can use the `--sync-from` option to specify the folder to sync:
Aral Balkan's avatar
Aral Balkan committed
253

Aral Balkan's avatar
Aral Balkan committed
254
```shell
Aral Balkan's avatar
Aral Balkan committed
255
$ site :1313 --sync-from=public --sync-to=my-demo.site
Aral Balkan's avatar
Aral Balkan committed
256
257
```

Aral Balkan's avatar
Aral Balkan committed
258
(The above command will start a proxy server that forwards requests to and responses from http://localhost to https://localhost and sync the folder called `public` to the host `my-demo.site`.)
Aral Balkan's avatar
Aral Balkan committed
259

Aral Balkan's avatar
Aral Balkan committed
260
If you want to sync not the folder’s contents but the folder itself, use the `--sync-folder-and-contents` flag. e.g.,
261
262

```shell
Aral Balkan's avatar
Aral Balkan committed
263
$ site my-local-folder --sync-to=me@my.site:my-remote-folder --sync-folder-and-contents
264
265
```

Aral Balkan's avatar
Aral Balkan committed
266
267
The above command will result in the following directory structure on the remote server: _/home/me/my-remote-folder/my-local-folder_. It also demonstrates that if you specify a relative folder, Site.js assumes you mean the folder exists in the home directory of the account on the remote server.

268
### Production
269

270
__Available on Linux distributions with systemd (most Linux distributions, but [not these ones](https://sysdfree.wordpress.com/2019/03/09/135/) or on macOS or Windows).__
271

272
On your live, public server, you can start serving the _my-site_ directory at your _hostname_ as a daemon that is automatically run at system startup and restarted if it crashes with:
273
274

```shell
Aral Balkan's avatar
Aral Balkan committed
275
$ site enable my-site
276
277
```

278
The `enable` command sets up your server to start automatically when your server starts and restart automatically if it crashes. Requires superuser privileges on first run to set up the launch item.
279

280
For example, if you run the command on a connected server that has the ar.al domain pointing to it and `ar.al` set in _/etc/hostname_, you will be able to access the site at https://ar.al. (Yes, of course, [ar.al](https://ar.al) runs on Site.js.) The first time you hit your live site, it will take a little longer to load as your Let’s Encrypt certificates are being automatically provisioned by ACME TLS.
281

282
283
The automatic TLS certificate provisioning will get certificates for the naked domain and the _www_ subdomain. There is currently no option to add other subdomains. Also, please ensure that both the naked domain and the _www_ subdomain are pointing to your server before you enable your server and hit it to ensure that the provisioning works. This is especially important if you are migrating an existing site.

284
When the server is enabled, you can also use the following commands:
Aral Balkan's avatar
Aral Balkan committed
285

Aral Balkan's avatar
Aral Balkan committed
286
  - `start`: Start server.
287
  - `stop`: Stop server.
Aral Balkan's avatar
Aral Balkan committed
288
  - `restart`: Restart server.
289
  - `disable`: Stop server and remove from startup.
290
  - `logs`: Display and tail server logs.
291
  - `status`: Display detailed server information (press ‘q’ to exit).
Aral Balkan's avatar
Aral Balkan committed
292

293
Site.js uses the [systemd](https://freedesktop.org/wiki/Software/systemd/) to start and manage the daemon. Beyond the commands listed above that Site.js supports natively (and proxies to systemd), you can make use of all systemd functionality via the [systemctl](https://www.freedesktop.org/software/systemd/man/systemctl.html) and [journalctl](https://www.freedesktop.org/software/systemd/man/journalctl.html) commands.
Aral Balkan's avatar
Aral Balkan committed
294

295
296
## Build and test from source

297
Site.js is built using and supports the latest Node.js LTS (currently version 10.16.0; after October 22nd, 2019, we are scheduled to move to Node 12 LTS when it becomes the active branch).
Aral Balkan's avatar
Aral Balkan committed
298

Aral Balkan's avatar
Aral Balkan committed
299
### Install the source and run tests
Aral Balkan's avatar
Aral Balkan committed
300

301
302
```shell
# Clone and install.
Aral Balkan's avatar
Aral Balkan committed
303
304
305
306
mkdir site.js && cd site.js
git clone https://source.ind.ie/site.js/app.git
cd app
./install
307

308
309
310
311
312
313
314
315
# Run the app once (so that it can get your Node.js binary
# permission to bind to ports < 1024 on Linux ­– otherwise
# the tests will fail.)
bin/site.js test/site

# You should be able to see the site at https://localhost
# now. Press Ctrl+C to stop the server.

316
317
# Run unit tests.
npm test
Aral Balkan's avatar
Aral Balkan committed
318
```
319

320
321
__Note:__ If you upgrade your Node.js binary, please run `bin/site.js` again before running the tests (or using Site.js as a module in your own app) so that it can get permissions for your Node.js binary to bind to ports < 1024. Otherwise, it will fail with `Error: listen EACCES: permission denied 0.0.0.0:443`.

Aral Balkan's avatar
Aral Balkan committed
322
323
324
325
326
327
328
329
330
331
### Install as global Node.js module

After you install the source and run tests:

```shell
# Install the binary as a global module
npm i -g

# Serve the test site locally (visit https://localhost to view).
site test/site
332
333
```

Aral Balkan's avatar
Aral Balkan committed
334
__Note:__ for commands that require root privileges (i.e., `enable` and `disable`), Site.js will automatically restart itself using sudo and Node must be available for the root account. If you’re using [nvm](https://github.com/creationix/nvm), you can enable this via:
335
336

```shell
337
338
339
# Replace v10.16.3 with the version of node you want to make available globally.
sudo ln -s "$NVM_DIR/versions/node/v10.16.3/bin/node" "/usr/local/bin/node"
sudo ln -s "$NVM_DIR/versions/node/v10.16.3/bin/npm" "/usr/local/bin/npm"
340
341
```

Aral Balkan's avatar
Aral Balkan committed
342
343
### Native binaries

Aral Balkan's avatar
Aral Balkan committed
344
After you install the source and run tests:
Aral Balkan's avatar
Aral Balkan committed
345

Aral Balkan's avatar
Aral Balkan committed
346
```shell
347
348
# Build the native binary for your platform.
# To build for all platforms, use npm run build -- --all
Aral Balkan's avatar
Aral Balkan committed
349
350
351
npm run build

# Serve the test site (visit https://localhost to view).
352
353
# e.g., To Linux binary:
dist/linux/12.8.0/site test/site
354
355
```

356
357
### Build and install native binary locally

Aral Balkan's avatar
Aral Balkan committed
358
359
After you install the source and run tests:

360
361
362
363
```shell
npm run install-locally
```

364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
### Building for Linux on ARM (Raspberry Pi, etc.)

You cannot currently [cross-compile for ARM](https://github.com/nexe/nexe/issues/424) so you must build Site.js on an ARM device. The release build is built on a Raspberry Pi 3B+. Note that [Aral had issues compiling it on a Pi 4](https://github.com/nexe/nexe/issues/685). To build the Site.js binary (e.g., version 12.8.0) on an ARM device, do:

```shell
mkdir -p dist/linux-arm/12.8.0
node_modules/nexe/index.js bin/site.js --build --verbose -r package.json -r "bin/commands/*" -r "node_modules/le-store-certbot/renewal.conf.tpl" -r "node_modules/@ind.ie/nodecert/mkcert-bin/mkcert-v1.4.0-linux-arm" -o dist/linux-arm/12.8.0/site
```

You can then find the `site` binary in your `dist/linux-arm/12.8.0/` folder. To install it, do:

```shell
sudo cp dist/linux-arm/12.8.0/site /usr/local/bin
```

379
380
381
### Deployment

```shell
382
383
# To cross-compile binaries for Linux (x64), macOS, and Windows
# and also copy them over to the Site.js web Site for deployment.
384
385
# (You will most likely not need to do this.)
npm run deploy
Aral Balkan's avatar
Aral Balkan committed
386
387
```

388
## Syntax
389

Aral Balkan's avatar
Aral Balkan committed
390
```shell
391
site [command] [folder|:port] [@host[:port]] [--options]
Aral Balkan's avatar
Aral Balkan committed
392
```
393

394
  - `command`: serve | enable | disable | start | stop | logs | status | update | uninstall | version | help
395
396
397
398
399
  - `folder|:port`: Path of folder to serve (defaults to current folder) or port on localhost to proxy.
  - `@host[:port]`: Host (and, optionally port) to sync. Valid hosts are @localhost and @hostname.
  - `--options`: Settings that alter command behaviour.

__Key:__ `[]` = optional &nbsp;&nbsp;`|` = or
Aral Balkan's avatar
Aral Balkan committed
400

401
402
### Commands:

403
404
405
406
407
408
409
410
411
412
413
414
415
  - `serve`: Serve specified folder (or proxy specified `:port`) on specified `@host` (at `:port`, if given). The order of arguments is:

    1. what to serve,
    2. where to serve it at. e.g.,

    ```site serve my-folder @localhost```

    If a port (e.g., `:1313`) is specified instead of my-folder, start an HTTP/WebSocket proxy.

  - `enable`: Start server as daemon with globally-trusted certificates and add to startup.

  - `disable`: Stop server daemon and remove from startup.

416
417
418
419
  - `start`: Start server as daemon with globally-trusted certificates.

  - `stop`: Stop server daemon.

Aral Balkan's avatar
Aral Balkan committed
420
421
  - `restart`: Restart server daemon.

422
  - `logs`: Display and tail server logs.
Aral Balkan's avatar
Aral Balkan committed
423

424
425
  - `status`: Display detailed server information.

426
427
428
429
430
431
  - `update`: Check for Site.js updates and update if new version is found.
  - `uninstall`: Uninstall Site.js.

  - `version`: Display version and exit.
  - `help`: Display help screen and exit.

432
If `command` is omitted, behaviour defaults to `serve`.
433
434

### Options:
Aral Balkan's avatar
Aral Balkan committed
435

Aral Balkan's avatar
Aral Balkan committed
436
437
438
439
#### For both the `serve` and `enable` commands:

  - `--aliases`: Comma-separated list of additional domains to obtain TLS certificates for and respond to.

440
#### For the `serve` command:
Aral Balkan's avatar
Aral Balkan committed
441

442
  - `--sync-to`: The host to sync to.
Aral Balkan's avatar
Aral Balkan committed
443

444
  - `--sync-from`: The folder to sync from (only relevant if `--sync-to` is specified).
Aral Balkan's avatar
Aral Balkan committed
445

446
  - `--exit-on-sync`: Exit once the first sync has occurred (only relevant if `--sync-to` is specified). Useful in deployment scripts.
Aral Balkan's avatar
Aral Balkan committed
447

448
  - `--sync-folder-and-contents`: Sync folder and contents (default is to sync the folder’s contents only).
Aral Balkan's avatar
Aral Balkan committed
449

450
451
452
#### For the `enable` command:

  - `--ensure-can-sync`: Ensure server can rsync via ssh.
Aral Balkan's avatar
Aral Balkan committed
453

454
All command-line arguments are optional. By default, Site.js will serve your current working folder over port 443 with locally-trusted certificates.
455

456
When you `serve` a site at `@hostname` or use the `enable` command, globally-trusted Let’s Encrypt TLS certificates are automatically provisioned for you using ACME TLS the first time you hit your hostname. The hostname for the certificates is automatically set from the hostname of your system (and the _www._ subdomain is also automatically provisioned).
457

Aral Balkan's avatar
Aral Balkan committed
458
459
## Usage examples

460
### Develop using locally-trusted TLS certificates
Aral Balkan's avatar
Aral Balkan committed
461
462
463

| Goal                                      | Command                                                       |
| ----------------------------------------- | ------------------------------------------------------------- |
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
| Serve current folder*                     | site                                                          |
|                                           | site serve                                                    |
|                                           | site serve .                                                  |
|                                           | site serve . @localhost                                       |
|                                           | site serve . @localhost:443                                   |
| Serve folder demo (shorthand)             | site demo                                                     |
| Serve folder demo on port 666             | site serve demo @localhost:666                                |
| Proxy localhost:1313 to https://localhost*| site :1313                                                    |
|                                           | site serve :1313 @localhost:443                               |
| Serve current folder, sync it to my.site* | site --sync-to=my.site                                        |
|                                           | site serve . @localhost:443 --sync-to=my.site                 |
| Serve demo folder, sync it to my.site     | site serve demo --sync-to=my.site                             |
| Ditto, but use account me on my.site      | site serve demo --sync-to=me@my.site                          |
| Ditto, but sync to remote folder ~/www    | site serve demo --sync-to=me@my.site:www                      |
| Ditto, but specify absolute path          | site serve demo --sync-to=me@my.site:/home/me/www             |
| Sync current folder, proxy localhost:1313 | site serve :1313 --sync-from=. --sync-to=my.site              |
| Sync current folder to my.site and exit   | site --sync-to=my.site --exit-on-sync                         |
| Sync demo folder to my.site and exit*     | site demo --sync-to=my.site --exit-on-sync                    |
|                                           | site --sync-from=demo --sync-to=my.site --exit-on-sync        |

### Stage and deploy using globally-trusted Let’s Encrypt certificates

#### Regular process:
Aral Balkan's avatar
Aral Balkan committed
487
488
489

| Goal                                      | Command                                                       |
| ----------------------------------------- | ------------------------------------------------------------- |
490
| Serve current folder                      | site @hostname                                                |
Aral Balkan's avatar
Aral Balkan committed
491
| Serve current folder also at aliases	    | site @hostname --aliases=other.site,www.other.site            |
492
493
494
495
496
497
| Serve folder demo*                        | site demo @hostname                                           |
|                                           | site serve demo @hostname                                     |
| Proxy localhost:1313 to https://hostname  | site serve :1313 @hostname                                    |

#### Start-up daemon:

498
499
| Goal                                      | Command                                                       |
| ----------------------------------------- | ------------------------------------------------------------- |
Aral Balkan's avatar
Aral Balkan committed
500
| Serve current folder as daemon            | site enable                                                   |
501
| Ditto & also ensure it can rsync via ssh  | site enable --ensure-can-sync                                 |
Aral Balkan's avatar
Aral Balkan committed
502
| Get status of daemon                      | site status                                                   |
Aral Balkan's avatar
Aral Balkan committed
503
504
505
| Start server                              | site start                                                    |
| Stop server                               | site stop                                                     |
| Restart server                            | site restart                                                  |
Aral Balkan's avatar
Aral Balkan committed
506
507
| Display server logs                       | site logs                                                     |
| Stop current daemon                       | site disable                                                  |
Aral Balkan's avatar
Aral Balkan committed
508

Aral Balkan's avatar
Aral Balkan committed
509
510
511
512
513
514
515
#### General:

| Goal                                      | Command                                                       |
| ----------------------------------------- | ------------------------------------------------------------- |
| Check for updates and update if found     | site update                                                   |


516
\* _Alternative, equivalent forms listed (some commands have shorthands)._
517

518
## Native support for an Evergreen Web
519

Aral Balkan's avatar
Aral Balkan committed
520
What if links never died? What if we never broke the Web? What if it didn’t involve any extra work? It’s possible. And, with Site.js, it’s effortless.
521

Aral Balkan's avatar
Aral Balkan committed
522
### Native cascading archives support
523

Aral Balkan's avatar
Aral Balkan committed
524
If you have a static archive of the previous version of your site, you can have Site.js automatically serve it for you. For example, if your site is being served from the `my-site` folder, just put the archive of your site into a folder named `my-site-archive-1`:
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541

```
|- my-site
|- my-site-archive-1
```

If a path cannot be found in `my-site`, it will be served from `my-site-archive-1`.

And you’re not limited to a single archive (and hence the “cascade” bit in the name of the feature). As you have multiple older versions of your site, just add them to new folders and increment the archive index in the name. e.g., `my-site-archive-2`, `my-site-archive-3`, etc.

Paths in `my-site` will override those in `my-site-archive-3` and those in `my-site-archive-3` will, similarly, override those in `my-site-archive-2` and so on.

What this means that your old links will never die but if you do replace them with never content in never versions, those will take precedence.

### Native 404 → 302 support

But what if the previous version of your site is a dynamic site and you either don’t want to lose the dynamic functionality or you simply cannot take a static backup. No worries. Just move it to a different subdomain or domain and make your 404s into 302s.
542

Aral Balkan's avatar
Aral Balkan committed
543
Site.js has native support for [the 404 to 302 technique](https://4042302.org) to ensure an evergreen web. Just serve the old version of your site (e.g., your WordPress site, etc.) from a different subdomain and tell Site.js to forward any unknown requests on your new static site to that subdomain so that all your existing links magically work.
544
545
546

To do so, create a simple file called `4042302` in the root directory of your web content and add the URL of the server that is hosting your older content. e.g.,

547
### /4042302
548
```
Aral Balkan's avatar
Aral Balkan committed
549
https://the-previous-version-of.my.site
550
```
551
552
553
554
555
556

You can chain the 404 → 302 method any number of times to ensure that none of your links ever break without expending any additional effort to migrate your content.

For more information and examples, see [4042302.org](https://4042302.org).

## Custom error pages
557

558
559
![Screenshot of the custom 404 error page included in the unit tests](images/custom-404.png)

560
561
562
563
You can specify a custom error page for 404 (not found) and 500 (internal server error) errors. To do so, create a folder with the status code you want off of the root of your web content (i.e., `/404` and/or `/500`) and place at least an `index.html` file in the folder. You can also, optionally, put any assets you want to display on your error pages into those folders and load them in via relative URLs. Your custom error pages will be served with the proper error code and at the URL that was being accessed.

If you do not create custom error pages, the built-in default error pages will be displayed for 404 and 500 errors.

564
When creating your own servers (see [API](#API)), you can generate the default error pages programmatically using the static methods `Site.default404ErrorPage()` and `Site.default500ErrorPage()`, passing in the missing path and the error message as the argument, respectively to get the HTML string of the error page returned.
565

Aral Balkan's avatar
Aral Balkan committed
566
567
## Dynamic sites

568
You can specify routes with dynamic functionality by specifying HTTPS and WebSocket (WSS) routes in two ways: either using DotJS – a simple file system routing convention ala PHP, but for JavaScript – or through code in a _routes.js_ file.
Aral Balkan's avatar
Aral Balkan committed
569
570
571

In either case, your dynamic routes go into a directory named _.dynamic_ in the root of your site.

572
573
574
### DotJS

DotJS maps JavaScript modules in a file system hierarchy to routes on your web site in a manner that will be familiar to anyone who has ever used PHP.
Aral Balkan's avatar
Aral Balkan committed
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603

#### GET-only (simplest approach)

The easiest way to get started with dynamic routes is to simply create a JavaScript file in a folder called _.dynamic_ in the root folder of your site. Any routes added in this manner will be served via HTTPS GET.

For example, to have a dynamic route at `https://localhost`, create the following file:

```
.dynamic/
    └ index.js
```

Inside _index.js_, all you need to do is to export your route handler:

```js
let counter = 0

module.exports = (request, response) => {
  response
    .type('html')
    .end(`
      <h1>Hello, world!</h1>
      <p>I’ve been called ${++counter} time${counter > 1 ? 's': ''} since the server started.</p>
    `)
}
```

To test it, run a local server (`site`) and go to `https://localhost`. Refresh the page a couple of times to see the counter increase.

604
Congratulations, you’ve just made your first dynamic route using DotJS.
605

Aral Balkan's avatar
Aral Balkan committed
606
607
608
In the above example, _index.js_ is special in that the file name is ignored and the directory that the file is in becomes the name of the route. In this case, since we put it in the root of our site, the route becomes `/`.

Usually, you will have more than just the index route (or your index route might be a static one). In those cases, you can either use directories with _index.js_ files in them to name and organise your routes or you can use the names of _.js_ files themselves as the route names. Either method is fine but you should choose one and stick to it in order not to confuse yourself later on (see [Precedence](#Precendence), below).
609

610
So, for example, if you wanted to have a dynamic route that showed the server CPU load and free memory, you could create a file called _.dynamic/server-stats.js_ in your web folder with the following content:
611
612
613
614

```js
const os = require('os')

Aral Balkan's avatar
Aral Balkan committed
615
function serverStats (request, response) {
616
617
618
619
620
621
622

  const loadAverages = `<p> ${os.loadavg().reduce((a, c, i) => `${a}\n<li><strong>CPU ${i+1}:</strong> ${c}</li>`, '<ul>') + '</ul>'}</p>`

  const freeMemory = `<p>${os.freemem()} bytes</p>`

  const page = `<html><head><title>Server statistics</title><style>body {font-family: sans-serif;}</style></head><body><h1>Server statistics</h1><h2>Load averages</h2>${loadAverages}<h2>Free memory</h2>${freeMemory}</body></html>`

Aral Balkan's avatar
Aral Balkan committed
623
624
625
  response
    .type('html')
    .end(page)
626
627
628
629
630
}

module.exports = serverStats
```

Aral Balkan's avatar
Aral Balkan committed
631
Site.js will load your dynamic route at startup and you can test it by hitting _https://localhost/server-stats_ using a local web server. Each time you refresh, you should get the latest dynamic content.
632

Aral Balkan's avatar
Aral Balkan committed
633
634
__Note:__ You could also have named your route _.dynamic/server-stats/index.js_ and still hit it from _https://localhost/server-stats_. It’s best to keep to one or other convention (either using file names as route names or directory names as route names). Using both in the same app will probably confuse you (see [Precedence](#Precendence), below).

635
##### Using node modules
636

637
638
639
Since Site.js contains Node.js, anything you can do with Node.js, you do with Site.js, including using node modules and [npm](https://www.npmjs.com/). To use custom node modules, initialise your _.dynamic_ folder using `npm init` and use `npm install`. Once you’ve done that, any modules you `require()` from your DotJS routes will be properly loaded and used.

Say, for example, that you want to display a random ASCII Cow using the Cows module (because why not?) To do so, create a _package.json_ file in your _.dynamic_ folder (e.g., use `npm init` to create this interactively). Here’s a basic example:
Aral Balkan's avatar
Aral Balkan committed
640
641
642
643
644
645
646
647
648
649
650
651

```json
{
  "name": "random-cow",
  "version": "1.0.0",
  "description": "Displays a random cow.",
  "main": "index.js",
  "author": "Aral Balkan <mail@ar.al> (https://ar.al)",
  "license": "AGPL-3.0-or-later"
}
```

652
Then, install the [cows node module](https://www.npmjs.com/package/cows) using npm:
Aral Balkan's avatar
Aral Balkan committed
653
654
655
656
657

```sh
npm i cows
```

658
This will create a directory called _node_modules_ in your _.dynamic_ folder and install the cows module (and any dependencies it may have) inside it. Now is also a good time to create a `.gitignore` file in the root of your web project and add the _node_modules_ directory to it if you’re using Git for source control so that you do not end up accidentally checking in your node modules. Here’s how you would do this using the command-line on Linux-like systems:
Aral Balkan's avatar
Aral Balkan committed
659
660
661
662
663
664
665
666
667
668
669
670
671

```sh
echo 'node_modules' >> .gitignore
```

Now, let’s create the route. We want it reachable at `https://localhost/cows` (of course), so let’s put it in:

```
.dynamic/
    └ cows
        └ index.js
```

672
And, finally, here’s the code for the route itself:
Aral Balkan's avatar
Aral Balkan committed
673
674
675
676
677
678
679
680
681
682
683
684
685

```js
const cows = require('cows')()

module.exports = function (request, response) {
  const randomCowIndex = Math.round(Math.random()*cows.length)-1
  const randomCow = cows[randomCowIndex]

  function randomColor () {
    const c = () => (Math.round(Math.random() * 63) + 191).toString(16)
    return `#${c()}${c()}${c()}`
  }

686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
  response
    .type('html')
    .end(`
      <!doctype html>
      <html lang='en'>
      <head>
        <meta charset='utf-8'>
        <meta name='viewport' content='width=device-width, initial-scale=1.0'>
        <title>Cows!</title>
        <style>
          html { font-family: sans-serif; color: dark-grey; background-color: ${randomColor()}; }
          body {
            display: grid; align-items: center; justify-content: center;
            height: 100vh; vertical-align: top; margin: 0;
          }
          pre { font-size: 24px; color: ${randomColor()}; mix-blend-mode: difference;}
        </style>
      </head>
      <body>
          <pre>${randomCow}</pre>
      </body>
      </html>
    `)
Aral Balkan's avatar
Aral Balkan committed
709
710
711
712
713
}
```

Now if you run `site` on the root of your web folder (the one that contains the _.dynamic_ folder) and hit `https://localhost/cows`, you should get a random cow in a random colour every time you refresh.

714
If including HTML and CSS directly in your dynamic route makes you cringe, feel free to `require` your templating library of choice and move them to external files. As hidden folders (directories that begin with a dot) are ignored in the _.dynamic_ folder and its subfolders, you can place any assets (HTML, CSS, images, etc.) into a directory that starts with a dot and load them in from there.
Aral Balkan's avatar
Aral Balkan committed
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803

For example, if I wanted to move the HTML and CSS into their own files in the example above, I could create the following directory structure:

```
.dynamic/
    └ cows
        ├ .assets
        │     ├ index.html
        │     └ index.css
        └ index.js
```

For this example, I’m not going to use an external templating engine but will instead rely on the built-in template string functionality in JavaScript along with `eval()` (which is perfectly safe to use here as we are not processing external input).

So I move the HTML to the _index.html_ file (and add a template placeholder for the CSS in addition to the existing random cow placeholder):

```html
<!doctype html>
<html lang='en'>
<head>
  <meta charset='utf-8'>
  <meta name='viewport' content='width=device-width, initial-scale=1.0'>
  <title>Cows!</title>
  <style>${css}</style>
</head>
<body>
    <pre>${randomCow}</pre>
</body>
</html>
```

And, similarly, I move the CSS to its own file, _index.css_:

```css
html {
  font-family: sans-serif;
  color: dark-grey;
  background-color: ${randomColor()};
}

body {
  display: grid;
  align-items: center;
  justify-content: center;
  height: 100vh;
  vertical-align: top;
  margin: 0;
}

pre {
  font-size: 24px;
  mix-blend-mode: difference;
  color: ${randomColor()};
}
```

Then, finally, I modify my `cows` route to read in these two template files and to dynamically render them in response to requests. My _index.js_ now looks like this:

```js
// These are run when the server starts so sync calls are fine.
const fs = require('fs')
const cssTemplate = fs.readFileSync('cows/.assets/index.css')
const htmlTemplate = fs.readFileSync('cows/.assets/index.html')
const cows = require('cows')()

module.exports = function (request, response) {
  const randomCowIndex = Math.round(Math.random()*cows.length)-1
  const randomCow = cows[randomCowIndex]

  function randomColor () {
    const c = () => (Math.round(Math.random() * 63) + 191).toString(16)
    return `#${c()}${c()}${c()}`
  }

  function render (template) {
    return eval('`' + template + '`')
  }

  // We render the CSS template first…
  const css = render(cssTemplate)

  // … because the HTML template references the rendered CSS template.
  const html = render(htmlTemplate)

  response.type('html').end(html)
}
```

After this refactor, if you restart the server and hit `https://localhost/cows` again in your browser, you should see exactly the same behaviour as before.
804

805
As you can see, you can create quite a bit of dynamic functionality just by using DotJS with its most basic file-based routing mode. However, with this convention you are limited to GET routes. To use both GET and POST routes, you have to do a tiny bit more work, as explained in the next section.
806

807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
#### GET and POST routes

If you need POST routes (e.g., you want to post form content back to the server) in addition to GET routes, the directory structure works a little differently. In this case, you have to create a _.get_ directory for your GET routes and a _.post_ directory for your post routes.

Otherwise, the naming and directory structure conventions work exactly as before.

So, for example, if you have the following directory structure:

```
site/
  └ .dynamic/
        ├ .get/
        │   └ index.js
        └ .post/
            └ index.js
```

Then a GET request for `https://localhost` will be routed to _site/.dynamic/.get/index.js_ and a POST request for `https://localhost` will be routed to _site/.dynamic/.post/index.js_.

These two routes are enough to cover your needs for dynamic routes and form handling.

Aral Balkan's avatar
Aral Balkan committed
828
829
#### WebSocket (WSS) routes

830
831
832
Site.js is not limited to HTTPS, it also supports secure WebSockets.

To define WebSocket (WSS) routes alongside HTTPS routes, modify your directory structure so it resembles the one below:
Aral Balkan's avatar
Aral Balkan committed
833
834
835
836
837
838
839
840
841
842
843
844
845

```
site/
  └ .dynamic/
        ├ .https/
        │   ├ .get/
        │   │   └ index.js
        │   └ .post/
        │       └ index.js
        └ .wss/
            └ index.js
```

846
847
848
Note that all we’ve done is to move our HTTPS _.get_ and _.post_ directories under a _.https_ directory and we’ve created a separate _.wss_ directory for our WebSocket routes.

Here’s how you would implement a simple echo server that sends a copy of the message it receives from a client to that client:
849
850
851
852
853
854
855
856
857

```js
module.exports = (client, request) => {
  client.on('message', (data) => {
    client.send(data)
  })
}
```

858
You can also broadcast messages to all or a subset of connected clients. Here, for example, is a naïve single-room chat server implementation that broadcasts messages to all connected WebSocket clients (including the client that originally sent the message and any other clients that might be connected to different WebSocket routes on the same server):
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877

```js
module.exports = (currentClient, request) {
  ws.on('message', message => {
    this.getWss().clients.forEach(client => {
      client.send(message)
    })
  })
})
```

To test it out, run Site.js and then open up the JavaScript console in a couple of browser windows and enter the following code into them:

```js
const socket = new WebSocket('https://localhost/chat')
socket.onmessage = message => console.log(message.data)
socket.send('Hello!')
```

878
For a slightly more sophisticated example that doesn’t broadcast a client’s own messages to itself and selectively broadcasts to only the clients in the same “rooms”, see the [Basic Chat example](examples/wss-basic-chat). Here’s the code for the server component of that example:
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896

```js
module.exports = function (client, request) {
  // A new client connection has been made.
  // Persist the client’s room based on the path in the request.
  client.room = this.setRoom(request)

  console.log(`New client connected to ${client.room}`)

  client.on('message', message => {
    // A new message has been received from a client.
    // Broadcast it to every other client in the same room.
    const numberOfRecipients = this.broadcast(client, message)

    console.log(`${client.room} message broadcast to ${numberOfRecipients} recipient${numberOfRecipients === 1 ? '' : 's'}.`)
  })
}
```
897

898
### Advanced routing (routes.js file)
Aral Balkan's avatar
Aral Balkan committed
899

900
DotJS should get you pretty far for simpler use cases, but if you need full flexibility in routing (to use regular expressions in defining route paths, for example, or for initialising global objects that need to survive for the lifetime of the server), simply define a _routes.js_ in your _.dynamic_ folder:
Aral Balkan's avatar
Aral Balkan committed
901
902
903
904
905
906
907
908
909
910
911

```
site/
  └ .dynamic/
        └ routes.js
```

The _routes.js_ file should export a function that accepts a reference to the Express app created by Site.js and defines its routes on it. For example:

```js
module.exports = app => {
912
913
914
915
916
  // HTTPS route with a parameter called thing.
  app.get('/hello/:thing', (request, response) => {
    response
      .type('html')
      .end(`<h1>Hello, ${request.params.thing}!</h1>`)
Aral Balkan's avatar
Aral Balkan committed
917
918
  })

919
920
921
922
  // WebSocket route: echos messages back to the client that sent them.
  app.ws('/echo', (client, request) => {
  client.on('message', (data) => {
    client.send(data)
Aral Balkan's avatar
Aral Balkan committed
923
924
925
926
  })
}
```

927
When using the _routes.js_ file, you can use all of the features in [wxpress](https://expressjs.com/) and [our fork of express-ws](https://github.com/aral/express-ws) (which itself wraps [ws](https://github.com/websockets/ws#usage-examples)).
Aral Balkan's avatar
Aral Balkan committed
928

929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
### Routing precedence

#### Between dynamic route and static route

If a dynamic route and a static route have the same name, the dynamic route will take precedence. So, for example, if you’re serving the following site:

```
site/
  ├ index.html
  └ .dynamic/
        └ index.js
```

When you hit `https://localhost`, you will get the dynamic route defined in _index.js_.

#### Between two dynamic routes (TL; DR: do not rely on this)

In the following scenario:

```
site/
  └ .dynamic/
        ├ fun.html
        └ fun/
           └ index.js
```

The behaviour observed under Linux at the time of writing is that _fun/index.js_ will have precendence and mask _fun.html_. __Do not rely on this behaviour.__ The order of dynamic routes is based on a directory crawl and is not guaranteed to be the same in all future versions. For your peace of mind, please do not mix file-name-based and directory-name-based routing.

#### Between the various routing methods

Each of the routing conventions are mutually exclusive and applied according to the following precedence rules:

1. Advanced _routes.js_-based advanced routing.
Aral Balkan's avatar
Aral Balkan committed
963

964
2. DotJS with separate folders for _.https_ and _.wss_ routes routing (the _.http_ folder itself will apply precedence rules 3 and 4 internally).
Aral Balkan's avatar
Aral Balkan committed
965

966
3. DotJS with separate folders for _.get_ and _.post_ routes in HTTPS-only routing.
Aral Balkan's avatar
Aral Balkan committed
967

968
4. DotJS with GET-only routing.
969
970
971

So, if Site.js finds a _routes.js_ file in the root folder of your site’s folder, it will only use the routes from that file (it will not apply file-based routing).

972
If Site.js cannot find a _routes.js_ file, it will look to see if separate _.https_ and _.wss_ folders have been defined (the existence of just one of these is enough) and attempt to load DotJS routes from those folders. (If it finds separate _.get_ or _.post_ folders within the _.https_ folder, it will add the relevant routes from those folders; if it can’t it will load GET-only routes from the _.https_ folder and its subfolders.)
973

974
If separate _.https_ and _.wss_ folders do not exist, Site.js will expect all defined DotJS routes to be HTTPS and will initially look for separate _.get_ and _.post_ folders (the existence of either is enough to trigger this mode). If they exist, it will add the relevant routes from those folders and their subfolders.
975

976
Finally, if Site.js cannot find separate _.get_ and _.post_ folders either, it will assume that any DotJS routes it finds in the _.dynamic_ folder are HTTPS GET routes and attempt to add them from there (and any subfolders).
977

Aral Balkan's avatar
Aral Balkan committed
978
### Directory paths in your application
979

Aral Balkan's avatar
Aral Balkan committed
980
Your dynamic web routes are running within Site.js, which is a Node application compiled into a native binary. Here are how the various common directories for Node.js apps will behave:
981

Aral Balkan's avatar
Aral Balkan committed
982
  - `os.homedir()`: __(writable)__ This is the home folder of the account running Site.js. You can write to it to store persistent objects (e.g., save data).
983
984
985
986
987

  - `os.tmpdir()`: __(writable)__ Path to the system temporary folder. Use for content you can afford to lose and can recreate (e.g., cache API calls).

  - `.`: __(writable)__ Path to the root of your web content. Since you can write here, you can, if you want to, create content dynamically that will then automatically be served by the static web server.

988
  - `__dirname`: __(writeable)__ Path to the `.dynamic` folder.
989

Aral Balkan's avatar
Aral Balkan committed
990
  - `/`: __(read-only)__ Path to the `/usr` folder (Site.js is installed in `/usr/local/site`). You should not have any reason to use this.
991

Aral Balkan's avatar
Aral Balkan committed
992
If you want to access the directory of Site.js itself (e.g., to load in the `package.json` to read the app’s version), you can use the following code:
993
994

```js
Aral Balkan's avatar
Aral Balkan committed
995
const appPath = require.main.filename.replace('bin/site.js', '')
996
997
```

998
999
1000
1001
### Security

The code within your JavaScript routes is executed on the server. Exercise the same caution as you would when creating any Node.js app (sanitise input, etc.)

1002

1003
## API
1004

1005
1006
You can also include Site.js as a Node module into your Node project. This section details the API you can use if you do that.

1007
Site.js’s `createServer` method behaves like the built-in _https_ module’s `createServer` function. Anywhere you use `require('https').createServer`, you can simply replace it with:
1008

1009
1010
1011
1012
```js
const Site = require('@small-tech/site.js')
new Site().createServer
```
1013

1014
### createServer([options], [requestListener])
1015

1016
  - __options__ _(object)_: see [https.createServer](https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener). Populates the `cert` and `key` properties from the automatically-created [nodecert](https://source.ind.ie/hypha/tools/nodecert/) or Let’s Encrypt certificates and will overwrite them if they exist in the options object you pass in. If your options has `options.global = true` set, globally-trusted TLS certificates are obtained from Let’s Encrypt using ACME TLS.
1017

Aral Balkan's avatar
Aral Balkan committed
1018
  - __requestListener__ _(function)_: see [https.createServer](https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener). If you don’t pass a request listener, Site.js will use its default one.
1019

1020
    __Returns:__ [https.Server](https://nodejs.org/api/https.html#https_class_https_server) instance, configured with either locally-trusted certificates via nodecert or globally-trusted ones from Let’s Encrypt.
1021

1022
#### Example
1023
1024

```js
1025
const Site = require('@small-tech/site.js')
1026
1027
1028
1029
1030
const express = require('express')

const app = express()
app.use(express.static('.'))

1031
const options = {} // to use globally-trusted certificates instead, set this to {global: true}
1032
const server = new Site().createServer(options, app).listen(443, () => {
1033
1034
1035
1036
  console.log(` 🎉 Serving on https://localhost\n`)
})
```

1037
### constructor (options)
1038
1039

Options is an optional parameter object that may contain the following properties, all optional:
1040

1041
  - __path__ _(string)_: the directory to serve using [Express](http://expressjs.com/).static.
1042

1043
  - __port__ _(number)_: the port to serve on. Defaults to 443. (On Linux, privileges to bind to the port are automatically obtained for you.)
1044

Aral Balkan's avatar
Aral Balkan committed
1045
  - __global__ _(boolean)_: if true, globally-trusted Let’s Encrypt certificates will be provisioned (if necessary) and used via ACME TLS. If false (default), locally-trusted certificates will be provisioned (if necessary) and used using _nodecert_.
1046

1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
  - __proxyPort__ _(number)_: if provided, a proxy server will be created for the port (and `path` will be ignored).

    __Returns:__ Site instance.

__Note:__ if you want to run the site on a port < 1024 on Linux, ensure your process has the necessary privileges to bind to such ports. E.g., use:

```js
require('lib/ensure').weCanBindToPort(port, () => {
  // You can safely bind to a ‘privileged’ port on Linux now.
})
```

### serve(callback)

  - __callback__ _(function)_: a function to be called when the server is ready. This parameter is optional. Default callbacks are provided for both regular and proxy servers.

1063
    __Returns:__ [https.Server](https://nodejs.org/api/https.html#https_class_https_server) instance, configured with either locally or globally-trusted certificates.
1064
1065


1066
#### Examples
1067

Aral Balkan's avatar
Aral Balkan committed
1068
Serve the current directory at https://localhost using locally-trusted TLS certificates:
1069

1070
```js
1071
1072
const Site = require('@small-tech/site.js')
const server = new Site().serve()
1073
1074
```

Aral Balkan's avatar
Aral Balkan committed
1075
Serve the current directory at your hostname using globally-trusted Let’s Encrypt TLS certificates:
1076
1077

```js
1078
1079
const Site = require('@small-tech/site.js')
const server = new Site().serve({global: true})
1080
1081
```

1082
1083
1084
1085
1086
1087
1088
1089
Start a proxy server to proxy local port 1313 at your hostname:

```js
const Site = require('@small-tech/site.js')
const server = new Site().serve({proxyPort: 1313, global: true})
```


1090
1091
## Contributing

Aral Balkan's avatar
Aral Balkan committed
1092
Site.js is [Small Technology](https://ar.al/2019/03/04/small-technology/). The emphasis is on _small_. It is, by design, a zero-configuration tool for creating and hosting single-tenant web applications. It is for humans, by humans. It is non-commercial. (It is not for enterprises, it is not for “startups”, and it is definitely not for unicorns.) As such, any new feature requests will have to be both fit for purpose and survive a trial by fire to be considered.
1093

Aral Balkan's avatar
Aral Balkan committed
1094
Please file issues and submit pull requests on the [Site.js Github Mirror](https://github.com/small-tech/site.js).
1095

1096
1097
## Help wanted

Aral Balkan's avatar
Aral Balkan committed
1098
1099
For locally-trusted certificates, all dependencies are installed automatically for you if they do not exist if you have apt, pacman, or yum (untested) on Linux or if you have [Homebrew](https://brew.sh/) or [MacPorts](https://www.macports.org/) (untested) on macOS.

Aral Balkan's avatar
Aral Balkan committed
1100
I can use your help to test Site.js on the following platform/package manager combinations:
1101

1102
1103
  - Linux with yum
  - macOS with MacPorts
1104

Aral Balkan's avatar
Aral Balkan committed
1105
Please [let me know how/if it works](https://github.com/small-tech/site.js/issues). Thank you!
1106
1107
1108
1109

## Thanks

  * [thagoat](https://github.com/thagoat) for confirming that [installation works on Arch Linux with Pacman](https://github.com/indie-mirror/https-server/issues/1).
1110

1111
  * [Tim Knip](https://github.com/timknip) for confirming that [the module works with 64-bit Windows](https://github.com/indie-mirror/https-server/issues/2) with the following behaviour: “Install pops up a windows dialog to allow adding the cert.”
1112

1113
  * [Run Rabbit Run](https://hackers.town/@nobody) for [the following information](https://hackers.town/@nobody/101670447262172957) on 64-bit Windows: “Win64: works with the windows cert install popup on server launch. Chrome and ie are ok with the site then. FF 65 still throws the cert warning even after restarting.”