README.md 63 KB
Newer Older
Aral Balkan's avatar
Aral Balkan committed
1
# Site.js
2
## Small web construction set.
Aral Balkan's avatar
Aral Balkan committed
3

4
[![Person lying on the ground, working on a laptop with the Site.js logo on screen](images/person.svg)](https://sitejs.org)
5

6
## Develop, test, sync, and deploy (using a single tool that comes in a single binary).
Aral Balkan's avatar
Aral Balkan committed
7

8
__Site.js is a [small](https://small-tech.org/about#small-technology) personal web tool for Linux, macOS, and Windows 10.__
Aral Balkan's avatar
Aral Balkan committed
9

10
Most tools today are built for startups and enterprises. Site.js is built for people.
Aral Balkan's avatar
Aral Balkan committed
11

12
13
14
15
16
17
## Like this? Fund us!

[Small Technology Foundation](https://small-tech.org) is a tiny, independent not-for-profit.

We exist in part thanks to patronage by people like you. If you share [our vision](https://small-tech.org/about/#small-technology) and want to support our work, please [become a patron or donate to us](https://small-tech.org/fund-us) today and help us continue to exist.

18
## Feature Highlights
Aral Balkan's avatar
Aral Balkan committed
19

20
  - __Just works.__ No configuration; [get started in seconds](https://sitejs.org/#get-started).
Aral Balkan's avatar
Aral Balkan committed
21

22
  - __Free as in freedom.__ And small as in [small tech](https://small-tech.org/about/#small-technology).
Aral Balkan's avatar
Aral Balkan committed
23

24
  - __Seamless single binary [install](#install)__ (thanks to [Nexe](https://github.com/nexe/nexe)).
Aral Balkan's avatar
Aral Balkan committed
25

26
  - __Secure by default.__
Aral Balkan's avatar
Aral Balkan committed
27

28
    __At localhost:__ Automatically provisions locally-trusted TLS for development (courtesy of [mkcert](https://github.com/FiloSottile/mkcert) seamlessly integrated via [Auto Encrypt Localhost](https://source.small-tech.org/site.js/lib/auto-encrypt-localhost)).
Aral Balkan's avatar
Aral Balkan committed
29

30
    __And everywhere else:__ Automatically provisions globally-trusted TLS for staging and production (courtesy of [Let’s Encrypt](https://letsencrypt.org/) seamlessly integrated via [Auto Encrypt](https://source.small-tech.org/site.js/lib/auto-encrypt) and [systemd](https://freedesktop.org/wiki/Software/systemd/)).
Aral Balkan's avatar
Aral Balkan committed
31

32
    Your server will score an A+ on the [SSL Labs SSL Server Test](https://www.ssllabs.com/ssltest).
Aral Balkan's avatar
Aral Balkan committed
33

34
  - __Supports the creation of static web sites, dynamic web sites, and hybrid sites__ (via integrated [Node.js](https://nodejs.org/) and [Express](https://expressjs.com)).
Aral Balkan's avatar
Aral Balkan committed
35

36
  - __Supports [DotJS](#dotjs) for dynamic routes.__ (DotJS is PHP-like simple routing for Node.js introduced by Site.js for quickly prototyping and building dynamic sites).
Aral Balkan's avatar
Aral Balkan committed
37

38
  - __Includes [Hugo static site generator](#static-site-generation).__
39

40
  - __[Sync](#sync) to deploy__ (uses rsync for quick deployments). Can also [Live Sync](#live-sync) for live blogging, etc. For sites that implement the [Small Web](https://ar.al/2020/08/07/what-is-the-small-web/) conventions, you can also use the simplified [pull and push commands](#pull-and-push).
Aral Balkan's avatar
Aral Balkan committed
41

42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
  - __Has privacy-respecting [ephemeral statics](#ephemeral-statistics)__. Gives you insight into how your site is being used, not into the people using it.

  - __Supports [WebSockets](#websocket-wss-routes)__ (via integrated [express-ws](https://github.com/HenningM/express-ws), which itself wraps [ws](https://github.com/websockets/ws)).

  - __Can be used as a proxy server__ (via integrated [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware)).

  - __Supports [an evergreen web](#native-support-for-an-evergreen-web).__

    [The archival cascade](#the-archival-cascade) and [Native 404 → 302 support](#native-404--302-support) help you migrate and evolve your existing sites using Site.js without breaking existing links.

  - __Live reload__ on static pages.

  - __Automatic server reload__ when the source code of your dynamic routes change.

  - __Auto updates__ of production servers.
57
58

  <ins>Note:</ins> Production use via startup daemon is only supported on Linux distributions with systemd.
Aral Balkan's avatar
Aral Balkan committed
59

60
## Install
Aral Balkan's avatar
Aral Balkan committed
61

Aral Balkan's avatar
Aral Balkan committed
62
63
Copy and paste the following commands into your terminal:

64
65
__(Note: all commands should be run in your regular account, not as root.)__

66
### Native binaries
Aral Balkan's avatar
Aral Balkan committed
67

68
__Before you pipe any script into your computer, always view the source code ([Linux and macOS](https://should-i-pipe.it/https://sitejs.org/install), [Windows](https://should-i-pipe.it/https://sitejs.org/install.txt)) and make sure you understand what it does.__
69
70

#### Linux
Aral Balkan's avatar
Aral Balkan committed
71

72
```shell
Aral Balkan's avatar
Aral Balkan committed
73
wget -qO- https://sitejs.org/install | bash
Aral Balkan's avatar
Aral Balkan committed
74
75
```

76
77
(To use curl instead, see the macOS instructions, below.)

78
79
80
81
82
83
#### macOS

```shell
curl -s https://sitejs.org/install | bash
```

Aral Balkan's avatar
Aral Balkan committed
84
#### Windows 10 with PowerShell running under Windows Terminal
85
86

```shell
87
iex(iwr -UseBasicParsing https://sitejs.org/install.txt).Content
88
89
```

Aral Balkan's avatar
Aral Balkan committed
90
91
### Node.js

92
```shell
Aral Balkan's avatar
Aral Balkan committed
93
npm i -g @small-tech/site.js
Aral Balkan's avatar
Aral Balkan committed
94
95
```

96
97
### Alpha and Beta channels

Aral Balkan's avatar
Aral Balkan committed
98
On Linux and macOS, in addition to the release build channel, there is also an alpha build and beta build channel available. Pass either `alpha` or `beta` as an argument to the Bash pipe to install the latest build from the respective channel.
99
100
101
102
103
104
105
106
107
108
109

For example, to install the latest beta build on Linux:

```shell
wget -qO- https://sitejs.org/install | bash -s -- beta
```

Alpha builds are strictly for local testing and should not, under any circumstances, be used in production. We do not test Alpha builds in production.

Servers deployed using release builds check for updates every six hours whereas beta builds check every 10 minutes.

Aral Balkan's avatar
Aral Balkan committed
110
111
Note that the latest alpha or beta build available may be older than the latest release build. You can check the date on the build via the `version` command.

112
113
114
115
## System Requirements

### Linux

116
Any recent Linux distribution should work. However, Site.js is most thoroughly tested at Small Technology Foundation on Ubuntu 20.04/Pop!_OS 20.04 (development and staging) and Ubuntu 18.04 LTS (production).
117

118
There are builds available for x64, ARM, and ARM64.
119

120
For production use, [systemd](https://en.wikipedia.org/wiki/Systemd) is required.
121
122
123

### macOS

124
macOS 10.14.x Mojave and macOS 10.15.x Catalina are supported (the latter as of Site.js 12.5.1).
125
126
127
128
129
130
131

_Production use is not possible under macOS._

### Windows 10

The current version of Windows 10 is supported with PowerShell running under [Windows Terminal](https://github.com/Microsoft/Terminal).

Aral Balkan's avatar
Aral Balkan committed
132
__Windows Subsystem for Linux (WSL) is _not_ supported.__ (You can install and run Site.js under WSL but seamless TLS certificate handling for local servers will not work out of the box as WSL and Windows 10 do not share certificate stores. If you do want to use Site.js under WSL, you have to first install Site.js on Windows 10 and run a local server (`site`) to create the certificate authority and certificates, then install and run Site.js under WSL and then manually copy the contents of `~/.small-tech.org/site.js/tls/local/` from Windows 10 to WSL.)
133
134
135

_Production use is not possible under Windows._

136
137
## Dependencies

138
Site.js tries to seamlessly install the dependencies it needs when run. That said, there are certain basic components it expects on a Linux-like system. These are:
139
140

  - `sudo`
Aral Balkan's avatar
Aral Balkan committed
141
142
  - `bash` (on Linux, macOS, etc.) or `PowerShell` running under [Windows Terminal](https://github.com/Microsoft/Terminal) (on Windows 10).
  - `wget` or `curl` (on Linux and macOS) us required to download the installation script when installing Site.js using the one-line installation command. On Linux, you can install either via your distribution’s package manager (e.g., `sudo apt install wget` on Ubuntu-like systems). macOS comes with curl installed.
143

144
If it turns out that any of these prerequisites are a widespread cause of first-run woe, we can look into having them installed automatically in the future. Please [open an issue](https://github.com/small-tech/site.js/issues) if any of these affects you during your deployments or in everyday use.
145

Aral Balkan's avatar
Aral Balkan committed
146
147
148
149
### Automatically-installed dependencies

__For production use, passwordless sudo is required.__ On systems where the sudo configuration directory is set to `/etc/sudoers.d`, Site.js will automatically install this rule. On other systems, you might have to [set it up yourself](https://serverfault.com/questions/160581/how-to-setup-passwordless-sudo-on-linux).

Aral Balkan's avatar
Aral Balkan committed
150
__For localhost servers__, the bundled [mkcert](https://github.com/FiloSottile/mkcert) requires [certutil](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil) and the [Network Security Services](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS) (NSS) dynamic libraries. Site.js will attempt to automatically install the required libraries using popular package managers. <strike>Please note that this will fail on PinePhones running UBPorts as NSS is missing from the apt package manager for that distribution.</strike> ([The PinePhone issue](https://bugzilla.mozilla.org/show_bug.cgi?id=1652739) has been resolved.)
151

152
## Update (as of version 12.9.5; properly functioning as of version 12.9.6)
Aral Balkan's avatar
Aral Balkan committed
153
154
155
156
157
158
159
160
161

To seamlessly update the native binary if a newer version exists:

```shell
site update
```

This command will automatically restart a running Site.js daemon if one exists. If you are running Site.js as a regular process, it will continue to run and you will run the newer version the next time you launch a regular Site.js process.

162
163
164
165
__Note:__ There is a bug in the semantic version comparison in the original release with the update feature (version 12.9.5) that will prevent upgrades between minor versions (i.e., between 12.9.5 and 12.10.x and beyond). This was fixed in version 12.9.6. If you’re still on 12.9.5 and you’re reading this after we’ve moved to 12.10.0 and beyond, please stop Site.js if it’s running and [install the latest Site.js](#install) manually.

## Automatic updates in production (as of version 12.10.0)

166
[Production servers](#production) started with the `enable` command will automatically check for updates on first launch and then again at a set interval (currently every 6 hours) and update themselves as and when necessary.
167
168

This is a primary security feature given that Site.js is meant for use by individuals, not startups or enterprises with operations teams that can (in theory, at least) maintain servers with the latest updates.
169

170
171
172
173
174
## Uninstall

To uninstall the native binary (and any created artifacts, like TLS certificates, systemd services, etc.):

```shell
Aral Balkan's avatar
Aral Balkan committed
175
site uninstall
176
177
```

178
## Use
179

180
181
182
### Development (servers @localhost)

#### Regular server
183

184
Start serving the current directory at https://localhost as a regular process using locally-trusted certificates:
185
186

```shell
Aral Balkan's avatar
Aral Balkan committed
187
$ site
188
189
```

190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
This is a shorthand for the full form of the `serve` command which, for the above example, is:

```shell
$ site serve . @localhost:443
```

#### To serve on a different port

Just specify the port explicitly as in the following example:

```shell
$ site @localhost:666
```

That, again, is shorthand for the full version of the command, which is:

```shell
$ site serve . @localhost:666
```

210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
#### Accessing your local server over the local area network

You can access local servers via their IPv4 address over a local area network.

This is useful when you want to test your site with different devices without having to expose your server over the Internet using a service like ngrok. For example, if your machine’s IPv4 address on the local area network is 192.168.2.42, you can just enter that IP to access it from, say, your iPhone.

To access your local machine from a different device on your local area network, you must transfer the public key of your generated local root certificate authority to that device and install and trust it.

For example, if you’re on an iPhone, hit the `/.ca` route in your browser:

```
http://192.168.2.42/.ca
```

The browser will download the local root certificate authority’s public key and prompt you to install profile on your iPhone. You then have to go to Settings → Profile Downloaded → Tap Install when the Install Profile pop-up appears showing you the mkcert certificate you downloaded. Then, go to Settings → General → About → Certificate Trust Settings → Turn on the switch next to the mkcert certificate you downloaded. You should now be able to hit `https://192.168.2.42` and see your site from your iPhone.

You can also tranfer your key to your other devices manually. You can find the key at `~/.small-tech/site.js/tls/local/rootCA.pem` after you’ve created a local server at least once. For more details on transferring your key to other devices, please refer to [the relevant section in the mkcert documentation](https://github.com/FiloSottile/mkcert#mobile-devices).


229
#### Proxy server
230

231
You can use Site.js as a development-time reverse proxy for HTTP and WebSocket connections. This is useful if you have a web app written in any language that only supports HTTP (not TLS) that you want to deploy securely.
232

233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
For example, the following is a simple HTTP server written in Python 3 (_server.py_) that runs insecurely on port 3000:

```python
from http.server import HTTPServer, BaseHTTPRequestHandler

class MyRequestHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.end_headers()
        self.wfile.write(b'Hello, from Python!')

server = HTTPServer(('localhost', 3000), MyRequestHandler)
server.serve_forever()
```

Run it (at http://localhost:3000) with:
249
250

```shell
251
$ python3 server
252
253
```

254
255
256
257
258
259
260
Then, proxy it securely from https://localhost using:

```shell
$ site :3000
```


261
262
263
Again, this is a convenient shortcut. The full form of this command is:

```shell
264
$ site serve :3000 @localhost:443
265
266
```

267
268
This will create and serve the following proxies:

269
270
  * http://localhost:3000 → https://localhost
  * ws://localhost:3000 → wss://localhost
271

272
273
274
275
276
277
278
279
280
281
### Testing (servers @hostname)

#### Regular server

Start serving the _my-site_ directory at your _hostname_ as a regular process using globally-trusted Let’s Encrypt certificates:

```shell
$ site my-site @hostname
```

282
Note that as of 13.0.0, Site.js will refuse to start the server if your hostname (or the domain you specified manually using the `--domain` option and any aliases you may have specified using the `--aliases` option) fails to resolve or is unreachable. This should help you diagnose and fix typos in domain names as well as DNS misconfiguration and propagation issues. As of 14.1.0, you can use the `--skip-domain-reachability-check` flag to override this behaviour and skip the pre-flight checks.
283

284
285
286
287
288
289
290
291
#### Proxy server

Start serving `http://localhost:1313` and `ws://localhost:1313` at your _hostname_:

```shell
$ site :1313 @hostname
```

292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
#### macOS notes

To set your hostname under macOS (e.g., to `example.small-tech.org`), run the following command:

```shell
$ sudo scutil --set HostName example.small-tech.org
```

#### Windows 10 notes

On Windows 10, you must add quotation marks around `@hostname` and `@localhost`. So the first example, above, would be written in the following way on Windows 10:

```shell
$ site my-site "@hostname"
```

308
Also, Windows 10, unlike Linux and macOS, does not have the concept of a hostname. The closest thing to it is your _full computer name_. Setting your full computer name is a somewhat convoluted process so we’ve documented it here for you.
309
310
311
312
313
314
315
316
317
318

##### How to set your full computer name on Windows 10

Say you want to set your hostname to `my-windows-laptop.small-tech.org`:

1. Control Panel → System And Security → System → Change Settings link (next to Computer name) → [Change…] Button
2. Under Computer name, enter your _subdomain_ (`my-windows-laptop`)
3. [More…] Button → enter your _domain name_ (`small-tech.org`) in the Primary DNS suffix of this computer field.
4. Press the various [OK] buttons to dismiss the various modal dialogues and restart your computer.

319
320
#### Making your server public

321
Use a service like [ngrok](https://ngrok.com/) (Pro+) to point a custom domain name to your temporary staging server. Make sure you set your `hostname` file (e.g., in `/etc/hostname` or via `hostnamectl set-hostname <hostname>` or the equivalent for your platform) to match your domain name. The first time you hit your server via your hostname it will take a little longer to load as your Let’s Encrypt certificates are being automatically provisioned by Auto Encrypt.
Aral Balkan's avatar
Aral Balkan committed
322

323
324
When you start your server, it will run as a regular process. It will not be restarted if it crashes or if you exit the foreground process or restart the computer.

Aral Balkan's avatar
Aral Balkan committed
325
326
### Deployment

327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
#### Pull and push

As of version 14.4.0, you can use the simplified `pull` and `push` commands if your local and remote setup adheres to the following Small Web conventions:

##### Local

  - The name of your local working folder is the same as your domain (if not, specify the domain using the `--domain` oiption)
  - Your SSH key is either found at `~/.ssh/id_{your domain}_ed25519` or you have an _id_25519_ or _id_rsa_ file in your `~/.ssh` folder. (The former is a Small Web convention, the latter is a fallback general convention.)

##### Remote

  - __Account name:__ `site`
  - __Folder being served:__ `/home/site/public`

If those requirements are met, from within your site’s folder on your local machine, you can pull (download) your site using:

```shell
site pull
```

And you can push (deploy) your site using:

```shell
site push
```

The legacy `sync` command will continue to work as before and is documented below.

Aral Balkan's avatar
Aral Balkan committed
355
#### Sync
356

Aral Balkan's avatar
Aral Balkan committed
357
Site.js can help you deploy your site to your live server with its sync feature.
Aral Balkan's avatar
Aral Balkan committed
358
359

```shell
Aral Balkan's avatar
Aral Balkan committed
360
$ site my-demo --sync-to=my-demo.site
Aral Balkan's avatar
Aral Balkan committed
361
362
```

Aral Balkan's avatar
Aral Balkan committed
363
The above command will:
Aral Balkan's avatar
Aral Balkan committed
364

Aral Balkan's avatar
Aral Balkan committed
365
366
  1. Generate any Hugo content that might need to be generated.
  2. Sync your site from the local _my-demo_ folder via rsync over ssh to the host _my-demo.site_.
Aral Balkan's avatar
Aral Balkan committed
367

Aral Balkan's avatar
Aral Balkan committed
368
Without any customisations, the sync feature assumes that your account on your remote server has the same name as your account on your local machine and that the folder you are watching (_my-demo_, in the example above) is located at _/home/your-account/my-demo_ on the remote server. Also, by default, the contents of the folder will be synced, not the folder itself. You can change these defaults by specifying a full-qualified remote connection string as the `--sync-to` value.
Aral Balkan's avatar
Aral Balkan committed
369

Aral Balkan's avatar
Aral Balkan committed
370
The remote connection string has the format:
Aral Balkan's avatar
Aral Balkan committed
371

Aral Balkan's avatar
Aral Balkan committed
372
373
```
remoteAccount@host:/absolute/path/to/remoteFolder
Aral Balkan's avatar
Aral Balkan committed
374
375
```

Aral Balkan's avatar
Aral Balkan committed
376
For example:
Aral Balkan's avatar
Aral Balkan committed
377

Aral Balkan's avatar
Aral Balkan committed
378
379
380
381
```shell
$ site my-folder --sync-to=someOtherAccount@my-demo.site:/var/www
```

Aral Balkan's avatar
Aral Balkan committed
382
If you want to sync not the folder’s contents but the folder itself, use the `--sync-folder-and-contents` flag. e.g.,
Aral Balkan's avatar
Aral Balkan committed
383

Aral Balkan's avatar
Aral Balkan committed
384
```shell
Aral Balkan's avatar
Aral Balkan committed
385
$ site my-local-folder --sync-to=me@my.site:my-remote-folder --sync-folder-and-contents
Aral Balkan's avatar
Aral Balkan committed
386
387
```

Aral Balkan's avatar
Aral Balkan committed
388
The above command will result in the following directory structure on the remote server: _/home/me/my-remote-folder/my-local-folder_. It also demonstrates that if you specify a relative folder, Site.js assumes you mean the folder exists in the home directory of the account on the remote server.
Aral Balkan's avatar
Aral Balkan committed
389

Aral Balkan's avatar
Aral Balkan committed
390
391
392
393
394
395
396
#### Live Sync

With the Live Sync feature, you can have Site.js watch for changes to your content and sync them to your server in real-time (e.g., if you want to live blog something or want to keep a page updated with local data you’re collecting from a sensor).

To start a live sync server, provide the `--live-sync` flag to your sync request.

For example:
397
398

```shell
Aral Balkan's avatar
Aral Balkan committed
399
$ site my-demo --sync-to=my-demo.site --live-sync
400
401
```

Aral Balkan's avatar
Aral Balkan committed
402
403
The above command will start a local development server at _https://localhost_. Additionally, it will watch the folder _my-demo_ for changes and sync any changes to its contents via rsync over ssh to the host _my-demo.site_.

Aral Balkan's avatar
Aral Balkan committed
404

405
### Production
406

407
__Available on Linux distributions with systemd (most Linux distributions, but [not these ones](https://sysdfree.wordpress.com/2019/03/09/135/) or on macOS or Windows).__
408

409
410
411
412
__For production use, passwordless sudo is required.__ On systems where the sudo configuration directory is set to `/etc/sudoers.d`, Site.js will automatically install this rule. On other systems, you might have to [set it up yourself](https://serverfault.com/questions/160581/how-to-setup-passwordless-sudo-on-linux).

__Please make sure that you are NOT running as root.__

413
On your live, public server, you can start serving the _my-site_ directory at your _hostname_ as a daemon that is automatically run at system startup and restarted if it crashes with:
414
415

```shell
Aral Balkan's avatar
Aral Balkan committed
416
$ site enable my-site
417
418
```

419
The `enable` command sets up your server to start automatically when your server starts and restart automatically if it crashes.
420

421
For example, if you run the command on a connected server that has the ar.al domain pointing to it and `ar.al` set in _/etc/hostname_, you will be able to access the site at https://ar.al. (Yes, of course, [ar.al](https://ar.al) runs on Site.js.) The first time you hit your live site, it will take a little longer to load as your Let’s Encrypt certificates are being automatically provisioned by Auto Encrypt.
422

423
424
The automatic TLS certificate provisioning will get certificates for the naked domain and the _www_ subdomain. There is currently no option to add other subdomains. Also, please ensure that both the naked domain and the _www_ subdomain are pointing to your server before you enable your server and hit it to ensure that the provisioning works. This is especially important if you are migrating an existing site.

425
426
__Note:__ As of 13.0.0, the `enable` will run pre-flight checks and refuse to install the service if the domain name and any aliases you have specified are not reachable. As of 14.1.0, you can use the `--skip-domain-reachability-check` flag to override this behaviour and skip the pre-flight checks. Note that if you use this flag, the server launched by the installed service will also not check for reachability. This is useful if you want to set up a server via a script prior to DNS propagation. Just make sure you haven’t made any typos in any of the domain names as you will not be warned about any mistakes.

427
When the server is enabled, you can also use the following commands:
Aral Balkan's avatar
Aral Balkan committed
428

Aral Balkan's avatar
Aral Balkan committed
429
  - `start`: Start server.
430
  - `stop`: Stop server.
Aral Balkan's avatar
Aral Balkan committed
431
  - `restart`: Restart server.
432
  - `disable`: Stop server and remove from startup.
433
  - `logs`: Display and tail server logs.
434
  - `status`: Display detailed server information (press ‘q’ to exit).
Aral Balkan's avatar
Aral Balkan committed
435

436
Site.js uses the [systemd](https://freedesktop.org/wiki/Software/systemd/) to start and manage the daemon. Beyond the commands listed above that Site.js supports natively (and proxies to systemd), you can make use of all systemd functionality via the [systemctl](https://www.freedesktop.org/software/systemd/man/systemctl.html) and [journalctl](https://www.freedesktop.org/software/systemd/man/journalctl.html) commands.
Aral Balkan's avatar
Aral Balkan committed
437

438
439
## Build and test from source

Aral Balkan's avatar
Aral Balkan committed
440
441
442
Site.js is built using and supports Node.js LTS (currently version 12.16.2).

The build is created using Nexe and our own pre-built Nexe base Node.js binaries hosted on SiteJS.org. Please make sure that the version of your Node.js runtime matches the currently supported version stated above to ensure that the correct Nexe binary build is downloaded and used by the build script.
Aral Balkan's avatar
Aral Balkan committed
443

Aral Balkan's avatar
Aral Balkan committed
444
### Install the source and run tests
Aral Balkan's avatar
Aral Balkan committed
445

446
447
```shell
# Clone and install.
Aral Balkan's avatar
Aral Balkan committed
448
mkdir site.js && cd site.js
449
git clone https://source.small-tech.org/site.js/app.git
Aral Balkan's avatar
Aral Balkan committed
450
451
cd app
./install
452

453
454
455
456
457
458
459
460
# Run the app once (so that it can get your Node.js binary
# permission to bind to ports < 1024 on Linux ­– otherwise
# the tests will fail.)
bin/site.js test/site

# You should be able to see the site at https://localhost
# now. Press Ctrl+C to stop the server.

461
462
# Run unit tests.
npm test
Aral Balkan's avatar
Aral Balkan committed
463
```
464

465
466
__Note:__ If you upgrade your Node.js binary, please run `bin/site.js` again before running the tests (or using Site.js as a module in your own app) so that it can get permissions for your Node.js binary to bind to ports < 1024. Otherwise, it will fail with `Error: listen EACCES: permission denied 0.0.0.0:443`.

Aral Balkan's avatar
Aral Balkan committed
467
468
469
470
471
472
473
474
475
476
### Install as global Node.js module

After you install the source and run tests:

```shell
# Install the binary as a global module
npm i -g

# Serve the test site locally (visit https://localhost to view).
site test/site
477
478
```

Aral Balkan's avatar
Aral Balkan committed
479
__Note:__ for commands that require root privileges (i.e., `enable` and `disable`), Site.js will automatically restart itself using sudo and Node must be available for the root account. If you’re using [nvm](https://github.com/creationix/nvm), you can enable this via:
480
481

```shell
482
# Replace v10.16.3 with the version of node you want to make available globally.
Aral Balkan's avatar
Aral Balkan committed
483
484
sudo ln -s "$NVM_DIR/versions/node/v12.16.2/bin/node" "/usr/local/bin/node"
sudo ln -s "$NVM_DIR/versions/node/v12.16.2/bin/npm" "/usr/local/bin/npm"
485
486
```

487
488
489
490
491
492
493
494
If you forget to do this and run `site enable`, you will find the following error in the systemctl logs: `/etc/systemd/system/site.js.service:15: Executable "node" not found in path`. The command itself will fail with:

```
Error: Command failed: sudo systemctl start site.js
Failed to start site.js.service: Unit site.js.service has a bad unit file setting.
See system logs and 'systemctl status site.js.service' for details.
```

Aral Balkan's avatar
Aral Balkan committed
495
496
### Native binaries

Aral Balkan's avatar
Aral Balkan committed
497
After you install the source and run tests:
Aral Balkan's avatar
Aral Balkan committed
498

Aral Balkan's avatar
Aral Balkan committed
499
```shell
500
501
# Build the native binary for your platform.
# To build for all platforms, use npm run build -- --all
Aral Balkan's avatar
Aral Balkan committed
502
503
504
npm run build

# Serve the test site (visit https://localhost to view).
Aral Balkan's avatar
Aral Balkan committed
505
506
507
# e.g., Using the Linux binary with version <binary-version>
# in the format (YYYYMMDDHHmmss).
dist/linux/<binary-version>/site test/site
508
509
```

510
511
### Build and install native binary locally

Aral Balkan's avatar
Aral Balkan committed
512
513
After you install the source and run tests:

514
515
516
517
```shell
npm run install-locally
```

518
519
520
### Deployment

```shell
521
522
# To cross-compile binaries for Linux (x64), macOS, and Windows
# and also copy them over to the Site.js web Site for deployment.
523
524
# (You will most likely not need to do this.)
npm run deploy
Aral Balkan's avatar
Aral Balkan committed
525
526
```

527
## Syntax
528

Aral Balkan's avatar
Aral Balkan committed
529
```shell
530
site [command] [folder|:port] [@host[:port]] [--options]
Aral Balkan's avatar
Aral Balkan committed
531
```
532

533
  - `command`: serve | enable | disable | start | stop | logs | status | update | uninstall | version | help
534
535
536
537
538
  - `folder|:port`: Path of folder to serve (defaults to current folder) or port on localhost to proxy.
  - `@host[:port]`: Host (and, optionally port) to sync. Valid hosts are @localhost and @hostname.
  - `--options`: Settings that alter command behaviour.

__Key:__ `[]` = optional &nbsp;&nbsp;`|` = or
Aral Balkan's avatar
Aral Balkan committed
539

540
541
### Commands:

542
543
544
545
546
547
548
549
550
551
552
553
554
  - `serve`: Serve specified folder (or proxy specified `:port`) on specified `@host` (at `:port`, if given). The order of arguments is:

    1. what to serve,
    2. where to serve it at. e.g.,

    ```site serve my-folder @localhost```

    If a port (e.g., `:1313`) is specified instead of my-folder, start an HTTP/WebSocket proxy.

  - `enable`: Start server as daemon with globally-trusted certificates and add to startup.

  - `disable`: Stop server daemon and remove from startup.

555
556
557
558
  - `start`: Start server as daemon with globally-trusted certificates.

  - `stop`: Stop server daemon.

Aral Balkan's avatar
Aral Balkan committed
559
560
  - `restart`: Restart server daemon.

561
  - `logs`: Display and tail server logs.
Aral Balkan's avatar
Aral Balkan committed
562

563
564
  - `status`: Display detailed server information.

565
566
567
568
569
570
  - `update`: Check for Site.js updates and update if new version is found.
  - `uninstall`: Uninstall Site.js.

  - `version`: Display version and exit.
  - `help`: Display help screen and exit.

571
If `command` is omitted, behaviour defaults to `serve`.
572
573

### Options:
Aral Balkan's avatar
Aral Balkan committed
574

Aral Balkan's avatar
Aral Balkan committed
575
576
#### For both the `serve` and `enable` commands:

577
578
  - `--domain`: The main domain to serve (defaults to system hostname if not specified).

579
  - `--aliases`: Comma-separated list of additional domains to obtain TLS certificates for and respond to. These domains point to the main domain via a 302 redirect. Note that as of 13.0.0, the _www_ alias is not added automatically. To specify it, you can use the shorthand form:`--aliases=www`
Aral Balkan's avatar
Aral Balkan committed
580

581
582
  - `--skip-domain-reachability-check`:	Do not run pre-flight check for domain reachability.

583
#### For the `serve` command:
Aral Balkan's avatar
Aral Balkan committed
584

585
  - `--sync-to`: The host to sync to.
Aral Balkan's avatar
Aral Balkan committed
586

587
  - `--sync-from`: The folder to sync from (only relevant if `--sync-to` is specified).
Aral Balkan's avatar
Aral Balkan committed
588

Aral Balkan's avatar
Aral Balkan committed
589
  - `--live-sync`: Watch for changes and live sync them to a remote server (only relevant if `--sync-to` is specified).
Aral Balkan's avatar
Aral Balkan committed
590

591
  - `--sync-folder-and-contents`: Sync folder and contents (default is to sync the folder’s contents only).
Aral Balkan's avatar
Aral Balkan committed
592

593
594
595
#### For the `enable` command:

  - `--ensure-can-sync`: Ensure server can rsync via ssh.
Aral Balkan's avatar
Aral Balkan committed
596

597
All command-line arguments are optional. By default, Site.js will serve your current working folder over port 443 with locally-trusted certificates.
598

599
When you `serve` a site at `@hostname` or use the `enable` command, globally-trusted Let’s Encrypt TLS certificates are automatically provisioned for you using Auto Encrypt the first time you hit your hostname. The hostname for the certificates is automatically set from the hostname of your system (and the _www._ subdomain is also automatically provisioned).
600

Aral Balkan's avatar
Aral Balkan committed
601
602
## Usage examples

603
### Develop using locally-trusted TLS certificates
Aral Balkan's avatar
Aral Balkan committed
604
605
606

| Goal                                      | Command                                                       |
| ----------------------------------------- | ------------------------------------------------------------- |
607
608
609
610
611
612
613
614
615
| Serve current folder*                     | site                                                          |
|                                           | site serve                                                    |
|                                           | site serve .                                                  |
|                                           | site serve . @localhost                                       |
|                                           | site serve . @localhost:443                                   |
| Serve folder demo (shorthand)             | site demo                                                     |
| Serve folder demo on port 666             | site serve demo @localhost:666                                |
| Proxy localhost:1313 to https://localhost*| site :1313                                                    |
|                                           | site serve :1313 @localhost:443                               |
Aral Balkan's avatar
Aral Balkan committed
616
617
618
619
620
| Sync demo folder to my.site               | site demo --sync-to=my.site                                   |
| Ditto, but use account me on my.site      | site demo --sync-to=me@my.site                                |
| Ditto, but sync to remote folder ~/www    | site demo --sync-to=me@my.site:www                            |
| Ditto, but specify absolute path          | site demo --sync-to=me@my.site:/home/me/www                   |
| Live sync current folder to my.site       | site --sync-to=my.site --live-sync                            |
621
622
623
624

### Stage and deploy using globally-trusted Let’s Encrypt certificates

#### Regular process:
Aral Balkan's avatar
Aral Balkan committed
625
626
627

| Goal                                      | Command                                                       |
| ----------------------------------------- | ------------------------------------------------------------- |
628
| Serve current folder                      | site @hostname                                                |
629
| Serve current folder at specified domain  | site @hostname --domain=my.site                               |
630
| Serve current folder also at aliases	    | site @hostname --aliases=www,other.site,www.other.site        |
631
632
633
634
635
636
| Serve folder demo*                        | site demo @hostname                                           |
|                                           | site serve demo @hostname                                     |
| Proxy localhost:1313 to https://hostname  | site serve :1313 @hostname                                    |

#### Start-up daemon:

637
638
| Goal                                      | Command                                                       |
| ----------------------------------------- | ------------------------------------------------------------- |
Aral Balkan's avatar
Aral Balkan committed
639
| Serve current folder as daemon            | site enable                                                   |
640
| Ditto & also ensure it can rsync via ssh  | site enable --ensure-can-sync                                 |
Aral Balkan's avatar
Aral Balkan committed
641
| Get status of daemon                      | site status                                                   |
Aral Balkan's avatar
Aral Balkan committed
642
643
644
| Start server                              | site start                                                    |
| Stop server                               | site stop                                                     |
| Restart server                            | site restart                                                  |
Aral Balkan's avatar
Aral Balkan committed
645
646
| Display server logs                       | site logs                                                     |
| Stop current daemon                       | site disable                                                  |
Aral Balkan's avatar
Aral Balkan committed
647

Aral Balkan's avatar
Aral Balkan committed
648
649
650
651
652
653
#### General:

| Goal                                      | Command                                                       |
| ----------------------------------------- | ------------------------------------------------------------- |
| Check for updates and update if found     | site update                                                   |

654
\* _Alternative, equivalent forms listed (some commands have shorthands)._
655

656
## Native support for an Evergreen Web
657

Aral Balkan's avatar
Aral Balkan committed
658
What if links never died? What if we never broke the Web? What if it didn’t involve any extra work? It’s possible. And, with Site.js, it’s effortless.
659

660
### The Archival Cascade
661

662
__(As of version 13.0.0)__ If you have static archives of previous versions of your site, you can have Site.js automatically serve them for you.
663
664
665
666
667
668
669

Just put them into folder named `.archive-1`, `.archive-2`, etc.

If a path cannot be found in your current site, Site.js will search for it first in `.archive-2` and, if it cannot find it there either, in `.archive-1`.

Paths in your current site will override those in `.archive-2` and those in `.archive-2` will, similarly, override those in `.archive-1`.

Timo Tijhof's avatar
Timo Tijhof committed
670
Use the archival  old links will never die but if you do replace them with newer content in newer versions, those will take precedence.
671

672
#### Legacy method (pre version 13.0.0)
673
674

In older versions, the convention for specifying the archival cascade was as follows:
675
676
677
678

```
|- my-site
|- my-site-archive-1
679
680
|- my-site-archive-2
|- etc.
681
682
```

683
This legacy method of specifying the archival cascade is still supported but may be removed in a future release. Please use the recommended method outlined above instead.
684
685
686
687

### Native 404 → 302 support

But what if the previous version of your site is a dynamic site and you either don’t want to lose the dynamic functionality or you simply cannot take a static backup. No worries. Just move it to a different subdomain or domain and make your 404s into 302s.
688

Aral Balkan's avatar
Aral Balkan committed
689
Site.js has native support for [the 404 to 302 technique](https://4042302.org) to ensure an evergreen web. Just serve the old version of your site (e.g., your WordPress site, etc.) from a different subdomain and tell Site.js to forward any unknown requests on your new static site to that subdomain so that all your existing links magically work.
690
691
692

To do so, create a simple file called `4042302` in the root directory of your web content and add the URL of the server that is hosting your older content. e.g.,

693
### /4042302
694
```
Aral Balkan's avatar
Aral Balkan committed
695
https://the-previous-version-of.my.site
696
```
697
698
699
700
701
702

You can chain the 404 → 302 method any number of times to ensure that none of your links ever break without expending any additional effort to migrate your content.

For more information and examples, see [4042302.org](https://4042302.org).

## Custom error pages
703

704
705
![Screenshot of the custom 404 error page included in the unit tests](images/custom-404.png)

706
707
708
709
You can specify a custom error page for 404 (not found) and 500 (internal server error) errors. To do so, create a folder with the status code you want off of the root of your web content (i.e., `/404` and/or `/500`) and place at least an `index.html` file in the folder. You can also, optionally, put any assets you want to display on your error pages into those folders and load them in via relative URLs. Your custom error pages will be served with the proper error code and at the URL that was being accessed.

If you do not create custom error pages, the built-in default error pages will be displayed for 404 and 500 errors.

710
When creating your own servers (see [API](#API)), you can generate the default error pages programmatically using the static methods `Site.default404ErrorPage()` and `Site.default500ErrorPage()`, passing in the missing path and the error message as the argument, respectively to get the HTML string of the error page returned.
711

712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
## Ephemeral statistics

When Site.js launches, you will see a line similar to the following in the console:

```
📊    ❨site.js❩ For statistics, see https://localhost/b64bd821d521b6a65a307c2b83060766
```

This is your private, cryptographically secure URL where you can access ephemeral statistics about your site. If you want to share your statistics, link to them publicly. If you want to keep them private, keep the URL secret.

![Screenshot of the statistics page](/images/statistics.png)

The statistics are ephemeral as they are only kept in memory and they reset any time your server restarts.

The statistics are very basic and they’re there only to give an idea about which parts of your site are most popular as well as to highlight missing pages, etc., They’re not there so you can spy on people (if you want to do that, this is not the tool for you).

728
729
## Static site generation

730
As of version 13.0.0, Site.js includes the [Hugo static site generator](https://gohugo.io).
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769

To create a new Hugo site and start serving it:

```shell
mkdir my-site
```

__Note:__ During development, this feature uses Site.js’s live reload instead of Hugo’s. Your web page must have at least a `<body>` tag for it to work.

### How it works

If Site.js finds a folder called _.hugo_ in your site’s root, it will build it using its integrated Hugo instance (you don’t need to install Hugo separately) and place the generated files into a folder called _.generated_ in your site’s root. It will also automatically serve these files.

You can pass any command you would normally pass to Hugo using Site.js’s integrated Hugo instance:

```shell
site hugo [any valid Hugo command]
```

Please see [the Hugo documentation](https://gohugo.io/documentation/) for detailed information on how Hugo works.

### Mounting Hugo sites

Site.js will automatically mount files in the _.hugo_ directory at your site’s root.

If you want the generated Hugo site to be mounted at a different path, include the path structure you want in the name of the hugo folder, separating paths using two dashes. For example:

Folder name               | Mount path         |
------------------------- | ------------------ |
.hugo                     | /                  |
.hugo--docs               | /docs              |
.hugo--second-level--blog | /second-level/blog |

You can include any number of Hugo sites in your site and mount them at different paths and the results will be weaved together into the _.generated_ folder. We call this feature… _ahem_… Hugo Weaving (we’ll show ourselves out).

All regular Site.js functionality is still available when using Hugo generation. So you can, for example, have your blog statically-generated using Hugo and extend it using locally-hosted dynamic comments.

__Note:__ Hugo’s [Multilingual Multihost mode](https://gohugo.io/content-management/multilingual/#configure-multilingual-multihost) is _not_ supported.

Aral Balkan's avatar
Aral Balkan committed
770
771
## Dynamic sites

772
You can specify routes with dynamic functionality by specifying HTTPS and WebSocket (WSS) routes in two ways: either using DotJS – a simple file system routing convention ala PHP, but for JavaScript – or through code in a _routes.js_ file.
Aral Balkan's avatar
Aral Balkan committed
773
774
775

In either case, your dynamic routes go into a directory named _.dynamic_ in the root of your site.

776
777
778
### DotJS

DotJS maps JavaScript modules in a file system hierarchy to routes on your web site in a manner that will be familiar to anyone who has ever used PHP.
Aral Balkan's avatar
Aral Balkan committed
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807

#### GET-only (simplest approach)

The easiest way to get started with dynamic routes is to simply create a JavaScript file in a folder called _.dynamic_ in the root folder of your site. Any routes added in this manner will be served via HTTPS GET.

For example, to have a dynamic route at `https://localhost`, create the following file:

```
.dynamic/
    └ index.js
```

Inside _index.js_, all you need to do is to export your route handler:

```js
let counter = 0

module.exports = (request, response) => {
  response
    .type('html')
    .end(`
      <h1>Hello, world!</h1>
      <p>I’ve been called ${++counter} time${counter > 1 ? 's': ''} since the server started.</p>
    `)
}
```

To test it, run a local server (`site`) and go to `https://localhost`. Refresh the page a couple of times to see the counter increase.

808
Congratulations, you’ve just made your first dynamic route using DotJS.
809

Aral Balkan's avatar
Aral Balkan committed
810
811
812
In the above example, _index.js_ is special in that the file name is ignored and the directory that the file is in becomes the name of the route. In this case, since we put it in the root of our site, the route becomes `/`.

Usually, you will have more than just the index route (or your index route might be a static one). In those cases, you can either use directories with _index.js_ files in them to name and organise your routes or you can use the names of _.js_ files themselves as the route names. Either method is fine but you should choose one and stick to it in order not to confuse yourself later on (see [Precedence](#Precendence), below).
813

814
So, for example, if you wanted to have a dynamic route that showed the server CPU load and free memory, you could create a file called _.dynamic/server-stats.js_ in your web folder with the following content:
815
816
817
818

```js
const os = require('os')

Aral Balkan's avatar
Aral Balkan committed
819
function serverStats (request, response) {
820
821
822
823
824
825
826

  const loadAverages = `<p> ${os.loadavg().reduce((a, c, i) => `${a}\n<li><strong>CPU ${i+1}:</strong> ${c}</li>`, '<ul>') + '</ul>'}</p>`

  const freeMemory = `<p>${os.freemem()} bytes</p>`

  const page = `<html><head><title>Server statistics</title><style>body {font-family: sans-serif;}</style></head><body><h1>Server statistics</h1><h2>Load averages</h2>${loadAverages}<h2>Free memory</h2>${freeMemory}</body></html>`

Aral Balkan's avatar
Aral Balkan committed
827
828
829
  response
    .type('html')
    .end(page)
830
831
832
833
834
}

module.exports = serverStats
```

Aral Balkan's avatar
Aral Balkan committed
835
Site.js will load your dynamic route at startup and you can test it by hitting _https://localhost/server-stats_ using a local web server. Each time you refresh, you should get the latest dynamic content.
836

Aral Balkan's avatar
Aral Balkan committed
837
838
__Note:__ You could also have named your route _.dynamic/server-stats/index.js_ and still hit it from _https://localhost/server-stats_. It’s best to keep to one or other convention (either using file names as route names or directory names as route names). Using both in the same app will probably confuse you (see [Precedence](#Precendence), below).

839
##### Using node modules
840

841
842
843
Since Site.js contains Node.js, anything you can do with Node.js, you do with Site.js, including using node modules and [npm](https://www.npmjs.com/). To use custom node modules, initialise your _.dynamic_ folder using `npm init` and use `npm install`. Once you’ve done that, any modules you `require()` from your DotJS routes will be properly loaded and used.

Say, for example, that you want to display a random ASCII Cow using the Cows module (because why not?) To do so, create a _package.json_ file in your _.dynamic_ folder (e.g., use `npm init` to create this interactively). Here’s a basic example:
Aral Balkan's avatar
Aral Balkan committed
844
845
846
847
848
849
850
851
852
853
854
855

```json
{
  "name": "random-cow",
  "version": "1.0.0",
  "description": "Displays a random cow.",
  "main": "index.js",
  "author": "Aral Balkan <mail@ar.al> (https://ar.al)",
  "license": "AGPL-3.0-or-later"
}
```

856
Then, install the [cows node module](https://www.npmjs.com/package/cows) using npm:
Aral Balkan's avatar
Aral Balkan committed
857
858
859
860
861

```sh
npm i cows
```

862
This will create a directory called _node_modules_ in your _.dynamic_ folder and install the cows module (and any dependencies it may have) inside it. Now is also a good time to create a `.gitignore` file in the root of your web project and add the _node_modules_ directory to it if you’re using Git for source control so that you do not end up accidentally checking in your node modules. Here’s how you would do this using the command-line on Linux-like systems:
Aral Balkan's avatar
Aral Balkan committed
863
864
865
866
867
868
869
870
871
872
873
874
875

```sh
echo 'node_modules' >> .gitignore
```

Now, let’s create the route. We want it reachable at `https://localhost/cows` (of course), so let’s put it in:

```
.dynamic/
    └ cows
        └ index.js
```

876
And, finally, here’s the code for the route itself:
Aral Balkan's avatar
Aral Balkan committed
877
878
879
880
881
882
883
884
885
886
887
888
889

```js
const cows = require('cows')()

module.exports = function (request, response) {
  const randomCowIndex = Math.round(Math.random()*cows.length)-1
  const randomCow = cows[randomCowIndex]

  function randomColor () {
    const c = () => (Math.round(Math.random() * 63) + 191).toString(16)
    return `#${c()}${c()}${c()}`
  }

890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
  response
    .type('html')
    .end(`
      <!doctype html>
      <html lang='en'>
      <head>
        <meta charset='utf-8'>
        <meta name='viewport' content='width=device-width, initial-scale=1.0'>
        <title>Cows!</title>
        <style>
          html { font-family: sans-serif; color: dark-grey; background-color: ${randomColor()}; }
          body {
            display: grid; align-items: center; justify-content: center;
            height: 100vh; vertical-align: top; margin: 0;
          }
          pre { font-size: 24px; color: ${randomColor()}; mix-blend-mode: difference;}
        </style>
      </head>
      <body>
          <pre>${randomCow}</pre>
      </body>
      </html>
    `)
Aral Balkan's avatar
Aral Balkan committed
913
914
915
916
917
}
```

Now if you run `site` on the root of your web folder (the one that contains the _.dynamic_ folder) and hit `https://localhost/cows`, you should get a random cow in a random colour every time you refresh.

918
If including HTML and CSS directly in your dynamic route makes you cringe, feel free to `require` your templating library of choice and move them to external files. As hidden folders (directories that begin with a dot) are ignored in the _.dynamic_ folder and its subfolders, you can place any assets (HTML, CSS, images, etc.) into a directory that starts with a dot and load them in from there.
Aral Balkan's avatar
Aral Balkan committed
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006

For example, if I wanted to move the HTML and CSS into their own files in the example above, I could create the following directory structure:

```
.dynamic/
    └ cows
        ├ .assets
        │     ├ index.html
        │     └ index.css
        └ index.js
```

For this example, I’m not going to use an external templating engine but will instead rely on the built-in template string functionality in JavaScript along with `eval()` (which is perfectly safe to use here as we are not processing external input).

So I move the HTML to the _index.html_ file (and add a template placeholder for the CSS in addition to the existing random cow placeholder):

```html
<!doctype html>
<html lang='en'>
<head>
  <meta charset='utf-8'>
  <meta name='viewport' content='width=device-width, initial-scale=1.0'>
  <title>Cows!</title>
  <style>${css}</style>
</head>
<body>
    <pre>${randomCow}</pre>
</body>
</html>
```

And, similarly, I move the CSS to its own file, _index.css_:

```css
html {
  font-family: sans-serif;
  color: dark-grey;
  background-color: ${randomColor()};
}

body {
  display: grid;
  align-items: center;
  justify-content: center;
  height: 100vh;
  vertical-align: top;
  margin: 0;
}

pre {
  font-size: 24px;
  mix-blend-mode: difference;
  color: ${randomColor()};
}
```

Then, finally, I modify my `cows` route to read in these two template files and to dynamically render them in response to requests. My _index.js_ now looks like this:

```js
// These are run when the server starts so sync calls are fine.
const fs = require('fs')
const cssTemplate = fs.readFileSync('cows/.assets/index.css')
const htmlTemplate = fs.readFileSync('cows/.assets/index.html')
const cows = require('cows')()

module.exports = function (request, response) {
  const randomCowIndex = Math.round(Math.random()*cows.length)-1
  const randomCow = cows[randomCowIndex]

  function randomColor () {
    const c = () => (Math.round(Math.random() * 63) + 191).toString(16)
    return `#${c()}${c()}${c()}`
  }

  function render (template) {
    return eval('`' + template + '`')
  }

  // We render the CSS template first…
  const css = render(cssTemplate)

  // … because the HTML template references the rendered CSS template.
  const html = render(htmlTemplate)

  response.type('html').end(html)
}
```

Aral Balkan's avatar
Aral Balkan committed
1007
When you save this update, Site.js will automatically reload the server with your new code (version 12.9.7 onwards). When you refresh in your browser, you should see exactly the same behaviour as before.
1008

1009
As you can see, you can create quite a bit of dynamic functionality just by using DotJS with its most basic file-based routing mode. However, with this convention you are limited to GET routes. To use both GET and POST routes, you have to do a tiny bit more work, as explained in the next section.
1010

1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
#### GET and POST routes

If you need POST routes (e.g., you want to post form content back to the server) in addition to GET routes, the directory structure works a little differently. In this case, you have to create a _.get_ directory for your GET routes and a _.post_ directory for your post routes.

Otherwise, the naming and directory structure conventions work exactly as before.

So, for example, if you have the following directory structure:

```
site/
  └ .dynamic/
        ├ .get/
        │   └ index.js
        └ .post/
            └ index.js
```

Then a GET request for `https://localhost` will be routed to _site/.dynamic/.get/index.js_ and a POST request for `https://localhost` will be routed to _site/.dynamic/.post/index.js_.

These two routes are enough to cover your needs for dynamic routes and form handling.

Aral Balkan's avatar
Aral Balkan committed
1032
1033
#### WebSocket (WSS) routes

1034
1035
1036
Site.js is not limited to HTTPS, it also supports secure WebSockets.

To define WebSocket (WSS) routes alongside HTTPS routes, modify your directory structure so it resembles the one below:
Aral Balkan's avatar
Aral Balkan committed
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049

```
site/
  └ .dynamic/
        ├ .https/
        │   ├ .get/
        │   │   └ index.js
        │   └ .post/
        │       └ index.js
        └ .wss/
            └ index.js
```

1050
1051
1052
Note that all we’ve done is to move our HTTPS _.get_ and _.post_ directories under a _.https_ directory and we’ve created a separate _.wss_ directory for our WebSocket routes.

Here’s how you would implement a simple echo server that sends a copy of the message it receives from a client to that client:
1053
1054
1055
1056
1057
1058
1059
1060
1061

```js
module.exports = (client, request) => {
  client.on('message', (data) => {
    client.send(data)
  })
}
```

1062
You can also broadcast messages to all or a subset of connected clients. Here, for example, is a naïve single-room chat server implementation that broadcasts messages to all connected WebSocket clients (including the client that originally sent the message and any other clients that might be connected to different WebSocket routes on the same server):
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081

```js
module.exports = (currentClient, request) {
  ws.on('message', message => {
    this.getWss().clients.forEach(client => {
      client.send(message)
    })
  })
})
```

To test it out, run Site.js and then open up the JavaScript console in a couple of browser windows and enter the following code into them:

```js
const socket = new WebSocket('https://localhost/chat')
socket.onmessage = message => console.log(message.data)
socket.send('Hello!')
```

1082
1083
1084
For a slightly more sophisticated example that doesn’t broadcast a client’s own messages to itself and selectively broadcasts to only the clients in the same “rooms”, see the [Simple Chat example](examples/simple-chat). And here’s [a step-by-step tutorial](https://ar.al/2019/10/11/build-a-simple-chat-app-with-site.js/) that takes you through how to build it.

Here’s a simplified listing of the code for the server component of this example:
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102

```js
module.exports = function (client, request) {
  // A new client connection has been made.
  // Persist the client’s room based on the path in the request.
  client.room = this.setRoom(request)

  console.log(`New client connected to ${client.room}`)

  client.on('message', message => {
    // A new message has been received from a client.
    // Broadcast it to every other client in the same room.
    const numberOfRecipients = this.broadcast(client, message)

    console.log(`${client.room} message broadcast to ${numberOfRecipients} recipient${numberOfRecipients === 1 ? '' : 's'}.`)
  })
}
```
1103

1104
### Advanced routing (routes.js file)
Aral Balkan's avatar
Aral Balkan committed
1105

1106
DotJS should get you pretty far for simpler use cases, but if you need full flexibility in routing (to use regular expressions in defining route paths, for example, or for initialising global objects that need to survive for the lifetime of the server), simply define a _routes.js_ in your _.dynamic_ folder:
Aral Balkan's avatar
Aral Balkan committed
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117

```
site/
  └ .dynamic/
        └ routes.js
```

The _routes.js_ file should export a function that accepts a reference to the Express app created by Site.js and defines its routes on it. For example:

```js
module.exports = app => {
1118
1119
1120
1121
1122
  // HTTPS route with a parameter called thing.
  app.get('/hello/:thing', (request, response) => {
    response
      .type('html')
      .end(`<h1>Hello, ${request.params.thing}!</h1>`)
Aral Balkan's avatar
Aral Balkan committed
1123
1124
  })

1125
1126
1127
1128
  // WebSocket route: echos messages back to the client that sent them.
  app.ws('/echo', (client, request) => {
  client.on('message', (data) => {
    client.send(data)
Aral Balkan's avatar
Aral Balkan committed
1129
1130
1131
1132
  })
}
```

1133
When using the _routes.js_ file, you can use all of the features in [express](https://expressjs.com/) and [our fork of express-ws](https://github.com/aral/express-ws) (which itself wraps [ws](https://github.com/websockets/ws#usage-examples)).
Aral Balkan's avatar
Aral Balkan committed
1134

1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
### Routing precedence

#### Between dynamic route and static route

If a dynamic route and a static route have the same name, the dynamic route will take precedence. So, for example, if you’re serving the following site:

```
site/
  ├ index.html
  └ .dynamic/
        └ index.js
```

When you hit `https://localhost`, you will get the dynamic route defined in _index.js_.

#### Between two dynamic routes (TL; DR: do not rely on this)

In the following scenario:

```
site/
  └ .dynamic/
        ├ fun.html
        └ fun/
           └ index.js
```

The behaviour observed under Linux at the time of writing is that _fun/index.js_ will have precendence and mask _fun.html_. __Do not rely on this behaviour.__ The order of dynamic routes is based on a directory crawl and is not guaranteed to be the same in all future versions. For your peace of mind, please do not mix file-name-based and directory-name-based routing.

#### Between the various routing methods

Each of the routing conventions are mutually exclusive and applied according to the following precedence rules:

1. Advanced _routes.js_-based advanced routing.
Aral Balkan's avatar
Aral Balkan committed
1169

1170
2. DotJS with separate folders for _.https_ and _.wss_ routes routing (the _.http_ folder itself will apply precedence rules 3 and 4 internally).
Aral Balkan's avatar
Aral Balkan committed
1171

1172
3. DotJS with separate folders for _.get_ and _.post_ routes in HTTPS-only routing.
Aral Balkan's avatar
Aral Balkan committed
1173

1174
4. DotJS with GET-only routing.
1175
1176
1177

So, if Site.js finds a _routes.js_ file in the root folder of your site’s folder, it will only use the routes from that file (it will not apply file-based routing).

1178
If Site.js cannot find a _routes.js_ file, it will look to see if separate _.https_ and _.wss_ folders have been defined (the existence of just one of these is enough) and attempt to load DotJS routes from those folders. (If it finds separate _.get_ or _.post_ folders within the _.https_ folder, it will add the relevant routes from those folders; if it can’t it will load GET-only routes from the _.https_ folder and its subfolders.)
1179

1180
If separate _.https_ and _.wss_ folders do not exist, Site.js will expect all defined DotJS routes to be HTTPS and will initially look for separate _.get_ and _.post_ folders (the existence of either is enough to trigger this mode). If they exist, it will add the relevant routes from those folders and their subfolders.
1181

1182
Finally, if Site.js cannot find separate _.get_ and _.post_ folders either, it will assume that any DotJS routes it finds in the _.dynamic_ folder are HTTPS GET routes and attempt to add them from there (and any subfolders).
1183

Aral Balkan's avatar
Aral Balkan committed
1184
### Directory paths in your application
1185

Aral Balkan's avatar
Aral Balkan committed
1186
Your dynamic web routes are running within Site.js, which is a Node application compiled into a native binary. Here are how the various common directories for Node.js apps will behave:
1187

Aral Balkan's avatar
Aral Balkan committed
1188
  - `os.homedir()`: __(writable)__ This is the home folder of the account running Site.js. You can write to it to store persistent objects (e.g., save data).
1189
1190
1191
1192
1193

  - `os.tmpdir()`: __(writable)__ Path to the system temporary folder. Use for content you can afford to lose and can recreate (e.g., cache API calls).

  - `.`: __(writable)__ Path to the root of your web content. Since you can write here, you can, if you want to, create content dynamically that will then automatically be served by the static web server.

1194
  - `__dirname`: __(writeable)__ Path to the `.dynamic` folder.
1195

Aral Balkan's avatar
Aral Balkan committed
1196
  - `/`: __(read-only)__ Path to the `/usr` folder (Site.js is installed in `/usr/local/site`). You should not have any reason to use this.
1197

Aral Balkan's avatar
Aral Balkan committed
1198
If you want to access the directory of Site.js itself (e.g., to load in the `package.json` to read the app’s version), you can use the following code:
1199
1200

```js
Aral Balkan's avatar
Aral Balkan committed
1201
const appPath = require.main.filename.replace('bin/site.js', '')
1202
1203
```

1204
1205
1206
1207
### Security

The code within your JavaScript routes is executed on the server. Exercise the same caution as you would when creating any Node.js app (sanitise input, etc.)

1208
## API
1209

1210
1211
You can also include Site.js as a Node module into your Node project. This section details the API you can use if you do that.

1212
Site.js’s `createServer` method behaves like the built-in _https_ module’s `createServer` function. Anywhere you use `require('https').createServer`, you can simply replace it with:
1213

1214
1215
1216
1217
```js
const Site = require('@small-tech/site.js')
new Site().createServer
```
1218

1219
### createServer([options], [requestListener])
1220

1221
  - __options__ _(object)_: see [https.createServer](https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener). Populates the `cert` and `key` properties from the automatically-created [Auto Encrypt Localhost](https://source.small-tech.org/site.js/lib/auto-encrypt-localhost) or Let’s Encrypt certificates and will overwrite them if they exist in the options object you pass in. If your options has `options.global = true` set, globally-trusted TLS certificates are obtained from Let’s Encrypt using [Auto Encrypt](https://source.small-tech.org/site.js/lib/auto-encrypt).
1222

Aral Balkan's avatar
Aral Balkan committed
1223
  - __requestListener__ _(function)_: see [https.createServer](https://nodejs.org/api/https.html#https_https_createserver_options_requestlistener). If you don’t pass a request listener, Site.js will use its default one.
1224

1225
    __Returns:__ [https.Server](https://nodejs.org/api/https.html#https_class_https_server) instance, configured with either locally-trusted certificates via Auto Encrypt Localhost or globally-trusted ones from Let’s Encrypt via Auto Encrypt.
1226

1227
#### Example
1228
1229

```js
1230
const Site = require('@small-tech/site.js')
1231
1232
1233
1234
1235
const express = require('express')

const app = express()
app.use(express.static('.'))

1236
const options = {} // to use globally-trusted certificates instead, set this to {global: true}
1237
const server = new Site().createServer(options, app).listen(443, () => {
1238
1239
1240
1241
  console.log(` 🎉 Serving on https://localhost\n`)
})
```

Aral Balkan's avatar