Hi everybody,
I'm trying to build a setup on a vps to run my node api app.
Since now i used vercel to run it and they manages start/restart of the app and the environment secret variables (api key, neon secrets, jwt secrets etc) automatically.
I followed the handbook and installed freebsd 15, created the jail type Vnet with ZFS, configured a bridge from host to jail, setup node 22 and npm run as jail user succeed, setup pf and nginx with https management on the host to route request to my api node be on the jail: Everything is prefect!
I miss just two things:
- What is usually used to start/autorestart (ex if the node app crash) inside the jail? i think an rc.d script could do the job but i'm not sure if it's the correct way to do it (may depends on the second question?)
and more important:
- Where i have to safely store/manage the .env file where i have all my secrets?
random info: Currently in the node app i'm doing "process.env.name" to access the env from the code.
Edit: I create a rc.d script inside the jail that successfully started the application with the env written inside the script. The rc.d script permission is set to 700. The service is started as root and the app as user of the jail. I read that i can link a file inside the script to keep the env separated, but is this the correct way to do?
Thanks in advance
I'm trying to build a setup on a vps to run my node api app.
Since now i used vercel to run it and they manages start/restart of the app and the environment secret variables (api key, neon secrets, jwt secrets etc) automatically.
I followed the handbook and installed freebsd 15, created the jail type Vnet with ZFS, configured a bridge from host to jail, setup node 22 and npm run as jail user succeed, setup pf and nginx with https management on the host to route request to my api node be on the jail: Everything is prefect!
I miss just two things:
- What is usually used to start/autorestart (ex if the node app crash) inside the jail? i think an rc.d script could do the job but i'm not sure if it's the correct way to do it (may depends on the second question?)
and more important:
- Where i have to safely store/manage the .env file where i have all my secrets?
random info: Currently in the node app i'm doing "process.env.name" to access the env from the code.
Edit: I create a rc.d script inside the jail that successfully started the application with the env written inside the script. The rc.d script permission is set to 700. The service is started as root and the app as user of the jail. I read that i can link a file inside the script to keep the env separated, but is this the correct way to do?
Thanks in advance