Installation On Generic Private Server

This method assumes that browser or script clients that are outside the private network will access the server using an existing VPN gateway.

Install MEAN-stack components nodejs/npm and mongodb on the server
nodejs
Install MongoDB Community Edition
Installation may require root access. If the ScriptRemote server needs to use an existing, networked MongoDB service then the procedure below needs to be slightly modified. You will need to set the MONGO_URL or MONGO_HOST_PORT environment variable (see config/env/production.js) and you may need to add MongoDB credentials to the .env file.

Install ScriptRemote

>$ cd ~ (or your preferred install location)
>$ npm install scriptremote --production
>$ mv node_modules/scriptremote .

Set up credentials/secrets
First set up an email forwarding account. This will be used to send security-related messages and user notifications. Rather than using an existing account, you may want to create one just for this purpose.
Then copy the sample credentials file and substitue your values for the MAILER dummy values: $ cd ~/scriptremote e >$ cp credentials.env .env >$ chmod 600 .env >$ vim .env
Some services are stricter than others about relaying mail. To help ensure that mail can be sent choose the same provider as expected for registered user emails, and set MAILER_FROM to the same address as MAILER_EMAIL_ID. If users will have a variety of email providers then consider using a service like mailgun. Any mailing errors will be logged to the console. If there is a problem it will probably first show up when registering the admin user below.
Second, generate a random string for the session middleware. For example:
```
>$ openssl rand -base64 32
```
Substitute the result for the SESSION_SECRET value in .env

Make it possible to run node as non-root
Skip this if root access is not possible
```
sudo setcap 'cap_net_bind_service=+ep' /usr/local/bin/node
```

Start the server
```
>$ cd ~/scriptremote
```
If root access is possible:
```
>$ npm run production
```
This should start the server listening on port 80.
If root access is not possible:
```
>$ export SRPORT=3000 
>$ npm run production
```
This should start the server listening on port 3000, which normally does not require root access.

Register the admin user
Connect to the server in your browser.
Select Login/Register on the home screen and then Register Here on the login screen. The registration screen should display a message that the admin account is being registered.
Continue the registration by entering at least an email and password, and by selecting one of the options for registration of other users. The default is to allow other users to register themselves. You can also select a timeout for idle sessions.
A confirmation email should be sent to the registered address. Complete the registration by submitting the token value from the email into the form displayed when attempting to login.
Return to the home page and login using the admin account.
Get script credentials by selecting Settings in menu bar and then selecting Generate in the API Credentials section. The User Id and Token values will be needed to authenticate messages to the server from scripts.

Check that the server can be reached from the private network
Copy the API credentials obtained above to a test machine in the private network. Get the bash utility script scriptremote/public/dist/srio.sh from the local scriptremote installation.
Set SRSERVER to the IP address and port or url of your server, by editing the script or as an environment variables. The protocol should be http. If there is a web proxy between the script and your server it may also be necesary to set the http_proxy environment variable.
```
>$ export SRSERVER=<your-url>
```
Create a simple test:
```
>$ cat > test.sh
#!/bin/bash
. ./srio.sh
SR_start ${SRUSER} ${SRTOKEN} 'myproject' 'myjob'
SR_set 'msg1' 'Hello World' 'False'
SR_send 'mylocation'
SR_end
```
Export the API credentials to the test script and run it:
```
>$ export SRUSER=<your-userid>
>$ export SRTOKEN=<your-token>
>$ bash test.sh
```
Check that the test message can be viewed in the browser by selecting Projects in the menu bar.

Optional: Create non-admin user
Since the admin has elevated priviledges to do things like viewing user details and registering new users, it is best for security purposes to minimize use of that account. Instead register as a normal user for actual projects.

Optional: Enable MongoDB authentication
If the ScriptRemote server is a shared system you may want to enable authentication for MongoDB. Without authentication anyone with user access to the system can also access the database. MongoDB supports elaborate authentication/authorization schemes but for simplicity the following just sets up a "root" user with all access.
Create the user in the mongo shell:
```
>$mongo
> use admin
> db.createUser(
>    {
>      user: "<mongo-user>",
>      pwd: "<mongo-password>",
>      roles: [ "root" ]
>    }
>)
>exit
```
Then enable authentication in the mongo config file, which is often located at /etc/mongod.conf. Depending on the file format add either:
```
security:
  authorization: enabled
```
or
```
auth = true
```
Then restart mongod:
```
>$ sudo restart mongod
```
Check that the credentials work in the mongo shell:
```
>$ mongo -u "mongo-user" -p "mongo-password" --authenticationDatabase "admin"
```
Edit the ~/scriptremote/.env file to uncomment the mongo credentials and substitute your values, then restart the ScriptRemote server.

Optional: Enable project data limits
You may want to enable limits on the amount of message data that can be sent to the server, for example to help protect against scripting errors that could produce very large or very many messages. The available limits are defined in
```
config/env/all.js
```
Any of them may be set as environment variables or added to the .env file prior to starting the server.

Additional References:

An Introduction To The MEAN Stack
MEAN.JS
MEAN.IO