I'm trying to decide on the "right" way to have node services listening on
ports 80 and/or 443. The two main approaches I'm considering are:
1. process started as superuser, server listens on port 80/443, process
downgrades to regular user on 'listening' event
2. process started as regular user, server listens on port > 1024,
external routing mechanism (e.g. iptables) points port 80/443 to that port
For me the advantage to 1 is the port and user logic is self contained, and
the service knows the "real" port that it is exposed on (i.e. calling
server.address() returns { port: 80 }). (This matters to me because I'd
like services to be able to register themselves with a remote agent which
requires an understanding of how they can be addressed externally.) The
disadvantage to 1 is the process has to be started by a user with sudo
privileges, which introduces a variety of security concerns. Approach 2
alleviates the security concerns but introduces an external dependency.
Has anyone worked through both of these in practice? Any real world
experience that drove you to choose one over the other? I'm particularly
interested if anyone has used node to wrap/automate iptables setup and/or
introspect iptables in order to determine what port ultimately resolves to
the current service. Also interested in any substantially different
approaches anybody has had success with.
--Ken
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
