On Wed, Apr 3, 2013 at 1:53 PM, Ken <[email protected]> wrote: > For me the advantage to 1 is the port and user logic is self contained, > and the service knows the "real" port that it is exposed on (i.e. calling > server.address() returns { port: 80 }). (This matters to me because I'd > like services to be able to register themselves with a remote agent which > requires an understanding of how they can be addressed externally.) The > disadvantage to 1 is the process has to be started by a user with sudo > privileges, which introduces a variety of security concerns. Approach 2 > alleviates the security concerns but introduces an external dependency. > > Has anyone worked through both of these in practice? Any real world > experience that drove you to choose one over the other? I'm particularly > interested if anyone has used node to wrap/automate iptables setup and/or > introspect iptables in order to determine what port ultimately resolves to > the current service. Also interested in any substantially different > approaches anybody has had success with. > I use #2 for web services, because it allows me to put something that's faster at SSL in front of node (currently Stud, but will probably switch to either haproxy or nginx at some point soon), and also allows me to run multiple node services for different host names on the same box - node web frameworks don't handle the Host header as transparently as nginx does. Furthermore it allows me some isolation from node crashes - if the node process crashes or is being restarted, nginx can send a 502 error page (our "fail whale").
For Haraka though I use #1, because there's not much out there that does the sort of nice proxying that nginx does (haproxy does support SMTP, but it's overkill for a lot of installations). Plus email (the protocol) deals much more gracefully with the service being down or crashing. As usual though, this is one of those things where you have to evaluate what your needs are. Matt. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
