I almost always front it with nginx unless I need WebSockets, then I use iptables.
*I know that the latest nginx has WS support, but from my tests it doesn't fully work or I configured it incorrectly* -- Dav Glass [email protected] blog.davglass.com + Windows: n. - The most successful computer virus, ever. + + A computer without a Microsoft operating system is like a dog without bricks tied to its head + + A Microsoft Certified Systems Engineer is to computing what a McDonalds Certified Food Specialist is to fine cuisine + On Wed, Apr 3, 2013 at 1:44 PM, Matt <[email protected]> wrote: > On Wed, Apr 3, 2013 at 1:53 PM, Ken <[email protected]> wrote: > >> For me the advantage to 1 is the port and user logic is self contained, >> and the service knows the "real" port that it is exposed on (i.e. calling >> server.address() returns { port: 80 }). (This matters to me because I'd >> like services to be able to register themselves with a remote agent which >> requires an understanding of how they can be addressed externally.) The >> disadvantage to 1 is the process has to be started by a user with sudo >> privileges, which introduces a variety of security concerns. Approach 2 >> alleviates the security concerns but introduces an external dependency. >> >> Has anyone worked through both of these in practice? Any real world >> experience that drove you to choose one over the other? I'm particularly >> interested if anyone has used node to wrap/automate iptables setup and/or >> introspect iptables in order to determine what port ultimately resolves to >> the current service. Also interested in any substantially different >> approaches anybody has had success with. >> > I use #2 for web services, because it allows me to put something that's > faster at SSL in front of node (currently Stud, but will probably switch to > either haproxy or nginx at some point soon), and also allows me to run > multiple node services for different host names on the same box - node web > frameworks don't handle the Host header as transparently as nginx does. > Furthermore it allows me some isolation from node crashes - if the node > process crashes or is being restarted, nginx can send a 502 error page (our > "fail whale"). > > For Haraka though I use #1, because there's not much out there that does > the sort of nice proxying that nginx does (haproxy does support SMTP, but > it's overkill for a lot of installations). Plus email (the protocol) deals > much more gracefully with the service being down or crashing. > > As usual though, this is one of those things where you have to evaluate > what your needs are. > > Matt. > > -- > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
