This is largely a systems administration question.
Here's what we do:
1. Use iptables to do a nat REDIRECT from port 80 to 8000.
##########################################################
#
# NAT table -- used to step down privileged ports, SSL redirection, and a
couple other things
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# HTTP rule
--append PREROUTING --protocol tcp --dport 80 --jump REDIRECT --to-ports
8000
COMMIT
2. Run varnish or haproxy in a chroot jail, listening on port 8000. Varnish
is not quite as fast as haproxy but it's still pretty fast, and you can
setup caching with varnish too. Varnish can do load balancing ("directors")
and is a little faster than nginx. I like VCL too (Varnish Configuration
Language).
(Note: varnish's dlopen insists on running as root, even if you put it in
chroot jail, but you can still lock things down inside the chroot jail.)
3. Run each webapp as non-root in a separate chroot jail. Bind your webapps
to ports 8001, 8002, 8003, etc.
4. Block direct access to ports 8000-8999 in iptables, at least. (Of
course, you should block access to any port that does not require public
access)
5. Setup init scripts in the root system to ensure varnish and other
servers start when the server reboots.
You could investigate using LXC (Linux Containers) too. I think it's a
little easier than configuring chroot jails. They just hit 1.0 recently.
The disadvantage of a nat rule is that you are now dependent on your
firewall not just for security, but your websites all go down if you stop
the firewall (e.g., when you are debugging network issues).
You can do HTTPS too. Create NAT rules from 443 to 8443, 8444, 8445 etc,
routing each dedicated IP to a separate port, and setup virtual hosts in
Apache or nginx that proxy to your webapps using port-based virtual host
resolution.
Alex
On Saturday, 27 September 2014 12:14:48 UTC-4, Craig Coleman wrote:
>
> I'd like to try running nodejs on port 80 on a debian and gentoo server
> I've seen a lot post how people do this but I'd like to get some
> additional advice so I don't screw things up on our test servers.
> I'm just getting started with node.
> I have installed hapi
> Thanks, cwc
>
> var Hapi = require('hapi');
> var server = new Hapi.Server(80);
>
> server.route({
> method: 'GET',
> path: '/',
> handler: function (request, reply) {
> reply('Hello, world!');
> }
> });
>
> server.route({
> method: 'GET',
> path: '/{name}',
> handler: function (request, reply) {
> reply('Hello, ' + encodeURIComponent(request.params.name) + '!');
> }
> });
>
> server.start(function () {
> console.log('Server running at:', server.info.uri);
> });
>
>
>
--
Job board: http://jobs.nodejs.org/
New group rules:
https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/nodejs/a34c6d92-11f2-492c-860c-8f61e9bbe049%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
