As people said, haproxy or nginx can solve you loads of issues ( and bring you new ones as well haha )
In case you considering using iptables, maybe you might want to know about UFW https://wiki.ubuntu.com/UncomplicatedFirewall On 30 September 2014 08:47, Alex <[email protected]> wrote: > This is largely a systems administration question. > > Here's what we do: > > 1. Use iptables to do a nat REDIRECT from port 80 to 8000. > > ########################################################## > # > # NAT table -- used to step down privileged ports, SSL redirection, and a > couple other things > *nat > :PREROUTING ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :POSTROUTING ACCEPT [0:0] > # HTTP rule > --append PREROUTING --protocol tcp --dport 80 --jump REDIRECT --to-ports > 8000 > > COMMIT > > > 2. Run varnish or haproxy in a chroot jail, listening on port 8000. > Varnish is not quite as fast as haproxy but it's still pretty fast, and you > can setup caching with varnish too. Varnish can do load balancing > ("directors") and is a little faster than nginx. I like VCL too (Varnish > Configuration Language). > > (Note: varnish's dlopen insists on running as root, even if you put it in > chroot jail, but you can still lock things down inside the chroot jail.) > > 3. Run each webapp as non-root in a separate chroot jail. Bind your > webapps to ports 8001, 8002, 8003, etc. > > 4. Block direct access to ports 8000-8999 in iptables, at least. (Of > course, you should block access to any port that does not require public > access) > > 5. Setup init scripts in the root system to ensure varnish and other > servers start when the server reboots. > > You could investigate using LXC (Linux Containers) too. I think it's a > little easier than configuring chroot jails. They just hit 1.0 recently. > > The disadvantage of a nat rule is that you are now dependent on your > firewall not just for security, but your websites all go down if you stop > the firewall (e.g., when you are debugging network issues). > > You can do HTTPS too. Create NAT rules from 443 to 8443, 8444, 8445 etc, > routing each dedicated IP to a separate port, and setup virtual hosts in > Apache or nginx that proxy to your webapps using port-based virtual host > resolution. > > Alex > > > On Saturday, 27 September 2014 12:14:48 UTC-4, Craig Coleman wrote: >> >> I'd like to try running nodejs on port 80 on a debian and gentoo server >> I've seen a lot post how people do this but I'd like to get some >> additional advice so I don't screw things up on our test servers. >> I'm just getting started with node. >> I have installed hapi >> Thanks, cwc >> >> var Hapi = require('hapi'); >> var server = new Hapi.Server(80); >> >> server.route({ >> method: 'GET', >> path: '/', >> handler: function (request, reply) { >> reply('Hello, world!'); >> } >> }); >> >> server.route({ >> method: 'GET', >> path: '/{name}', >> handler: function (request, reply) { >> reply('Hello, ' + encodeURIComponent(request.params.name) + '!'); >> } >> }); >> >> server.start(function () { >> console.log('Server running at:', server.info.uri); >> }); >> >> >> -- > Job board: http://jobs.nodejs.org/ > New group rules: > https://gist.github.com/othiym23/9886289#file-moderation-policy-md > Old group rules: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/nodejs/a34c6d92-11f2-492c-860c-8f61e9bbe049%40googlegroups.com > <https://groups.google.com/d/msgid/nodejs/a34c6d92-11f2-492c-860c-8f61e9bbe049%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- *time isn't passing, it's you passing.* ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ ❂ ❁ -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/CA%2BoarR%2BU9QJ7nS6vP%2BS_jt4MgJU%3DvwH73M_TEEUN7eMyk-9txg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
