如何以非root用户身份运行node.js? [英] How to run node.js as non-root user?
问题描述
我正在运行一个node.js服务器,它将在端口80以及其他端口上为请求提供服务.显然,这需要应用程序以root身份运行(在Linux上).
I'm running a node.js server, that will serve requests on port 80 amongst others. Clearly this requires the application running as root (on Linux).
查看此帖子( http://syskall.com/dont -run-node-dot-js-as-root )作为示例,很明显,有简单的方法允许节点以非root用户身份运行,但是我想知道是否有人对建议使用不同方法的优缺点:
Looking at this post (http://syskall.com/dont-run-node-dot-js-as-root) as an example it's clear that there are simple ways to allow node to be run as a non-root user, but I'm wondering if anyone has views on the advantages/disadvantages of the different methods suggested:
-
代码:在侦听端口80之后,使用setuid()从root用户降级为非特权用户.
code: use setuid() to drop down from root to non-priviledged user after listening on port 80 is established.
使用某种代理服务器将请求重定向到端口> 1024(因此不需要节点以root身份运行)
using a proxy server of some sort to redirect requests to a port >1024 (and so not need node to run as root)
使用IP表转发到另一个端口(ditto节点不会以root身份运行)
using IP tables to forward to another port (ditto node would not run as root)
谢谢
推荐答案
选项1要求您以root用户身份启动节点服务器.不理想.
Option 1 requires you launch the node server as root. Not ideal.
选项2增加了每个已处理请求的开销,并向堆栈增加了另一个故障点.
Option 2 adds overhead to every handled request and adds another failure point to your stack.
选项3是最简单,最有效的方法.
Option 3 Is the simplest and most efficient method.
要实现选项3,请将以下内容添加到系统初始化脚本中. (在基于RedHat的系统(如AWS)上为/etc/rc.d/rc.local
.
To implement Option 3, add the following to your system init scripts. (/etc/rc.d/rc.local
on RedHat based systems like AWS).
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
这会将请求从端口80重定向到端口3000.
That will redirect requests from port 80 to port 3000.
这篇关于如何以非root用户身份运行node.js?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!