Node.js https 服务器:无法侦听端口 443 - 为什么? [英] Node.js https server: Can't listen to port 443 - Why?
问题描述
我第一次在 Node 中创建了一个 HTTPS 服务器,代码(见下文)适用于像 6643 这样的随机端口,但在端口 443 上,它不起作用.我收到此错误:
I'm creating a an HTTPS server for the first time in Node, and the code (see below) works for a random port like 6643 but on port 443, it won't work. I get this error:
[Debug][Server]: Initialized...
[Debug][Control Center]: Application initialized...
events.js:72
throw er; // Unhandled 'error' event
^
Error: listen EACCES
at errnoException (net.js:904:11)
at Server._listen2 (net.js:1023:19)
at listen (net.js:1064:10)
at Server.listen (net.js:1138:5)
at Object.module.exports.router (/home/ec2-user/Officeball/Versions/officeball_v0.0.5/server/custom_modules/server.js:52:5)
at Object.<anonymous> (/home/ec2-user/Officeball/Versions/officeball_v0.0.5/server/control_center.js:15:59)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
这是在 Amazon Linux EC2 服务器上.我的理解是,一旦我将域的 DNS A 名称记录设置为服务器的 IP,当用户搜索 https://mydomain.com,浏览器将在端口 443 上查找我服务器的 IP,这应该是 HTTPS 流量的标准端口.
This is on an Amazon Linux EC2 server. It's my understanding that once I set my domain's DNS A Name Record to the server's IP, when a user searches https://mydomain.com, the browser will look up my server's IP at port 443, which is supposedly the standard port for HTTPS traffic.
所以我的理解是我需要通过端口 443 提供 https 内容.
So my understanding is that I need to serve https content via port 443.
我做错了什么?
这是我的服务器代码:
control_center.js (init)
/* Control Center */
//DEFINE GLOBALS
preloaded = {};
//GET DIRECT WORKING PATH
var dirPath = process.cwd();
//REQUIRE CUSTOM MODULES
var debug = new (require(dirPath +
"/custom_modules/debug"))("Control Center");
var socket = require(dirPath +
"/custom_modules/socket")(4546);
// ! this is the relevant line
var server = require(dirPath + "/custom_modules/server").router(443);
//APP INITIALIZE
debug.log("Application initialized...");
server.js
/* Server */
//REQUIRE NPM MODULES
var fs = require('fs'),
https = require('https'),
url = require('url'),
path = require('path');
//GET DIRECT WORKING PATH
var dirPath = process.cwd();
//REQUIRE CUSTOM MODULES
//Snip!
var debug = new (require(dirPath +
"/custom_modules/debug"))("Server");
//Preload requests
var preload = require(dirPath +
'/custom_modules/preload').init();
//INIT MODULE
debug.log("Initialized...");
//DEFINE MODULE VARIABLES
var options = {
key: fs.readFileSync('SSL/evisiion_private_key.pem'),
cert: fs.readFileSync('SSL/evisiion_ssl_cert.pem')
};
//LISTEN FOR PATH REQUESTS
//route requests to server
module.exports.router = function(port) {
https.createServer(options, function(req, res) {
//Snip!
}).listen(port);
};
推荐答案
在 Linux(以及我相信,大多数其他类 Unix 操作系统)上,服务必须以 root 身份运行才能绑定到编号的端口小于 1024.
On Linux (and, I believe, most other Unix-like operating systems), a service has to run as root to be able to bind to a port numbered less than 1024.
我刚刚在我身边的 Node 应用程序上验证了它,当我将端口从 5000 更改为 443 时,我看到了完全相同的错误,一行行相同,但文件路径除外.
I've just verified it on a Node app I had lying around, and I saw exactly the same error, line for line identical barring the file paths, when I changed the port from 5000 to 443.
在开发中,大多数人会在更高编号的端口(例如 8080)上运行开发服务器.在生产中,您可能希望使用适当的 Web 服务器(例如 Nginx)来提供静态内容并将其他所有内容反向代理到您的Node 应用程序,这使得它不再是一个问题,因为 Nginx 可以很愉快地以 root 身份运行.
In development, most people will run the dev server on a higher-numbered port such as 8080. In production, you might well want to use a proper web server such as Nginx to serve static content and reverse proxy everything else to your Node app, which makes it less of an issue since Nginx can be quite happily run as root.
由于您的用例需要提供一些静态内容,那么您可能希望使用诸如 Nginx 或 Apache 之类的 Web 服务器来处理静态文件,并将动态内容反向代理到另一个端口.使用 Nginx 进行反向代理非常简单 - 这是一个示例配置文件:
As your use case requires serving some static content, then you may want to use a web server such as Nginx or Apache to handle the static files, and reverse proxy to another port for your dynamic content. Reverse proxying is quite straightforward with Nginx - here's a sample config file:
server {
listen 443;
server_name example.com;
client_max_body_size 50M;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location /static {
root /var/www/mysite;
}
location / {
proxy_pass http://127.0.0.1:8000;
}
}
这假设您的 Web 应用程序可在端口 443 上访问,并且在端口 8000 上运行.如果该位置与/static 文件夹匹配,则它从/var/www/mysite/static 提供.否则,Nginx 会将其交给在端口 8000 上运行的应用程序,它可能是一个 Node.js 应用程序,或者一个 Python 应用程序,或者其他任何东西.
This assumes your web app is to be accessible on port 443, and is running on port 8000. If the location matches the /static folder, it is served from /var/www/mysite/static. Otherwise, Nginx hands it off to the running application at port 8000, which might be a Node.js app, or a Python one, or whatever.
这也非常巧妙地解决了您的问题,因为应用程序可以在端口 443 上访问,而无需实际绑定到该端口.
This also quite neatly solves your issue since the application will be accessible on port 443, without having to actually bind to that port.
应该说,作为一般经验法则,以 root 身份运行这样的服务并不是一个好主意.您将授予对可能存在漏洞的应用程序以及您引入的任何 NPM 模块的 root 访问权限.例如,将其置于 Nginx 后面意味着您不需要以 root 身份运行它,而 Nginx可靠且经过良好测试,并具有可靠的性能和缓存能力.此外,Nginx 通常在提供静态内容方面通常会更快.
It should be said that as a general rule of thumb running a service like this as root isn't a good idea. You'd be giving root access to an application which might potentially have vulnerabilities, and to any NPM modules you've pulled in. Putting it behind, for example, Nginx will mean you don't need to run it as root, and Nginx is solid and well-tested, as well as having solid performance and caching capability. In addition, Nginx will usually be faster at serving static content in particular.
这篇关于Node.js https 服务器:无法侦听端口 443 - 为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
