如何在Node.js server.listen()中使用可选的hostname参数 [英] How to use the optional hostname parameter in Node.js server.listen()

问题描述

到目前为止，根据我在教程中所阅读的内容，server.listen(port[, hostname][, backlog][, callback])的可选hostname参数始终是127.0.0.1(回送)，0.0.0.0(

From what I've read in tutorials so far, the optional hostname parameter to server.listen(port[, hostname][, backlog][, callback]) has always been either 127.0.0.1 (loopback), 0.0.0.0 (listen on every available network interface, the default option), or one of the actual IP addresses available to the server. Everything else will give an Error: listen EADDRNOTAVAIL. Is that the whole picture? (I believe hostname is technically different from IP...)

我无法从文档中找到太多有关它的信息. ..

I wasn't able to find out too much about it from the doc...

推荐答案

因此，您需要一个可解析的DNS主机名才能起作用.举个简单的例子，我编辑了/etc/hosts文件，使其包含以下条目:

So, you need a resolvable DNS host name for this to work. For a quick example, I edited the /etc/hosts file to include the following entry:

...
127.0.0.1 MyTestDnsHostName.local

然后，我用旧的dscacheutil -flushcache刷新了解析器缓存，并在简单的Node.js服务器中使用了以下代码.

then I flushed the resolver cache with the good old dscacheutil -flushcache and used the following bit of code in a simple Node.js server.

var http = require('http')
  , PORT = 8080;

function handleRequest( request, response ){
    response.end( 'It Works!' );
}

var server = http.createServer( handleRequest );

server.listen( PORT, "MyTestDnsHostName.local", 34, function(){
    console.log( "Server listening on port:%s", PORT );
});

当然可以.

错误EADDRNOTAVAIL表示它是可以解决的，但不可用；现在，为了能够绑定到它，它也应该是可绑定的(可用).

The error EADDRNOTAVAIL means that it's resolvable but not available; now, to be able to bind to it, it should be bindable (available) as well.

您可以执行lsof -i TCP来检查其绑定位置.

You can do a lsof -i TCP to check where it's binded.

但是，我不明白为什么您必须将服务器绑定到其他位置.绑定到环回是最佳做法.

However, I don't see why you have to bind the server elsewhere; binding to the loopback is the best practice.

是的，所以这实际上是一个安全漏洞；如果将其绑定到所有可用接口0.0.0.0，则实际上是在说Listen to every available network interface there is.这可能会带来安全漏洞，因为它可能会绑定到您不希望使用的适配器上.在部署RoR应用程序时，我对此有第一手的经验.

Yeah, so it's actually a security flaw; if you bind it to all available interfaces 0.0.0.0, what you're essentially saying is that Listen to every available network interface there is. This may pose a security vulnerebility as it may bind to adapters you don't want it on; I've had first-hand experience of this while deploying a RoR application.

0.0.0.0/0子网是一种非常奇特的说法:these are all the network interfaces I have on this computer，而127.0.0.1始终是仅本地接口.如果将其绑定到此，则可以摆脱很多安全性问题.其中一种可能是黑客"试图在所有接口上附加侦听器，如果您没有非常严格的防火墙，则在某处或另一处可能会出现泄漏.

The 0.0.0.0/0 subnet is a very fancy way of saying: these are all the network interfaces I have on this computer, whilst 127.0.0.1 is ALWAYS the local-only interface. If you bind it to this, you get rid of quite a few security problems. One of which can be that the "hacker" tries to attach a listener on all interfaces, and if you don't have a very strict firewall, somewhere or the other, a leak may be present.

这不是规则，而只是一种最佳实践.

This is not a rule as such, but just a best practice.

P.S .:代码是我从Modulus的博客摘录的代码片段；如果我想尝试一下，很快.

P.S.: The code is a snippet I pulled off from Modulus' blog; it's quick if I want to try something out.

这篇关于如何在Node.js server.listen()中使用可选的hostname参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！