有关的Node.js运行一个SaaS是一个Web服务器（nginx的）或清漆必要的，因为反向代理？ [英] For a SaaS running on Node.JS, is a web-server (nginx) or varnish necessary as a reverse proxy?

问题描述

有关的Node.js运行一个SaaS，是web服务器有必要吗？

For a SaaS running on Node.JS, is a web-server necessary?

如果有，哪一个，为什么？

If yes, which one and why?

什么是只使用节点的缺点是什么？它的作用是仅仅处理CRUD请求和服务JSON回客户端解析日期（如Gmail）。

What would be the disadvantages of using just node? It's role is to just handle the CRUD requests and serve JSON back for client to parse the date (like Gmail).

推荐答案

是一个Web服务器需要？

"is a web-server necessary"?

从技术上说，没有。实际上，是一个独立的Web服务器通常使用并有很好的理由。

Technically, no. Practically, yes a separate web server is typically used and for good reason.

在这次讲座由Ryan Dahl的2010年5月，在37'30 他说，他建议在反向代理或Web服务器运行Node.js的安全原因，为了说明这个问题，强化Web服务器nginx的一样或Apache有他们的TCP协议栈在稳定性方面和发展了很长一段时间安全性。Node.js的是不是在这同一水平呢。因此，由于将Node.js的背后nginx的很容易，没有很多负面后果，在理论上增加了部署的安全一些，这是一个不错的选择。在某个时间点上，Node.js的可能被视为正式准备现场直接Internet连接，但等待瑞恩/ Joyent公司做出一些宣布这种效果。

In this talk by Ryan Dahl in May 2010, at 37'30" he states that he recommends running node.js behind a reverse proxy or web server for "security reasons". To elaborate on that, hardened web servers like nginx or apache have had their TCP stacks evolve for a long time in terms of stability and security. Node.js is not at that same level yet. Thus, since putting node.js behind nginx is easy, doesn't have many negative consequences, and in theory increases the security of your deployment somewhat, it is a good choice. At some point in time, node.js may be deemed officially "ready for live direct Internet connections" but wait for Ryan/Joyent to make some announcement to that effect.

其次，结合亚1024端口（如80和443）需要过程是根。 nginx的和其他自动处理以root身份绑定，然后下降的特权一个更安全的用户帐户（WWW的数据或没人典型值）。虽然node.js的有过程模块中的系统调用包装放弃与的setgid root权限和的setuid ，据我所知这比自己编码节点社会其他目前还没有看到一个约定冒出这样做的。更多关于在这个讨论。

Secondly, binding to sub-1024 ports (like 80 and 443) requires the process to be root. nginx and others automatically handle binding as root and then dropping privileges to a safer user account (www-data or nobody typically). Although node.js has system call wrappers in the process module to drop root privileges with setgid and setuid, AFAIK other than coding this yourself the node community hasn't yet seen a convention emerge for doing this. More on this topic in this discussion.

第三，Web服务器所擅长的虚拟主机和一般有方便的事情可以做（URL重写等等）需要在node.js中自定义编码来实现，否则。

Thirdly, web servers are good at virtual hosting and in general there are convenient things you can do (URL rewriting and such) that require custom coding in node.js to achieve otherwise.

第四，nginx的是服务于静态文件很大。优于Node.js的（至少按了一下截至目前）。同样随着时间的向前推移这一点可能会变得越来越少有关，但在我的脑海里传统的静态文件的Web服务器和Web应用程序服务器还具有不同的作用和目的。

Fourthly, nginx is great at serving static files. Better than node.js (at least by a little as of right now). Again as time goes forward this point may become less and less relevant, but in my mind a traditional static file web server and a web application server still have distinct roles and purposes.

如果是的话，哪一个，为什么？

"If yes, which one and why"?

nginx的。由于它具有强大的性能和更简单比Apache配置。

nginx. Because it has great performance and is simpler to configure than apache.

这篇关于有关的Node.js运行一个SaaS是一个Web服务器（nginx的）或清漆必要的，因为反向代理？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！