我应该在node.js上监听哪些端口?怎么样和为什么? [英] What ports should I node.js listen on? How and why?
问题描述
我的node.js应用程序我在端口80上搜索http,443搜索https,我认为这是相当标准的做法。
My node.js applications I have listening on port 80 for http and 443 for https, which I believed was fairly standard practice.
然而,有很多例子我最近读过使用其他端口(例如8080和8081)来监听http / https,然后使用其他方法,如 iptables 或 ufw 通过将数据包重新路由到其他数据库来为端口80/443提供服务的规则。
However a number of examples I have read recently use other ports (e.g. 8080 and 8081) for listening to http/https, and then use other means such as iptables or ufw rules to serve ports 80 / 443 via rerouting packets to/from the others.
See two examples here and here.
所以我的问题是为什么我不想直接收听端口80和443?
手头有安全问题吗?这只是一个案例,这些作者没有权限侦听低于1024的端口(我觉得这很令人惊讶吗?)?大多数人沿着侧节点运行Apache吗? (我没有)。
Are there security issues at hand? Is it simply a case of these authors not having permissions to listen on ports lower than 1024 (I'd find this surprising?)? Do most people run Apache along side node? (I do not).
假设有充分的理由说明为什么我不想直接听80和/或443,哪种方法应该我用来将流量从80/433转发到我选择的替代端口?
Assuming there is a good reason for why I don't want to listen directly to 80 and/or 443, which method should I be using to relay traffic from 80 / 433 to my alternative ports of choice?
我已经提到iptables和ufw以上,其中一个比其他人,或者我应该使用其他方法吗?答案取决于我是否在进程之间平衡负载吗?
I have mentioned iptables and ufw above, is one of these better than the others, or is there some other method I should be using? Does the answer depend on whether I'm balancing my load between processes?
提前致谢。
推荐答案
您链接的第一篇文章的第一行提到了原因。
The first line of the first article you linked to mentions the reason.
Standard practices say no non-root process gets to talk to
the Internet on a port less than 1024.
对于要绑定到端口 80 或 443 的节点,您需要以root身份运行它,这不是好主意。
For node to bind to port 80 or 443, you would need to run it as root, which is not a good idea.
您用来将流量重新路由到更高端口的方法取决于您。 iptables 是资源最少且最简单的。另一种方法是使用NginX / Apache代理Node。我说这个方法的主要好处是你可以从那里提供静态文件之类的东西,而不必通过Node提供它们。
The method you use to reroute traffic to the higher ports is up to you. The iptables is the least resource-intensive and simplest. Another method would be to use NginX/Apache to proxy to Node. I'd say the main benefit of that method is that you can then also serve things like static files from there, and not have to serve them through Node.
Apache和NginX都明确地设计为非常擅长提供静态文件,因此它们非常擅长,而Node是一个完整的JS环境,涉及所有开销。 Node非常适合处理大量的同时连接,并且它可以很好地为正常负载提供文件,但它将使用比NginX更多的资源来实现它。
Apache and NginX are both designed explicitly to be very good at serving static files, so they are extremely good at it, whereas Node is a whole JS environment, with all the overhead that involved. Node is great at handing lots of simultaneous connections, and it can certainly serve files perfectly well for normal loads, but it will use more resources than NginX to do it.
使用像Apache / NginX这样的HTTP感知代理也意味着您可以非常轻松地设置多个Node实例来运行不同的子域,甚至是同一域上的不同路径。
Using an HTTP-aware proxy like Apache/NginX also means that you can very easily set up multiple instances of Node to run different subdomains, or even different paths on the same domain.
这篇关于我应该在node.js上监听哪些端口?怎么样和为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
