堆栈内存溢出
  简体   繁体   English

为什么在端口80上运行node.js可能不安全?

[英]Why is running node.js on port 80 might not be safe?

 原文  2013-10-16 17:21:04       linux/ node.js

问题描述

I'm aware that nodejs can run on the port 80 by : 我知道nodejs可以通过以下方式在端口80上运行:

  • setting up a proxy with apache/nginx 用apache / nginx设置代理
  • setting up a port redirection with an iptables rule 使用iptables规则设置端口重定向
  • making express listen on port 80 within the app 在应用程序的端口80上进行快速监听

The first option isn't the easiest and require more dependencies then I need. 第一个选项不是最简单的,需要比我需要的更多依赖项。 The second one could be working but on my OpenVZ VPS it won't (and I can't compile a custom linux kernel). 第二个可以工作,但是在我的OpenVZ VPS上不能(并且我不能编译自定义的Linux内核)。

I needed to handle some sub-domains too, and after reading this stackoverflow answer , I tried the third solution. 我也需要处理一些子域,在阅读了这个stackoverflow答案之后 ,我尝试了第三个解决方案。 It's perfectly working and very easy to perform. 它工作完美且易于执行。

I was wondering if there might be some security issues while running nodejs directly on the 80 port ? 我想知道直接在80端口上运行nodejs时是否可能存在一些安全问题? How may I fix/found these ? 我该如何解决/找到这些?

I wanted to use pm2 to handle the processes and it might run not as root ( Goodbye node-forever hello pm2 ). 我想使用pm2来处理进程,它可能不是以root身份运行( 再见节点-永远的pm2问候 )。

1 个解决方案

解决方案1
 2 已采纳  2013-10-16 17:52:58

The first option isn't the easiest and require more dependencies then I need 第一个选项不是最简单的,需要更多的依赖,然后我需要

Please review why should one use a http server in front of a framework web server for the many valid reasons you should in fact do it this way . 请回顾为什么出于许多正当的理由(实际上应该以这种方式) 而在框架Web服务器之前使用http服务器

setting up a port redirection with an iptables rule 使用iptables规则设置端口重定向

This is probably better than directly having your node process listen on port 80, although I haven't seen this type of configuration used in production. 这可能比直接让您的节点进程在端口80上侦听要好,尽管我还没有看到生产中使用的这种类型的配置。

making express listen on port 80 within the app 在应用程序的端口80上进行快速监听

This is functionally a poor choice because you don't get the benefits outlined in the linked answer above, however, from a strictly security standpoint, the key thing to remember is you must not run your node process as root , which would be a horrendous security problem. 从功能上来说,这是一个糟糕的选择,因为您无法获得上面链接的答案中概述的好处,但是,从严格的安全角度来看,要记住的关键是您不能以root身份运行节点进程 ,这太可怕了安全问题。 You must be root to bind to port 80 because that's a rule of unix, but you can and must change to a less-privileged user immediately after binding to that port. 您必须是root用户才能绑定到端口80,因为这是unix的规则,但是您可以并且必须在绑定到该端口后立即更改为特权较低的用户。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法在端口80或443上运行node.js Web服务 - cannot run node.js webservice on port 80 or 443 如何在Linux服务器上的端口80上启动node.js? - How to start node.js on port 80 on a linux server? 即使没有其他进程阻塞端口,Node.js 应用程序也无法在端口 80 上运行 - Node.js app can't run on port 80 even though there's no other process blocking the port 如何在不使用gcloud上的deploy.sh文件的情况下为node.js应用程序打开端口80? - How to open port 80 for a node.js application without deploy.sh file on gcloud? Linux Node JS在端口80上侦听,但不在其他端口上侦听 - Linux Node JS listening on port 80 but not on other ports 为什么我在CentOS中使用node.js无法连接8080端口? - Why I can't connect port 8080 using node.js in CentOS? 根据操作系统运行Node.js - Running Node.js depending on Operating System 永远将node.js作为守护进程运行 - Running node.js forever as daemon 在多个node.js HTTP进程之间共享一个端口 - Sharing one port among multiple node.js HTTP processes Linux 服务器上的 Tomcat 不在端口 80 上运行 - Tomcat on Linux server is not running on port 80
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM