什么是生产环境中node.js推荐端口的最佳实践？

Question

I have created a chat app in node.js using port 4000. Everything works just fine, but when I rolled it out in production, I found that many corporate networks block outgoing port 4000. I considered using other ports that would be more likely to be open on a corporate network, but then found this list of ports blocked by chrome browser:

https://superuser.com/questions/188058/which-ports-are-considered-unsafe-by-chrome

Using ports such as 995 would result in a chrome error of "ERR_UNSAFE_PORT"

So it appears that the only ports allowed are 80 and 443 for a node.js server? What is the recommended best practice for choosing a port for your node.js application in a production environment?

My webserver is already using ports 80 and 443 for typical apache web serving. Do I need to create a dedicated server just for node.js?

I am using the following code to initiate the connection from the browser to the node.js server:

var socket = io.connect('https://duplex.example.com:4000');

and here is the code on the server side:

const https = require('https');
const fs = require('fs');
var express = require('express')
  , bodyParser = require('body-parser');
var socket = require('socket.io');
var adminid = '';
var clientlist = new Array();
var port = 4000;

const options = {
    cert: fs.readFileSync('./fullchain.pem'),
    key: fs.readFileSync('./privkey.pem')
};

var app = express();

var server = https.createServer(options, app).listen(port, function(){
  console.log("Express server listening on port " + port);
});

Answer 1

443 and 80 are the main ports for https and HTTP traffic respectively.

other ports can be used for WebSockets, but that doesn't sound like your use case.

What I have done in the past is use a reverse proxy, to discriminate on the incoming URL, and map the ports internally on my machine without the client needing to know.

NGINX is usually the easiest bet for this if you are on any sort of linux distro.

here is a blog about how to setup reverse proxy for a node app using nginx.

http://thejonarnold.com/configure-sails-js-with-subdomains-on-ubuntu/

the article references sailsjs, but there is nothing framework specific about the techique.

Answer 2

Most people don't expose their Node.js server directly to the internet but use Apache or Nginx as a frontend proxy.

1. Have your server bind to localhost only (or use firewall rules to only allow incoming 80 and 443.

    server.listen('localhost', 4000) 

2. Configure your reverse proxy. I'm using Caddy :

    example.com { root /var/www/example.com # et cetera } duplex.example.com { proxy / localhost:4000 { websocket } } 

   When proxying websocket, you need to ensure the Connection and Upgrade headers aren't lost, which I've done with Caddy's shortcut here.

   You could also use the same domain as the main site and only proxy a certain path.

3. Have the client socket.io connect to wss://duplex.example.com (on port 443). (I'm not familiar with socket.io to say why it uses an HTTPS URL instead of WSS, but I'll assume you have that working.)