stackoom
  简体   繁体   中英

Run sails.js with least privileges in Production

 原文  2014-11-17 10:41:53       javascript/ node.js/ ubuntu/ gruntjs/ sails.js

Question

I'm using Sails.js 0.10.5 on Node 0.10.33 on Ubuntu Trusty. I'd like to execute the node process as a non-root user with the least possible privileges in the production environment. I'm comfortable with the various options for binding to ports below 1024 but I'm more concerned with directory permissions.

Ideally, I'd prefer the node process only have write access to its log files and nothing else. It should only have read access to the directory containing app.js and below.

At the moment I have needed to grant write access to the ./.tmp directory and also to the ./views directory due to the grunt tasks that run at startup. I'd rather perform the grunt tasks at deploy time as a different user instead of at run-time. The sails www command appeared promising but I couldn't get the desired outcome.

Can someone please point me in the right direction for running Sails.js with zero write access to its assets, views, etc?

3 answers

solution1
 4  2014-12-03 17:21:43

Use sails www to build static assets

chmod -R 440 all files and directories, so that your user and the webserver (group) can access the files.

Use nginx/apache to host a webserver on port 80/443 and proxy requests to sails (running on its own port or over a unix socket).

Run sails using PM2 to keep it running and have it manage/collect logs.

Sails will lift, but will be unable to write its .tmp directory, which shouldn't even be necessary since all your static files will be routed to the www directory through nginx/apache.

solution2
 2 ACCPTED  2014-12-04 23:26:28

The simplest solution to me seems to be to separate the grunt tasks that need the elevated privileges out into a separate file that you can call with a different user on deploy. Then sails won't need to run anything and can be read only.

solution3
 1  2014-11-29 06:08:55

EDITED: I use PM2 with apache as proxy ( with mod WS ).

You can use one proxy like apache to route from port 80 to others internal server ports based on host.

With this way you can run multiple apps in same server.

It has a lot of usefull functions like see the logs how varius apps in terminal, restart and log crashed apps, run app as user, app status ... etc .

Pm2 link: https://github.com/Unitech/pm2

PM2 configs: https://github.com/Unitech/PM2/blob/development/ADVANCED_README.md#options

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question sails.js - internal 'production' settings or configuration Sails.js: How to actually run tests Sails.js don't run with sails lift - Ubuntu Sails.js on windows 8 Sails.js AND condition AngularJS + sails.js Backbone in sails.js Sails.js run asset pipeline on js file change Can I run a Sails.js Service synchronously? Run sails.js on a specific IP address during development
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM