I have an app set to listen to port 66.
First I tried to run it with sudo node myapp.js . I was able to access it at the correct url (ip:66). Then I stopped the app (Ctrl+c) and started it with pm2, sudo pm2 start app.js. The status is online. However, that same url is now inaccessible.
Running sudo pm2 logs while the app is started with pm2 gives me the error EACCESS for port 66. No one else is running the app, and I am sure I am only using one console and killing the node service before starting it with pm2.
Pm2 was installed globally. Server is Debian stretch. Nodejs version is 8.x
I am logging as a normal user and using sudo to run the app.
on linux systems normal users are not allowed to listen to ports below 1024. There are several ways around this.
You can change this rule to allow non root users to open such ports. But this is a security risc and is not recommended. So i won't add a link to this solution.
you can also listen to a port that is greater than 1024 and then use a forward rule in your firewall to route port 66 to the port you opened.
https://www.systutorials.com/816/port-forwarding-using-iptables/
my (and pm2's) prefered solution is to listen to a port greater than 1024 and use a reverse proxy like nginx to route apps running on that server.
http://pm2.keymetrics.io/docs/tutorials/pm2-nginx-production-setup
Related
Our Heroku machine was automatically started and after that our APIs are not accessible, I checked the logs, it said: Relocating dyno to a new server, so something happened to the machine, the log shows the my node process is running, but the APIs via https or http are not accessible, when I run ss -tulw, it showed neither 443 nor 80 was listening, and I could not find a way on the machine to open the ports, on the heroku machine, I have not ways to change the bash_profile, or export PORT=443, since it is not allowed to start node process from inside the machine, I can only start our node process via re-deployment with "git push heroku master", the process.env.PORT shows different port each time my node process redeployed, our application has been totally inaccessible by our customers for two days now, and we created a ticket on heroku support center, but nobody has taken actions yet for two days, please help. Thanks!
You cannot open ports on a dyno. Dynos do not listen on 443 or 80.
Dyno is assigned a port by Heroku. You should bind to that port when application starts.
You should have a Procfile in your repo which starts application on correct port, for example:
web: npm run server -- --port $PORT
More info:
Setting the port for node.js server on Heroku
on procfile
restarting dynos
I have a node application listening on port 80, I have set the security groups open on port 80.
But, when I access my webapp in browser via public ip(http://xx.xxx.xx.xxx/), it doesn't show up.
What could be the issue?
I've use this doc as a guide https://aws.amazon.com/premiumsupport/knowledge-center/connect-http-https-ec2/
When your security group already allowed traffic It means something wrong with the instance.
The first step to debug such an issue to verify the application status inside the instance.
do ssh to the instance and verify is the instance responding on localhost curl localhost
check is the process running, if you are using any nodejs process manager like pm2 pm2 list or forever forever list or ps -aux | grep node
Verify is the server running on port 80.
check is the port occupied netstat -antu | grep LISTEN
In short, if the application responding on localhost using curl localhost, then as mentioned in the comment then the instance is in the private subnet.
you can check this article to know about public and private subnet.
So The answer was, my security groups were fine. My app wasn't running because I didn't set the environment variable correctly. sudo PORT=80 node server.js was the command I needed.
Im running my node app with grunt on a DO droplet. I start the server
Running "connect:server" (connect) task
Waiting forever...
Started connect web server on http://localhost:3000
But when I navigate to my dropletIP:3000 I cannot see the app, I get:
This site can’t be reached
mydropletIP refused to connect.
Shouldn't my app be available? I don't have nginx or anything installed.
I was having similar problem but the solution was simple. Change from 'localhost' to '0.0.0.0' i.e
.listen(8080, '0.0.0.0');
And then to test your api just enter your static ip of droplet with port that you have entered i.e droplet-ip:8080
Check the particular port is opened or not ,using following command
sudo ufw status
If any Firewall enabled and any port is block means you can see that.
netstat -an | grep "LISTEN " ( List of listening port on server)
I need this info ,then only we can find a problem
I have deployed an Express application into EC2 instance but there is a weird problem. After SSH into the instance, If I start the server by
node server.js
it is not available through the browser;
If I start the server by
sudo node server.js
everything is ok.
Not suer why.
Ports less than 1024 are reserved for root, and thus require root permission.
My guess is that you are attempting to bind to ports 80/443, the default web ports. As such, this requires root permissions.
However, it is a bad idea to run your application as root, and so an alternative solution should be implemented.
sudo permission is required on low number port. you should use a proxy in front of your app; like nginx so that you can use low number port by redirect to your app's port.
I'm a Linux beginner and have a Linux Ubuntu 12.04 server. I've installed node.js and created a webserver script. That works fine, but it runs as root user.
I know that's not good (root-user & webserver = unsafe).
How can I run the webserver script as an non-root user? Does somebody know a good detailed tutorial or can give me some advice?
You have two options:
Listen on port 80
Run as root, start your app's listen() on port 80 and them immediately drop to non-root. This is what Apache does, for example. Not recommended since it's easy to get this wrong, and lots of other details (writing to log files, initialization required before you can listen, etc.). Not standard practice in node.
Listen on port >=1024*
Run as non-root, listen on a port >= 1024 (say: 8000, or 8080), and have someone else listen on port 80 and relay port 80 traffic to you. That someone else can be:
A load-balancer, NAT, proxy, etc. (Maybe an EC2 load balancer if you're running on EC2, e.g.)
Another http server, say Apache httpd or ngnix.
For an ngnix example, see this: Node.js + Nginx - What now?
you can just run node hello.js