Ports and security in URL - node.js

I'm going to use socket.io on nodeJs in order to be able to send messages from my server to my client.
Node runs on a separate port from what I normally use for my hosting. Is there any safety risk in using the port number in the url in production? For example, I'm directing users to domain.tld:0000?

There are no more security risks in exposing node.js on another port than running node.js itself exposed to the internet.

Related

Best practice for communicating with a NodeJS server hosted locally from a Bluehost NodeJS server?

I have a web application running on a Bluehost server. I am trying to retrieve files hosted on a local server. On the local server, I have port forwarding and NodeJS listening on port 3000. I could do 80 as well, but from what I have read, that is not safe.
The issue I am running into is mainly the SSL cert for the local Node instance. The web application requires post requests to be made to https:// sources.
What are some best practice approaches to making this work? I have heard about installing Apache and running a ProxyPass to port 3000, but I am still concerned that the port 80 will have no SSL. Any help would be appreciated!!
First its worth noting that there are many approaches to hosting a web service.
Node can handle https connection, you should read the native https module documentation for how this works.
I tend to use Nginx (although apache is great and is a battle-tested solution) as a proxy server to node as, in general, I find it speeds up the process to get a product live. It also allows you to extract potential requirements from your node server, such as caching and SSL, so your node app can just focus on business requirements.
If you go for a proxy server, Nginx (and others), have modules that will handle SSL certificates. Lots of documentation online about how to set this up.
Something to keep in mind is that PORT 80 and 3000 are connection points for traffic. You will only be able to interact with the server on these ports if you bind and expose an application to them. If nothing is exposed to PORT 80, then connect attempts will just fail.
The best practices I tend to employ are:
No excuse not to use SSL nowadays, the standard is to expose https server on port 443.
If you choose to expose port 80, redirect all traffic to 443. This guarantees a secure connection.

Does a Node js web server need a domain name to communicate with clients on other devices?

I am working on a swift project for osx with Firebase. I have a node web server to communicate between the clients and the Firebase-server, but it's a localhost-server. Do I need a real domain name to make the server accessible to end-users on another device? (I don't want a web app, just the backend for myself)
you doesn't need a domain .. but you need a serve to deploy having ip address .. suggestion you can use cloud server
You have two ways:
make request on port that the nodejs uses, example http://101.01.01.01:8000
use nginx like proxy, in this setup make your requests on 80 port (it's default), example http://101.01.01.01.
If you wont make something like dev environment on local machine use first case (don't forgot open port for other devices), for production - second.

Do I need a different server to run node.js

sorry if this is a wrong question on this forum but I am simply just stuck and need some advice. I have a shared hosting service and a cloud based hosting server with node.js installed. I want to host my website as normal but I also want to add real time chat and location tracking using node.js I am confused with what I am reading in several places because node.js is itself a server but not designed to host websites? So I have to run 2 different servers? One for the website and one to run node.js? When I setup the cloud one with a node.js script running I can no longer access the webpages.
Whats the best way for me achieve this as I am just going round in circles. Also is there a way I can set up a server on my PC and run and test both of these together before hand so I see what is needed and get it working as it will stop me ordering servers I dont need.
Many thanks for any help or advice.
Node can serve webpages using a framework like Express, but can cause conflicts if run on the same port as another webserver program (Apache, etc). One solution could be to serve your webpages through your webserver on port 80 (or 443 for HTTPS) and run your node server on a different port in order to send information back and forth.
There are a number of ways you can achieve this but here is one popular approach.
You can use NGINX as your front facing web server and proxy the requests to your backend Node service.
In NGINX, for example, you will configure your upstream service as follows:
upstream lucyservice {
server 127.0.0.1:8000;
keepalive 64;
}
The 8000 you see above is just an example, you may be running your Node service on a different port.
Further in your config (in the server config section) you will proxy the requests to your service as follows:
location / {
proxy_pass http://lucyservice;
}
You're Node service can be running in a process manager like forever / pm2 etc. You can have multiple Node services running in a cluster depending on how many processors your machine has etc.
So to recap - your front facing web server will be handling all traffic on port 80 (HTTP) and or 443 (HTTPS) and this will proxy the requests to your Node service running on whatever port(s) you define. All of this can happen on one single server or multiple if you need / desire.

Expressjs app, using websockets for chat. Use different port for websocket server?

I'm making an app using node.js' express framework which serves both html content over http and uses websockets for a chat feature. I'm wondering how I can accomplish both at the same time. My idea is to use a different port for websocket connections (so http requests would come to port 3000 and websockets would connect on port 3001) but I don't know if that's a good solution. I'm especially worried about deployment to something like heroku and if I can specify different ports for my app.
I'm wondering how I can accomplish both at the same time.
The webSocket protocol is specially designed so it can run on the same port as your regular web server requests. So, you don't need a separate port in order to have both a web server and chat running using webSockets.
This works because a webSocket connection is always initiated with an http request that sets a few special headers. The receiving web server can then detect those special headers and know that this incoming http request is actually a request to initiate a webSocket connection. With a particular response, the client and server then agree to "upgrade" the connection and switch to the webSocket protocol. From that point on, that particular TCP connection uses the webSocket protocol.
Meanwhile any incoming http request that does not have the special webSocket headers on it is treated by your web server as just a regular http request. In this way, the same server and the same port can be used for both webSocket connections and regular http requests. No second port is needed.
Another advantage of this scheme is that the client can avoid the cross-origin issues that it would run into if it was trying to use a different port than the web page it was loaded from.
I'm especially worried about deployment to something like heroku and
if I can specify different ports for my app.
If you were to actually use two ports, then you would need to create two separate servers, one listening on each port since a given server can only listen on one port. In node.js, the two servers could both be in the same node.js app (making it easier to share data between them) or you could put them in completely separate node.js processes (your choice).
And, if you used multiple ports, you'd also have to support CORS so that the browser would be allowed to connect to the separate port (to avoid same-origin restrictions).

Integrate websockets with apache

I would like to add a some real time data updates using push to an existing CakePHP application. It seems to me that websockets are the best way to do so and from what I've read, the easiest way to start using websockets is with node.js. Now the issue I have is that my application server is very very limited portwise and there is virtually no way to change that.
I have apache currently running on *:80 and *:443 and sslh listening on port *:4433. Requests from the outside are sent to my server on :4433 and sslh takes care of handling ssh and https traffic, however on the inside, all my clients machines are using :443 directly. I could potentially open more ports for inside clients, but from outside, there is currently no way to do this. Most of my clients connect from the inside network, but more and more are using the application from outside too.
Note that port 80 is only used to redirect users entering http://example.com to https://example.com as all my services are encrypted. So if node.js was able to to send every http request to https and use port 80 for secure websockets, this would work too!
My question: Is it possible to run Apache and Websockets (probably in the form of Node.js) on the same port, and have either Node.js working as a proxy for Apache or Apache working as a proxy for Node.js?

Resources