I have deployed an Express application into EC2 instance but there is a weird problem. After SSH into the instance, If I start the server by
node server.js
it is not available through the browser;
If I start the server by
sudo node server.js
everything is ok.
Not suer why.
Ports less than 1024 are reserved for root, and thus require root permission.
My guess is that you are attempting to bind to ports 80/443, the default web ports. As such, this requires root permissions.
However, it is a bad idea to run your application as root, and so an alternative solution should be implemented.
sudo permission is required on low number port. you should use a proxy in front of your app; like nginx so that you can use low number port by redirect to your app's port.
Related
I am trying to get a NodeJs application to run on a Amazon Linux server using port 80. Currently when I run the app it is defaulting to port 1024. I understand that this is due to the fact that I have to be root to run on port 80 but given I am on a aws linux box I am not able to run that as root. I have been digging for awhile but I am coming up short on what I need to adjust to get this to run properly.
sudo bash will allow you to connect as root on your EC2 Amazon Linux instance.
I would question why do you want to run NodeJS on port 80, the best practice would have a load balancer in front of your instance to accept HTTPS calls and relay to whatever port nodejs will run on your instance, in a private subnet.
I would suggest to read this doc to learn how to do this : https://aws.amazon.com/getting-started/projects/deploy-nodejs-web-app/
I created a compute engine which has these network tags and firewall rules:
So if I understand this correctly, the machine is allowed to listen on port 80.
I installed node and created a really simple http server just to see if I can reach the box via http. Logged in via ssh on cloud console. When I try to start it (e.g. npm start to run the server), it says:
Error: listen EACCES: permission denied 0.0.0.0:80
Why? How to resolve?
I read somewhere that low port #s are usually restricted to root user, so I tried sudo it says sudo: npm: command not found and similar for sudo node.
Also why is that when you create a server using scripts like these, the article says they are executed as root? How does that happen and why am I not executing as root when I'm the one who booted up the machine and logged in as myself? Yes, my understanding of linux perms is very newbie.
Thanks...
In order to use TCP ports lower than 1024 you node server must run with root privileges. TCP ports 1024 and higher do not require privilege.
When you login to a Google Cloud Compute Engine instance, you are loggin in as a normal user. You do not have root privilege. To grant root privilege to a command, prefix it with sudo. Example: sudo mkdir /directoryname.
I do NOT recommend running node servers with root privilege. This opens a possibly serious security hole in your system. Search the Internet on this topic before deciding.
Your choices are:
Select a port above 1023. Common port numbers: 8000, 8080, 5000.
Start the node server with root privileges: sudo node hello.js
In regards to npm not being found. You will need to modify the environment's PATH variable to include the location of where you installed your node toolset for the user root.
I have an app set to listen to port 66.
First I tried to run it with sudo node myapp.js . I was able to access it at the correct url (ip:66). Then I stopped the app (Ctrl+c) and started it with pm2, sudo pm2 start app.js. The status is online. However, that same url is now inaccessible.
Running sudo pm2 logs while the app is started with pm2 gives me the error EACCESS for port 66. No one else is running the app, and I am sure I am only using one console and killing the node service before starting it with pm2.
Pm2 was installed globally. Server is Debian stretch. Nodejs version is 8.x
I am logging as a normal user and using sudo to run the app.
on linux systems normal users are not allowed to listen to ports below 1024. There are several ways around this.
You can change this rule to allow non root users to open such ports. But this is a security risc and is not recommended. So i won't add a link to this solution.
you can also listen to a port that is greater than 1024 and then use a forward rule in your firewall to route port 66 to the port you opened.
https://www.systutorials.com/816/port-forwarding-using-iptables/
my (and pm2's) prefered solution is to listen to a port greater than 1024 and use a reverse proxy like nginx to route apps running on that server.
http://pm2.keymetrics.io/docs/tutorials/pm2-nginx-production-setup
I've managed to get Node and NPM installed on my shared hosting account with Namecheap by following this answer. It all seems to be working, I can launch my app and it stays launched, but the subdomain which points to app's root route just shows up the folder of the domain.
I've tried going to myaddress.com/subdomain:8080 but I get a server error plus a 404. I've also tried changing Node's listening port from 8080 to 80, but on 80 I get an error:
Error: listen EACCES 0.0.0.0:80
So that means I don't have rights to port 80. How can I get clients to connect port 8080?
This is the part that shared hosting has a problem with, they wont open any ports for you. This is exactly where your workaround needs to be centered. Im currently looking for solutions to either use php to serve a node
see here https://www.npmjs.com/package/node-php-server
and here How to host a Node.Js application in shared hosting
or just configuring express to use somehow port 80.
These would be your best options.
I'm a Linux beginner and have a Linux Ubuntu 12.04 server. I've installed node.js and created a webserver script. That works fine, but it runs as root user.
I know that's not good (root-user & webserver = unsafe).
How can I run the webserver script as an non-root user? Does somebody know a good detailed tutorial or can give me some advice?
You have two options:
Listen on port 80
Run as root, start your app's listen() on port 80 and them immediately drop to non-root. This is what Apache does, for example. Not recommended since it's easy to get this wrong, and lots of other details (writing to log files, initialization required before you can listen, etc.). Not standard practice in node.
Listen on port >=1024*
Run as non-root, listen on a port >= 1024 (say: 8000, or 8080), and have someone else listen on port 80 and relay port 80 traffic to you. That someone else can be:
A load-balancer, NAT, proxy, etc. (Maybe an EC2 load balancer if you're running on EC2, e.g.)
Another http server, say Apache httpd or ngnix.
For an ngnix example, see this: Node.js + Nginx - What now?
you can just run node hello.js