All geek questions in one place

What is the point of using a proxy server, for example, node-http-proxy for a node application with one application on one port?

I am studying using a node-http-proxy proxy so that I can have our proxy server for requests to send 80 ports to our application server on port 8000. However, I am a bit confused why this is a good idea and what exactly is this setting will protect against security.

The note-http-proxy documentation discusses its use a lot as a way to redirect requests to an application with multiple ports or IP addresses. This would obviously be very useful, especially with a basic load balancing strategy in a circle. However, we only have one application on one port, so we do not need to do this.

If there is an important security reason why we should use this proxy server, then I would like to know what types of attacks it protects. In addition, we use socket.io, so if there is anything the proxy does to help the websocket server scale, I would like to understand this. We are unable to figure out how to run our application without sudo (since all ports below 1024 require root access), so if at the moment there is no good reason to use a proxy server, we are just going to scrap in. If anyone knows how to run this application with a proxy server on port 80 without root access, this is also very useful. Thanks!

+6
source share
3 answers

The reasons for the reverse proxy are as follows:

  • You have limited IP ports open and you need to start many Node services, each of which needs its own port
  • Your internal service does not support HTTPS, but you need one (e.g. Derby)
  • To add another feature to a request that is not easy to do with the reverse side, such as adding basic authentication or some form of general logging / audit
  • To provide for adding or modifying outbound responses common to multiple back-end services
  • Providing load balancing service

If your needs are quite simple, it would be better to use a dedicated proxy server, for example HAproxy , since node-http-proxy is quite simplified.

+3
source

Well, if you use only one server instance, then this is not the reason. The node-http-proxy docs mention the use of a single SSL certificate in multiple applications, which is very possible. You can also load balance on multiple HTTP servers and web sockets (say, run 10 socket.io servers for real-time data, but only 1 HTTP server for asset maintenance and a REST API). Of course, in one case, they do not give any advantages.

If you want to run node servers without sudo, perhaps you can try setting up port forwarding of the IP tables from port 80 to port above 1024. See Can I run Node.JS with low privileges?

+1
source

We mainly use http-proxy to have multiple server servers with the same IP address, but we also use it to forward https to http. This strengthens our application.

Security, you can be sure of better http-proxy quality than in your application. The proxy assembly created by nodejitsu is ready for production, and the attack should be harder to obtain privileges (for example, reading private key files) on the http proxy instead of your own application (of course, this depends on your skill in developing security and your trust in the http- project open source proxy).

+1
source

Source: https://habr.com/ru/post/916214/

More articles:


All Articles