For a SaaS running on Node.JS, is a web-server necessary?
If yes, which one and why?
What would be the disadvantages of using just node? It's role is to just handle the CRUD requests and serve JSON back for client to parse the date (like Gmail).
Asked
Active
Viewed 1,258 times
1 Answers
5
"is a web-server necessary"?
Technically, no. Practically, yes a separate web server is typically used and for good reason.
In this talk by Ryan Dahl in May 2010, at 37'30" he states that he recommends running node.js behind a reverse proxy or web server for "security reasons". To elaborate on that, hardened web servers like nginx or apache have had their TCP stacks evolve for a long time in terms of stability and security. Node.js is not at that same level yet. Thus, since putting node.js behind nginx is easy, doesn't have many negative consequences, and in theory increases the security of your deployment somewhat, it is a good choice. At some point in time, node.js may be deemed officially "ready for live direct Internet connections" but wait for Ryan/Joyent to make some announcement to that effect.
Secondly, binding to sub-1024 ports (like 80 and 443) requires the process to be root. nginx and others automatically handle binding as root and then dropping privileges to a safer user account (www-data or nobody typically). Although node.js has system call wrappers in the process module to drop root privileges with setgid and setuid, AFAIK other than coding this yourself the node community hasn't yet seen a convention emerge for doing this. More on this topic in this discussion.
Thirdly, web servers are good at virtual hosting and in general there are convenient things you can do (URL rewriting and such) that require custom coding in node.js to achieve otherwise.
Fourthly, nginx is great at serving static files. Better than node.js (at least by a little as of right now). Again as time goes forward this point may become less and less relevant, but in my mind a traditional static file web server and a web application server still have distinct roles and purposes.
"If yes, which one and why"?
nginx. Because it has great performance and is simpler to configure than apache.
Peter Lyons
- 142,938
- 30
- 279
- 274
-
1May 2010 is more then a year old. I would recommend emailing joyent and the node team for whether it's still recommended. – Raynos Jul 20 '11 at 13:04
-
There's also a catch-22 here. Node is presumably less hardened because it hasn't been run on the Internet all that much. Many people don't run it on the Internet because it is presumably less hardened. Thus a vicious cycle. – Peter Lyons Jul 20 '11 at 13:19
-
1yes it is. Thats why I recommend you just run it on the internet but be aware that its potentially unstable – Raynos Jul 20 '11 at 13:56
-
Peter Lyons and everyone else, I thank all of you very much for the explanation and comments. I'd like to ask one more thing: If you need node or php or whatever for simple, concurrent, large volume CRUD operations (as explained in the question), would you go for nginx+node+dbOfChoice or something other than node? Thanks. – Phil Jul 20 '11 at 14:35
-
Nodejs will handle that like it's nothing. You'll likely find that node can handle multiples more concurrent users than other (blocking) languages, like (as you mentioned) php. – Jul 20 '11 at 15:51
-
I like node and I'd go for nginx/node/express/mongoose/mongodb as my default "Kool-Aid" stack. But if I was using a traditional RDBMS (PostgreSQL is my choice), there's not currently a good ORM for node.js, so I'd use rails instead of node, at least today. Here's my recent blog post with more thoughts on the web stack. http://peterlyons.com/problog/2011/07/web-framework-woes/ – Peter Lyons Jul 20 '11 at 17:23
-
Michael Hart, you seem experienced and knowledgeable about the subject. Thank you for taking your time to discuss the issue along with Peter Lyons, of whom the comments have been very helpful; thence probably proving the solution for another problem of the old curiosity. Thank you all. – Phil Jul 20 '11 at 20:35