1

I'm a teacher in a training center for web development. We're teaching PHP and Node.js for the backend. In this context, it's very cool to allow our students to deploy small web servers. Unfortunately paying for one VPS per student ain't cheap, and free web hosting solutions are usually too limited.

That's why we go for the shared hosting route with unused computers, Raspberry-pis or small VPSs and create an account for each student.

With PHP it's easy. People do a shared hosting with PHP since decades and there's basically a complete feature in Apache to do that super easily (per-user web directories). We just add some shared database, script the initialization of users and we're ready to go.

For node.js... it's another story. No one seems to care about shared hosting in that community and everyone just pops a new VPS for each application or make a manual configuration with root access on a custom server.

To allow somewhat secure solution for automatic shared hosting with Node.js I would need some kind of application server that could:

  • Read through user directories (or multiple directories based on a pattern) for some source JavaScript files to execute.
  • Launch different applications with different users (for security purposes).
  • Kill and restart applications depending on incoming requests and usage of RAM (you can't launch simultaneously 30 node.js apps that consume 30 Mb of RAM minimum on a VPS with 512Mb or Ram, no you can't)
  • Monitor the node.js applications in order to avoid crashes if one of them does something bad (purposely or not, we're talking about web dev students... :) )

Theorically I know some web servers that could potentially be configured to do that (uWsgi and Passenger are the first that come to my mind). But I fear I could take multiple hours or days trying to alter their default behavior before realizing that I just set up a crappy solution that will crash after two days in production.

So... does anyone has some kind of solution for that use case? I'm open to anything, even Docker-based solutions. Just remember the three magic words: security, security and security. We just can't allow anyone to have root accounts on a server we own or to make it crash by too much consuming RAM or CPU.

Thanks in advance for your answers.

nicolas-van
  • 935
  • 8
  • 13
  • My shared hosting uses just passenger+nginx (Apache also available) to run applications writed in node. (without root account, cares about node server port) [Here](https://stackoverflow.com/questions/474147/how-to-limit-phusion-passenger-memory-usage) are tips for *how to limit memory usage*, and [memory monitor](https://mensfeld.pl/2012/08/simple-rubyrails-passenger-memory-consumption-limit-monitoring/) – bato3 Mar 06 '19 at 11:53
  • Actually Passenger is kind of cool for that. It can even start applications written in any language. It doesn't have any kind of memory management feature though. – nicolas-van Mar 08 '19 at 08:37
  • Enterprise version has `memory management`, for free version you can write simple `kill script`. And support only: ruby, python, node and metheor. In total, it can mean *all*. ;) – bato3 Mar 08 '19 at 08:46

0 Answers0