Why Is Running Node.Js on Port 80 Might Not Be Safe

Why is running node.js on port 80 might not be safe?

The first option isn't the easiest and require more dependencies then I need

Please review why should one use a http server in front of a framework web server for the many valid reasons you should in fact do it this way.

setting up a port redirection with an iptables rule

This is probably better than directly having your node process listen on port 80, although I haven't seen this type of configuration used in production.

making express listen on port 80 within the app

This is functionally a poor choice because you don't get the benefits outlined in the linked answer above, however, from a strictly security standpoint, the key thing to remember is you must not run your node process as root, which would be a horrendous security problem. You must be root to bind to port 80 because that's a rule of unix, but you can and must change to a less-privileged user immediately after binding to that port.

Node.js app can't run on port 80 even though there's no other process blocking the port

The error code EACCES means you don't have proper permissions to run applications on that port. On Linux systems, any port below 1024 requires root access.

I can't listen express server on port 80

I believe you are using windows as OS. In it the port 80 could be used as default port for some service. Please check the following -

• Skype uses port 80 by default, you can change this in skype options > advanced > connection - and uncheck "use port 80"
• Port 80 is the standard HTTP port, so to check which services are using you could run net stop http. It will list the services using port 80 and will ask to whether end them or not.
• Port 80 could be occupied by IIS server. Please stop IIS and then re-run the node service.
• Some SQL Server Reporting services also use port 80

node server running on port 80 but cant call it by domain

You have SSL specified as true but also port 80. By default, browsers expect https to be on port 443 and for port 80 to be unencrypted.

If you just specify the hostname and not the scheme, the browser assumes you want an unencrypted connection on port 80. But your port 80 is encrypted. So it fails.

If you specify https as the scheme but don't specify a port number, the browser assumes you want to connect on port 443. But you are running on port 80 instead. So the connection fails.

So your URLs only work in browsers if you specify both the port number and https as the scheme.

If you don't want to have to specify the port number, the best thing to do is probably to use port 443. If you still want to answer on port 80, set something up there to redirect the https scheme.

How do I run Node.js on port 80?

What you need to do is have 2 ip's for the server you are running. Apache has 1 ip bound to port 80 and then node.js has the other ip bound to port 80.

Using node and its listen directive has 2 values eg. .listen(80, NODEJS_IP or DNS NAME);

Some other advice.

I would not use apache with nodejs as it's not evented. So this really isn't recommended. I would actually look into using NGINX as its a much better pairing with Node.

Node.js + Express: app won't start listening on port 80

Are you starting your app as root? Because lower port numbers require root privileges.
Maybe a sudo node app.js works?

BUT, you should NOT run any node.js app on port 80 with root privileges!!! NEVER!

My suggestions is to run nginx in front as a reverse proxy to your node.js app running on port e.g. 3000

Best practices when running Node.js with port 80 (Ubuntu / Linode)

Port 80

What I do on my cloud instances is I redirect port 80 to port 3000 with this command:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000

Then I launch my Node.js on port 3000. Requests to port 80 will get mapped to port 3000.

You should also edit your /etc/rc.local file and add that line minus the sudo. That will add the redirect when the machine boots up. You don't need sudo in /etc/rc.local because the commands there are run as root when the system boots.

Logs

Use the forever module to launch your Node.js with. It will make sure that it restarts if it ever crashes and it will redirect console logs to a file.

Launch on Boot

Add your Node.js start script to the file you edited for port redirection, /etc/rc.local. That will run your Node.js launch script when the system starts.

Digital Ocean & other VPS

This not only applies to Linode, but Digital Ocean, AWS EC2 and other VPS providers as well. However, on RedHat based systems /etc/rc.local is /ect/rc.d/local.

Node.JS not serving port 80 on IIS

For those facing this issue, I fixed it up as Tadman recommended on the above comments: configuring IIS for forwarding (by installing the Application Request Routing and the URL rewrite extensions to IIS).

Node.js also worked when creating a new rule at Windows firewall for enabling port 80. The default rule at the firewall for port 80 will work only with IIS, not with Node.js.

As for the extensions mentioned above, here is a good instructive about how to install and setup:

https://dev.to/petereysermans/hosting-a-node-js-application-on-windows-with-iis-as-reverse-proxy-397b

Node.js EACCES error when listening on most ports

Running on your workstation

As a general rule, processes running without root privileges cannot bind to ports below 1024.

So try a higher port, or run with elevated privileges via sudo. You can downgrade privileges after you have bound to the low port using process.setgid and process.setuid.

Running on heroku

When running your apps on heroku you have to use the port as specified in the PORT environment variable.

See http://devcenter.heroku.com/articles/node-js

const server = require('http').createServer();
const port = process.env.PORT || 3000;

server.listen(port, () => console.log(`Listening on ${port}`));

---

Related Topics