Welcome!

By registering with us, you'll be able to discuss, share and private message with other members of our community.

SignUp Now!
  • Guest, before posting your code please take these rules into consideration:
    • It is required to use our BBCode feature to display your code. While within the editor click < / > or >_ and place your code within the BB Code prompt. This helps others with finding a solution by making it easier to read and easier to copy.
    • You can also use markdown to share your code. When using markdown your code will be automatically converted to BBCode. For help with markdown check out the markdown guide.
    • Don't share a wall of code. All we want is the problem area, the code related to your issue.


    To learn more about how to use our BBCode feature, please click here.

    Thank you, Code Forum.

Node.JS What user to run node.js in production

ac1dr41n

New Coder
Hello, I have a fairly simple question that I can't seem to find an answer for on the interwebs.

I need to deploy a node.js application to a production server. There are lots of articles out there that say to not run a node.js application as the root user on Ubuntu because of the security risks. The security risks seem real, so seems like good advice. BUT, none of these articles say much more than that.

Ok so if not root, then which user? It seems a bit weird to me to run a critical production application under the "ubuntu" user on port 3000, then reverse proxy nginx from port 80 to port 3000. Why on earth would we put the default ubuntu user in critical path of production?

What's the right approach here? Create a separate non-privileged user to run the application and have nginx reverse proxy to it? What do other people do in this case?


Thanks!
 
Hello, I have a fairly simple question that I can't seem to find an answer for on the interwebs.

I need to deploy a node.js application to a production server. There are lots of articles out there that say to not run a node.js application as the root user on Ubuntu because of the security risks. The security risks seem real, so seems like good advice. BUT, none of these articles say much more than that.

Ok so if not root, then which user? It seems a bit weird to me to run a critical production application under the "ubuntu" user on port 3000, then reverse proxy nginx from port 80 to port 3000. Why on earth would we put the default ubuntu user in critical path of production?

What's the right approach here? Create a separate non-privileged user to run the application and have nginx reverse proxy to it? What do other people do in this case?


Thanks!
Well, first off: root does not leave logs, so if your server gets compromised...guess what? no logs! Plus, root is root, so say goodbye to your system lol.
 
Last edited:
Best practice: set up user account for deployment, lock it down. Give the user only the necessary perms, and set up a lock out system so that all login attempts under that user get logged and ip banned should it be more than x amount of attempts.
 
So is that pretty much the practice? Set up a dedicated user to run the app under, specifically NOT the "ubuntu" user, and obviously not root?
Sort of lol. I mean, you're setting up A user, that is NOT root. technically every user is a "ubuntu/(insert your flavor here)" user lol
Main reason why this is best practice...security, and separation of concern. IF it ain't doing anything administrative, root should not be used.
 

New Threads

Latest posts

Buy us a coffee!

Back
Top Bottom