Hello, I have a fairly simple question that I can't seem to find an answer for on the interwebs.
I need to deploy a node.js application to a production server. There are lots of articles out there that say to not run a node.js application as the root user on Ubuntu because of the security risks. The security risks seem real, so seems like good advice. BUT, none of these articles say much more than that.
Ok so if not root, then which user? It seems a bit weird to me to run a critical production application under the "ubuntu" user on port 3000, then reverse proxy nginx from port 80 to port 3000. Why on earth would we put the default ubuntu user in critical path of production?
What's the right approach here? Create a separate non-privileged user to run the application and have nginx reverse proxy to it? What do other people do in this case?
Thanks!
I need to deploy a node.js application to a production server. There are lots of articles out there that say to not run a node.js application as the root user on Ubuntu because of the security risks. The security risks seem real, so seems like good advice. BUT, none of these articles say much more than that.
Ok so if not root, then which user? It seems a bit weird to me to run a critical production application under the "ubuntu" user on port 3000, then reverse proxy nginx from port 80 to port 3000. Why on earth would we put the default ubuntu user in critical path of production?
What's the right approach here? Create a separate non-privileged user to run the application and have nginx reverse proxy to it? What do other people do in this case?
Thanks!