Hi folks,

I'm using Node.js as my webserver.

I'd like to launch my application from a user account that has not been added to the sudoers file. As such, I need to bind to port 80 without becoming root.

The best method I've heard of so far is to create an iptables rule that forwards all traffic from port 80 to port 8080 (or whatever port), and then actually bind to that port instead of 80.

Has anyone done this on a linode? What iptables command did you use, and how did you save this configuration (I had troubles doing this)?

Finally, do you think this may reduce performance in some way, or do you know of a better way to bind to port 80?

Any feedback is highly appreciated.

The correct approach is to run it as root and have the web server drop down to an unprivileged user once it binds the port. That's what everything else like Apache or nginx do. It's possible to do it with node.js too, although in this case you're actually implementing the behaviour:

http://onteria.wordpress.com/2011/05/31 ... n-node-js/

I used to do that, but why would that be better? I would prefer to run the application without having any kind of admin rights.

I tend to pop nginx in front and have that proxy back to node on a high port, it allows nginx to serve static files, perform access logging etc etc and doesn't require node to run as root and drop it's privileges.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

Can't comment on its suitability, but to redirect port 80 to 8080 -

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

That is great, though I would like to hear from someone about its suitability. It seems great to me, as long as it doesn't degrade performance.

Do you happen to know how to properly save such new iptables configuration? I have seen numerous commands, such as "sudo service iptables save", but this gives a "iptables service does not exist".

Thanks a lot.

It depends on your distro. For Ubuntu I do it this way:

save the rules by doing:

iptables-save >/etc/iptables.rules

edit /etc/network/interfaces to include 'pre-up' commands to restore the rules before the interface is started.

# The primary network interface
auto eth0
iface eth0 inet dhcp
pre-up iptables-restore </etc/iptables.rules
pre-up ip6tables-restore </etc/iptables6.rules

ip6tables does the same job for ipv6. Use ip6tables-save to create that rule file.

+1

Do you know if its possible to do this with UFW as well?

Looks very similar to iptables.

http://serverfault.com/questions/238563/can-i-use-ufw-to-setup-a-port-forward

+1 I use Apache but same thing. ProxyPass and ProxyPassReverse.

There is a program called authbind that could be of some use to you.