21 comments

[ 94.5 ms ] story [ 609 ms ] thread
Why is it always the articles that tell you how to do things in production that take multiple seconds to load and/or throw database errors?
because wordpress! ugh!!
we have super-cache enabled and the apache KeepAliveTimeout down to 1 second (which killed us in the past). but hacker news still sends a crushing amount of traffic.
I don't think that's true. I've hit the front page a couple times and actually got very little traffic, and definitely nothing that my $5 vps with no caching couldn't handle.
were you running wordpress? i think the traffic that HN sends crushes wordpress specifically. who knows... maybe it's just our wordpress config. we're gonna port it over to a static site generator anyway.
Probably should switch to static content, a Raspberry Pi could handle the traffic no sweat.
Yes, raspberry pi with handle front page HN. Put free cloudflare in front and you're laughing.
honestly, i think it's time for us to move over to jekyll
perhaps it's time to run our blog on node...
Maybe author should take his own advice and make his own website production ready.
(comment deleted)
> Another Note: This runs on port 3000. Making it run on port 80 would be possible using a reverse proxy (such as nginx), but for this setup we will actually run the app servers on port 3000 and the load balancer (on a different server) will run on port 80.

This comes up a lot. In addition to the reverse proxy, you can also:

-- redirect port 80 to port 3000

  iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
-- use authbind to grant port 80 access to an unprivileged user http://manpages.ubuntu.com/manpages/hardy/man1/authbind.1.ht...
great tip, I'll add this in
Which is a better security setup, reverse proxying port 80 to 3000 via a stripped, hardened nginx/apache on 80, or connecting your unpriviledged app directly to port 80 via iptables or authbind?
Port 80 is not some magical port, it's just privileged by convention. Routing iptables from port 80 to 3000 does not hurt nor improve your security situation in the least.
I can see how this is useful if you are using a single node.js server as you wouldn't need any proxy in front of it.

However if you are using a load balancer in front of a handful of node.js app servers, does this offer any advantage over just using an arbitrary port > 1024?

> However if you are using a load balancer in front of a handful of node.js app servers, does this offer any advantage over just using an arbitrary port > 1024

Nope. It's only useful if you're using a single server, e.g. on a $5 DigitalOcean droplet.

thank you for doing this, I was just about to slog through figuring this out for myself using most of these tools. This will save me a lot of trial and error!

Small plug, I wrote a node wrapper for digital ocean's API. https://github.com/hortinstein/brinydeep It would be interesting to use it to auto-scale based on feedback from haproxy or the nodes themselves when smashing it with siege.

When i get around to it I might write a followup to your article incorporating that and some of the other features!