we have super-cache enabled and the apache KeepAliveTimeout down to 1 second (which killed us in the past). but hacker news still sends a crushing amount of traffic.
I don't think that's true. I've hit the front page a couple times and actually got very little traffic, and definitely nothing that my $5 vps with no caching couldn't handle.
were you running wordpress? i think the traffic that HN sends crushes wordpress specifically. who knows... maybe it's just our wordpress config. we're gonna port it over to a static site generator anyway.
> Another Note: This runs on port 3000. Making it run on port 80 would be possible using a reverse proxy (such as nginx), but for this setup we will actually run the app servers on port 3000 and the load balancer (on a different server) will run on port 80.
This comes up a lot. In addition to the reverse proxy, you can also:
Which is a better security setup, reverse proxying port 80 to 3000 via a stripped, hardened nginx/apache on 80, or connecting your unpriviledged app directly to port 80 via iptables or authbind?
Port 80 is not some magical port, it's just privileged by convention. Routing iptables from port 80 to 3000 does not hurt nor improve your security situation in the least.
I can see how this is useful if you are using a single node.js server as you wouldn't need any proxy in front of it.
However if you are using a load balancer in front of a handful of node.js app servers, does this offer any advantage over just using an arbitrary port > 1024?
> However if you are using a load balancer in front of a handful of node.js app servers, does this offer any advantage over just using an arbitrary port > 1024
Nope. It's only useful if you're using a single server, e.g. on a $5 DigitalOcean droplet.
thank you for doing this, I was just about to slog through figuring this out for myself using most of these tools. This will save me a lot of trial and error!
Small plug, I wrote a node wrapper for digital ocean's API. https://github.com/hortinstein/brinydeep
It would be interesting to use it to auto-scale based on feedback from haproxy or the nodes themselves when smashing it with siege.
When i get around to it I might write a followup to your article incorporating that and some of the other features!
21 comments
[ 94.5 ms ] story [ 609 ms ] threadThis comes up a lot. In addition to the reverse proxy, you can also:
-- redirect port 80 to port 3000
-- use authbind to grant port 80 access to an unprivileged user http://manpages.ubuntu.com/manpages/hardy/man1/authbind.1.ht...However if you are using a load balancer in front of a handful of node.js app servers, does this offer any advantage over just using an arbitrary port > 1024?
Nope. It's only useful if you're using a single server, e.g. on a $5 DigitalOcean droplet.
Small plug, I wrote a node wrapper for digital ocean's API. https://github.com/hortinstein/brinydeep It would be interesting to use it to auto-scale based on feedback from haproxy or the nodes themselves when smashing it with siege.
When i get around to it I might write a followup to your article incorporating that and some of the other features!