Here are some tips to help us execute node in production:
- Run the server in the
productionenvironment. - Never expose the node application directly on the Internet; always use a proxy. Servers such as Apache HTTP, Nginx, and HAProxy have been hardened and made robust over the years in production to make them secure against various kinds of attacks, especially DOS and DDOS. Node is new; it may become stable over time but today it is not recommended to be put directly on the front.
- Never run node as root. Well, that is the advice for any application server, and it applies to node too. If we run node as root, there are chances of hackers gaining root access or running some harmful code as root. So, never ever run it as root!
- Always run more than one node process. Node is a single-threaded, single-process application server. An error in the application can bring the server down. So, always have more than one process for reliability. Also, thinking in terms of 1+ processes keeps us ready for scaling out when the need comes.
- Always use a monitor. Monit, Forever, Upstart pick one you like, but always use it. Better safe than sorry.
- Never use
MemoryStoreinproduction;MemoryStoreis for thedevelopmentenvironment; I recommend usingRedisStoreeven indevelopment. - Log all errors. Everything runs fine until it doesn't! And when something goes wrong, logs are your best friend. Try to catch exceptions as close to the cause as possible and log all the relevant information in the context. Don't just log some error message, log all the relevant objects.
- Never block unless there is no alternative. Node runs on an event loop, and blocking for one request will cause unwanted overheads and degrade performance for all requests.
- Always keep your server, node, and all dependency modules up-to-date.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.