csr8675 设置tws
In this episode Ivana learns how to grant Node.js network capabilities so that she can use port 443 for her HTTP/2 Server.
在本集中,Ivana学习如何授予Node.js网络功能,以便她可以将端口443用于其HTTP / 2服务器。
Ivana just put the finishing touches on the custom website she developed for the art supply store Rock Paper Scissors. She was ready to put it into production.
伊万娜(Ivana)刚刚在她为艺术品供应商店Rock Paper Scissors开发的自定义网站上做了最后的修饰。 她准备将其投入生产。
Over the past couple of months everything had been developed and tested on her staging server which was configured to listen on port 8443. Browser access to the staging area was through the URL:
在过去的几个月中,一切都在她的登台服务器上进行了开发和测试,该登台服务器配置为侦听端口8443。浏览器通过URL访问登台区域:
https://rock-paper-scissor.com:8443Ivana needed to make the server available to the general public on port 443 instead of port 8443. But she knew that ports 0 through 1023 are well-known system ports and that access to them was forbidden by unprivileged software.
Ivana需要使服务器在端口443而不是端口8443上可供公众使用。但是她知道端口0到1023是众所周知的系统端口,并且非特权软件禁止访问它们。
The HTTP/2 Server that she was deploying is a Node.js server. Any Node.js server started as a non-root user, runs as a userland process, and is not allowed to access system ports. This is true whether it is executing from a terminal window in the foreground, or with a background daemon using PM2, or directly under the control of systemd.
她正在部署的HTTP / 2服务器是Node.js服务器。 任何以非root用户身份启动,作为userland进程运行且不允许访问系统端口的Node.js服务器。 无论是从前台的终端窗口执行,还是使用PM2的后台守护程序执行,还是直接在systemd的控制下执行,都是如此。
There was no way she would entertain the possibility of starting the server as root. There were just too many inherent risks.
她无法接受以root身份启动服务器的可能性。 固有的风险太多了。
Ivana researched what it would take to allow Node.js to directly listen on port 443 as user rwserve. She learned that the Linux command to override the restriction is the set capabilities command setcap. And the magic incantation to give Node.js network privileges is:
Ivana研究了允许Node.js以用户rwserve的身份直接侦听端口443的方式。 她了解到,要覆盖该限制的Linux命令是set setcap命令setcap 。 赋予Node.js网络特权的魔咒是:
setcap 'cap_net_bind_service=+ep' /usr/bin/nodewhere cap_net_bind_service is the capability to bind a socket to privileged ports; the value +ep says to add the capabilities "effective" and "permitted"; and the target is the Node.js executable, located at /usr/bin/node.
其中cap_net_bind_service是将套接字绑定到特权端口的功能; +ep值表示添加“有效”和“允许”功能; 目标是位于/usr/bin/node的Node.js可执行文件。
This did the trick. Now she could access Rock Paper Scissors’ website at https://rock-paper-scissors.com using the well-known port 443.
这成功了。 现在,她可以使用著名的端口443访问Rock Paper Scissors的网站, https://rock-paper-scissors.com为https://rock-paper-scissors.com 。
No minifig characters were harmed in the production of this Tangled Web Services episode.
在此“纠结的Web服务”情节的制作中,没有minifig角色受到伤害。
翻译自: https://levelup.gitconnected.com/tws-004-how-to-configure-nodejs-to-use-port-443-86f1ca801c5f
csr8675 设置tws
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
