What ports should I node.js listen on? How and why?

Question

My node.js applications I have listening on port 80 for http and 443 for https, which I believed was fairly standard practice.

However a number of examples I have read recently use other ports (e.g. 8080 and 8081) for listening to http/https, and then use other means such as iptables or ufw rules to serve ports 80 / 443 via rerouting packets to/from the others.

See two examples here and here.

So my question is why would I not want to listen directly to ports 80 and 443?

Are there security issues at hand? Is it simply a case of these authors not having permissions to listen on ports lower than 1024 (I'd find this surprising?)? Do most people run Apache along side node? (I do not).

Assuming there is a good reason for why I don't want to listen directly to 80 and/or 443, which method should I be using to relay traffic from 80 / 433 to my alternative ports of choice?

I have mentioned iptables and ufw above, is one of these better than the others, or is there some other method I should be using? Does the answer depend on whether I'm balancing my load between processes?

Thanks in advance.

Answer 1

The first line of the first article you linked to mentions the reason.

Standard practices say no non-root process gets to talk to
the Internet on a port less than 1024.

For node to bind to port 80 or 443, you would need to run it as root, which is not a good idea.

The method you use to reroute traffic to the higher ports is up to you. The iptables is the least resource-intensive and simplest. Another method would be to use NginX/Apache to proxy to Node. I'd say the main benefit of that method is that you can then also serve things like static files from there, and not have to serve them through Node.

Apache and NginX are both designed explicitly to be very good at serving static files, so they are extremely good at it, whereas Node is a whole JS environment, with all the overhead that involved. Node is great at handing lots of simultaneous connections, and it can certainly serve files perfectly well for normal loads, but it will use more resources than NginX to do it.

Using an HTTP-aware proxy like Apache/NginX also means that you can very easily set up multiple instances of Node to run different subdomains, or even different paths on the same domain.