Binding to port 80 on an account without sudo rights

The correct approach is to run it as root and have the web server drop down to an unprivileged user once it binds the port. That's what everything else like Apache or nginx do. It's possible to do it with node.js too, although in this case you're actually implementing the behaviour:

http://onteria.wordpress.com/2011/05/31 … n-node-js/">http://onteria.wordpress.com/2011/05/31/dropping-privileges-using-process-setuid-in-node-js/

I used to do that, but why would that be better? I would prefer to run the application without having any kind of admin rights.

I tend to pop nginx in front and have that proxy back to node on a high port, it allows nginx to serve static files, perform access logging etc etc and doesn't require node to run as root and drop it's privileges.

Can't comment on its suitability, but to redirect port 80 to 8080 -

iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT --to-port 8080

@vickd:

Can't comment on its suitability, but to redirect port 80 to 8080 -

iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT --to-port 8080

That is great, though I would like to hear from someone about its suitability. It seems great to me, as long as it doesn't degrade performance.

Do you happen to know how to properly save such new iptables configuration? I have seen numerous commands, such as "sudo service iptables save", but this gives a "iptables service does not exist".

Thanks a lot.

It depends on your distro. For Ubuntu I do it this way:

save the rules by doing:

iptables-save >/etc/iptables.rules

edit /etc/network/interfaces to include 'pre-up' commands to restore the rules before the interface is started.

# The primary network interface
auto eth0
iface eth0 inet dhcp
pre-up iptables-restore 

ip6tables does the same job for ipv6. Use ip6tables-save to create that rule file.

@obs:

I tend to pop nginx in front and have that proxy back to node on a high port, it allows nginx to serve static files, perform access logging etc etc and doesn't require node to run as root and drop it's privileges.

+1

@vickd:

Can't comment on its suitability, but to redirect port 80 to 8080 -

iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT --to-port 8080

Do you know if its possible to do this with UFW as well?

Looks very similar to iptables.

~~[http://serverfault.com/questions/238563/can-i-use-ufw-to-setup-a-port-forward" target="_blank">](http://serverfault.com/questions/238563 … rt-forward">http://serverfault.com/questions/238563/can-i-use-ufw-to-setup-a-port-forward](

@Kint:

@obs:

I tend to pop nginx in front and have that proxy back to node on a high port, it allows nginx to serve static files, perform access logging etc etc and doesn't require node to run as root and drop it's privileges.

+1

+1 I use Apache but same thing. ProxyPass and ProxyPassReverse.

There is a program called authbind that could be of some use to you.