Using authbind with Node.js

Distributed Systems with Node.js, O'Reilly 2020, has been published!
DEPRECATED: This post may no longer be relevant or contain industry best-practices.

Deprecation Notice: In general, a Node.js application runs in one of two situations: either for local development or for production (or a facsimile of production). When doing local development, using a port number below 1024 isn't all that useful. When running in production, you should almost always use a reverse proxy instead (see Why should I use a Reverse Proxy if Node.js is Production-Ready? for more information). When this happens, the reverse proxy listens on the desired low port (like :80). Because of this, I no longer recommend authbind, and instead recommend using a reverse proxy, with Node.js running as an underprivileged user.

After recommending a method for dropping root privileges in a previous post, the community gave a bunch of recommendations for alternative methods of doing the same thing. Several people mentioned authbind, which is a simple utility for running apps and giving them permissions to listen to the privileged ports (below 1024).

Here are some commands you can run to get authbind up and running on your Debian based server. I'm sure that if you have a different distro, you probably only need to change the installation line.

# Install authbind on Debian/Ubuntu
sudo apt-get install authbind

# Configure authbind
sudo touch /etc/authbind/byport/80
sudo chown <USERNAME> /etc/authbind/byport/80
sudo chmod 755 /etc/authbind/byport/80

# Run simple node app
authbind node server.js

# Run node app with forever
authbind --deep forever server.js
Tags: #nodejs #linux
Thomas Hunter II Avatar

Thomas has contributed to dozens of enterprise Node.js services and has worked for a company dedicated to securing Node.js. He has spoken at several conferences on Node.js and JavaScript, is an O'Reilly published author, and is an organizer of NodeSchool SF.