Bringing an old thread to life again, sorry!
I'd also love some help with the instructions for running this in a Docker image. It would make life a bit easier for deploying this in DigitalOcean.
You may wish for several reasons to only have Node.js to serve nodeBB, such as
But you also can't bind Node.js to port 80 without root privileges, and for security reasons, it's recommended not to.
If you don't plan to use multiple virtual hosts, then I have a solution for you.
sudo iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -i eth0 -p tcp --dport 4567 -j ACCEPT sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 4567
This redirects port 80 of eth0 to port 4567.
The advantage of doing this are the following
iptables port forwarding is significantly lighter weight than proxifying using nginx or anything else. Iptables port forwarding merely changes the destination header in the packets and delivers them, meaning it's a layer 3 fix, as well as happening in kernel space.
Using nginx as a proxy is a layer 7 fix, meaning it's much more complex, as well as happening in user space.
The first drawback I noticed while doing this is that nodeBB is for now not able to handle SSL/TLS on its own, or at least be configured with an SSL certificate. I could be wrong here, but I found nothing relevant on this subject.
To remove the iptables packet forwarding, say to install Nginx to handle SSL/TLS (HTTPS) and SPDY HTTP/2
sudo iptables -t filter -D INPUT 1 sudo iptables -t filter -D INPUT 1 sudo iptables -t nat -D PREROUTING 1
I'm posting this tutorial as I found nothing very clear on how to do it,
hope it helps.
But to be honest, it's less RAM consumptions against slower static files serving. Is it really better?
Nginx other than SSL also does gzip, load balancing, caching and a lot of other fancy stuff.
I could not imagine my life without nginx at the moment
Nice tutorial! Good to know iptables can be used to forward ports like this.
I do believe NodeBB can be configured to terminate SSL certificates, but it hasn't been done in awhile because we much prefer nginx