NGINX as Proxy/Advice
I just want to say thanks to you guys for such a relatively smooth install process. Of course I had some hickups, but hey, I'm a programmer so that's to be expected.
That said, I'm not a web developer, though I do know JS. So here are a couple questions I have:
I got my NodeBB up in a DigitalOcean Droplet right now. My DNS servers are currently propagating but right now, I need to go to myIP:4567 to access my board.
I was following this tutorial and at the bottom, the author recommends using NGINX as a proxy to the NodeBB. This is where I'm confused. Why would I want to do this and do you guys recommend doing this? Is there a better way to get my domain to route directly to the board (its a NodeBB site entirely, no subdomain).
In addition, do you have any other "get up and running" advice for me? I still need to set up my keypair for security reasons on my Droplet. I'm also going to have to apply SSL to the Droplet. Anyone have experience with that?
This is sorta like a "Droplet noob/NodeBB noob pro tip" kinda thread. Can't wait to get this thing hooked up completely hopefully tomorrow. 3-4 hrs of work isn't bad for setting all that up after not doing web dev/node for about 6 months! Definitely want to stress extra security measures though as this is going to be an InfoSec website, lol.
@todd you definitely want Nginx. It's possible to use iptables instead, but Nginx allowed you to accelerate and cache static files and other things so I'd suggest that. If you're running cached, you absolutely need Nginx or some other reverse proxy, as NodeBB doesn't handle clustering itself.
To add to what @pitaj said (or to say it in a different way), using nginx allows your NodeBB process to stay running in a port higher than 1024 (default is 4567), which you don't need root privileges for. Running NodeBB as root is discouraged as any privilege escalation vulnerability could lead to system compromise.
Nginx listen on port 80 for you, and can reverse proxy requests to your NodeBB running on port 4567.
Totally got it. Thanks you guys. I didn't understand the "why" before, now I get it! :)