You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not sure how to label this discussion but I just wanted provide info. I've just spent a couple days nailing down my one-command-deploys for my public services and had some issues with getting uWebSockets to play nice with linux permissions so here's some tips.
All of the following commands need to be run as a super user so they should happen on server setup but it's up to you.
Raw Socket usage
uSockets the lower level library for uWebSockets relies on handling raw sockets so as an unprivileged user the capabilities for the binary need to be set with: setcap cap_net_raw+ep /path/to/uws_server
Lower level port usage
Running a binary that can listen to a lower numbered port as an unprivileged user requires one of several options:
sysctl net.ipv4.ip_unprivileged_port_start=0; which allows any unprivileged user to bind to a port like 80 or 443. It should be obvious that all other ports should be firewalled for incoming and outgoing traffic if deemed unnecessary. I use this option.
Use authbind to set it as available for a single user and a specific port then running that command as the specific user with authbind:
Use iptables to redirect everything from a lower level port, 443 in our case to whatever your binary is using. I'm not sure why you would do this as it will lower the performance but whatever floats your boat. example
To be honest I'm not sure if I should be running this as a public facing server when it's not behind Nginx or Apache but I'm going to do it anyway and see what happens. I feel like Hultman could weigh in here. Nginx uses too much memory with websockets and I plan on incorporating some webrtc stuff into this server somehow for a service mesh to interface with p2p networks. Should be fun.
Anyways, this is just a some info. Use it as you like. Thanks for the great project.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Not sure how to label this discussion but I just wanted provide info. I've just spent a couple days nailing down my one-command-deploys for my public services and had some issues with getting uWebSockets to play nice with linux permissions so here's some tips.
All of the following commands need to be run as a super user so they should happen on server setup but it's up to you.
Raw Socket usage
setcap cap_net_raw+ep /path/to/uws_server
Lower level port usage
Running a binary that can listen to a lower numbered port as an unprivileged user requires one of several options:
sysctl net.ipv4.ip_unprivileged_port_start=0;
which allows any unprivileged user to bind to a port like 80 or 443. It should be obvious that all other ports should be firewalled for incoming and outgoing traffic if deemed unnecessary. I use this option.authbind --deep /path/to/uws_server
setcap cap_net_bind_service=+ep /path/to/uws_server
To be honest I'm not sure if I should be running this as a public facing server when it's not behind Nginx or Apache but I'm going to do it anyway and see what happens. I feel like Hultman could weigh in here. Nginx uses too much memory with websockets and I plan on incorporating some webrtc stuff into this server somehow for a service mesh to interface with p2p networks. Should be fun.
Anyways, this is just a some info. Use it as you like. Thanks for the great project.
Beta Was this translation helpful? Give feedback.
All reactions