Deploy Nodejs in Production

Come from: https://codeforgeek.com/2016/09/10-things-running-node-js-production/

1: Use reverse proxy

“Listening to port 3000”

I am pretty sure you have come across this common message in your terminal while running Node.js application. This works great in local development because hitting localhost:3000 from a browser is no big deal.

But…What about production? I assume you can’t ask your user to visit your web app by accessing port.

But wait! We can run our app on Port 80 and browser will automatically understand that.

True, but this way you will lose the greatest flexibility and that is running multiple nodejs apps on the same server.

Plus, you will expose your real Port on which your App is running i.e it is directly accessible and open to everyone. This is too risky.

You can avoid all of this by introducing reverse proxy in your setup. This will not only hide the real app configuration but also allows your to run multiple apps on same but on the different port.

Plus you can disallow the port for outside user on which your App is listening and tighten the security.

Nginx is still the king in reverse proxy Server. You can use that, however you can also develop reverse proxy Server in Node.js. We have covered this here.

2: Use monitoring tools

Exceptions happen and Server does crash. Whenever it happens, you should be the one who gets notified, probably not by your Manager but your monitoring tool.

In production, a monitoring tool is your best friend, so choose them wisely. These tools allow you to check the status of your deployment from anywhere, you can check logs, memory usage and get the notification via an email if any exception happens.

Nodejs monitoring using PM2

I personally used two monitoring tools as of now.

Keymetrics – by PM2.
Trace – by RisingStack
I have covered tutorial on keymetrics, you can learn about it here.

3: Remove console.log statements

We love console.log and why shoud’t we.

It helps us to trace bugs and save our time.

But in production, these statements consumes CPU time and waste the resources. It’s better if you get rid of them in production.

Tip: Use good logging module which contains features such as async log writing, log rotation, and external log storage support. I have used winston module in one app and I can’t complain.

4: Using external store for global store

Storing session ids, sockets ids etc in memory as the temporary store is not gonna work in production because every time you restart your server which could be often in an early stage, you will loose your data. You must use fast external store such as Redis to store such data.

Nodejs and redis

We have covered using Redis as Session store in Node.js here.

5: Use SSL

SSL provides you an extra layer of security by encrypting the data transmission.

Now, most of the time, Nodejs developers reads the SSL key from the file in the Node Server itself, you should always do that using reverse proxy.

Install SSL on reverse proxy and let outside world communicate your Node app via reverse proxy.

6: Recheck security measures

Make sure your app is meeting the security standards. Our fellow developers at RisingStack compiles a list of security check you should consider.

Read the awesome Nodejs security checklist article

Also, always update Nodejs and NPM version to latest one, they contain a lot of security patch and updates.

7: Keep real app only accessible by private users

If your app is running on XYZ.com Server on Port 8080 and it has a reverse proxy, then make sure only reverse proxy Server can communicate to your app, no one else from outside world. This prevents lots of attacks and security loopholes.

Also, restrict the SSH access to the specific network or VPN to prevent the outside access.

8: Run Node.js in cluster mode

Node.js by default do not take advantages of multiple cores of the processor, hence throughput of the system is low if you do not deploy your app in cluster mode.

Node.js clustering

Node.js cluster module allows you to fork multiple child processes of same process. This allows zero downtime and high availaibiilty.

In production, always run your app in cluster mode.

9: Perform more I/O and less CPU intensive task

Always remember, Nodejs runs on single threaded event loop and it is best suited for I/O intensive operation.

Even if I/O operation takes time, Nodejs will serve other requests because of callback nature, however, if your application is taking too much time in performing CPU task such as big calculation etc then Nodejs will be held up the other request and this will in turn slow down the system.

Try to use Node for more I/O operation than processing operation.

10: Use process managers

Running your app with node app.js or gulp etc is fine in development stage. The minute you move to production, you must use process managers to keep your app running forever. These process managers help you to restart your application in case there is an exception.

PM2 application server monitoring

There are npm modules such as forever, pm2 to handle process. We recommend PM2, because of its ease of use and keymetric integration.

Summary

I have covered ten important tips that we should look over during the production deployment. There could be more specific to projects but these ones I found to be general.