Reputation: 453
Watch logs from NodeJS on EC2
I have a single EC2 instance on AWS, running HTTPS server with NodeJS.
I'm starting my NodeJS server from the /etc/rc.local, so it will start automatically on every boot.
I have 2 questions:
Is there a better way to start an https server listening on port 443 without using
sudo path/to/node myScript.js? What risks do I have if I run this process as root?Where do I see my logs? When running the script from the shell, I see the logs of the process, but now when it is runs from
rc.local, how do I access the output of the server?
Thanks!
Upvotes: 2
Views: 9356
Answers (2)
Reputation: 3543
Not a direct answer, more a small return on experience here.
We have a heavy used nodejs app in production on AWS, on a non-Docker setup (for now ;) ).
We have a user dedicated to run the node app, I guess that if you start your node process with root, it has root access, and that's not a safe thing to do.
To run the app we use pm2, as a process manager, it allow to restart the node process when it fail (and it will), and scale the number of worker to match the number of core of your EC2 instance. You also have access to log of all the workers using ./path/to/node ./node_modules/.bin/pm2 logs, and can send it to whatever you want (from ELK to slack).
My2cents.
Upvotes: 5
Reputation: 3063
Starting the application using sudo definately is not a good practice. You should not run a publicaly accessible service with root credentials. If there is a flaw in your application and someone find this out there is the danger to access more services in the machine.
Your application should start in a non-priviledged port (e.g. 5000) and then having nginx or apache as a reverse proxy that will forward the traffic internally to your application that is running on port 5000. pm2 is suggesting something like that as well: http://pm2.keymetrics.io/docs/tutorials/pm2-nginx-production-setup. Searching online you will be able to find tutorials on how to configura nginx to run on https and how to forward all the traffic from http to https. Your application should not be aware of ssl certificates etc. Remember that the pm2 module should be installed locally within your project and you have to take advantage of the package.json. In there you can define a task that will boot your application on production using the local pm2 module. The advantage is that you don't have to install the pm2 module globally and you will not mess the things again with the permissions and super users.
I don't think that the log is saved somewhere until you will tell it to happen in the rc.local script. How do you spawn the process in there? Something like that should redirect the stdout to a file:
node path/to/node myScript.js 2> /var/log/my-app.rc.local.log # send stderr from rc.local to a log file`
Don't you use a logger in your application, though? I would suggest picking one (there are a lot available like bunyan, winston etc) and substitute all of your console.logs with the logger. Then you can define explicitly in your application where the logs will be saved, you can have different log levels and more features in general.
Upvotes: 6
Related Questions
- How can I read cloudwatch logs using `aws-sdk`in nodejs
- How to trace run time console logs in ec2 instance
- Best way to set up Node.js logging for app hosted on 2 EC2's with ELB
- AWS Elastic Beanstalk NodeJS and logs
- How to see console.logs of a running nodeJs application on ubuntu 18 EC2 instance?
- Amazon AWS Lambda NodeJS logging
- NodeJs: How can I see the log of a NodeJs server running by PM2 in a EC2 instance
- AWS EB Node.JS Log to CloudWatch
- Monitor node.js scripts running on ubuntu instance
- read console log on amazon web services for nodejs app