Node.js: ECONNREFUSED on Port 80

Question

I've written a web-server using Node.js. When I tried to test my server with the tester I've written for it, I succeed only if the port I'm using for the server is not 80. I've checked on netstat, and no other application is using port 80. The error I'm getting on the console is:

Error: connect ECONNREFUSED
  at errnoException (net.js:640:11)
  at Object.afterConnect [as oncomplete] (net.js:631:18)

What can be done in this case?

Answer 1

You might not have permission to bind to ports below 1024 (including 80) as a normal user (e.g. non-root), try a higher numbered port (above 1024, e.g. 8080).

[Edit]

Depending on your target system, and assuming you are its administrator, then you can probably work around the problem like so:

1. Execute your program using "sudo", such as: sudo node ./myprogram.js.

2. Or, login as the "root" user on your system and run the program as normal.

However, don't get in the habit of doing either of these on a regular basis (until you understand why), they can potentially introduce security holes which may be exploitable by malicious, motivated individuals.

Answer 2

You should not make a habit of running node as a privileged user. Here is a method I'm using on 6 different machines:

Use iptables to forward incoming traffic on port 80 to 8080 like so:

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

Then be sure to save that

sudo iptables-save

Youd also want to add that to rc.local so those are set at reboot or instance launch (in the case of EC2 or other cloud)

Then you can safely start node listening on 8080 as any user.

Answer 3

This is basically an addition to the answer from maerics, but since I want to add a code example I write another answer with additional information how to prevent security problems.

Usually web servers are started as root, because this is needed to bind on ports below 1024, but then they change the user they run under to an not privileged user.

You can do this with node.js using process.setuid("username").

The following example starts the server and then drop the root permissions to the user "www-data" after it bound itself to port 80 when started as root:

function StartServer() {
  console.log("Starting server...");
  // Initalizations such as reading the config file, etc.
  server = http.createServer(function (req, res) {
    res.writeHead(200, {'Content-Type': 'text/plain'});
    res.end('Hello World\n');
  });
  try {
    server.listen(80, "0.0.0.0", function(){
      process.setuid("www-data");
    });
  }
  catch(err) {
    console.error("Error: [%s] Call: [%s]", err.message, err.syscall);
    process.exit(1);
  }
}

Answer 4

An alternate option that I haven't seen in the above list is also to permit your process to bind to a privileged port (<1024) by executing the following command on the node executable. (Adapt the path)

setcap 'cap_net_bind_service=+ep' /opt/meteor/.meteor/tools/latest/bin/node

The annoyance is that you must reissue this command every time you update or change the node executable.

Regards,

Answer 5

I use Nginx server (port 80) in front of Node.js (any port >1024). It works great.