Making it easy to run on port 80...?
31 views
Skip to first unread message
Scott Finnie
Feb 24, 2012, 5:38:26 PM2/24/12
to zotoni...@googlegroups.com
Question
for Mark/Andreas etc.
Simon Smithies' recent problems brought back my own pain getting up & running on port 80.
Any chance of patching something into Zotonic to ease that? Anyone who wants to put a zotonic site into production is going to hit that issue - so it would be good to remove it.
Not suggesting my approach is the right answer - there are undoubtedly better solutions. But would be good to ease the pain for all new users.
Any thoughts....?
Thanks,
Scott.
Simon Smithies' recent problems brought back my own pain getting up & running on port 80.
Any chance of patching something into Zotonic to ease that? Anyone who wants to put a zotonic site into production is going to hit that issue - so it would be good to remove it.
Not suggesting my approach is the right answer - there are undoubtedly better solutions. But would be good to ease the pain for all new users.
Any thoughts....?
Thanks,
Scott.
M-MZ
Feb 25, 2012, 3:15:02 AM2/25/12
to zotoni...@googlegroups.com
This is actually just one of the many pitfalls of running an Erlang application as a unix daemon. There are many people who have bumped into this problem. Just search for "erlang as daemon" and you will get tons of search results. The bad thing is that there doesn't seem to be a good solution. Opening port 80 is a small problem compared to the other stuff that can happen. Did anyone try to stop a zotonic instance gone bad? Heart will just happily start it over and over again. And if you kill heart first, erlang will start it again. Killing it manually can be maddening. Especially on a busy server.
Not good IMHO.
Somebody has written en erld in c to make erlang play nice as a unix daemon. Sounds very useful, but not available as open-source (yet).
That made me think. What do we need to make it possible to let an erlang program behave like a proper daemon from erlang itself? In the end all we need is a couple of lousy unix system calls to create a new session, call umask, cwd to root, to detach from the controlling terminal, change uid and gid and stuff. It should be possible to package this in a NIF.
Maas - dusting his copy of "Advanced Unix Programming in the Unix Environment" - Zeeman
Andreas Stenius
Feb 25, 2012, 3:37:59 AM2/25/12
to zotoni...@googlegroups.com
2012/2/25 M-MZ <mmze...@xs4all.nl>:
> [...] And if you kill heart first,
> erlang will start it again. Killing it manually can be maddening. Especially
> on a busy server.
>
> Not good IMHO.
> [...] And if you kill heart first,
> erlang will start it again. Killing it manually can be maddening. Especially
> on a busy server.
>
> Not good IMHO.
Amen.
> What do we need to make it possible to let an erlang
> program behave like a proper daemon from erlang itself? [...]
> It should be possible to package this in a NIF.
Sounds great. :)
> Maas - dusting his copy of "Advanced Unix Programming in the Unix
> Environment" - Zeeman
//Andreas
Alain O'Dea
Apr 7, 2012, 11:49:11 AM4/7/12
to zotoni...@googlegroups.com
For immediate options there is a cookbook describing using Authbind, setcap and iptables as alternatives to get Zotonic on port 80:
http://zotonic.com/documentation/871/running-on-port-80-and-port-443
My preference is setcap since it supports IPv6, but it does grant extremely broad bind access. A trick to scope risk is to have a full copy of ERTS available only to the zotonic user and scope the setcap only for the beam and beam.smp executables within it.
Best,
Alain
On Saturday, February 25, 2012 5:07:59 AM UTC-3:30, Andreas Stenius wrote:
http://zotonic.com/documentation/871/running-on-port-80-and-port-443
My preference is setcap since it supports IPv6, but it does grant extremely broad bind access. A trick to scope risk is to have a full copy of ERTS available only to the zotonic user and scope the setcap only for the beam and beam.smp executables within it.
Best,
Alain
On Saturday, February 25, 2012 5:07:59 AM UTC-3:30, Andreas Stenius wrote:
2012/2/25 M-MZ:
Reply all
Reply to author
Forward
0 new messages