

Phusion Passenger's Node.js support has been open sourced - FooBarWidget
http://blog.phusion.nl/2013/10/23/phusion-passengers-node-js-support-has-been-open-sourced/

======
joshguthrie
I'm not sure I see the use for this.

Instead of plugging my multiple Node.js apps straight to nginx, what's the
benefit of proxyfying them one more time with Passenger?

~~~
FooBarWidget
Passenger runs _in_ Nginx. The architecture is very similar to plugging
Node.js apps to Nginx, except now all that plugging is taken care for you.
There are also a bunch of features that you get compared to straight reverse
proxying with Nginx. From
[https://github.com/phusion/passenger/wiki/Node.js](https://github.com/phusion/passenger/wiki/Node.js)
(that document is slightly outdated because of recently developments, we're
updating it):

* Multitenancy - Run multiple Node.js applications on a single server easily and without hassle. With vanilla Node, you have to remember where your ports are configure Nginx reverse proxies. With Phusion Passenger, you create a virtual host, set `passenger_enabled on`, and you're done.

* Process management and supervision - Node.js processes are automatically started, and automatically restarted when they crash.

* Statistics and insight - Phusion Passenger provides tools for inspecting the applications' status, such what requests they're currently processing, how many requests they've processed.

* Scaling - Based on current traffic, Phusion Passenger can spawn more Node.js processes, or spin down some existing Node.js processes.

* Load balancing - Phusion Passenger automatically load balances traffic across Node.js process. The load balancing mechanism utilizes a smart "first-available" selection algorithm to avoid problems caused by slow requests. Nginx's proxy balancer does not do this by default.

* I/O security - Node.js is automatically put behind a buffering web server, such as Apache or Nginx, which preprocesses and postprocesses HTTP requests and responses. This protects the Node.js app against slow-client attacks such as Slowloris. It also provides a secure environment which sanitizes HTTP headers, to protect against vulnerabilities in the app's HTTP parser.

* System security - Node.js processes are automatically started as the user which owns the app. This allows the OS to separate their privileges, so that a vulnerability in one app does not affect another.

* Static file acceleration - Static files are directly served by the web server (Apache/Nginx), not by Node.js. This offloads the Node.js application from handling those things.

* System integration and less moving parts - Phusion Passenger fully integrates Node.js with the web server (Apache/Nginx), so that in most cases the administrator only has to deal with the web server and with centralized Phusion Passenger management tools, instead of dealing with each app individually. Note that the integration we talk about here pertains to usability only. Under the hood, each Node.js application is still its own OS process, and does not run in the web server's address space.

~~~
bevacqua
So, this is only really better than straight up nginx if you were to put more
than one application behind it, for some reason?

~~~
bradleyland
If you're an app guy, I can understand why you look at it like that. App guys
tend to trust software/solutions they write themselves. Any excess (features
you don't need) is seen as opportunities for optimization. My background is
more on the sysadmin side, and I think that's why I lean heavily toward
Passenger in all my Ruby/Rack deployments, despite the availability of hip new
app servers available for Ruby apps.

The thing that Passenger does exceedingly well is deliver a toolchain that
sysadmins will love. FooBarWidget's list is very good. Even if you're single-
tenant, Passenger's process management and supervision has worked wonderfully
for me. Toolchain, toolchain, toolchain! Passenger comes with utilities like
passenger-status and passenger-memory-stats. You can, at a glance, see things
like how much memory (true, RSS) an app process is using, or what your queues
look like.

Another distinction is completeness of the solution. With a lot of other app
server solutions, hashing out the finer details are up to you. I don't have
any experience with Node.js, but with the other Ruby app servers I've tried,
you're responsible for things like finding/writing your own init script and
process supervision.

Can I write an init script? Yes. Will it fail to cover an edge case that I
haven't thought of yet? Probably. How well will it be written? About as well
as I have time for at the time I write it. Could I find one online? Sure. How
well is it written? Well, it seems popular. Is it maintained? Uh... How will I
track updates? Uuuuuuh...

I don't need the deep level of customization provided by the roll-your-own
solution. The folks at Passenger are really, _really_ smart, and I'm humble.
I'd rather leverage their domain expertise than to try and be a master of all
things. My time is also valuable. If I accept that the Passenger solution is
well engineered and provides additional value (see their list above), what
value will I derive from [rolling my own|an alternative] solution? If I can't
come up with a clear answer to that question, I stick with Passenger.

------
danmaz74
Did I miss an easy to find howto for this feature? It should be the first link
in your announcement imho.

PS Love passenger for RoR!

EDIT: found it here:
[https://github.com/phusion/passenger/wiki/Node.js](https://github.com/phusion/passenger/wiki/Node.js)

~~~
FooBarWidget
This is just an announcement saying that we're open sourcing it. We're still
working on polished documentation and howtos. The wiki page you linked to is a
bit rough on the edges. We'll post more information once we have better
documentation. :)

[Update] The wiki page has been improved.

~~~
danmaz74
Ok then, I'll wait :)

------
gunn
Well done and thank you! I've been impressed by your work for a long time. I
understand why you picked this business model, but I've wondered a bit how
you'll manage potential conflicts of interest between the open source and
enterprise versions. You seem to be doing well.

~~~
FooBarWidget
The beauty of open source is that people don't have to put up with potential
conflicts of interests. If they don't like it, they can fork our codebase. We
knew this from the beginning and we went with this business model anyway,
because not only are we strong supporters of open source, but also because
we're confident that we can deliver the best product.

Having said that, our Enterprise business model has only benefited the open
source version so far. Development of Phusion Passenger is much faster
nowadays than it has ever been. Back in the days when we were primarily a
consultancy firm, our means of income drained away energy and focus from
development.

------
elyase
Are there any plans for the Python version?

~~~
FooBarWidget
Python is already supported.
[http://www.modrails.com/documentation/Users%20guide%20Nginx....](http://www.modrails.com/documentation/Users%20guide%20Nginx.html#deploying_a_wsgi_app)

