Hacker News new | comments | ask | show | jobs | submit login
Phusion Passenger's Node.js support has been open sourced (phusion.nl)
58 points by FooBarWidget on Oct 23, 2013 | hide | past | web | favorite | 12 comments

I'm not sure I see the use for this.

Instead of plugging my multiple Node.js apps straight to nginx, what's the benefit of proxyfying them one more time with Passenger?

Passenger runs in Nginx. The architecture is very similar to plugging Node.js apps to Nginx, except now all that plugging is taken care for you. There are also a bunch of features that you get compared to straight reverse proxying with Nginx. From https://github.com/phusion/passenger/wiki/Node.js (that document is slightly outdated because of recently developments, we're updating it):

* Multitenancy - Run multiple Node.js applications on a single server easily and without hassle. With vanilla Node, you have to remember where your ports are configure Nginx reverse proxies. With Phusion Passenger, you create a virtual host, set `passenger_enabled on`, and you're done.

* Process management and supervision - Node.js processes are automatically started, and automatically restarted when they crash.

* Statistics and insight - Phusion Passenger provides tools for inspecting the applications' status, such what requests they're currently processing, how many requests they've processed.

* Scaling - Based on current traffic, Phusion Passenger can spawn more Node.js processes, or spin down some existing Node.js processes.

* Load balancing - Phusion Passenger automatically load balances traffic across Node.js process. The load balancing mechanism utilizes a smart "first-available" selection algorithm to avoid problems caused by slow requests. Nginx's proxy balancer does not do this by default.

* I/O security - Node.js is automatically put behind a buffering web server, such as Apache or Nginx, which preprocesses and postprocesses HTTP requests and responses. This protects the Node.js app against slow-client attacks such as Slowloris. It also provides a secure environment which sanitizes HTTP headers, to protect against vulnerabilities in the app's HTTP parser.

* System security - Node.js processes are automatically started as the user which owns the app. This allows the OS to separate their privileges, so that a vulnerability in one app does not affect another.

* Static file acceleration - Static files are directly served by the web server (Apache/Nginx), not by Node.js. This offloads the Node.js application from handling those things.

* System integration and less moving parts - Phusion Passenger fully integrates Node.js with the web server (Apache/Nginx), so that in most cases the administrator only has to deal with the web server and with centralized Phusion Passenger management tools, instead of dealing with each app individually. Note that the integration we talk about here pertains to usability only. Under the hood, each Node.js application is still its own OS process, and does not run in the web server's address space.

So, this is only really better than straight up nginx if you were to put more than one application behind it, for some reason?

If you're an app guy, I can understand why you look at it like that. App guys tend to trust software/solutions they write themselves. Any excess (features you don't need) is seen as opportunities for optimization. My background is more on the sysadmin side, and I think that's why I lean heavily toward Passenger in all my Ruby/Rack deployments, despite the availability of hip new app servers available for Ruby apps.

The thing that Passenger does exceedingly well is deliver a toolchain that sysadmins will love. FooBarWidget's list is very good. Even if you're single-tenant, Passenger's process management and supervision has worked wonderfully for me. Toolchain, toolchain, toolchain! Passenger comes with utilities like passenger-status and passenger-memory-stats. You can, at a glance, see things like how much memory (true, RSS) an app process is using, or what your queues look like.

Another distinction is completeness of the solution. With a lot of other app server solutions, hashing out the finer details are up to you. I don't have any experience with Node.js, but with the other Ruby app servers I've tried, you're responsible for things like finding/writing your own init script and process supervision.

Can I write an init script? Yes. Will it fail to cover an edge case that I haven't thought of yet? Probably. How well will it be written? About as well as I have time for at the time I write it. Could I find one online? Sure. How well is it written? Well, it seems popular. Is it maintained? Uh... How will I track updates? Uuuuuuh...

I don't need the deep level of customization provided by the roll-your-own solution. The folks at Passenger are really, really smart, and I'm humble. I'd rather leverage their domain expertise than to try and be a master of all things. My time is also valuable. If I accept that the Passenger solution is well engineered and provides additional value (see their list above), what value will I derive from [rolling my own|an alternative] solution? If I can't come up with a clear answer to that question, I stick with Passenger.

No. For example "Process management and supervision", "Scaling" and "Statistics and insight" are extra features that you get by using Phusion Passenger. You can't do those easily with just Node + Nginx.

Well done and thank you! I've been impressed by your work for a long time. I understand why you picked this business model, but I've wondered a bit how you'll manage potential conflicts of interest between the open source and enterprise versions. You seem to be doing well.

The beauty of open source is that people don't have to put up with potential conflicts of interests. If they don't like it, they can fork our codebase. We knew this from the beginning and we went with this business model anyway, because not only are we strong supporters of open source, but also because we're confident that we can deliver the best product.

Having said that, our Enterprise business model has only benefited the open source version so far. Development of Phusion Passenger is much faster nowadays than it has ever been. Back in the days when we were primarily a consultancy firm, our means of income drained away energy and focus from development.

Did I miss an easy to find howto for this feature? It should be the first link in your announcement imho.

PS Love passenger for RoR!

EDIT: found it here: https://github.com/phusion/passenger/wiki/Node.js

This is just an announcement saying that we're open sourcing it. We're still working on polished documentation and howtos. The wiki page you linked to is a bit rough on the edges. We'll post more information once we have better documentation. :)

[Update] The wiki page has been improved.

Ok then, I'll wait :)

Are there any plans for the Python version?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact