pm2 with IPTables firewall

[sebthiriet]

Hello,

I'm new with pm2.
It sounds great but I have an issue using it with a simple IPTables firewall.
Maybe it's very simple to handle this but Google was not my friend on this topic since none seemed to have reported the same issue than mine.

The service that I run is made of 2 apps:

• website.js that listens port 80 and port 443
• api.js that listens port 4443

1. If I flush all the rules of my IPTable, pm2 works great! I can run my service with it.

2. If I define a simple IPTable like the following:

   Chain INPUT (policy ACCEPT)
   num target prot opt source destination
   1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
   2 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
   3 ACCEPT tcp -- anywhere anywhere tcp dpt:http
   4 ACCEPT tcp -- anywhere anywhere tcp dpt:https
   5 ACCEPT tcp -- anywhere anywhere tcp dpt:4443
   6 ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
   7 DROP all -- anywhere anywhere

   Chain FORWARD (policy ACCEPT)
   num target prot opt source destination

   Chain OUTPUT (policy ACCEPT)
   num target prot opt source destination

... then no way to run my service with pm2 (but I can run it without problem without pm2).
After a quick 'sudo netstat -pntl' I see that there are 2 more process running by pm2 Daemon on ports 6666 and 6667.
But even if I had 2 rules on this 2 ports (--dport 6666 -j ACCEPT and --dport 6667 -j ACCEPT), pm2 does not work properly.

So my question is simple : how should I set up my IPTable to run pm2 without problem?

I know, it's probably a new be question. Hope someone will find time to help :)

Sebastien

[Unitech]

Hey,

When you set the iptable rules, you can't use PM2 via CLI ?

[Unitech]

Can you make the 6666 6667 able to communicate in localhost ?

[sebthiriet]

Hi,

thanks for your reply!
I've been successful to make pm2 work by authorizing more things than the drastic 1st version of my firewall. I've the feeling that accepting everything in both directions on the loopback helped a lot, but I'm not sure.

We went to prod with pm2 since today but we have some problems of stability.
I'm on Ubuntu 14.04 with nodeJS 11.13 and latest version of pm2.
2 processes run through pm2 : website.js and api.js

Regularly, the service shutdown : the 2 processes.

My questions :

1. How can I find the reasons of this shutdowns ? Is there a log file where pm2 write everything about the reasons why a node process stops?
2. Is there a way for asking pm2 when a process stops to clean and restart it automatically?
   (giving us time to find the reason why it happens?)

Thanks for your answer !

Sebastien

[sebthiriet]

Follow up about our problem :
The origin of the crashes: one of our node process (website.js) crashes with SIGSEGV error.
Against your recommandation, we decided to downgrade node from 0.11.13 to 0.10.31 (latest node stable release available), but we're still using pm2.

So far the server keeps running without crashing (9h only though, so we need to wait more to come to final conclusion).

What is strange is why pm2 did not restart automatically website.js when this process crashed ?
This process was unstable, it's true, but not that unstable that it couldn't be restarted by pm2 ?
(crashed every 2-3 hours on average)

What would be awesome also is to get logs of the reason of the crash when a process is restarted by pm2 ?

Thanks for your answer,

Sebastien