I'm very new with Redis and Node.js, but I would like to enhance my web application performance using Redis, and adding a realtime notifications feature using Node.js.
Now, I have added 1 EC2 instance to serve both process, bind it with an elastic IP address, and its associated subdomain. However, I read in Redis website that a machine that running Redis should not be exposed to untrusted environment.
From http://redis.io/topics/security
Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet or, in general, to an environment where untrusted clients can directly access the Redis TCP port or UNIX socket.
In other hand, the Node.js which listen to websocket protocol must be exposed to the internet so my web application can have realtime interaction with it.
So my first question is, do I really need 2 EC2 instances, each for Redis and Node.js?
My second question is: What is the best way to keep my existing PHP session and have the Node.js recognizes the just-loggedin-user using PHP session?
I almost modify my PHP session, change it from in-table session to Redis session, until I read the guide from Redis website above.
Thank you.
You'll want to do as the commenter said and listen on 127.0.0.1 and then you can for added security just not open the port to the outside world. This should be done by default in AWS because of the security group feature. In order to open a port to the outside world you have to explicitly add it to the security group.
Here's a little more info on security groups. http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-network-security.html
In the main configuration file /etc/redis/redis.conf, there should be a bind 127.0.0.1 (if not commented, add it), then save and restart redis. This directive tells the service to listen only to connections from localhost. And it should be sufficient enough to keep the redis installation from the outside world. And if I remember correctly, by default the outside world is denied by default with EC2.
As far as your second question, you need to make sure that the session id is consistently read between the two languages. session_id() will give you the id for the session in php. You just need to setup node to read the PHPSESSID cookie. You just need to make sure that the cookie will be sent to the node.js service under whatever hostname it's listening to in the browser. In php, you change it in the php.ini or with session_set_cookie_params before the session_start().