1
I am creating a Nodejs application with Express and I am looking to observe all the "best practices" recommended for system security. In this system I’m thinking of having two open ports (but I don’t know if two ports are needed): 8080 port (for example) for normal HTTPS server service app, plus port 443 for secure communication via socket with specific clients that will be connected 100% of the time.
DOUBTS:
1) Is it necessary to have this second port for socket communication or can I do everything by a single port? That is, the application itself and the communication socket by the same port.
2) Since it is necessary to use two ports in the same application, I am thinking of creating a separate TLS server within the same application. My question is: Can I create the additional TLS server within the "www" file of my Express application? By default is already created an HTTP server inside the file "www" and thought to "hang" also a TLS server. It’s okay to do that in this file?
// Arquivo "WWW" do Express------------------
// Servidor padrão do Express na porta 3000:
var server = http.createServer(app);
Is there a problem if I do it too?
// Arquivo "WWW" do Express------------------
// Servidor padrão do Express na porta 3000:
var server = http.createServer(app);
// Meu servidor TLS
var server = tls.createServer(options, (socket) => {
// Códigos deste servidor...