Load balancing
Most probably for the most simple sites you don’t need any scaling at all. Just one single box will get you covered. After that you should do load balancing like you are mentioning which is almost the same for every architecture(like you are saying you could start multiple node processes first. But when you get really big you need more boxes).
http {
upstream myproject {
server 127.0.0.1:8000 weight=3;
server 127.0.0.1:8001;
server 127.0.0.1:8002;
server 127.0.0.1:8003;
}
server {
listen 80;
server_name www.domain.com;
location / {
proxy_pass http://myproject;
}
}
}
Redis
20 queries per second
No sweat for node.js. You should use redis as your datastore because it is insane fast :). There is even a c library for node when you use node_redis.
npm install hiredis redis
Hiredis is what gives you kickass performance because it compiles to C code inside node. Here are some benchmarks from redis when used with hiredis.
PING: 20000 ops 46189.38 ops/sec 1/4/1.082
SET: 20000 ops 41237.11 ops/sec 0/6/1.210
GET: 20000 ops 39682.54 ops/sec 1/7/1.257
INCR: 20000 ops 40080.16 ops/sec 0/8/1.242
LPUSH: 20000 ops 41152.26 ops/sec 0/3/1.212
LRANGE (10 elements): 20000 ops 36563.07 ops/sec 1/8/1.363
LRANGE (100 elements): 20000 ops 21834.06 ops/sec 0/9/2.287
When you look at those numbers then 20/s is NOTHING :).
Authentication
Update:
I am telling this a lot but for the love of god please don’t try to implement your own authentication-system. It is probably going to be unsafe(a lot can go wrong), a lot of work. For authentication you should use facebook-connect, twitter single sign-in, etc using the excellent connect-auth library. Then you are covered safe because they have experts testing there login-systems for holes and the also don’t transmit passwords via plain-text but thank for god use https. I also have answered a topic for a user who wanted to use facebook-connect.
validation of input data
To validate input you could use node-validator.
var check = require('validator').check,
sanitize = require('validator').sanitize
//Validate
check('[email protected]').len(6, 64).isEmail(); //Methods are chainable
check('abc').isInt(); //Throws 'Invalid integer'
check('abc', 'Please enter a number').isInt(); //Throws 'Please enter a number'
check('abcdefghijklmnopzrtsuvqxyz').is(/^[a-z]+$/);
//Sanitize / Filter
var int = sanitize('0123').toInt(); //123
var bool = sanitize('true').toBoolean(); //true
var str = sanitize(' \s\t\r hello \n').trim(); //'hello'
var str = sanitize('aaaaaaaaab').ltrim('a'); //'b'
var str = sanitize(large_input_str).xss();
var str = sanitize('<a>').entityDecode(); //'<a>'
There also is this forms library to help you create forms.