Your application code should be always run in user space. This means it must not be executed under super-user privileges. If you design your application following the Twelve-Factor App, it is possible to run your application under a user that has almost no privileges. The conventional name for the user that owns no files and is in no privileged groups is nobody; anyway, the actual recommendation is to create a separate user for each application daemon. The reason for that is system security. It is to limit the damage that a malicious user can do if it gains control over your application process. In Linux, processes of the same user can interact with each other, so it is important to have different applications separated at the user level.
The next section shows how to use reverse HTTP proxies.