So as the title says I’m just deploying my first ever app in production.
Because I don’t have experience, I was told to ask someone who knows this stuff.
So how should I ensure the best security for my VPS and for my app?
For now I did everything from this link (about node.js)
and from here about mongodb: https://docs.mongodb.com/manual/security/
For the VPS all I did was disable password auth, root auth and use RSA authentication.
I am also thinking about a firewall, but I don’t really know what to use. Is ‘ufw’ sufficient?
Also, what ports should I block? I’m thinking about blocking everything instead of the one I’m running SSH and the one for hosting my Nodejs apps. Would that be okay?
Also, if I run my nodejs app on port 8080, can I also run MongoDB on that port too? Why would I want to run it on a different port and leave it open, when I can run it on 8080 too?
Sorry for the big list of questions but I have no one to ask about this stuff. I feel like this would be a good place to ask all of these things.