MongoDB one click droplet security ufw

Posted on January 21, 2020

Hi, i got a one click MongoDB droplet and i want to connect it to another Debian droplet with installed Node.

To secure MongoDB i followed this tutorial:

https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04

Reaching this point Step 1 — Enabling UFW since into my Mongo droplet i have ufw with preallowed 3 ports for ipv4 and 3 ipv6 22 - 80 - 443 i have to disable them all and follow along with the tutorial the 80 443 have to be open.

As far as i know port 22 must be open so i can access into it, so i don’t have to allow openSSH since is already open right?

For security reasons i just have to create a tunnel using this command:

ssh -L 4321:localhost:27017 use_your_username@use_your_droplet_ip -f -N

and permit only ssh and closing https and http ports to connect to my node droplet? it’s secure enough?

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

alexdo

March 15, 2020

Hello, @aaka

You can have http and https ports closed and also yes to the question if you can skip the step of allowing OpenSSH as this is already done. You can make sure that you have the PasswordAuthentication set to No as it’s a lot more secure to use a ssh_key to access your droplets and nodes.

I’ve just test this and everything seems to be working just fine. Having this said this configuration should be secure enough. You can of course consider some further security tweaks but this should be enough to make sure the node is secured.

Hope this helps!

Regards, Alex