Question

MongoDB one click droplet security ufw

Hi, i got a one click MongoDB droplet and i want to connect it to another Debian droplet with installed Node.

To secure MongoDB i followed this tutorial:

https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-mongodb-on-ubuntu-16-04

Reaching this point Step 1 — Enabling UFW since into my Mongo droplet i have ufw with preallowed 3 ports for ipv4 and 3 ipv6 22 - 80 - 443 i have to disable them all and follow along with the tutorial the 80 443 have to be open.

As far as i know port 22 must be open so i can access into it, so i don’t have to allow openSSH since is already open right?

For security reasons i just have to create a tunnel using this command:

ssh -L 4321:localhost:27017 use_your_username@use_your_droplet_ip -f -N

and permit only ssh and closing https and http ports to connect to my node droplet? it’s secure enough?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hello, @aaka

You can have http and https ports closed and also yes to the question if you can skip the step of allowing OpenSSH as this is already done. You can make sure that you have the PasswordAuthentication set to No as it’s a lot more secure to use a ssh_key to access your droplets and nodes.

I’ve just test this and everything seems to be working just fine. Having this said this configuration should be secure enough. You can of course consider some further security tweaks but this should be enough to make sure the node is secured.

Hope this helps!

Regards, Alex