psmod2
24 contributions
153.4k contribution views
Recognition
Posts
-
Published Answer
Unable to Connect to MongoDB in Node App
Hi, I got it all working however i can’t remember exactly what I did however from what i briefly remember it was something aroun… -
Published Answer
Can still ping IP even though only 1 droplet allowed via SSH
Thanks - so as a security precaution is something commonly followed? (I only randomly thought about it). Also - is there anythin… -
Published Question
Can still ping IP even though only 1 droplet allowed via SSH
Hi, I have 2 droplets, one containing my DB and one my app. The DB droplet i have UFW installed allowing only the IP of the droplet of my app however when I ping the IP from my laptop it returns data. Is this supposed... -
Published Question
UFW Setup - Cloudflare IPs and apt-get and SSH
Hi, I'm a little unsure on how to handle this: I have a Dokku droplet which sits behind my Cloudflare. Now I want to whitelist only cloud flare IPs to access that droplet, however I also need to be able to SSH into th... -
Published Answer
Nginx - SSL and Handling www / non.www domains
Hi, I did a ls -a at the path /etc/nginx/sites-enabled and there is only file file default. Anywhere else t… -
Published Question
Security Tips and Suggestion - Dokku - Node.js App
Hello, I've recently moved from Heroku to a droplet running Dokku which runs my node.js web app. I'd like to ask what security suggestions I should follow to minimise any risk of getting hacked. As its a web app, I'm ...Accepted Answer: @psmod2 The first steps I normally perform are updating the packages and upgrading current packages to make sure everything that's default is up to date. sudo apt-get update \ && sudo apt-get -y upgrade Once that's... -
Published Answer
Nginx - SSL and Handling www / non.www domains
@jtittle Thanks - changing that CloudFlare to “Full (Strict)” and a reload dokku deploy nodeapp seemed to help. I’ll k… -
Published Question
Is there a risk to my website with my public ip address?
Hi, I have a droplet with Dokku and my site is running all ok with my own domain www.mydomain.com. However its also accessible through the public IP address. I was just wondering: 1 - Is this a security risk in any wa... -
Published Question
Nginx - SSL and Handling www / non.www domains
Hi, I'm writing to confirm my implementation of SSL and www.mydomain.com and mydomain.com (i.e. without www) is correct. I have certs already purchased from name.com. I've got those in place and referenced in the defa... -
Published Question
Unable to Connect to MongoDB in Node App
Hi, I'm trying to get my Node app (separate droplet) to connect to my mongoDB droplet. I've found a npm called tunnel-ssh however am having trouble. It says "DB connection successful", however data is not coming back.... -
Published Question
MongoDB Security - Are User Roles Required?
Hi, I have a droplet with my MongoDB. On reading some security tutorials I see mention of enabling auth auth = true however I'm unsure whether I need this? I SSH into my droplet with a sudo account. The operations I ...Accepted Answer: @psmod2 Ideally, you want to isolate access and only provide just enough access to a specific user to do the job or task it needs to do. In a way, it's similar to MySQL/MariaDB/Percona -- you wouldn't run commands as... -
Published Question
MongoDB Security - Is SSL required as Client and Server As One?
Hi, I was just going these 10 recommendations (https://scalegrid.io/blog/10-tips-to-improve-your-mongodb-security/) for MongoDB security. Number 8 mentions enabling SSL for data travelling between the Mongo client and... -
Published Question
Root Access With SSH - PermitRootLogin or PasswordAuthentication
Hi, I just did a one click install of MongoDB. I'm SSH into the machine and its all ok. Now, I want to disable password to the machine to prevent brute force, however two different articles are stating two different ...Accepted Answer: @Woet From a security standpoint, disabling root login and creating a sudo user is recommended -- it's what many would refer to as a best practice. Please don't say it's not important as that's a misconception. When ... -
Published Question
Moving from Compose and Heroku to Digital Ocean
Hi, I have a MEAN app. Its still in its infancy so I don't need any fancy hosting and also am very interested in making my own. My DB is with Compose. And the Node API and Angular front end are hosted with Heroku. Thi...