-
Published Answer
Hi,
I got it all working however i can’t remember exactly what I did however from what i briefly remember it was something aroun…
•
By
psmod2
-
Published Answer
Thanks - so as a security precaution is something commonly followed? (I only randomly thought about it).
Also - is there anythin…
•
By
psmod2
-
Published Question
Hi,
I have 2 droplets, one containing my DB and one my app.
The DB droplet i have UFW installed allowing only the IP of the droplet of my app however when I ping the IP from my laptop it returns data.
Is this supposed...
2
•
•
By
psmod2
Security
Ubuntu 16.04
-
Published Question
Hi,
I'm a little unsure on how to handle this:
I have a Dokku droplet which sits behind my Cloudflare. Now I want to whitelist only cloud flare IPs to access that droplet, however I also need to be able to SSH into th...
2
•
•
By
psmod2
Security
Ubuntu 16.04
-
Published Answer
Hi,
I did a ls -a at the path /etc/nginx/sites-enabled and there is only file file default.
Anywhere else t…
•
By
psmod2
-
Published Question
Hello,
I've recently moved from Heroku to a droplet running Dokku which runs my node.js web app.
I'd like to ask what security suggestions I should follow to minimise any risk of getting hacked.
As its a web app, I'm ...
Accepted Answer:
@psmod2
The first steps I normally perform are updating the packages and upgrading current packages to make sure everything that's default is up to date.
sudo apt-get update \
&& sudo apt-get -y upgrade
Once that's...
1
•
•
By
psmod2
Dokku
Node.js
Security
Ubuntu 16.04
-
Published Answer
@jtittle
Thanks - changing that CloudFlare to “Full (Strict)” and a reload dokku deploy nodeapp seemed to help.
I’ll k…
•
By
psmod2
-
Published Question
Hi,
I have a droplet with Dokku and my site is running all ok with my own domain www.mydomain.com.
However its also accessible through the public IP address.
I was just wondering:
1 - Is this a security risk in any wa...
2
•
•
By
psmod2
Nginx
Dokku
-
Published Question
Hi,
I'm writing to confirm my implementation of SSL and www.mydomain.com and mydomain.com (i.e. without www) is correct.
I have certs already purchased from name.com. I've got those in place and referenced in the defa...
4
•
•
By
psmod2
Nginx
Dokku
-
Published Question
Hi,
I'm trying to get my Node app (separate droplet) to connect to my mongoDB droplet.
I've found a npm called tunnel-ssh however am having trouble.
It says "DB connection successful", however data is not coming back....
2
•
•
By
psmod2
MongoDB
Node.js
-
Published Question
Hi,
I have a droplet with my MongoDB.
On reading some security tutorials I see mention of enabling auth auth = true however I'm unsure whether I need this?
I SSH into my droplet with a sudo account. The operations I ...
Accepted Answer:
@psmod2
Ideally, you want to isolate access and only provide just enough access to a specific user to do the job or task it needs to do.
In a way, it's similar to MySQL/MariaDB/Percona -- you wouldn't run commands as...
1
•
•
By
psmod2
MongoDB
Security
-
Published Question
Hi,
I was just going these 10 recommendations (https://scalegrid.io/blog/10-tips-to-improve-your-mongodb-security/) for MongoDB security.
Number 8 mentions enabling SSL for data travelling between the Mongo client and...
3
•
•
By
psmod2
MongoDB
Security
-
Published Question
Hi,
I just did a one click install of MongoDB. I'm SSH into the machine and its all ok.
Now, I want to disable password to the machine to prevent brute force, however two different articles are stating two different ...
Accepted Answer:
@Woet
From a security standpoint, disabling root login and creating a sudo user is recommended -- it's what many would refer to as a best practice. Please don't say it's not important as that's a misconception. When ...
3
•
•
By
psmod2
Security
-
Published Question
Hi,
I have a MEAN app. Its still in its infancy so I don't need any fancy hosting and also am very interested in making my own.
My DB is with Compose. And the Node API and Angular front end are hosted with Heroku.
Thi...
2
•
•
By
psmod2
MongoDB
MEAN