Eve: Building RESTful APIs with MongoDB and Flask Transcripts
Chapter: Appendix: Deploying MongoDB
Lecture: Limit you network exposure
0:01 One of the most important things we can do to make our MongoDB server safe
0:04 even if we screw up the configuration, the authentication, the encryption, all those things is to make sure nobody can talk to it.
0:12 So we're going to do two simple things right away to lock down our server. Obviously our web app, or whatever app, our service
0:21 whatever we're building that uses MongoDB should be able to talk to it, and it's this probably within a data center
0:27 we could possibly get to it from our local machines, but well do things like ssl tunnels and so on to do that,
0:32 so we won't open up any extra ports for this. However, there's always something out there lurking,
0:38 I showed you that super scary warning at the beginning and they're out there looking, they are saying
0:44 hey I would love to talk to the server on port 27017 the default port or maybe 1.8 or 1.9, or 20, depending on the service you're running.
0:51 So we want to block those guys, we want to block them with the firewall and a couple of other things. That's what we're going to do next.
0:59 We're going to do this like I said, in Linux itself, in Ubuntu itself, we could the cloud computing stuff like Digital Ocean just announced
1:07 this cloud firewall thing that is really probably easier and if you're using Digital Ocean have a look at that,
1:13 but we'll do it here and it works just fine.