MongoDB for Developers with Python Transcripts
Chapter: Deploying MongoDB in production (and playing it safe)
Lecture: Limit you network exposure
0:01 One of the most important things we can do to make our MongoDB server safe
0:03 even if we screw up the configuration, the authentication, the encryption, all those things
0:08 is to make sure nobody can talk to it.
0:11 So we're going to do two simple things right away to lock down our server.
0:15 Obviously our web app, or whatever app, our service
0:20 whatever we're building that uses MongoDB should be able to talk to it,
0:23 and it's this probably within a data center
0:26 we could possibly get to it from our local machines,
0:28 but well do things like ssl tunnels and so on to do that,
0:31 so we won't open up any extra ports for this.
0:34 However, there's always something out there lurking,
0:37 I showed you that super scary warning at the beginning
0:40 and they're out there looking, they are saying
0:43 hey I would love to talk to the server on port 27017 the default port
0:46 or maybe 1.8 or 1.9, or 20, depending on the service you're running.
0:50 So we want to block those guys, we want to block them with the firewall
0:53 and a couple of other things.
0:56 That's what we're going to do next.
0:58 We're going to do this like I said, in Linux itself, in Ubuntu itself,
1:01 we could the cloud computing stuff like Digital Ocean just announced
1:06 this cloud firewall thing that is really probably easier
1:09 and if you're using Digital Ocean have a look at that,
1:12 but we'll do it here and it works just fine.