MongoDB for Developers with Python Transcripts
Chapter: Course conclusion
Lecture: Lightning review: Deployments

Login or purchase this course to watch this video and the rest of the course contents.
0:00 After we had everything we needed for our database up and working, our code was working, we said time to put this puppy in the cloud
0:07 and let people access it, so we talked about deployments. Now, there's a couple of things we could do,
0:12 if you go to the MongoDB website and you pick the Linux deployment, you pick your distribution, it actually has a lot of really clear steps,
0:18 like these are the steps that takes to use your package manager on Linux to get MongoDB installed, and I recommend you to use the package manager
0:25 because then you get automatic updates, and things like that, it's really nice. However, we also talked about the ways in which MongoDB is
0:32 maybe going to put you at risk, let's say if you don't know what you're doing about configuring it,
0:38 so if you configure it to just listen on the open internet without say authentication, you are just asking for some sort of punishment,
0:44 so there's a couple of things that we went through, a very detailed set of here is how you limit network access on Ubuntu,
0:51 here is how you enable encryption, here's how you enable authentication, and so on, so the checklist we went through was,
0:58 first thing to do is limit network exposure. That was a couple of things, one we set up the firewall on Ubuntu,
1:05 if you want to use a cloud provider that's fine as well, so we set up the firewall, we actually listened on a non default port
1:11 which we blocked by the firewall, and then we let the few servers in the world
1:17 that needed to talk to it back in by explicitly allowing in those ip addresses. We enabled access control by creating an account
1:24 and go into the configuration and enforcing authentication, say it's required, we added encrypted communication by creating
1:31 a self signed ssl certificates and then adding that in there, you may consider adding encryption at rest as well,
1:38 so like the actual stuff on disc is encrypted, we didn't go to that it wasn't really necessary for what we were doing.
1:45 You could audit what's happening on your server, we didn't talk about that but it's pretty straightforward,
1:52 we also talked about how you can run backups, I mentioned that you can do replication and some of these live backups
1:57 but you can also use Mongodump for reasonably small data, not terabytes type of data but gigabytes, and that works pretty well as well,
2:06 we saw that we can even do that over our ssh, so back up, back up, back up. Here's the whole security checklist that we talked about
2:14 you can go through and read all the ways do it, or just go back and look at the various steps in the previous chapter's video.

Talk Python's Mastodon Michael Kennedy's Mastodon