How to securely deploy your Node.js App

Jae Duk Seo
Nov 25, 2019 · 5 min read
Image for post
Image for post

Either you should have AWS or droplet → these are standard → deploying is another thing we should be able to do well. (since this is actually how we make money).

Image for post
Image for post

The operating system → as well as the pricing points → these are a good choice for deployment.

For creating SSH → we are using Putty → again standard approach to solving these systems. (saving the public and private keys → standard)

The server set up was easy → and even monitoring those are easier as well. (this is good). (backups and snapshots are also possible).

We are also going to use Nginx as a server while setting up a user for Ubuntu. (copying the SSH might not be the most secure idea).

And installing NODE JS with NPM and packages. (he used sample GitHub).

A lot of SSH configuration was done here → and not really sure if all of those are needed → and WinSCP for file transfers. (very interesting development pipeline setups).

Also running in port 80 → horrible idea. (but pm2 is a good use).

He is using ENOM for domain names.

Image for post
Image for post

Setting up the record is easy → other sites also allow these as well.

Horrible idea to use port 80.


He is going to set up a server → in a more server like manner with OpenSSL with other stuff.

Image for post
Image for post

Another Guy using Digital Ocean PR → this is a good service overall.

The security → we are going to create a user → and remove the common root target → this is a good approach → very safe approach.

Image for post
Image for post
Image for post
Image for post

So now we have our Super User → this is a very smart move.

Wow, a very secure way of doing stuff → going to set up SSH correctly → to only let allowed users in. (disable the password login → only allow SSH login → smart move).

We do not want people to do brute force attacks.

Image for post
Image for post

The root login is gone → ufw → this is adjusting the firewall → some of the basic attacks can be stopped using this kind of firewalls.

Super important as well → secure.

Image for post
Image for post

And we are correctly installing Node JS → this is by using the CURL option → more proper way to install node js.

He used git for → actually developing the app.

Image for post
Image for post

We have the App running → and we are going to use PM2 for process manager → now we need to install Nginx for server and OpenSSL.

PM2 → runs everything in the background. (can even configure to start at system startup).

Image for post
Image for post

Very interesting → he is using GIT for encrypting→ this may be to avoid the use of domain names.

The certificate → is actually very annoying to do → but this operation can be done with ease → for a secure connection.

Image for post
Image for post

But he does have a domain name.

This was how we did things back in 2016 → but it is also a good idea to know.

Image for post
Image for post

Making sure the SSL certificate is renewing every year → so we are up to date. (Proxy → Nginx)

Redirecting the traffic to node js application → and we are going to make the connection secure. (we are boosting the security of our site)

Image for post
Image for post

Quite a process → but we are making things more secure.

Image for post
Image for post

The general process is easy to use → and now there is a python program that does these for us.

Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

This is another post about deployment → the general approach is the same.

Image for post
Image for post

It is highly recommended to use PM2 → during the production server → since it automatically manages the process and restarts when there is an exit or error.

Image for post
Image for post

Load balancing and more → as well as SSL.

Image for post
Image for post

This guy basically copied and pasted from another website → but certbot is great!

Image for post
Image for post

And auto-renewal comes with the program


Image for post
Image for post

What is better → well both have their own use case → but NODE js → uses concurrency.

Image for post
Image for post

We are going to read the file → while not blocking the main thread → this is good → since we want the user to experience something.

Callback hell is really a thing → since if we cannot manage those processors → we would not have any idea what is going to do.

Chaining promise → is a much better way to manage the code → this is much better.

Image for post
Image for post

JavaScript In Plain English

New JavaScript + Web Development articles every day.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store