learning
/
mongodb-for-python-developers
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
mongodb-for-python-developers/transcripts/ch9-deployment/8.txt

32 lines
2.0 KiB
Plaintext
Raw Permalink Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

00:01 Limiting network exposure in concepts, so what do we do?
00:04 First of all, I said listening on the default port is just crazy
00:07 because people are going to be scanning that like nobody's business,
00:10 they may scan every port on your machine, connect to it,
00:13 somehow distinguish it's a MongoDB port,
00:15 but chances are that's not going to happen,
00:18 chances are people are just going to check the few ports
00:21 and just move on to scanning millions or billions of other ip addresses,
00:24 even if they do connect, we're going to have
00:27 some additional layers of security there,
00:29 hopefully the firewall makes all of this redundant.
00:32 But still, it's a good idea to just have layers of security
00:35 so here we have a port that is non default, 10001.
00:39 Now, we're also going to turn on our firewall
00:43 so in fact it's very unlikely anyone can get to that from outside of our data center
00:48 other than the apps or the servers that we said explicitly they can get to it.
00:53 So by default, deny all incoming connections, allow all outgoing connections
00:57 allow ssh so that we can get back in
01:00 or this is going to be the last time we ever see this server,
01:03 so we're going to allow ssh and then we're going to enable it,
01:06 that's the moment of truth, it says are you sure
01:08 I suggest doing this right away before you have lots of important data on the server.
01:12 And then we're also going to allow from the ip address
01:15 that is the application that's based upon MongoDB,
01:19 and then to any port this one here.
01:23 We've got our farewell set up, we've got MongoDB set up
01:26 to be non default of firewall rules, reflect that non default port.
01:30 So this is the web app address, this is the configured MongoDB port
01:36 this, we're not ready for listening on the internet yet.
01:40 Two more things, encryption of the connection,
01:43 which within the same data center may be it doesn't matter
01:45 but we're going to add it anyway and authentication.
Reference in New Issue View Git Blame Copy Permalink