Hiring only local triggers what's known as the "church problem" in business. Hiring someone from your church statistically provides the worst work. Psychologists say that this is because of two reasons. The first is just math, you eliminate 99.9999% of the world and try to pull an expert from a tiny pool. The second is that you prioritize locality or membership in a small group over skill, reputation, or ability to do the work. That alone is bad enough, bit picking someone for that reason also tells them that their value to you is because of who they are, what they are a member of, or where they live - which is another way of telling them that doing a good job at a good price isn't important to do. When you make someone believe that their value is already provided simply because of who they are, there is literally no incentive to do a good job and, in fact, a pretty heavy suggestion that they can overcharge and under-deliver and it won't be a problem because they've provided their value already simply in being whoever they are.
nodebb, nginx, and modsecurity?
I'm curious to know if any nodebb gurus are serving up nodebb via nginx https enabled reverse proxy and using modsecurity?
You can set up nginx to terminate the SSL connection, but I personally have not tried using modsecurity.
NodeBB comes with a preset helmet config, which usually helps close off the service. It's not a WAF, per se, but is part of a coordinated setup to secure your web service.
@julian Appreciate the clue bat, Julian. Good to know. Working on my onion.
Maybe not a lot of interest in this due to complexity of deploying/configuring ModSecurity, combined w/absence of nodebb stack specific rulesets. Security is difficult so not much can be done about the deploy/config aspects but ModSecurity devs are starting to focus some efforts on the latter.
For those interested, and willing to roll up their sleeves, development of node.js targeted attack ruleset is slated for next release of OWASP CRS, scheduled for Sept. 2019. More info here:
P.S.; Obviously ModSecurity can be deployed on Apache setups as well but my sense is that Nginx is the overwhelming favorite w/the nodebb community and I didn't want to start a new thread.