I think this is a good tutorial, and will prove useful to many users! However, I have some remarks that I'll list below.
DNS
What has DNS to do with a stack? Not a lot, thats right, but as in my previous guide we will target the maximum possible performance. Therefore, we will also try to reduce the DNS resolving time.
To achieve this we will route our domain through CloudFlare. Just sign up and follow the instructions. Once done be sure to have DISABLED CloudFlare in the DNS settings (grey clouds).
But why? Due to the use of CloudFlare the server response time can be delayed around 0,7s, which is quite a lot, considering we want the maximum performance. Instead we will just make use of CloudFlare's fast DNS network.
Depending on the scale you want to deploy the server on, cloudflare can actually be a good idea. Especially if you're afraid of DDoS attacks. There are basically three "modes" that you can choose from
- The mode in which you do not use anything of cloudflare, which you suggest.
- The mode in which you use cloudflare to cache static assets, but route websockets through your own server. This can be achieved by setting the
socket.io
parts in config.json
. This does not save you from DDoS attacks, as the origin server can be found quite easily. This is the mode that I would recommend.
- Use cloudflare as websocket proxy. This secures you from DDoS attacks and works fine. This mode has a lot of cons, because cloudflare can kill the websocket connections without any specific reason, and you have the cloudflare proxy delay that you're considering. I would recommend this for small-scale sites only.
Security
...
Change it to a number like 1990 for example. Once edited hit Ctrl+X
. Confirm with Y
.
Auts. This is not secure. Besides the "security by obscurity" arguments that this insecure, there are also practical objections with this port. Any port >1024 can be hijacked by any user on the box, whereas ports <1024 are reserved for the system/root user. So if you want to change the port (because you may believe that it's actually secure), keep it <1024!
I always recommend to keep the SSH service at port 22 (as this is designed for it). For security, you can install fail2ban and set up a SSH keypair authentication instead of password authentication. Also: If your host gives you a root password, the first thing you should do is changing it!
Database
Now lets get onto NodeBB. Instead of MongoDB, we will skip into the future and go with Redis. Super fast, super simple.
MongoDB has a future as well, and the benefits of redis over mongo.
Again, great tutorial!