As for the hosting, if you're hellbent on hosting it yourself, you're going to want to at least proxy the node.js stuff via Apache or nginx or some other reverse proxy webserver, but that still won't stop it from being easily DoS'ed .....
Here is your red flag. Everyone who doesn't know web development and design in the real world focuses on being DoS attacked. Why? Because it is the cool, scary word that they heard on TV. Wake up to the real world, only a handful of massive websites or really aggravating groups get DoS'd in the real world. This isn't a threat for normal people and normal websites. This is a completely naive thing to be concerned about for a forum of this nature. I run the tech site of the busiest NodeBB forum that we know of (tens of thousands of posts per thread, millions of views on a single thread, nearly a thousand daily posts, over 10K views an hour) and these concerns are quite simply, silly.
This is what a little kid trying to talk about IT sounds like. In the real world, being DoS attacked is not something that happens every day. That takes time and energy and requires someone with a goal. And if you want to protect against it, which I've needed to do, the platform that you run on isn't where that tooling is going to be.
I'd stop talking to this guy.