Server config and security, application deployment.
Why security is important
Today, information has the greatest value. All data, access and systems must be properly and reliably secured – to prevent unauthorized access and abuse against you. In addition to the applications themselves, it is necessary to secure the server on which it runs.
How we secure servers.
Root. After buying the server, we will start securing at the lower level so that unauthorized persons cannot connect to the server. For example, we disable direct login to the root user.
A user with a unique name. You will be able to access the server only through this user with his strong password. And you will have to enter another strong one to use admin rights.
Ports. We also close all ports on the server which are not used for external communication. For example, we will allow ports 80 and 443 for http and https protocols only.
What else will we set up.
Access restrictions. If our client needs the application to be accessible only from specific locations, we can restrict access to the server, e.g. exclusively to corporate IP addresses.
Backups. Database must be backed up regularly. Backups resolve unexpected situations, such as power outages or possible unexpected server problems.
Application needs. When deploying the application, we will install all its dependencies. This includes a database, a web server, or other necessities for trouble-free functionality.
When we do all these things.
Things like setting up and securing a production server usually occur before the application is finally tested. Testing will take place on the prepared production server.
We count on server-side settings from the very beginning. For us, it is an integral part of custom web app development.