Getting the backend up and running is important, but making sure it stays online and secure is even more crucial. In this post, I’ll explain how I deployed my APIs using PM2, NGINX, and DigitalOcean. I’ll also share how I made the server secure and reliable.
Why I Chose DigitalOcean
I picked DigitalOcean because it’s easy to use and budget-friendly, which makes it great for startups. It has a simple dashboard for setting up and managing servers (called droplets). It also offers helpful features like monitoring and backups. As the app grows, it’s easy to upgrade the server without starting from scratch.
Setting Up the Server
After setting up a droplet on DigitalOcean, the default user is the root user, which has full control over the server. This is risky because if someone hacks the root user, they can take over the server.
To avoid this, I created a new user with limited permissions. This user can only run important commands using sudo (which asks for a password). This way, even if someone gets access to this user, they can’t fully control the server.
Setting Up NGINX as a Reverse Proxy
NGINX helps direct traffic to the right place. When a user sends a request to the app, NGINX forwards it to the Node.js app running in the background.
I installed NGINX and set it up to listen on port 80 (HTTP). It sends incoming requests to the port where the Node.js app is running. NGINX also helps improve performance by handling a lot of traffic at once and can serve static files (like images) directly.
NGINX also manages HTTPS (secure connections). This makes sure that user data is encrypted while being transferred, which keeps it safe from hackers.
Facebook
Twitter
LinkedIn
Setting Up SSL for HTTPS
Security is essential when handling user data, especially when using phone number login. I installed an SSL certificate using Let’s Encrypt to enable HTTPS. This encrypts all data sent between the user and the server, protecting it from attackers.
After installing Certbot (a tool for setting up Let’s Encrypt), I updated the NGINX configuration to redirect all HTTP traffic to HTTPS. This makes sure that user data stays secure.
Running the Node.js App with PM2
PM2 is a tool that keeps the Node.js app running all the time. If the app crashes or the server restarts, PM2 automatically brings it back online.
I used PM2 to start the app in the background and made sure it restarts automatically if something goes wrong. PM2 also allows scaling, so I can run multiple copies of the app to handle more traffic if needed.
Keeping the APIs Secure
Since users log in with phone numbers, security is very important to protect user data. Here’s what I did to keep things secure:
Authentication Tokens: Users get a token when they log in. This token expires after some time to prevent others from using it.
OTP Expiry: OTPs expire quickly to prevent reuse.
Rate Limiting: I limited how many login attempts a user can make to stop attackers from spamming requests.
CORS: I set CORS (Cross-Origin Resource Sharing) to only allow trusted websites to send requests to my API.
Logging and Monitoring: I track API activity to detect any unusual behavior early.
Skyrocket your customer base with our digital marketing specialists
Get a free consultation
limited time
Expiring Tokens for Extra Security
Tokens should not last forever. If a hacker steals a token, they can use it to access the app. To prevent this:
Tokens expire after a set time (e.g., 1 hour).
Users need to log in again after expiration.
Refresh tokens can be used to get a new access token without logging in again.
Next Steps
Now that the APIs are deployed and secure, the next step is to build the frontend and improve the user experience. In the next blog (Day 35), I’ll cover how I prototyped and started working on the UI and frontend. Stay tuned!
“Don’t miss out on our latest computer science, technology, lifestyle, and design updates! Keep our notifications on to stay up-to-date.”
Want to get weekly knowledge ?
Get notified whenever we post new stuffs.