6

I know this is subjective and opinionated, but I just need something to start off from knowing what the best practices may be.

I've got a MERN application running on localhost with the React script currently running on port 3000 and an Express.js application running on port 3001.

Now I'm about to set it up live on AWS and am wondering if I should create it like:

website.com for the frontend React stuff with nginx routing anything from port 80 to 3000 while it makes calls to api.website.com running on 3001 on the same instance with website.com and `api.website.com having the same IP address.

or

one separate instance for website.com on a different IP address and another instance for api.website.com on a different IP address for API calls? Both are being accessed without having to specify a port.

I'm curious because most of the time I've used APIs, they don't have a separate port, just a subdomain on what I assume was a different IP address and a different instance.

What would be the best way to set this up keeping in mind I want to use SSL?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
totalnoob
  • 2,521
  • 8
  • 35
  • 69
  • When you say, "the best way", you need to alter your q and more specific. There are so many best practices for AWS solutions: do you want cost-effective? if so, your MERN stack might take advantage of S3 depending on the nature of what your application is doing (photo or image) ssl is a given, but more secure? encrypt data at rest in transit? Auto-scaling? - do you expect it to hum along when there is high traffic? Highly Available? do you require the app to stay up if there is an outage in one AZ? Many would vote this q as too broad - so please provide more info and we will help. – Taterhead Jul 02 '18 at 08:50
  • Other questions to consider: your MERN app - is this something that you want to try in order to test feasibility? or are you 100% sure of your existing architecture and are going to have this architecture going forward for the next year, or two? Is this app already running and serving users/customers? If so, what is your traffic like and are your current servers under heavy load/usage? which resource: memory ? process? network ? storage? add these details also and provide numbers if you have them. – Taterhead Jul 02 '18 at 09:23

2 Answers2

1

Serving static applications via SSL is not necessary, but on the other hand, your server application has to be secured. Part of the stack which interacts directly with the database is very crucial and has to be secured against all sorts of vulnerabilities. Only SSL won't do any good unless you follow best practices to secure your node application.

You can use the subdomain for the node application and root domain for the actual site. Also, you can use the 80 port for the website and 443 for your node application by defining different server sections inside your nginx configuration file.

Below are some links where you can find the best practices to follow while deploying node applications on production.

Abhishek Singh
  • 2,642
  • 15
  • 24
1

I would say Nginx exposed to the world, with an SSL certificate and all traffic redirected to port 443.

Everything else bound to 127.0.0.1 and proxied through Nginx. It's simple to set up Nginx to accept requests to api.website.com on port 443 and then proxy them over to 127.0.0.1:3000 or 3001 or whatever.

Then firewall all the other random ports and route absolutely all incoming traffic through Nginx.

miknik
  • 5,748
  • 1
  • 10
  • 26