Our first priority is to make sure your files are being transferred as securely and safely as possible. We take every precaution on Stackahoy's end to make sure we are using the most up-to-date and tested practices.
For applications that require maximum security, there are several strategies one can implement on the hosting server when using Stackahoy.
Blocking all SSH (port 22) traffic helps prevent types of DDoS attacks and other forms of malicious techniques used to gain access to the application. This is one of the cheapest and most effective ways of hardening a server.
The static IP address for Stackahoy is: 220.127.116.11
Using iptables, first whitelist Stackahoy:
sudo iptables -A INPUT -p tcp -s 18.104.22.168 --dport 22 -j ACCEPT
Then block all other traffic:
sudo iptables -A INPUT -p tcp --dport 22 -j DROP
When configuring your server, not only is it more maintainable to use ssh-key authentication, but it's more secure. Since the authentication is made without a password, we can simply disable SSH passwords all together on the server.
To disable password authentication on the server:
/etc/ssh/sshd_config in your favorite text editor:
You must replace the line:
PasswordAuthentication yes with
Then restart the SSH service:
sudo service ssh restart
More information on how to use SSH keys is described here.
For making your deployments, we recommend creating a system user with the appropriate access and permissions for executing the deployment. Giving Stackahoy root access is almost always inappropriate.
While allowing Stackahoy to build/compile the application on the server is a great way to keep a clean repository, it's a good idea to remove any artifacts that don't need to be there. This will also keep the footprint of the application small on the server.
npm i gulp build # Assuming the application doesn't require node_modules to exist after a build. rm -rf node_modules