Production Deployment Guide

🚀 Linux Server Setup

Server hardening · NGINX + TLS · FastAPI/Node · PM2 · UFW · Fail2Ban · SSH · Browser + API security (step 17) · AWS Lightsail

OS
Ubuntu 22.04
App
FastAPI/Node.js
Proxy
NGINX
Port
127.0.0.1:4980
All 21 steps: server (1–16) + security (17) + health (18) + logging (19) + API NGINX (20) + frontend NGINX (21)
Infrastructure: Firewall → Fail2Ban → SSH → NGINX (TLS, rate limits, bot map)Application: Backend API + served frontend (React/Next/static) → Browser (HTTPS, headers, CSP, cookies, XSS/CSRF hygiene)
10/10
Production Ready

✅ Security Coverage

UFW OS-level firewall
AWS Lightsail cloud firewall
Fail2Ban brute-force protection
HTTPS via Let's Encrypt
HTTP → HTTPS redirect
API rate limiting (10 req/s)
Per-IP connection limiting
PHP / WordPress exploit blocking
Bad bot detection & blocking
Backend isolated to 127.0.0.1
TLS + HTTP security headers (HSTS, XFO, nosniff, etc.)
CSP / CORS / cookie strategy (Step 17 — app layer)
Frontend + API audits (npm/pip audit, no secrets in client)
server_tokens off
SSH key-only login
Root SSH login disabled
Automatic security updates
Fail2Ban SSH + NGINX jails
Estimated Security Score
Edge → SSH → NGINX+TLS → API + UI → Browser hardening (see step 17)
10 / 10
Production Ready
© 2026 S. Arockia Jebin · All rights reserved.