Best practices for setting up a MERN application on AWS

Serving static applications via SSL is not necessary, but on the other hand, your server application has to be secured. Part of the stack which interacts directly with the database is very crucial and has to be secured against all sorts of vulnerabilities. Only SSL won't do any good unless you follow best practices to secure your node application.

You can use the subdomain for the node application and root domain for the actual site. Also, you can use the 80 port for the website and 443 for your node application by defining different server sections inside your nginx configuration file.

Below are some links where you can find the best practices to follow while deploying node applications on production.

• https://www.moveoapps.com/blog/set-node-js-application-production-nginx-reverse-proxy/
• https://blog.risingstack.com/node-hero-node-js-security-tutorial/

I would say Nginx exposed to the world, with an SSL certificate and all traffic redirected to port 443.

Everything else bound to 127.0.0.1 and proxied through Nginx. It's simple to set up Nginx to accept requests to api.website.com on port 443 and then proxy them over to 127.0.0.1:3000 or 3001 or whatever.

Then firewall all the other random ports and route absolutely all incoming traffic through Nginx.