Skip to content

Bonus Steps

Operation Privacy edited this page Apr 20, 2023 · 7 revisions

For Cloud Hosting

  • Monitor Uptime/Downtime on your app so it keeps it awake on the Heroku instance. (otherwise it goes to sleep with 30 mins of inactivity on the free tier. It wakes up with a ~10 sec delay once you visit the website again)
    • UptimeRobot:
      • +Add New Monitor
      • Monitor Type: HTTP
      • Mnitoring Interval: 5 mins
      • Check "Alert Contacts To Notify" on the right

Web Application Firewall (WAF)

  • Set up a free Web Application Firewall (WAF) at CloudFlare by pointing your domain's DNS there
  • Set up your custom subdomain in Heroku by configuring your custom DNS settings in CloudFlare
  • Cloudflare settings
    • Firewall > Firewall Rules
    • block (expression)

    (ip.geoip.country eq "CN") or (ip.geoip.country eq "KR") or (ip.geoip.country eq "RU") or (http.request.uri.path contains ".php") or (http.request.uri.path contains "/wp-") or (http.host contains "archive.") or (http.user_agent contains "curl") or (http.user_agent contains "Wget") or (http.request.uri contains ".json")

Security

Security Through Obscurity

  • Serve your application on a random directory that only you know. Add a new environment variable (in Heroku) called APPDIRECTORY (case sensitive). Put in a random string as the directory name. Make sure ONLY to used characters allowed in a URI (alphanumeric). Example:
AppDirectory 789gh8ag96lgw7ag8fghlkg

While this is NOT a password, it acts like one, adding another layer of protection against discovery, directory brute forcing and guessing.

  • Your application will now be visible only on https://sub.domain.com/789gh8ag96lgw7ag8fghlkg/
  • The Directory name is NOT case sensitive (the .env variable name is) You will have to change any previous shortcuts you may have created.
  • IMPORTANT: This will also break all the Twilio/Telnyx webhooks. So go back in each profile.
    • Settings > Profile Settings > Save
    • Clicking save will update the new webhook links in the providers' settings.

Note:

  • If no .env variable is defined (default), the directory will automatically redirect to /voip (for backward compatibility and because it's optional)
  • If the APPDIRECTORY variable IS defined, there will be NO redirection of the top level domain, i.e., security against login page discovery will be in place.
  • If an incorrect url is entered, it will simply redirect to a 404 page. You will NEED to know the subdirectory name to access the application. (Bookmark it if it's complex)

Backup Mongodb locally

Mac/Linux Instructions

  • Install mongodb cli commands on Mac

brew tap mongodb/brew

brew install mongodb-database-tools

Linux and Windows tools:

https://www.mongodb.com/docs/database-tools/installation/installation/

  • Download entire db on the desktop folder

mongodump --uri="mongodb+srv://cluster0.abcd.mongodb.net" -d DataBaseName -u user1 -p password123 -o ~/Desktop/MongoDB-backup

If you want to create a bash script and do it with one click, create a file in a backup folder, call it backup.sh. Paste the following in the file and save it:

#!/bin/bash
# make exexutable
# chmod u+x backup.sh

datetime=`date +"%Y-%m-%d_%H.%M.%S"`
echo "####### Date:" "${datetime}" "#######"
########################################################


#VoIP Suite Prod

echo "####### Backing Up VoIP Suite Production...#######"
cd "`dirname -- "$0"`"
cd VoIP-Backup

mongodump --uri="mongodb+srv://myVoipSuiteUserNameInMongo.someText.mongodb.net" -d DataBaseName -u myMongoBackupUser -p MyMongoDbPassw0rd --gzip --archive=VoIPSuite-MongoDB-Backup-$datetime

echo "####### Backup Script Completed #######!"

Make sure the variables above are your own. Get those from your MongoDB dashboard. Create a new/separate user in mongodb just for backups as this password is stored in a text file on your computer, whereas the other password should only be in the environment variable on the server.

Give the file permissions to execute with a double click (or a terminal command):

chmod 755 backup.sh

Take a backup on your hard drive every few weeks executing the backup.sh file. It will create a new folder every time with a data/time stamp in the folder name.

Restore Mongodb

The following script will restore a mongodb locally running on a linux machine from an archive.

### decide which date to restore from and input that date from the folder name here: 
datetime=2023-04-14_23.40.14
mongorestore --uri="mongodb+srv://restoreuser:password@cluster0.abcd.mongodb.net" --drop --gzip --archive=/VoIP-Backup/VoIPSuite-MongoDB-Backup-${datetime}.archive