node.jssql-serverangularexpresstedious

Is it safe to deploy the backend of an Angular web on a visible port?


To put some context:

I work at a company and we have developed an Angular PWA. This Angular PWA listens on port 8080. We've also developed the backend in Node.js and it is listening on port 5050.

To give functionality to the Service Workers, we've implemented SSL on both of them. The SSL is for our company's domain name, so we run the front-end and the back-end on the same URL, but they listen on different ports.

For example, a normal URL would be https://cynica.com/categories

And for fetching data from the database, we use https://cynica.com:5050/listcategories

We access the database through Node.js with Tedious. Database is SQL Server and we use Stored Procedures.

We have database address, user and password hidden in a .env file in the back-end.

The question is, is this approach safe for the backend and the database? All endpoints are protected via login with JWT, but we're still not sure if the backend should be visible to everyone.

Thanks in advance.


Solution

  • yes and no... usually you have a firewall and all the port should be closed except for the ones you really need i.e. 443

    it's better to use a reverse-proxy (such as NGINX) in order to go in on port 443 and from there (internally) redirect it to port 5050