Part 6 — Securing and Optimizing Node.js + React Deployment on Oracle Cloud (OCI)
Overview
After successfully deploying your Node.js backend and React frontend on Oracle Cloud Infrastructure (OCI), it’s time to level up your setup.
A secure and optimized deployment not only improves performance but also ensures uptime, protection from attacks, and scalability.
In this part, we’ll configure SSL (HTTPS), firewall rules, security lists, and optimize our stack using PM2, NGINX, and OCI metrics — turning your deployment into a professional-grade system.
Step 1: Setting Up SSL with Let’s Encrypt
Why SSL?
An SSL certificate encrypts the communication between your server and users’ browsers.
Without HTTPS, your website may show “Not Secure” warnings and can be vulnerable to man-in-the-middle attacks.
We’ll use Let’s Encrypt, a free and automated SSL provider.
Install Certbot
Run the following commands on your OCI instance:
sudo apt update
sudo apt install certbot python3-certbot-nginx -yConfigure SSL for Your Domain
Assuming you’ve already pointed your domain name to your OCI instance’s public IP:
sudo certbot --nginxFollow the prompts:
- Enter your domain name (e.g.,
example.com) - Agree to terms
- Choose the option to redirect HTTP → HTTPS automatically
After setup, you’ll see a confirmation like:
Congratulations! Your certificate and chain have been saved.Now your website should load securely via:
https://yourdomain.com
Step 2: Enable Auto-Renewal of Certificates
Let’s Encrypt certificates expire every 90 days — so automatic renewal is crucial.
Check the cron job that Certbot creates automatically:
sudo systemctl list-timersOr manually test renewal:
sudo certbot renew --dry-runIf successful, it means your certificates will renew automatically before expiry.
💡 Pro Tip: You can also create a custom cron entry:
sudo crontab -eAdd:
0 3 * * * /usr/bin/certbot renew --quietThis checks for renewal every day at 3 AM.
Step 3: Setting Up Firewall Rules & OCI Security Lists
Local Firewall (UFW)
Ubuntu uses UFW (Uncomplicated Firewall) — simple yet powerful.
Check current rules:
sudo ufw statusAllow necessary traffic:
sudo ufw allow 'Nginx Full'
sudo ufw allow ssh
sudo ufw enableThis allows:
- HTTP (80)
- HTTPS (443)
- SSH (22)
OCI Security Lists
OCI also has security lists for each VCN (Virtual Cloud Network).
Make sure these ports are open in the OCI Console:
| Port | Protocol | Purpose |
|---|---|---|
| 22 | TCP | SSH access |
| 80 | TCP | HTTP traffic |
| 443 | TCP | HTTPS traffic |
Go to Networking → Virtual Cloud Networks → Security Lists → Ingress Rules
and verify the above rules exist.
Step 4: Performance Tuning with PM2 & NGINX
PM2 Optimization
PM2 isn’t just a process manager — it helps your Node.js app handle traffic more efficiently.
Restart policies:
pm2 startup
pm2 saveEnable clustering (multi-core CPU optimization):
pm2 start index.js -i max --name "node-app"This runs multiple instances of your Node.js app across all CPU cores.
Monitor processes:
pm2 monitAuto-restart apps if memory exceeds a limit:
pm2 start index.js --max-memory-restart 250M
NGINX Optimization
Edit your NGINX configuration for performance:
sudo nano /etc/nginx/nginx.confAdjust key parameters:
worker_processes auto;
worker_connections 1024;
keepalive_timeout 65;
sendfile on;
tcp_nopush on;
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;These changes:
- Enable multi-threading
- Reduce response time
- Compress static assets (gzip)
- Improve throughput and latency
After saving, reload:
sudo systemctl restart nginx
Step 5: Monitoring Using OCI Metrics
Oracle Cloud provides built-in Monitoring and Alarms for your compute instance.
Access Metrics:
- Go to OCI Dashboard → Compute → Instances
- Click your instance name
- Open the Metrics tab
Here you’ll see:
- CPU Utilization
- Memory Usage
- Network In/Out
- Disk I/O
Create Alerts (Recommended):
You can create alerts for when:
- CPU > 80% for 5 minutes
- Memory usage exceeds threshold
- Network traffic spikes abnormally
Steps:
- Go to Monitoring → Alarms
- Click Create Alarm
- Define your metric & threshold
- Add an email notification
These alerts help catch performance or security issues early.
Step 6: Regular Maintenance & Backups
Security and performance aren’t one-time setups — they’re ongoing.
Best practices:
Update system packages weekly
sudo apt update && sudo apt upgrade -yMonitor PM2 logs:
pm2 logs- Backup app data using OCI Object Storage or snapshots
Review access logs for suspicious traffic:
sudo tail -f /var/log/nginx/access.log sudo tail -f /var/log/nginx/error.log
Summary
You’ve now taken your Node.js + React app from deployment to production-grade security and optimization.
✅ SSL via Let’s Encrypt
✅ Auto-renewal setup
✅ Firewall & OCI security lists configured
✅ PM2 clustering & memory control
✅ NGINX performance tuning
✅ Live monitoring with OCI metrics
Your Oracle Cloud server is now secure, fast, and reliable — ready to handle real-world traffic and scale confidently.
