If you’re going this route, it would make sense to allow access to your app through NGINX only.
Edit your app’s config and set it to listen on “127.0.0.1:1337” or any unused port above 1024 (any program that needs to listen on ports < 1024 must run as root which is not recommended for a website) and add configure following block below
![](https://sp-ao.shortpixel.ai/client/to_auto,q_glossy,ret_img,w_1024,h_303/https://lcdung.top/wp-content/uploads/2019/11/2019-11-03-09_52_08-workspace-Cloud9-1024x303.png)