While security is a complex thing, and there are experts you really want to listen to, there are a couple of things that you can do, low hanging fruits so to speak:
Encryption, Authn & Authz
- Let's Encrypt, always!
- … and get a free SSL certificate while you're at it.
- Use SSO Auth0 and JWT.
- Everything you need to know about HTTP security headers and in this context, you can use securityheaders.io to check them.
- Learn about Docker Security and try it out yourself via this awesome Katacoda course.
- Some basic hygiene: don't put your credentials in the (Docker) image, rather provide them via environment variables or even better use one of these secure, distributed in-memory key-value stores:
- Do carry out vulnerability analysis on containers.
Check out also: