I've a service running on port 8983 of an ubuntu Digital Ocean droplet. In front of that I've got Apache web server forwarding from port 80.

It seams that Digital Ocean droplets don't have any security, which obviously isn't great for production. I'd like to secure my server ready for production, but I'm not really sure where to start.

I'm assuming I at least need to block access to all ports except 80 and the SSH port, but I don't know how. What else do I need to do?
--