This Project is moved to private Gitlab Repository due to security concern.
Authentication with Google Oauth (Library)
How to Implement GitLab CI/CD Pipeline with Terraform
Using GitLab CI/CD with a GitHub repository
Nomad the Easy Way - Creating GitHub & GitLab Pipelines in Minutes
An example Phoenix + Docker app (GitHub)
ElixirConf 2022 - Ryan Cooke - E2E Reactivity - using Svelte with Phoenix LiveView (Frontend Approach)
Elixir: The Wickedly Awesome Batch and Stream Processing Language You Should Have in Your Toolbox
Phoenix Channels (Official Docs)
Security considerations of Phoenix LiveView (Official Docs)
-
Encryption (TLS/SSL):
- Secure WebSocket connections using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt data exchange between clients and servers. Use
wss://URLs for WebSocket connections over SSL/TLS.
- Secure WebSocket connections using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt data exchange between clients and servers. Use
-
Authentication:
- Authenticate users before establishing WebSocket connections using mechanisms like JSON Web Tokens (JWT) or session cookies. Validate user credentials on the server.
-
Authorization:
- Enforce access control policies to restrict user actions over WebSocket connections based on their permissions. Implement authorization logic on the server side.
-
Input Validation:
- Validate and sanitize all data received from WebSocket clients to prevent security vulnerabilities such as injection attacks (e.g., SQL injection, XSS).
-
Rate Limiting:
- Implement rate limiting to prevent abuse and protect the WebSocket server from denial-of-service (DoS) attacks. Limit the number of connections, messages, or operations per client.
-
Cross-Origin Resource Sharing (CORS):
- Configure CORS policies to restrict or allow cross-origin requests based on security requirements. Use appropriate CORS headers to control WebSocket server access from different origins.
-
Monitoring and Logging:
- Enable logging and monitoring to track WebSocket connection activity, detect suspicious behavior, and troubleshoot security incidents. Monitor server performance and resource utilization.
Git Workflows for Platform Engineers (YouTube)
DevOps is dead. Embrace platform engineering (YouTube)
Non-Technical Challenges of Platform Engineering (YouTube)
Docker Rails Best Practicies (Article)
Least Privilege Container Builds with Kaniko on GitLab (YouTube)
Build Container Image - Feat. Carvel kbld, Buildpacks, and Lima (You Choose!, Ch. 1, Ep. 1) (YouTube)
Scan Container Images with Clair V4 in CI/CD Pipeline (YouTube)
Clair V4 installation guide for test purpose (Repo)
Nomad at the Edge (YouTube)
HashiCorp Nomad A Simpler Way to Orchestrate Your Containers (YouTube)
Nomad Networking Demystified (YouTube)
Nomad - The Hard Way (YouTube)
Nomad CI/CD Developer Workflows and Integrations with GitLab (YouTube) (YouTube)
Replacing Queues with Nomad Dispatch (Article)
Building Immutable Server Images with SaltStack and Packer (Article)
Nomad Task Driver for containerd (YouTube)
Nomad Pack and Templating (YouTube)
Traefik Blog Repositories (Repo)
Workshop: Advanced Load Balancing with Traefik 2.5 (YouTube)
Simplifying Infrastructure and Network Automation with HashiCorp and Traefik (YouTube)
Infrastructure as Code (PDF)
Practical Cloud Security: A Guide for Secure Design and Deployment (Amazon)
Multi-Cloud Architecture and Governance (O'reilly)