🔭 simply ssr

A simply scalable web boilerplate:

• docker
• node
• redis
• express
• parcel
• react w/ ssr

Usage

Development server

serves over parcels built-in hot-reloading server

npm run dev

# go to http://localhost:1234

Production server

serves a secure, production-ready express server with Docker

npm run start

# go to https://localhost:8000

Client Architecture

Client-facing application is a universally rendering react application, featuring react-helmet, react-router and react-router-dom, which can be replaced. Client-side code is processed and bundled by parcel.

Server Architecture

Security

Influenced by mcibique/express-security

• helmet
  • frameguard (X-Frame-Options)
  • x-xss-protection (X-XSS-Protection)
  • hsts (Strict-Transport-Security)
  • ienoopen (X-Download-Options)
  • dont-sniff-mimetype (X-Content-Type-Options)
  • csp w/ nonce via node-uuid (Content-Security-Policy)
  • hpkp (Public-Key-Pins)
  • dns-prefetch-control (X-DNS-Prefetch-Control)
  • referrer-policy (Referrer-Policy)
  • expect-ct (Expect-CT)
  • nocache (Cache-Control/Pragma/Expires/Surrogate-Control)
  • hidePoweredBy (X-Powered-By)

Performance

• http2 + gzip
• static asset pre-compression with gzip & brotli
• static asset caching
• in-memory & redis session caching
• node clustering

Enhancements

• pug for server-facing views
• dayjs as a 'momentjs' replacement
• logging with morgan and winston
• nodemon, npm-run-all, cross-env