A simply scalable web boilerplate:
- docker
- node
- redis
- express
- parcel
- react w/ ssr
serves over parcel
s built-in hot-reloading server
npm run dev
# go to http://localhost:1234
serves a secure, production-ready express server with Docker
npm run start
# go to https://localhost:8000
Client-facing application is a universally rendering react
application, featuring react-helmet
, react-router
and react-router-dom
, which can be replaced. Client-side code is processed and bundled by parcel
.
Influenced by mcibique/express-security
-
helmet
-
frameguard
(X-Frame-Options) -
x-xss-protection
(X-XSS-Protection) -
hsts
(Strict-Transport-Security) -
ienoopen
(X-Download-Options) -
dont-sniff-mimetype
(X-Content-Type-Options) -
csp
w/ nonce vianode-uuid
(Content-Security-Policy) -
hpkp
(Public-Key-Pins) -
dns-prefetch-control
(X-DNS-Prefetch-Control) -
referrer-policy
(Referrer-Policy) -
expect-ct
(Expect-CT) -
nocache
(Cache-Control/Pragma/Expires/Surrogate-Control) -
hidePoweredBy
(X-Powered-By)
-
- http2 + gzip
- static asset pre-compression with gzip & brotli
- static asset caching
- in-memory &
redis
session caching - node clustering
-
pug
for server-facing views -
dayjs
as a 'momentjs' replacement - logging with
morgan
andwinston
-
nodemon
,npm-run-all
,cross-env