DEV Community: chrdek

https://dev.to/chrdek/forem-to-devto-platforms-3o87 redirection bug from forem.com please advice.

chrdek — Wed, 02 Jul 2025 10:13:52 +0000

https://dev.to/chrdek/forem-to-devto-platforms-3o87 <--redirection bug from forem.com please advice.

chrdek — Wed, 02 Jul 2025 10:13:34 +0000

Forem to devto platforms

chrdek — Wed, 02 Jul 2025 10:03:27 +0000

Was wondering why do I need to be logged in first via forem so I can read the articles from dev.to platform?
(I am being redirected from dev.to ->forem.com ->back to dev.to so i can read some blogs etc).

SIDE NOTE:
On accessing https://dev.to/enter I can directly access/login to the platform without being redirected via forem.com.

Is dev.to migrating blogs or is it a one-time thing that needs to be done on my end. If anyone could answer this, would be grateful.

Many thanks in advance.

The top 11 web application vulnerability scanners with self-hosting and automation

chrdek — Sun, 25 May 2025 16:07:43 +0000

As part of improving your webapp's or blog's overall security posture I have concluded to a simplified listing of the top 11 best choices for software devs and security testers that can measure or take preventative action on specific known vulnerabilities.

Note: This is not meant to be a holistic and finite list since there is a multitude of security vulnerabilities and zer0-day exploits roaming freely the web and which allow anyone to hack into your webapp. Its only a conclusive list of my own choice, feel free to add anything that is missing from this list.

If you consider a layered approach when thinking networked security, I will only be focusing on the layers of the network referencing the web application parts. See OSI-layered model below:

Since this list is mainly focused on opensource DAST and SAST vulnerability tools, the relevant infrastructure parts covered are the top 3 OSI parts, relevant to web application testing and are affecting indirectly/directly OS resources. See image below:

DAST and SAST tools mentioned in the list below will mainly scan and perform assessment of the highlighted OSI parts only. (Some may involve lower parts scanning such as probing, ping sweeps but not in the longer run).

1. GreenBone (former OpenVAS) Community Edition + Kali Linux

Pretty straight-forward installation and setup process, but only runs on one platform and that is Linux (Kali Linux to be more specific). Also a plus is the docker usage for automation that it provides on self-hosted parts and the usage of a Web UI that comes with that. Minimum hardware requirements include only 2 CPU cores and 4GB of RAM to run so it can be easily set on small or legacy H/Ware if you intend to build from source and/or install separately.

2. ZAProxy

Provides good knowledge base and solid online documentation. ZAProxy is always a favorite well-known option for both security testers and webapp developers. Also allows good automation usage by the built-in spidering agent included in its overall capabilities. This still needs to be setup manually on any OSes that supports (incl. Windows,Linux) and it also includes its own dockerized images.

3. Escape Technologies DAST Scanner (by escape.tech)

Includes most commonly used scanning capabilities for vulnerability scanning and also supports GraphQL and other forms of API endpoint security testing. Also has a CLI tool so most testing and reporting can be easily automated on any hosted instances (either Windows or Linux).

4. BurpSuite SelfHosted (by portswigger)

One of the most popular vulnerability scanner with added setup support for most Windows OSes (including Server versions) and Linux. Also available as docker and kubernetes deployment. Minimum requirements are mainly dependent on how many scanner testing tasks are running simultaneously. The standard though for CPU cores is 2 with 8 GB of RAM. In terms of automating burp tasks, some special sort of burp snippets are provided also-known-as 'Bambdas' as stated on their website that can be imported to extend and further customize and automate the standard pre-bundled snippets.

5. W3Af Scanner

Another alternative non-proprietary security relevant scanner that utilizes python only scripting and is a CLI application. This helps with automation and flexibly using it any way possible. Supported by most Linux platforms and unix-based systems (MacOS, Kali Linux) with partially supported setup for Windows as well. Can also be downloaded via Docker and allows for multiple exploit and payload customizations when run.

6. Nikto Scanner

A PERL-based open source web vulnerability scanner that comes with pre-bundled 7000 vulnerabilities to choose from. Installable on most *nix-based systems, on windows as a binary zip file and image deployable Dockerfile. Nikto, allows for fine tuned settings when executing via the command line while launching a built-in attack. This allows for more flexibility. Also on its website besides the detailed usage guide in github wiki, there is a searchable database of default passwords used by known vendors.

7. Brakeman Scanner

A least popular option of SAST tool is Brakeman. Brakeman is another free vulnerability scanner designed for Ruby on Rails web applications. It statically analyzes Rails application code so to detect any code issues during development. Run from a single file /binary on most platform, is the ideal choice for RubyOnRails web developers.

8. Wapiti

Another popular and python-specific cli tool for testing websites. Supports python-based installs on 3.12,*.13 only and can generate vulnerability reports -with revelant verbosity levels- while performing fuzz-based testing while injecting each attack's payload. Also easily detects bad configs like server 500 errors during test runs.

9. Wfuzz

Another fuzzer for web application security testing runs on python (pip installs) and has a strict list of its 5 installation prerequisites that support it. Install guides are also available for docker images, Windows and MacOS. Notable features are its vast fuzz-testing capabilities being able to use cookie, HTTP Verb, Proxy and Authentication fuzzing as well as more advanced fuzz tests such as payload combinations, payload mangling and encoder combinations, all from a single command line.

10. Bearer CLI (by cycode)

Another good vulnerability and misconfiguration scanner for your web application that runs on the command line and supports also environment secrets scanning and nice html reporting exports as well as many other capabilities. It does not state windows support on its website, but supports installs via Homebrew/Debian/Ubuntu/RHEL/CentOS as well as Docker. It also includes an .sh install script to use directly from their online website.

11. Grabber

A mini-web crawler that runs on a small single .py file and supports a small range of security-relevant vulnerabilities. Small tool but flexible to use since it supports xml file configurations, this allows targeting multiple sites. If you need something small and portable that adapts to most setups this might be useful. It is dependent on Python 2.4, BeautifulSoup and PyXML and also has a py2exe generated executable version.

Extra: public website online scanners

This listing is just in case you need a fast check on your main website's domain and you don't mind external services probing your public record/domains. NOTE THAT: Overall, most sites on this list are free to use but some might require free registration to view the scanned results produced after you put your website domain, so please use with care and read the terms of usage beforehand.

Other DNS checkers online:

Just in case: That you will need additional help with orchestrating one or more vulnerability testing scenarios or variants, there are still free options out there to use:

CloudSploit : This will be helpful in securing a cloud-based deployment or cloud-hosted web application instance.
CyberChef : Can be run with self-hosting, provides a nice web UI to preset any security-relevant scenarios in the form of a recipe, for added tuning during automation which I think is cool.

This additional list is in case anything is missing or invalid in your configuration defaults or customizations:

Datree Configuration Security Scanner : Detect misconfigurations in a kubernetes deployment and remediation. Can be run on-premises.
DotEnv : Secure your secrets in a vault-like way. Immediate leakage detection and prevention.
Doppler : Secure secrets management for securing environment setup and additional integrations. Available on most OSes via CLI and includes docker presets.
GitGuardian : Git web app repository protection for secrets and sensitive info leakage (certificates, etc.). Prevents hardcoding most things in your code and allows for usage for most git-based deployments (AWS Cloud, Azure Cloud, Atlassian etc.).

In case you need to be extra careful and want to do most things on your own, write custom automation and stylish scripts:

Here is a list of the top 100 security vulnerabilities.

... can be combined with any of this in this public github listing vulnerability scanner categorization below:

psiinon / open-source-web-scanners

A list of open source web security scanners

open-source-web-scanners

A list of open source web security scanners on GitHub and GitLab, ordered by Stars. It does not provide in-depth analysis - for more analysis or a wider range of tools, see the links below.

Note that some large projects have multiple repos - in which case the second most relevant repo is included immediately after and is indented.

Related: open-source-llm-scanners

General Purpose Web Scanners

Tools which can find a range of 'unknown' vulnerabilities on any websites.

Main Site	Last Commit	Committers	Stars
ZAP
- ZAP Extensions
Hetty
W3af
Arachni
Astra
Wapiti
Skipfish
Sitadel
Taipan
Vega
Reaper
BrowserBruter
Tuplar
Ugly-duckling
Jawfish
Pākiki
ProKZee
Browserker

Infrastructure Web Scanners

Tools which can find a range of 'known' vulnerabilities on any websites.

Main Site	Last Commit	Committers	Stars
Nuclei
- Nuclei Templates
Xray
Tsunami
Nikto
Striker
Jaeles
- Jaeles-Signatures
Yasuo
Observatory
Spaghetti

Fuzzers / Brute Forcers

Tools which focus on throwing 'bad…

View on GitHub

Amazon Q Developer Challenge: Lambda-Based Picture Processing Utility

chrdek — Sun, 04 May 2025 20:10:02 +0000

This is a submission for the Amazon Q Developer "Quack The Code" Challenge: Exploring the Possibilities

What I Built

What I was going for initially was an AWS Lambda-Based mini-clone of Cloudinary's cloud-based image processing API platform, but in the process I realized that Amazon's Q Developer cli produced code flexible enough to integrate with most external npm libraries out there.

Both API responsibilities and layers are separated so that external libraries such as pdf conversion utilities and 3d renders can be included in the future dynamically and with minimal effort.

So overall what was made, is a node.js v.17^ compliant image processing utility that currently supports the following:

Several Image Transformation Operations (Resize, Blur, Grayscale conversion, Format Conversion, Quality Enhancement etc.)
Image to Pdf Conversion Operations (Image to PDF conversion, PDF Metadata editing, Auto resize to fit-image-to PDF).
Can be run on the cloud for automation via Lambda API Gateway.
Includes built-in infrastructure templates to add WAF (Web Application Firewall) with relevant rate limitation for overusing AWS Lambda endpoints.
Can be run by docker (included in the documentation).

Entire Architecture Presented below

What is not added (yet):

STL file import /processing for 3d content.
Handling multiple images in parallel.
More usable and friendlier UI.
Additional tests and infrastructure checks.

Demo

Standard use case displayed below:

and in animated capture below:

Code Repository

All code is strictly written by Amazon Q + VS Code (yes even README.md) and presented with the relevant documentation in the publicized repository in the link below:

chrdek / PicProcessor

AWS Lambda function for image processing and PDF conversion with DDoS protection and Docker support

Image Processor Lambda Function 🖼️

Generated with Amazon Q 🤖 🦆

This project contains an AWS Lambda function built with Node.js 17+ that processes images from an S3 bucket and returns them through API Gateway. The implementation includes robust DDoS protection, rate limiting, PDF conversion, and Docker support for local development and testing.

Project Structure

PicProcessor/
├── src/                    # Source code for the Lambda function
│   ├── index.js            # Main Lambda handler with rate limiting
│   ├── imageProcessor.js   # Image processing logic
│   ├── pdfConverter.js     # PDF conversion functionality
│   └── local.js            # Local development server
├── tests/                  # Unit tests using Mocha and Chai
│   ├── index.test.js       # Tests for the Lambda handler
│   ├── imageProcessor.test.js # Tests for the image processor
│   └── pdfConverter.test.js # Tests for the PDF converter
├── localstack/             # LocalStack initialization scripts
│   └── init-s3.sh          # Script to initialize S3 bucket
├── Dockerfile.lambda       #

…

View on GitHub

How I Used Amazon Q Developer

What I used, was VS Code + Amazon Q plugin.

Codewise, an empty folder and a .gitignore file with Amazon Q plugin + VS Code was created to get me started. (Note: The ignore file was overwritten by Amazon Q later in the process).

Using this little, Amazon Q handles all the workload for you and code modifications from within VS Code when adding or handling file changes.
Overall, no code was written by myself. Only git commands to deploy to remote repository.
AI-Guided Coding process was like so:

Generated Code based on node version + packages required as dependencies.
Generated the corresponding tests code parts to run alongside the parts of the code.
Generated lambda-relevant code for usage of api gateway + corresponding deployment templates. This was also updated to include code for handling uploaded files on the s3 bucket.
Added more features like WAF (Web Application Firewall) so that to handle rate limiting for the api etc.
Generated the code files for docker and docker-compose usage.
Updated when necessary and informed the AI of changes and noted to update the relevant files (Repeat until satisfied).

This was also to have a proof-of-concept of how capable a 2025 AI is in writing code. All infrastructure deployment files + Readme/Licenses added by A.I. assistant and some Amazon Q IDE plugin responses are shown below:

Importantly highlighted part of this is that Amazon Q added (and justified the license referenced in the readme). By default it selected ISC due to the nature of the solution (node.js with Npm packages in the json file).

OVERALL: A major benefit of using the IDE alongside the built-in plugin is that you get to modify your own context and thus, easily bulk-update the files included already in your solution.

Graph databases top 6 setups and configurations.

chrdek — Wed, 26 Mar 2025 14:29:10 +0000

The core part of web devs and software engineer best efforts when designing distributed applications, would be to avoid cases of highly congested network traffic.
This is mainly done to prevent bottlenecks in the public network that the webapp or system runs on and to have flexible data handling. This might also be done to prevent DDoS attempts at an account of a webapp.
Usually this is done by utilizing caching and streaming mechanisms provided as part of ready-made webapp/content hosting techstack.
A major part of online content hosting infrastructures would be graph-based distributed schemas and their respective graph-based Database technologies that support it.

In a brief explanation on how graph databases work that would be described as below set of basic rules -and differences from traditional dbs-

Graph databases use nodes and edges to represent data relationships whereas in a relational database keys and columns relations to keys are used to do this.
A graph database has a flexible data schema (like NoSQL databases) and data types can easily added/modified whereas in a relational database data set structures cannot change as easily (data types, relations etc.)
Graph with dbs are mostly used in recommendation systems, ML and ai-driven systems that have to do with social networks like facebook, fraudulent activity detection etc. Traditional db structures are wider-spread and can be used with stricter data handling domains such as data warehousing and BI/analytics systems.
As a learning curve, graph db concepts are more difficult to grasp by early developers but relational dbs can be taught more easily and used by most people in general.

An example of how a graph database can be used in a real-life application can be found below:

Legend for example: Arrows are indicated as graph db edges, circles are the nodes of the graph and a vertex of the db structure would be denoted by at least three nodes (circles) and two edges (arrows) 'aka' V-shape in the graph.
How this works in regards to querying an graph-based entity structure would be as follow:

To retrieve the tutor that has as a corresponding student A from STUDENTS_REGISTRY would require classroom-to-tutor edge (with classroom, tutor nodes included as operation1) and tutor-to-studentsregistry edge (with both tutor, studentsregistry nodes included as operation2).
The set of individual nodes and edges for operation1 is called a graph link (E1) to indicate linking of a tutor node to a classroom node. The other set that handles the linking of a tutor node to a studentsregistry node is by graph link (E2). This can go up until the length N for the entire length of nodes and vertices in the graph.

In noticing the linearity in the relations of the above, usually linear algebraic operations are used to extract such information from a graph-based data structure.
This is just an over-simplified way of how this is implemented in an actual graph-based database engine.
More info on how graphs work can be found here...

...and here for graph databases

NOTE THAT: The example indicates a DiGraph (or Directional Graph) usage of the system. This is also common in binary tree data structures and indicates a more strict layout of information.
If a unidirectional graph where to be used, there wouldn't be any arrow indicators to create the data relations in the entities (nodes) of the system. This would indicate a more flexible data relationship schema, which is usually what is applicable to actual graph db-based technologies.

Either digraph or unidirectional graph Db is used as an underlying data source, each one has its perks and disadvantages in terms of workload handling, flexibility of data structuring and directed DoS attacks on the data structures.

As a main part of this, here is a listing of the top 6 graph-based backing stores that are utilized by most content delivery/hosting stacks for distributing web content online:

1. Neo4j DB

One the most popular graph-based database frameworks, has its own language and query engine (known-as Cypher) which also supports some proprietary structures such as SAP HANA Graph.
Overall in its functionality supports CSV imports, db interoperability and both Cloud-hosting and Self-hosting deployments to use.
Aside from a large knowledge-base with detailed documentation and tutorials, it has also video tutorials and guided learning for understanding how to use its vast range of features.
Also supports query and graph visualization via its dashboard capability which is called NeoDash and a local IDE called Neo4j Desktop.

General Info
Important features: Self-Hosting by Docker, Kubernetes, AWS/GCP/MS Azure Cloud or fully managed Cloud-based hosting via Neo4jAuraDB. Also includes IDE support via Neo4j Desktop and NeoDash for visualization.
Also CVE (Common Vulnerability Exploits) supported on its knowledge base and continuously checked by their open-source platform.
Where is applicable: Generalized purpose graph database, preferrable for structuring LLMs and Machine Learning for business-level analysis.

Official Info

2. GraphDB

One of the most familiar graph databases that has added built-in support for RDF schemas and SPARQL. This can make it easy to use with ontological frameworks/ontologies for more context-driven machine-learning scenarios for supervised learning. Also supports clustered operation with built-in memory caching capabilities and docker/kubernetes/helm deployments. The kubernetes templates allow for a higher level of detail and complexity for self-hosted instances.
It also includes a monitoring panel with partial SPARQL query syntax support called GraphDB Workbench. Alongside coding and administrative features it includes a set of CLI-commands that support vast range of operations such as RDF schema validations etc.

Other important feature is it's high-grained access controls via LDAP/kerberos and other authentication schemes but this is a hassle to be setup and needs to be done manually. Instructions mainly provided by official documentation and vast stackoverflow supportbase on their website.

General Info
Important features: Built-in support for SPARQL and RDF schemas, supports clustered deployments and also self-hosting via kubernetes/docker/helm. Also has a built-in monitoring and administration tool with small IDE features for queries.
Where is applicable: Machine learning with ontological frameworks and a.i./ranking algorithms and relevant taxonomies.

Official Info

3. ApolloGraphQL + GraphOS

One of the most popular graph database for project working with dev teams and multiple deployments and DevOps scenarios is ApolloGraphQL. It includes a built-in GraphOS Router by which a flexible RESTful API is exposed for handling multiple microservices at once. It's scalable infrastructure allows for ease of use across many development teams and whenever CI/CD automation is required in larger enterprise projects.
Also includes an in-browser IDE setup locally and self-hosting capabilities for GraphOS Router or Apollo Router Core, on Docker or Kubernetes.

General Info
Important features: Full in-Browser IDE with graph query execution plans and visualizations. Flexibility of CI/CDs with SDK and RESTful API connectors via GraphOS Router (with GRPC, SOAP etc). Also it has a good support base and useful documentation.
Where is applicable: Vast range of features that make it useful in literally any Machine Learning/ranking distributed application from medium to larger enterprises. Also useful where you require to have MLOps (Machine Learning Operations) or DevOps in a large web and back-end developers team (either github, gitlab).

Official Info

4. TigerGraph DB

TigerGraph is a more proprietary and enterprise-level graph database product that is also backed by detailed docs and tutorials knowledgebase.
The paid products on their website already are provided as default enterprise level packages whereas also community editions are included for free.
It also supports Docker self-hosting, with online instructions, for both Ubuntu and CentOS deployments for the corresponding environments. In addition kubernetes self-hosting is available on AWS (EKS), Google's (GKE), RedHat OpenShift and MS Azure (AKS).
Apparently, a lot of detail has been added on the online docs about how to run it directly on Linux H/W with the relevant amount of info and minimum supported hardware. A list of all the Linux distros that currently supports, is as below (note: it does not run on Windows or Macintosh).

Operating System	Supported
RedHat (RHEL) 7.0 to 8.9	✅
RedHat (RHEL) 9	✅
CentOs 6.5 to 8.0	✅
Ubuntu 16.04 LTS	✅
Ubuntu 18.04 LTS	✅
Ubuntu 20.04 LTS	✅
Ubuntu 22.04 LTS	✅
Debian 10 & 11	✅
Suse 12	✅
Oracle Linux 8.0 to 8.4	✅
Windows (all version)	❌
MacOS (Intel and M1 chip)	❌

In addition to that, it supports out-of-the-box a RESTful API for data driven operations (similar to ApolloGraph) and highly-refined built-in RBAC controls that support multiple user roles and access levels. Also has many interesting features via its RESTPP Built-in capability that also include open metrics and status monitoring alongside hyper vertices handling and linear operations with edges/vertex retrieval and the underlying path-finding algorithms that come with it.
Most of the above, are monitored by a fully-blown web IDE aka GraphStudio and a management interface supported by the Admin Portal dashboard which is also web browser accessible.

Overall a decent product for graph-based operations that also supports high-availability clustered configuration wherever required.

General Info
Important features: The most important parts of TigerGraph are its vast documentation resource base such as forums, developer site, documentation with knowledgebases and the highly-refined built-in capabilities that includes such as: RBAC controls, REST API and monitoring capabilities.
Where is applicable: Can support a vast range of Machine learning Models setups for both startups (community edition) and larger companies (enterprise edition), also for algorithmic applicability and usage. It can also be setup and used easily for MLOps and DevOps. Also usable for adding BI alongside mapping applications such as map traversal via routing and relevant path finding algorithms.

Official Info

5. MongoDB + graph-based lookup pipeline stage

Another graph capable database would be MongoDB. Not only has the NoSQL schema flexibility but can be handled independently via its aggregation pipeline stage that can also be processed as a graph database.
This is done by utilizing MongoDB's $graphLookup aggregation pipeline stage so that it handles the relevant transformations directly on the underlying dataset.

What is supported for this:

All the high availability and optimization features that MongoDB cluster currently supports on the managed Atlas Cloud.
All the administration panels and relevant DBMS for Windows, Linux provided by the same platform.
What is currently supported in terms of CLI and self-hosting for MongoDB.
Based on its online info, MongoDB supports key-value-pair matching per NoSQL document for building and returning a graph edge or a vertex via its graph-based aggregation pipeline. More info on this can be found here.

Even though MongoDB is good for handling key-value pairs in a graph-traversal manner for NoSQL documents it is still not a fully supported graph database schema. An additional enhancement is the use of labels to tag multiple nodes together to make node matching easier and more in-depth.

There is also recently added extra support for out-of-the box connectivity with a graphQL enabled database and this is also stated in the documentation. Also Mongo Atlas Vector search is supported on managed MongoDB Atlas instances.

General Info
Important features: All features currently supported by MongoDB and additional CLI tools and administration panel and software. A vast knowledge base but not too informative on how to use graphLookups in-depth and for real-world test cases.
Where is applicable: Most types of applications that require graph-based capabilities with a backend that currently runs on NoSQL infrastructure. Not to be recommended for more high level AI or ML frameworks and AI models as it does not support a lot of built-in graph handling features out of the box.

Official Info

6. Azure CosmosDB for Apache Gremlin

One of the top fully cloud hosted options for graph databases would be Apache Gremlin, managed directly on Azure Cloud.
It is included as part of the NoSQL cloud hosted Cosmos DB that supports direct graph data structures handling. Apache Gremlin's engine is based on Apache Tinkerpop and has its own graph query language named 'Gremlin Query Language'.

The main advantage of being a part of Cosmos DB is that is fully integrated with Azure Cloud and the benefits that come with it. These include full Azure CloudShell interaction and usage for scripting with Gremlin directly on the cloud as well as all the benefits you get from running as a managed DaaS Azure resource.

SDKs and scripting languages supported on Azure so far are Java, Python and .NET with good amount of examples in their online documentation.
Some small open-source only community templates are available also for direct Gremlin Tinkerpop self-hosting via Docker. Another good feature that Gremlin graph uses on Azure Cloud, is that it can perform bulk data ingestion with it's bulk execution library. Although this only works via a built-in .NET library and takes some prerequisites such as Maven/OpenJDK Gremlin API access towards your database.

General Info
Important features: Fully managed web browser scripting environment via Azure CloudShell, huge support base by both Microsoft and open source Apache side and also a decent amount of languages and corresponding SDKs.
Where is applicable: General purpose graph-based features for multiple case scenarios and usages. These can be: map-based path-finding or routing for geospatial applications, ranking or recommendation engines, social network interactions and sentiment analysis for social network apps. Because of the built-in MS capabilities on Azure, can also be used for MLOps, DevOps in larger development teams.

Official Info

Bonus: Using a traditional relational database schema as a graph database without built-in features. In checking the following online example and another more detailed here, this is the most time-consuming way to use as a last resort if creating a graph schema is a must for your application.
This more challenging approach, involves mapping the nodes and edges to the corresponding key of a relational table so that a pointer record indicates the location (and direction) of the next node in the graph-like structure. This is usually performed in a from -> to layout.

WARNING - This is only useful if you really must persist graph data in a conventional database schema and there is no other option. Do not count on this for production usage.

This is my exhaustive listing of graph-based database features and relevant usage. Feel free to provide other ideas/tech stacks or constructive criticism where needed.

The top 8 headless CMS with self-hosting options.

chrdek — Sun, 16 Mar 2025 16:54:44 +0000

In most modern web application or web page setups, there is an increasing trend in managing vast amount of growing and complicated content. Mostly centralized in web-based infrastructures, the heavy usage of real-time updates are handled by a CMS or similar service.
Aside from that, most modern web apps can usually include a.i. features such as a chatbot or an a.i. assisted search to add better user experience in the overall website design.

As data structures complexity of a website grows and demands for a.i. features are becoming more popular, it is noticed that most developers will utilize a graph-based Api alongside a headless CMS to speed-up the flexibility and maintainability of their content.
Sometimes this also helps in adding a.i. features in their websites with minimal hassle and long-term changes.

So, in web application building most web developers might prefer to:

Have all content easily managed and flexibly centralized via a headless CMS.
Have a graph DB backend for easily exposing standard functionality such as login and registration and also extended features that require graph-based capabilities to integrate with such as, a.i. applications or external a.i. service calls.

For the reasons stated above, here are the top 8 options that -in my opinion- gain the most interest while setting up a headless CMS with self-hosting options for a portfolio site:

Note: There are many different Headless CMS options online, but I will only be focusing on the ones that support self-hosting and simplify deployments for the average developer when setting up a website, but also offer the necessary complexity when you require something more advanced.

1. Strapi

One popular headless CMS for Node.js /React or most javascript-based web apps is strapi. It includes seamless admin panel integration with Gatsbyjs headless self-hosted plan and 1-click deployment to get you started easily to sync changes from gatsbyjs webapp to strapi.

Also, supports direct cloud-to-local deployment via CLI or docker deployment (direct local machine node.js install or docker). These are the two main deployment options stated on the official website.

Another plus for self-hosting is the low-grade hardware required to run strapi on. This is provided on their official documentation and shown below:

Hardware	Recommended	Minimum
CPU	2+ cores	1 core
Memory	4GB+	2GB
Disk	32GB+	8GB

Minimum local H/W allow it to run even in a Raspberry Pi v2 Linux environment which is also nice.

Links
Source 1
Source 2
Source 3

2. TinaCMS

Another popular option for self-hosting customizable CMS is TinaCMS. It allows a fully Node.js compliant backend with separated build and configurations for GraphQL data layer handling. Can be easily deployed with 1-click on VercelApp, Netlify or any other external serverless environment by using a Next.js preset app for this specific purpose.

Overall, it has some limitations and does not include a docker container option officially.

A good plus is the 'local mode' vs 'production mode' just in case you need to switch your content locally on your machine for local development. Note that: Your entire codebase will still be required to be on github for self-hosting which is fully interactable with everything supported by TinaCMS.

Links
Source 1
Source 2

3. PayloadCMS

In a similar concept, Payload CMS is another good option for e-commerce that has a very decent UX as it comes to the CMS front-end.

It allows for a vast amount of configuration and UI changes via its WordPress-like front-end. In addition to that, it supports extra built-in features such as:

Fine-grained access controls for standardized user accounts.
Authentication methods such as pre-login, post-login registration scenarios, JWT and mainly everything that is required by a standard e-commerce grade site.
Out-of-the-box CSRF and HTTP-Only cookie headers protection.
Web app templates for ready made solutions supporting MongoDB, PostgreSQL with relevant data adapters.
Built-in Mime/type and localized file upload support that also includes relevant access controls for all types of files. Extended behavior is achieved with additional storage adapters for remote uploads that interact with Google GCP, AWS S3, Vercel Blob Storage or MS Azure Blob Storage.

The main upside is that your code can be self-hosted in any sort of NodeJS environment and also supports serverless Vercel deployment when ported as a Next.js webapp that is currently supported.

Links
Source 1
Source 2
Source 3

4. BudiBase

In terms of flexibility of deployment, budibase may also be a good cms alternative.
Even though not the most intuitive CMS front-end and not as scalable, it includes many other interesting features such as:

Multi-database direct support. Currently supporting csv files, PostgreSQL, FireBase, MongoDB, mariaDB and MS SQL Server as directly targeted data source.
Workflow automation by direct integration with various services such as Slack, Jira, Stripe, Discord for mass CMS-relevant operational notifications and other tasks.
Multiple self-hosting deployment options such as docker, kubernetes, docker-compose, Ansible, DigitalOcean (cloud VPS), Linode (cloud VPS) and many others. Instructions also include a prebuilt ARM docker template for Azure deployment.

Another feature of budibase CMS is its highly detailed documentation for its also equally complicated self-hosting set of instructions to follow for most cases.

It also includes an interactive API-documentation in its website to be able to view the actual Api calls and respective responses which is cool.

Nonetheless, its highly detailed documentation and real-time Api online playground make it a great all-around option for most web developers.

Links
Source 1
Source 2
Source 3

5. Directus

The directus option is probably the fastest in terms of deployment (90 seconds or less for cloud deployment) but with more limited self-hosting and other options.
As it currently supports docker-based deployment as a private server option, this is made very fast and in a simple three-step process as stated on their website.
Note: It still involves a prerequisite of docker and docker-compose to quickly get a directus cms app online.

Nonetheless, some added set of features such as project data workflow automation -via emails and notifications- and also built-in API and simple user RBAC and Access Controls make it into an interesting CMS option.

Overall, it is good if you require a fast/functional deployment of your Node.js webapp either by self-host or cloud hosting option.

Links
Source 1
Source 2

6. Next.js

One of the most popular options for hosting web apps and supporting many deployments on the Vercel cloud (Testing, production) is Next. The cloud option is currently the most popular with tons of github repos supported.
But fortunately since this blog post is about self-hosting options the top 3 relevant styles for Next.js are available here and as displayed below:

Direct Node.js provider deployment.
Docker image deployment (helpful examples for webapp included online).
Static HTML Export for direct SPA or static website hosting on a personal server such as AWS S3, nginx, apache or other.

The most interesting feature of Next.js self-hosted apps is the built-in caching it supports. Also integrated Cdn (header-specific) support for hosted content and zero-configuration deployment for middleware-based scenarios supported by next start is another great feature.

All of the above are also included on their website as part of the self-hosted options documentation. Using Next.js as a headless CMS might not be a good option since it does not include a fully fledged cms UI or other similar features.
On the other hand, it has good content caching and transparent data-handling capabilities. With that said, this still turn it into a good candidate to be added in the list of headless CMS hosting options.

Links
Source 1
Source 2
Source 3

7. ApolloGraphQL on Apollo GraphOS + Sandbox IDE

One of the high-end options for a headless cms that is also enterprise-ready for larger projects is ApolloGraphQL. It transparently integrates and supports GraphQL API, REST API, with proper management APIs.

It has a highly scalable and transparent data routing layer (GraphOS Router). This allows for flexible schema allocation making it ideal for distributed schema design approaches.

Aside from having a large knowledge base and support forums in addition to the detailed documentation, it includes the following major highlights (as a headless cms techstack):

Apollo Sandbox IDE:
A full server-based html sandbox environment that also interacts as a direct server deployment tool. Aside from being a great in-browser IDE with a broad range of features, Apollo Sanbox runs in a self-hosted local environment that supports data schema visualizations with relevant workflows.
This includes GraphQL schema diffs, checks and visual query execution plans as core features of this IDE.
GraphOS Router + Apollo Connectors:
Easily utilized federated schema routing /connections allows for direct schema manipulation as a separate layer on top of multiple APIs on self-hosted enterprise level apps.
This allows for low-code to no-code infrastructure setup alongside maximum productivity for devs.
Kubernetes + Docker GraphOS Router Deployments:
Apparently only docker or kubernetes containerized self-hosting is supported for GraphOS Router or Apollo Router Core. Inclusive features also supporting these environments are Prometheus and OpenTelemetry Protocol-backed metrics as part of the insight gathering process for active container platform.

As an enterprise-level option the Apollo IDE full setup alongside a self-hosted instance of your GraphOS Router and data handling layer, is a viable option for most SMEs or personal projects.

Links
Source 1
Source 2
Source 3
Source 4

8. Sveltia-CMS

Last but not least, a svelte-based cms called sveltia seems also very promising in terms of open-source simplified direct deployments.

Being still under maintenance and fully supported by the open source community has its code base open for changes and improvements and continuously builds upon its current standards.
Currently only two different cloud deployment types supported on Netlify and on Decap.

As it is fully Git-based, Sveltia headless CMS has also its drawbacks as part of your source still needs to be hosted in a github-based repo. This makes it a little bit less attractive option to devs that aim for external enterprise-ready client projects.

The best most viable option for static site projects and simple test environments alongside directus would be sveltia since it is pretty simple to setup and run.

Links
Source 1

BONUS - CLOUD HOSTING ONLY OPTIONS:

Some other cloud-only hosted headless CMS options for people that want their codebase to be hosted on someone else's server are also available.

How do I use ChatGPT as a developer? Top 10 + 1 best usages.

chrdek — Sun, 23 Feb 2025 15:08:00 +0000

In terms of computer software engineering, code AI or the so-called copilot coding apps (or what I like to call code companion Gen AI) are becoming more and more useful for everyone that wants to become a developer or improve their current programming skills.

The problem with that is that if you do not get what Generative AI with an LLM does in terms of coding, you will end up hating it and with that the unwanted frustration and bad code produced.

An overly-simplified description of how an LLM works is shown below:

The main Generative part of the LLM gets fed with info from user input in the form of a generic or specific question/sentence. In that sentence the words are tokenized, means that are split and mapped to a linear 1D data structure (array, list).

The text is then mapped to the corresponding values of words by order of which those have been tokenized (eg: 1,2,3..etc) so these are fed to the Pre-Trained A.I. models and then the textual A.I. language model will try to Transform input words to the statistical analogous using statistic series classification in the form of a set of numeric values (AI model weights).

These values indicate and inform the Gen AI process of the used words importance (per LLM subject or category) so that it is able to respond with the closest answer to the naturally-set question - this is similar to Google's BERT.

This process also gives the name of the most well known LLM used aka GPT (or Generative Pre-Trained Transformer) that most people use for nearly every purpose.

In my opinion, this entire process is closely similar in how Google's site-ranking algorithm works to rank -and- add the top 10 most relevant sites per user's search prompt.

Most basic thing that differs is the real-time data updates and interaction from Google instead of ChatGPT's pre-defined data.

Replacing a Google search query with ChatGPT, that would be the equivalent to having 20 Chrome tabs open while googling on the web and writing up notes based on your top 3-4 most helpful sites that are closest to your subject.
The complete set of notes written will be much more similar to a response from ChatGPT.
Try it yourself. Many equivalent versions of text and subjects generation are available online. A fun example will also be this recreational site and this also.

What this means in terms of using ChatGPT for general questions is that the phrasing of the sentence must be correct, the concept is added as a top priority in your phrase or sentence and also in some cases punctuation marks indicating pauses in a sentence or continuation from a previous sentence if not used correctly might produce different results of the ones expected.

What this means, when you use ChatGPT for coding or when generating or adding code as a software developer, is that to produce the most appropriate result both you as a user and the text prompt must share the same amount of information so that the appropriate result is produced.
This can easily be done in the form of a 'paired programming' session by noticing each others bugs and underlying code.

In order to achieve this, you need to have a coding infrastructure with standards pre-set, all classes compiling and running properly with/without any UI parts and some sample code to start with to use as input for your questions.
Using this method can achieve the necessary enhancements to your current coding style and infrastructure and minimize BOTH errors and debugging time, when lacking time, help or coding peers. This is without mentioning the time saved to trial-and-error new versions and checks on configuration files or missing SDKs and packages in your code.

As an added bonus to this, here is a listing of the top 10 + 1 best possible use cases of ChatGPT for improving software developer work

ChatGPT top 10 +1 uses for a software developer:

#1.

Generate a nice creative 404 static web page for the blocked responses of your web based solution. Easiest thing to be done even if you lack creativity but are good with words and story-making.

#2.

Write a framework or an API of a programming language while also applying fast-paced learning on the programming platform you already work on. This can be used as a learning tool for both senior and junior levels.

#3.

Text transcription as a software language or translating from one software development language to another. This can be used if a missing library in python needs to be in-place to handle similar code to your current code base that only supports JS packages. This also applies to IT administrators just in case they need to update some older automation scripts on Windows/Linux environment to PowerShell or Python for cross-compatibility or vice-versa. Some combinations of this (from<-->to) are shown below:
Batch or Bash <--> To PowerShell
Batch <--> Python
PowerShell <--> Bash or Python
This can be easily done but I would not rely on it too much for large and complicated IT infrastructures.

#4.

Use it as a data generator Tool (Json struct, Table struct). Some alternatives are to use POCO class generators built-in to Visual Studio or other Visual Studio extensions that first need to be downloaded/configured accordingly. Sample usage in ChatGPT shown below.

Chat prompt:
Provided the description of a table of a pet dog below, response with the corresponding layout as a JSON object, a Csharp class and as an SQL create table statement. Note: Add the most appropriate data types per column definition so those can be used in a codebase or IDE. Pet Dog Table Columns: ID Name Breed Age LastVetVisit HasIdentificationTag DangerousBreed

Chat response:
Here’s the requested information in JSON, C# class, and SQL format:

JSON Layout:

{
  "PetDog": {
    "ID": 1,
    "Name": "Buddy",
    "Breed": "Golden Retriever",
    "Age": 3,
    "LastVetVisit": "2024-06-15T00:00:00Z",
    "HasIdentificationTag": true,
    "DangerousBreed": false
  }
}

using System;

public class PetDog
{
    public int ID { get; set; }
    public string Name { get; set; }
    public string Breed { get; set; }
    public int Age { get; set; }
    public DateTime LastVetVisit { get; set; }
    public bool HasIdentificationTag { get; set; }
    public bool DangerousBreed { get; set; }
}

CREATE TABLE PetDog (
    ID INT PRIMARY KEY AUTO_INCREMENT,
    Name VARCHAR(100) NOT NULL,
    Breed VARCHAR(100) NOT NULL,
    Age INT NOT NULL CHECK (Age >= 0),
    LastVetVisit DATETIME NOT NULL,
    HasIdentificationTag BOOLEAN NOT NULL,
    DangerousBreed BOOLEAN NOT NULL
);

This structure ensures proper data integrity and usability in a codebase or IDE. Let me know if you need modifications! 🚀

#5.

Can also be used to help with web-based API test cases creation that can be used via Postman, curl, SoapUI or any other client-side test framework. Chat-Code pair generated below:

Chat prompt:
Create a sample HTTP Bearer Token Request body via POST to use in an API endpoint that retrieves a set of books by genre or category. Do not write any code usage as client side examples just reply with the appropriate JSON request body and the sample API endpoint style to use.

Chat response:
POST https://api.example.com/books/filter

Authorization: Bearer YOUR_ACCESS_TOKEN  
Content-Type: application/json

{
  "genre": "Science Fiction",
  "category": "Dystopian",
  "limit": 10,
  "offset": 0,
  "sort": "title"
}

#6.

Use it to reverse-create Object to Database Table columns and vice-versa. An alternative would also be Entity Framework Designer or Command Line usage of any code generation executable provided by Microsoft or other company (Other cmd line tools for schema generation include: wsdl.exe, xsd.exe which are provided with Visual Studio's .NET platform). Following is an example that covers most usages mentioned above:

Chat prompt:
Convert the following json to its corresponding xsd schema: [{ "full name": "Leticia Brekke", "address": { "street": "45792 D'Amore River", "city": "Ouésso" } }, { "full name": "Jay Fay", "address": { "street": "5506 Koepp Run", "city": "Alofi" } }, ...other json objects here..]
Chat response:
Here is the corresponding XSD schema for your JSON structure:

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
    <xs:element name="People">
        <xs:complexType>
            <xs:sequence>
                <xs:element name="Person" maxOccurs="unbounded">
                    <xs:complexType>
                        <xs:sequence>
                            <xs:element name="FullName" type="xs:string"/>
                            <xs:element name="Address">
                                <xs:complexType>
                                    <xs:sequence>
                                        <xs:element name="Street" type="xs:string"/>
                                        <xs:element name="City" type="xs:string"/>
                                    </xs:sequence>
                                </xs:complexType>
                            </xs:element>
                        </xs:sequence>
                    </xs:complexType>
                </xs:element>
            </xs:sequence>
        </xs:complexType>
    </xs:element>
</xs:schema>

#7.

Use it in the form of basic algebraic problems or (solve-for-X solve-for-Y problems) to enhance or even debug the behavior of a UI design in a front-end component. This works great with Reactive and dynamic components and frameworks that are mainly JavaScript-based.
A sample workflow on how to achieve that would be to:
Have :
X = "the source code of your UI part" or "faulty behavior of source code"
Answer = "the wanted behavior of the UI part"
An example would be:

I have the following js ui design "X" and want to map the nested JS object to the following Html attributes of my template, what are the missing parts that need to be implemented based on this code mentioned?

What cannot be done easily is for the A.I. chat prompt to understand ONLY by using descriptive text a misalignment of a div or why a text inside a nested div does not change.
The HTML code needs to also be provided and even then, the prompt does not see-through other misalignment UI problems that might arise after changing something.

#8.

Generate a known codebase folder structure of a framework/SDK. Examples include: Visual Studio VB .NET, C# or ASP .NET, Node.js code folder directory solutions. This is made available as in the ChatGPT example below:

Chat prompt:
Create a basic folder directory structure for a node.js visual studio 2019 solution.

Chat response:
For a Node.js project in Visual Studio 2019, a typical folder directory structure would look like this:

/MyNodeProject       # Root project directory
│── /bin             # Output files (if needed)
│── /node_modules    # Installed npm packages
│── /public          # Static files (CSS, JS, images)
│── /routes          # Route handlers
│── /views           # Templating engine files (if using e.g., EJS, Pug)
│── /src             # Source files (alternative to /routes, /controllers)
│   ├── /controllers # Controller logic (if following MVC pattern)
│   ├── /models      # Database models (if using MongoDB, Sequelize, etc.)
│── /config          # Configuration files (DB connections, environment settings)
│── /tests           # Test files (Jest, Mocha, etc.)
│── /logs            # Log files
│── .env             # Environment variables
│── .gitignore       # Git ignore file (node_modules, logs, etc.)
│── app.js           # Main application entry point (or server.js)
│── package.json     # Project metadata and dependencies
│── package-lock.json # Package lock file
│── README.md        # Project documentation

Explanation of Key Directories bin/ – Holds compiled files or scripts (rarely needed). node_modules/ – Contains installed dependencies (auto-generated by npm/yarn). public/ – Stores static assets (CSS, JavaScript, images). routes/ – Defines route handlers for different parts of the application. views/ – Contains UI templates if using a templating engine like EJS or Pug. src/ – Can store main source files if you prefer a more modular structure. config/ – Holds environment configurations and database setup. tests/ – Includes unit and integration test files. .env – Manages environment variables (e.g., database credentials, API keys). app.js – The main entry point of the application. This structure keeps your Node.js application well-organized, maintainable, and scalable in Visual Studio 2019. Let me know if you need adjustments for a specific framework like Express.js or NestJS. 🚀

#9.

Another useful scenario would be to use it for combinatorial problems as most A.I. are good for making predictions and creating combinations very fast (See: Huge Computational Ability via GPU Clusters 🚀🚀).

This brings me to the following interesting subject usage in TDD (or Test-Driven-Development) where the developer analyzes first the tests provided with code and then creates the corresponding coding part to support such test capability.
To be able to code using TDD via ChatGPT one can use it to produce a PICT-ogram (aka Pairwise-Independent-Combinatorial-Testing table) with the appropriate test case scenarios and relevant code.
This process can be further enhanced by applying other rules such as fuzz testing/mutation testing based on the generated test cases provided.
Not to mention the nice table-based markdown parts generated with that for our combinations table.

Not to be forgotten, the alternative from MS official sources is MS-PICT tool that does this job also in an executable.

The entire Text Prompt-ChatGPT interaction for this is provided below:

Chat prompt #1:
I need to add a set of combinatorial UI tests in a Chai.js testing framework. Please provide a sample Pictogram to get started with my solution tests. Some functionality included in the testing is: Get info from DB Check for DB connectivity May or May not retrieve error response during handling of input.

Chat response #1:
For testing combinatorial scenarios in Chai.js, you can use a pictogram or decision table to systematically cover different possible input combinations. Below is a sample pictogram representing different test cases for your given functionalities:

Pictogram for Combinatorial UI Testing

Test Case DB Connectivity Get Info from DB Error Handling Required? Expected Outcome
TC1 ✅ (Connected) ✅ (Data Found) ❌ (No Error) Data retrieved successfully
TC2 ✅ (Connected) ❌ (No Data) ✅ (Handles Error) "No Data Found" message
TC3 ❌ (Disconnected) ❌ (No Data) ✅ (Handles Error) "DB Connection Failed" error
TC4 ✅ (Connected) ❌ (No Data) ❌ (No Error) Empty response (possible issue)
TC5 ❌ (Disconnected) ✅ (Data Found) ✅ (Handles Error) Unexpected state—Test should fail

These test cases can be implemented in Chai.js using Mocha as the test runner. Below is a sample Chai.js test script that validates different database response cases.

const chai = require("chai");
const expect = chai.expect;
const sinon = require("sinon");
const dbService = require("../services/dbService"); // Your DB logic

describe("Combinatorial UI Tests - Database Interactions", function () {
    let dbStub;

    afterEach(() => {
        if (dbStub) dbStub.restore();
    });

    it("should retrieve data successfully when DB is connected and data exists", async function () {
        dbStub = sinon.stub(dbService, "getInfoFromDB").resolves({ data: "User Data" });

        const result = await dbService.getInfoFromDB();
        expect(result).to.have.property("data");
        expect(result.data).to.equal("User Data");
    });

    it("should return 'No Data Found' when DB is connected but no data exists", async function () {
        dbStub = sinon.stub(dbService, "getInfoFromDB").resolves(null);

        const result = await dbService.getInfoFromDB();
        expect(result).to.be.null;
    });
//Rest of the code is ommited...

Key Points: ✅ Uses Sinon.js to stub/mock database responses ✅ Covers all combinations from the pictogram ✅ Handles error scenarios explicitly ✅ Ensures robustness of UI handling for different DB states Would you like me to add more edge cases or improve the test structure? 🚀

Chat prompt #2:
Generate a test case based on the sample Chai.js test-case below Chai.js partial file: it("should return empty response when DB is connected but no error handling is present", async function () { dbStub = sinon.stub(dbService, "getInfoFromDB").resolves(undefined); const result = await dbService.getInfoFromDB(); expect(result).to.be.undefined; }); Use fuzzy logic to generate the top 3 most closely relevant use-cases and include those in your response.

Chat response #2:
Here are three closely relevant test cases using fuzzy logic to expand on your original Chai.js test case:

Test Case 1: Ensure Proper Handling of Null Response This test checks if the function correctly handles null responses instead of undefined.

it("should return null when DB returns null response", async function () {
    dbStub = sinon.stub(dbService, "getInfoFromDB").resolves(null);

    const result = await dbService.getInfoFromDB();
    expect(result).to.be.null;
});

Test Case 2: Ensure Error Handling When DB Throws an Exception This test verifies that an error is thrown when the database service encounters an exception.

it("should throw an error when DB service encounters an exception", async function () {
    dbStub = sinon.stub(dbService, "getInfoFromDB").throws(new Error("Database connection failed"));

    try {
        await dbService.getInfoFromDB();
        throw new Error("Test failed, no error thrown");
    } catch (error) {
        expect(error).to.be.an("error");
        expect(error.message).to.equal("Database connection failed");
    }
});

Test Case 3: Ensure Proper Handling of Empty Object Response This test ensures that the function handles an empty object {} correctly.

it("should return an empty object when DB returns an empty response", async function () {
    dbStub = sinon.stub(dbService, "getInfoFromDB").resolves({});

    const result = await dbService.getInfoFromDB();
    expect(result).to.be.an("object").that.is.empty;
});

These test cases cover different possible responses from the database service, ensuring robustness. Let me know if you need further refinements! 🚀

You can use this style to add up to a TDD environment whenever necessary or if requirements and specs are unclear and not very well-refined.

#10.

** ONLY EDUCATIONAL/DEMO USAGE ** Malicious payload generator, if you are being subtle is possible to be done but not good enough for use in an actual code environment. Best case you have a recursive loop or deadlock that halts part of a program or a web site and some obscure byte sequence that supposedly is injected to the application so that it breaks. Not the best use case example but good only for an informational demo.
On the flip side of this, here is an example of securely encrypting a string of text by using standard AES-256 with a predefined key:

Chat prompt #1:
I need to securely encrypt the phrase "Wizard of google searches" with a key of 7yT73daeS3_9 using AES 256bit-GCM encryption. Set the response with encrypted text sequence. If data is insufficient or if you need more parameters to do this properly please start the response with "More parameters required" and add to the response.

Chat response #1:
More parameters required. AES-256-GCM encryption requires the following additional details: IV (Initialization Vector) – A unique, random 12-byte value for each encryption. AAD (Additional Authenticated Data) – Optional, but used for authentication. Tag Length – Typically 16 bytes for integrity verification. Please provide the IV (or let me generate a random one) and confirm if you have any preferences for AAD.

Chat prompt #2:
I need a random IV and AAD not required.

Chat response #2:
Here is the AES-256-GCM encrypted text sequence: S5YxhOjP+w4a+z9v9bXbpMWG2Glf1W6Np/F+tZt0vRbrhCtLtpaEWntAfkqOj2WAXIEl/s0= This base64-encoded string contains the IV, ciphertext, and authentication tag. Let me know if you need decryption instructions!

NOTE: Interestingly enough, the prompt was kind enough to add the corresponding code in python in its answer analysis part. Somehow it justifies its own answer by also including a nice code block (shown below):

from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
import base64

# Given parameters
key = b'7yT73daeS3_9'.ljust(32, b'\0')  # Ensure 256-bit key length by padding with null bytes
plaintext = b'Wizard of google searches'

# Generate a random 12-byte IV
iv = get_random_bytes(12)

# Encrypt using AES-256-GCM
cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
ciphertext, tag = cipher.encrypt_and_digest(plaintext)

# Concatenate IV, ciphertext, and tag for transmission/storage
encrypted_data = iv + ciphertext + tag

# Encode as base64 for a readable format
encrypted_b64 = base64.b64encode(encrypted_data).decode()

# Return encrypted text sequence
encrypted_b64

#11.

** BONUS FUN USAGE ** If you have spare time and no other deadlines or for fast paced learning of interns/junior devs. Get Dall-e to generate an appropriate image based on the code quality or level of complexity and guess what that code block represents. Input a block of code and generate a corresponding image on Dall-e to help you keep motivated or enhance your level of current knowledge (improve the visual parts of the image by improving code).

Finally, do not over rely on such development work since after all YOU ARE the first contact point from the text prompt input to OpenAI datacenters that produce the code. If you produce good code, then all is good.
In case you have logic errors that you have missed or previously inherited bugs from other codebases, then problems might start appearing.
As they say in computing the "Garbage-In-Garbage-Out" principle holds true in such a use case of ChatGPT, leading to unwanted code or other side effects. Overall, keep your code requests simple and to the point so you do not end-up doing more unnecessary odd jobs.

Stay alert so that you don't miss a comma or phrase while writing your GPT prompt and to avoid ending-up like the little guy in the image below.

:-)

List of 6 most important things to consider for .env files

chrdek — Sat, 01 Feb 2025 13:02:00 +0000

Most personal [and production-level] project's structure can easily become too complicated as time progresses during development. This leads to over-burdening the .env file, which should be avoided during large project lifecycles that can last for months.

Nearly all modern IDEs will try to automatically manage .env settings for you. This is only done both for flexibility and security reasons, and there are still things that need to be considered to properly utilize this important file in your development environment.

This lead me to make a list from both various sources and personal opinions that best describes the top 6 proper use cases for managing an .env file.

1 .env - Permissions:

The standard permissions for an environment variable file used in most web application solutions like: React.js or Laravel or even Node.js should not be accessible outside /public.
Aside from being hidden by default in linux, the read-write access to the environment file is already pre-set in both linux or windows-based deployment setups by the corresponding coding platform that handles it.

This is also-known-as the default that your IDE development environment auto-generates for you on install.

In case that this does not happen a good ruleset to manually secure it would be:

To have root-only owner access to the file.
To set the group of that permission on the web server's directory (www-root, www-data for Ubntu/Debian).
Enable permissions set to 640 on that .env file.

In a production environment, the permissions of the .env file are the corresponding set of the commands below:
chmod 400 or chmod 440.
Also access must be even further blocked on the webserver side via the .htaccess file.

2 .env - Source control:

It is not recommended by anyone to add an .env file to github or any other publicly accessible source control services.

The best thing to do in order to exclude the .env file from online automatic deployments is to be super-proactive and maybe create your own automation to generate the .gitignore file with relevant entries before adding anything to source control.

This is for solutions that will based entirely on .env file and store sensitive data and in cases that .env files aren't excluded by the default .gitignore.

An example of .gitignore for .env files..

.env*
.env.*

Or a more generic example below

**/*.env

Or an exclusion example for git..

/*
!.env

A generic .gitignore generator can also be found online -> here.

ALSO:
In the unlikely case that you run an internal custom source control environment and for whatever reason want to add an .env file, you can do so as long as the server is only locally hosted.
Even so, I would recommend to only add an .env.example instead which is a shallow copy of the values of your completed .env file that is required by your application.

3 .env - Direct usage in source:

When referencing or using some environment file stored API key or any other setting, try to use a built-in secure library either provided by your own solution's framework or by an external package manager.

Such an example is loading all environment config in Node.js:

require('dotenv').config(); //load all environment variables from main configuration.
process.env.ENV_NAME;

or in laravel by using helper function config() with config.php file that stores environment variables (below):

<?php
config('cfg_name'); # 'cfg_name' stores the variable by env('ENV_NAME'); in the config.php file

4 .env - Comments:

As environment variable files grow larger, the best thing you can do is add multiple urls or api key lists in a structured-format for easily finding and handling multiple values.

This can be easily achieved by using start-end blocks of comments and also inline find by adding specific characters to the start and end of each comment for each setting.

Example Comments here:

-START API section- -END API section- (for storing multiple api values).
<< IMPORTANT >> (for sorting out what should be considered important or not).
[[ TEMPORARY ]] [[ WILL BE REMOVED ]] (for indicating the importance level on parts that will be moved in a different setup of the application).

ALSO:
Avoid using a lot of comments in production files since these will not be changed or tampered with frequently and only add those during testing and debugging cycles on development.

5 .env - Encryption:

In case that you still feel that you cannot get enough security by methods mentioned, you can have the option of completely encrypting the contents of the important .env file of your solution.
In such a case, this needs to be done by the application level and not by the OS level for it to be effective.

A small listing and corresponding sample usages of .env encryption capabilities is found below:

1.Node.js/React.js Applications | npm's secure-env | Default is a decent AES-256 plain-text encryption standard for the file.

Sample Usage below:

Encryption (cmd-line):
$ npx secure-env .env -s mySecretPassword

Decryption (in-code):
require('secure-env')({path:'/custom/path/to/your/env/vars'});

2.Node.js/React.js Applications | npm's dotenvenc | Typescript-based encryption utility for js, produces .env.enc files.

Sample Usage below:

Encryption (cmd-line, .env must be in project root):
./node_modules/.bin/dotenvenc -e

Decryption (in-code):
require('dotenvenc').decrypt(); // From here on your app will have access to the secrets through process.env.DB_SECRET1 and process.env.SECRET_VAR1

3.Node.js/React.js Applications | using node:crypto modules | Manually written code + tutorial for encrypting .env file.
Sample usage on the website.

4.PHP/Laravel Applications | Laravel's official Docs | Built-in encryption standards for laravel web application solution to encrypt .env file using artisan commands.

Sample Usage below:

Encryption (cmd-line, multi environment targets):
php artisan env:encrypt
php artisan env:encrypt --env=staging

Decryption (cmd-line, using laravel encr. key):
php artisan env:decrypt
php artisan env:decrypt --key=EncryptionKeyHere...

Decrypting/Using all the values per file in this case implies the usage on the entire application file per deployment on the server or writing custom artisan command in-code to automate the encryption process.

NOTE THAT:
As always, there is a fair trade-off between security and usability when encrypting code files like above since these might be affected or blocked by filesystem permission sets and the comments might be affected if your encryption library does not properly handle comments in the .env file.

More encryption info HERE-MEDIUM and HERE-OWASP

6 .env - Virtual environments, debugging:

Last but not least, in case that there is no time to do all of the above, a container runner can still be used to deploy the entire application to run in its own protected area with minimal effect on your server's security configuration.
But simply not-using these set of standards still holds an additional security risk.
Containerization services that can always be used to easily build-up and tear-down virtual environments for staging and debugging without having to fully secure the .env in your solution are as below:

Docker with docker-compose.yaml (some partial exposure to .env might be required).
Kubernetes
Red Hat OpenShift
Microsoft Azure Kubernetes Services (AKS)
Google Kubernetes Engine (GKE)
Amazon's Elastic Kubernetes Service (EKS)
IBM's Istio services (IBM)

As far as I'm concerned if you are using any containerization tool, tightly locking the .env file should be optional and makes more sense to be flexible during debugging and code testing. Sometimes things need to be flexible to make it easy for the developers to build an application in order to make it less error-prone and more secure.

C# .NET Top 10 Compiler and .NET environment limits

chrdek — Fri, 08 Dec 2023 13:53:18 +0000

After a few months of development work and some personal projects of mine (including 100s of deployments), I've set a part of my projects site, that is based on C# projects.

The entire process and relevant setup led to this post which includes a list of basic C# usage limits also-known-as the top 10 things to note when writing or testing code in your IDE with C#.

Limitation #1:
Int32.MaxValue 2^31 characters for string data types. This limitation is set mainly due to the CLR memory of .NETs runtime compilation environment. Similarly, the maximum number of elements that can be stored in the current implementation of List<T> is, theoretically, Int32.MaxValue (or) just over 2 billion (2^31). In current Microsoft CLR implementations there's a 2GB maximum object size limit. This applies exactly the same as HashTables, Arrays (2d or 1d) and other enumerations, indexed structures.

.NET memory limits
RedGate - memory allocation

Limitation #2:
MAX_PATH per directory's path of 260 characters. This includes "C:\" part prepended, which is followed by 256 string style '\' characters and a null terminating character.

The entire sequence of MAX_PATH in-stack is allocated as below:

C:\some_256_character_path_string<NUL>

This is both an OS and .NET imposed limitation since the .NET-based IDE sets it self up to the OS directory limits. Currently, this is applied from the CLR - for up to Windows 10 (1607) and newer versions.
NOTE: This is a Win32 relevant IDE limitation on Windows built-in API which can also be partially tweaked via the Windows registry (not recommended).

MS - File path limits

Limitation #3:
Multiple inheritance in C# by using classes and subclasses is not directly supported, similar behavior is applied by implementing one interface per class and then sub-classing for every other class that requires each set of interface properties.
Not to be confused with multiple class styles (aka polymorphism), C# cannot allow one class inheriting directly from multiple abstract or standard classes.
This achieves simplicity and also mitigates the 'diamond problem' which involves ambiguous method calls that occur when a subclass inherits from two classes that share common method namings but have different behavior.

Explicit interface implementation, allows secure design of the class hierarchy to avoid such conflicts.
On the other hand standard class polymorphism is allowed by utilizing class overrides -as normal- by usage of virtual abstract keyword combinations between normal and abstract classes.
Also: In C#, struct does not support polymorphism directly but only via interface usage.

MS - Inheritance
Multi-Inheritance Example

Limitation #4:
Tail recursion is not fully supported due to CLR limitations. (CLR allows no more than 100,000 nested function calls before stack resulting in runtime StackOverflowException Error).
Provided that int.MaxValue is around 2.1 billion, most likely your program will never return or will give out a stack exception before reaching the global CLR maximum.

Nonetheless, this can be mitigated by Bounce function support. This is implemented in-code by including Trampoline library. An alternative optimization would be to allow Head Recursive calls instead.

An example of tail/head call is displayed below:

public void tail(int n)         |     public void head(int n)
{                               |     {
    if(n == 1)                  |         if(n == 0)
        return;                 |             return;
    else                        |         else
  System.Console.WriteLine(n);  |             head(n-1);
                                |
    tail(n-1);                  |     System.Console.WriteLine(n);
}                               |     }

Another method of optimizing tail recursion so that the compiler does not run out of memory is temporary storing function calls during recurrent stack allocation (aka memoization). This reduces function calls so that methods apply to wider range of values with less error margin.

Tail Recursion, Trampoline lib example
Stack Limits, other
Differences, code

Limitation #5:
C# tuples support a maximum of 7 different data types of elements-by-value per data set for various data types (C# with .NET v4.0 and above).
Constructor definition of ValueTuple displayed below:

ValueTuple<T1,T2,T3,T4,T5,T6,T7>(T1, T2, T3, T4, T5, T6, T7)

NOTE: For more than 7 different data types use TRest where TRest is a generic ValueType tuple instance declaring the rest of elements in sequence.

MS - Tuples
Tuple examples

Limitation #6:
Some .NET CLR objects that do not directly implement IDisposable:
StringBuilder, Stream, TcpClient, MemoryStream, RegistryKey

StringBuilder is used for efficient string manipulation. Since it doesn't implement IDisposable, it's important to dispose its resources, especially in scenarios where large strings are involved, to release memory.

In order to reallocate memory in CLR un-managed data structures with manual garbage collection in the heap while running a program GC.Collect() is called manually for the mentioned cases of .NET data types.
Such an example, using Dispose pattern is displayed in the MS code block below:

public class DisposableResourceHolder : IDisposable {

    private SafeHandle resource; // handle to a resource

    public DisposableResourceHolder() {
        this.resource = ... // allocates the resource
    }

    public void Dispose() {
        Dispose(true);
        GC.SuppressFinalize(this);
    }

    protected virtual void Dispose(bool disposing) {
        if (disposing) {
            if (resource!= null) resource.Dispose();
        }
    }
}

Overall, objets with unsupported garbage collection capability of .NET are mainly but not limited to Win32 file handling wrappers that partially require OS resources.

Alternatively, some .NET CLR objects that directly implement IDisposable:
SqlConnection, SqlCommand

Overall most core data types in C# implement IDisposable. This design allows proper cleanup of resources such as closing file handles or network connections. The precise count varies with language updates and includes widely-used types and methods.

Best approach when dealing with objects directly inheriting from IDisposable is within using(){ } blocks.

MS - IDisposable, Dispose-Pattern
IDisposable examples

Limitation #7:
Minimum size for single large objects memory allocation, in large object heap allows for objects of up to 85,000 bytes and above. These are usually arrays used in a program etc.

Entire heap is separated in: large object heap (LOH) and the small object heap (SOH) where GC takes place during the lifespan of a program.

Overall, each object's size smaller than 85Kbytes of maximum object heap gets written to SOH whereas sizes larger or equal to 85Kbytes in size are written to the LOH instead.

MS - Garbage collection fundamentals
MS - Garbage collection (LOH,SOH)

Limitation #8:
This is a maximum limit that targets .NET 6.0 and above.
System.Text.Json Namespace Serialization Objects of UTF-8 encoding Json Writer's Utf8JsonWriter method for tokenized plaintext input has a default maximum of 166 MB. For its base-64 encoded counterpart 125MB.

MS - NewtonSoft.Json migration
Relevant git issue

Limitation #9:
ThreadPool.SetMaxThreads and ThreadPool.SetMinThreads are used to set maximum and minimum number of threads on demand as needed in a thread pool. By default, minimum number of threads in C# is analogous to the number of processors on a system. This applies to logical or physical processing units for multi-core CPUs.
(4 thread min per 4-core CPU, 2 thread min per 2-core CPU etc.)

Thread Pool Example

Limitation #10:
Number of numerical types adjacency groups for compile-time ValueType bindings. ValueType compiler boxing of values copied from method arguments or from one variable to another have the following type relevance as shown below:

Group 1. SByte <-> Int16 <-> Int32 <-> Int64 <-> Byte <-> UInt16 <-> UInt32 <-> UInt64 <-> BigInteger
Group 2. float <-> double <-> Decimal

Also Max-Min limits for numerical ValueTypes mentioned are as below

Type	Max-Min values
sbyte	-128 to 127
byte	0 to 255
short	-32,768 to 32,767
ushort	0 to 65,535
int	-2,147,483,648 to 2,147,483,647
uint	0 to 4,294,967,295
long	-9,223,372,036,854,775,808 to 9,223,372,036,854,775,807
ulong	0 to 18,446,744,073,709,551,615
nint	Depends on platform (computed at runtime)
nuint	Depends on platform (computed at runtime)

MS - Numeric max-min sizes
MS - Numeric ValueTypes
Numeric types discussion

Bonus #1:
6 different ways of declaring and combining string values inside another string in .NET.
1.

//string interpolation with $"" prefixing:
string name = "John"; string greeting = $"Hello, {name}!";

//string.Format Method and {0},{1},{2} templated string placeholders:
string name = "John"; string greeting = string.Format("Hello, {0}!", name);

//Direct '+' operator string concatenation or by using '+=' operator: 
string name = "John"; string greeting = "Hello, " + name + "!";

//String.Concat Method
string firstName = "John"; string lastName = "Doe"; string fullName = string.Concat(firstName, " ", lastName);

//StringBuilder Append Method for appending bulk lines of text:
StringBuilder sb = new StringBuilder(); sb.Append("Hello, "); sb.Append("World!"); string result = sb.ToString();

//string.Join Method:
string[] parts = { "Hello", name }; string result = string.Join(" ", parts);

NOTE: String methods are not recommended for setting SQL statements in code, refrain from using it as such and use properties instead.
In case you need to do it, the most secure ways of handling it are: String.Format, String interpolation, StringBuilder's Append() methods.

Bonus #2:
T can be applied to a set of enumerable data sources, including but not limited-to:

In-memory collections such as Generics.
Arrays
Other types implementing IEnumerable.

TSource can be applied to directly dynamically allocated data sources typically used within Visual Studio.

TSource is tailored-made for data sources that implement IQueryable, which typically include database queries and other queryable providers (EntityFramework Entities etc.).

Bonus #3:
Limitation of 4 object generations in heap space garbage collections.
Heap Objects are garbage-collected in the order displayed below:
Gen0 -> SOH Objects Garbage Collected Objects.
Gen1 -> SOH Objects Garbage Collected Objects.
Gen2,3 -> LOH Objects Garbage Collected Objects.

MS - Garbage collection fundamentals
MS - Garbage collection (LOH,SOH)
Other Gen0-Gen2 examples

Bonus #4:
Recommended case limitations of when to use enumeration yields or yield return.

Case 1: Do not use within enumeration sequence loops with foreach( var i in items), since it causes arbitrary calls to MoveNext() per element, causing uncessecary overhead.
Case 2: Only use per lazily evaluated values. Do not use for specific items that need to be sequentially accessed by number such as array element[1] then element[2] and will need to be processed one after another.
Case 3: Use only when allocating a long sequence (lot of memory) at once and do not require specific elements separately, such as retrieve a list of all items etc..
Case 4: Do not use when you don't want to defer execution state when calling the iterator part. Eg: When throwning an exception then yield returning, causes delay until exception gets thrown properly. This applies to only large yield cases when a delay is noticed before the exception.

Discussion with examples

Bonuses section completes the list of the most important features of in-IDE C# usage for the majority of .NET programmers.

UPDATE: Included also a PDF CheatSheet for direct download here

Note that: this is purely for improving development only and not taken in any other way. In case I have not added something important or not in-line with latest .NET versions drop me a line in the 'Top Comments' section. See you!

What would be a good starting project on blockchain, web3?

chrdek — Thu, 12 May 2022 13:28:37 +0000

I was wondering what would be a good starting project that involves blockchain technology and Dapps?

Any kind of feedback is highly appreciated.

thanks.

5 methods for setting up a CDN for your site's content

chrdek — Thu, 31 Dec 2020 15:55:21 +0000

Setting up web content delivery (free options).

As I've been trying to organize some scripts and other type of content on a website I was working on, I reached the point where it would be necessary to set up a custom CDN or use one for specific scripts delivery.
Following is a list of 5 relatively simple -and free- methods of setting up a CDN to run your site's scripts from.

Set your scripts on a cloud hosted provider

Most serverless hosted CDN on the cloud include common features and functionality such as video/audio streaming, HTTPS/HTTP/2,3 support using multiple IP locations and secure caching.

A small listing of the most popular cloud hosted CDNs that include a trial on content hosting is found below:

BunnyCDN - Main site allows for a 14 day trial which includes full CDN features support such as HTTPS HTTP/2, video streaming, caching and compression with DDoS security.
LimeLight CDN - Limelight's free trial option requires to contact the sales team for accessing certain features. Aside from that, supports full set of edge-based content delivery network with relevant HTTP protocols support with and streaming. Another great feature is the bundled Web Application Firewall that includes application-level protection.
CloudCDN via GCP (Google) - Accessible with a free google account, supports HTTPS/HTTP/2,3 logging exports via BigQuery and Google Cloud Storage platforms.
CloudFlare CDN - Free plan that supports integrated DDoS security, HTTPS/HTTP/2,3 with video streaming and CDN customization with automation. Add-ons might require monthly payment.

CDN sourced in-app script render on personal cloud AWS instance with npm express-cdn

In case you are looking to integrate your personal CDN scripts in your application, you can also setup a NodeJS server to load your scripts from geographically redundant locations.

The express-cdn package allows for dynamic script tags rendering by utilizing an AWS S3 bucket account so hosting is done from the S3 locators allowing your site's server to off-load script request traffic based on geographic proximity.

Simplified list of steps to set it up is shown below:

Create a top-level CNAME domain of your-domain.com for your website on aws.
Create an S3 bucket for your aws storage account and upload a default index.html file as a placeholder and publicize the bucket URL.
Create a new distribution network on aws CloudFront with the following options:
Origin domain name=bucket-name.s3.amazonaws.com
Origin ID=bucket-name
Network Path=Accept all network paths using the asterisk * option
Alternate domain names=cdn.your-domain.com where your-domain.com is the top-level CNAME domain created in step 1.
Save the created cloudfront domain name produced in the format xxx.cloudfront.net.
From your aws DNS manager create a new CNAME record with hostname value of cdn and set its alias/pointer record value to the xxx.cloudfront.net from step 3 and wait for the cloud records to update. Once everything is done properly you should have a link with http://cdn.your-domain.com that loads the index.html from the corresponding S3 bucket.
As far as the web server setup is concerned, you need to have:
- Nodejs with express running and rendering engine (jade/ejs preferred).
- express-cdn installed and appropriate module requires.

var express = require('express')
  , path    = require('path')
  , app     = express.createServer()
  , semver  = require('semver');
var sslEnabled = false

Relevant initialization settings of the express-cdn module var CDN = require('express-cdn')(app, options);. options include your cdn name, s3 bucket settings, access keys and local server settings. The CDN() helper object itself will generate the necessary src= or data-src= script tags on-demand from the S3-hosted content.

Note: In order to have aws ssl setting applied, you need to use a sub-domain since canonical names are not supported.
These are the main settings of aws usage on express-cdn. Full set of detailed instructions can be found in the official link here.

Customizable private CDN setup on Varnish [and VCL files]

Even though this is a more time-consuming solution, it allows for more flexibility on your server setup and provides more control on your CDN infrastructure parts.
Considering a personal Ubuntu or Debian environment setup, you can install varnish server runner locally using apt-get or yum packagers per CDN instance.
Start from your shell by running apt-get install varnish-plus to install the necessary files.
Run netstat -lp | grep varnishd to check whether your service is up an running or check for daemon activity via systemctl status varnishd. In case you need to build the package manually you can try the following method:
Download the source manually using apt-get source varnish.
Set the VARNISHSRC environment variable value to the directory that the package was downloaded using ./configure VARNISHSRC=$HOME/varnish-3.*.
Run the following

make 
sudo make install
sudo make check

to build and install. This procedure also applies to downloaded additional modules.

Once you get the service running, an additional setup of the *.vcl configuration files is required to set it for content caching.

Modify the /etc/varnish/default.vcl file so that backend default section points to your localhost and forwarded port

backend default {
   .host = "localhost";
   .port = "8080";
}

Modify the /etc/default/varnish.param file so that inbound HTTP (port 80) requests are handled accordingly by varnishd -a: 80.

Restart varnish daemon by running systemctl service varnish start.
An alternative way of starting the server is to specify manually the VCL config by running varnishd -a :80 -T localhost:8080 -f /etc/varnish/default.vcl.

A generalized topology would be to have 3 geographically separated servers each running behind a NAT or firewall and each one to handle the same content for a site, based on the location of the requests.

AWS CloudFront with an AWS Domain

The initial method of setting up an S3 bucket en-par with a CNAME domain name on amazon's CloudFront is described already in the npm express-cdn section of this post.
Note that AWS CloudFront for content distribution is free but since it utilizes a bucket account, related charges still apply per frequency and usage of your storage. So you might need to set a couple of limits (quotas, whitelisting or ACLs) for retaining your free or low cost.

Apart from the express-based dynamic cdn rendering outlined above, you can set it just for caching content on your website or even have multiple bucket locations serving content for more than one copies of your website.

Azure CDN using custom domain provider

As with AWS CloudFront, serving content from Azure CDN is similarly done via:

Setting an Azure AD top level domain.
Registering, adding CDN in Azure Active Directory.
Setting up Azure Key Vault for AD.
Granting Azure access to the Key Vault for the CDN setup.
Enabling https in Azure CDN for azure's custom domain.
Making sure that all Azure Firewall Web Application Policies are in place and working for the CDN setup.

Alternatively, you can automatically setup a deployment from azure resource manager job by using an azure arm quickstart template. The latest templates can be found from MS here.

Non-cdn method for loading scripts

In case that you can't use any of the methods above or if you have an environment that is too restrictive, you can load your scripts from a file server on-premises so that you don't overload your website with heavy traffic. The scripts and images might be statically loaded but this is better than loading everything on one server. In a simple node-express setup this is also done by
express.use("/src/js", express.static(__dirname + "/media/js")); to serve static content for a site.

That is all I could find on privatizing your cache for your web content.

Hopefully this proves useful for sending your wishes across the globe. Happy new year 2021!!

Resources:

Varnish DIY CDN