DEV Community: Dhaval Upadhyay

[Boost]

Dhaval Upadhyay — Fri, 07 Mar 2025 11:53:43 +0000

Install Docker using command line and pull code from github

Dhaval Upadhyay ・ Mar 5

#docker #webdev #devops #aws

Upload docker code using CI/CD pipeline of github action

Dhaval Upadhyay — Fri, 07 Mar 2025 11:19:11 +0000

1. Install Docker on your server

Click Here to get detailed description on how to upload your code on server using docker

2. Run " docker ps " command to get the image and container name

3. Store Secrets in GitHub

Go to GitHub Repo → Settings → Secrets and variables → Actions → New Repository Secret, and add:

- DOCKER_USERNAME → Your Docker Hub username
- DOCKER_PASSWORD → Your Docker Hub password/token
- SERVER_HOST → AWS Server IP
- SERVER_USER → ubuntu
- SSH_PRIVATE_KEY → Paste your AWS SSH Private Key

4. Create GitHub Actions Workflow

Create .github/workflows/deploy.yml in your repo:

name: Deploy to QA

on:
  push:
    branches:
      - master  # Runs on direct push to 'qa'

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout Code
        uses: actions/checkout@v3

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Log in to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Build and Push Docker Image
        run: |
          docker build -t dockerusername/myapp:${{ github.sha }} .
          docker push dockerusername/myapp:${{ github.sha }}

      - name: Deploy to Server
        uses: appleboy/ssh-action@v0.1.10
        with:
          host: ${{ secrets.SERVER_HOST }}
          username: ubuntu
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          port: 22
          script: |
            docker pull dockerusername/myapp:${{ github.sha }}
            docker ps -a  # Debugging step to check existing containers
            docker stop myapp || true
            docker rm -f myapp || true
            docker run -d -p 3000:3000 --restart unless-stopped --name myapp dockerusername/myapp:${{ github.sha }}
            docker image prune -f

myapp - docker image name
create account on dockerhub

this process will login to docker hub , build your image and pull that image to your server
comment if you are facing any problem or need any help

Install Docker using command line and pull code from github

Dhaval Upadhyay — Wed, 05 Mar 2025 10:15:09 +0000

Introduction

Briefly introduce the importance of CI/CD in modern application development.
Highlight the benefits of deploying Node.js Docker applications using aws command line and GitHub Actions.
Outline the steps that will be covered in the blog.

Prerequisites

aws account.
GitHub repository with your Node.js application.
Basic knowledge of Docker and GitHub Actions.

Follow Below steps to install docker first

1. update the package list

sudo apt update
sudo apt upgrade -y

2. Install prerequisite packages

sudo apt install -y apt-transport-https ca-certificates curl software-properties-common

3. Add Docker's official GPG key

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

4. Set up the Docker stable repository

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

5. Install Docker

sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io

6. Verify Docker installation

docker --version

7. Verify Docker installation

docker --version

Install Docker Compose

1. Download and install Docker Compose

sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

2. Set executable permissions

sudo chmod +x /usr/local/bin/docker-compose

3. Verify installation

docker-compose --version

Clone Your Node.js Project from GitHub

1. Install Git

sudo apt install -y git

2. Clone the repository

git clone "git_url"
cd "repo_name"

Create Dockerfile for Node.js Application

1. Inside the project directory, create a Dockerfile

# Use Node.js base image
FROM node:16-alpine

# Set working directory
WORKDIR /app

# Copy package.json and package-lock.json
COPY package*.json ./

# Install dependencies
RUN npm install

# Copy application code
COPY . .

# Expose the application port (e.g., 3000)
EXPOSE 3000

# Start the application
CMD ["npm", "start"]

Build and Run Docker Container

1. Build the Docker image

docker-compose build (if you have docker-compose.yml)

docker run -d -p 3000:3000 --name node_structure node:20 tail -f /dev/null  
(if you do not have docker-compose.yml)

2. Run the container

docker-compose up -d

3. Verify running container

docker ps

How to Secure PHP Applications from SQL Injection Attacks

Dhaval Upadhyay — Sun, 06 Oct 2024 07:51:56 +0000

Introduction

SQL Injection (SQLi) is one of the most dangerous vulnerabilities that can affect web applications, especially those built using PHP. It occurs when an attacker manipulates a query by injecting malicious SQL code, potentially gaining access to sensitive data or even compromising the entire database. Despite being an old vulnerability, SQL injection is still prevalent due to poor coding practices. This blog will guide you through understanding SQL injection and implementing the best practices to secure your PHP applications from this threat.

What Is SQL Injection?

SQL injection happens when an application allows user input to be passed directly into an SQL query without proper validation or escaping. This enables attackers to execute arbitrary SQL code on the database.

Example of SQL Injection Vulnerability:

$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn, $query);

In this example, if a malicious user enters admin' -- as the username and leaves the password blank, the query becomes:

SELECT * FROM users WHERE username = 'admin' -- ' AND password = '';

The -- comments out the rest of the SQL statement, allowing the attacker to bypass authentication and potentially gain admin access.

Types of SQL Injection Attacks

In-band SQLi: The attacker uses the same communication channel (e.g., HTTP) to launch and receive the results of the attack.
Blind SQLi: The attacker cannot see the result of the attack directly, but can infer information based on the web application's behavior.
Out-of-band SQLi: This type relies on a separate communication channel to receive the attack results.

How to Prevent SQL Injection in PHP

To prevent SQL injection, you must ensure that user inputs are never directly embedded into SQL queries. Below are several methods to mitigate SQL injection vulnerabilities.

Key Takeaways

Use prepared statements (parameterized queries) to prevent SQL injection.
Validate and escape all user inputs, especially in scenarios where prepared statements aren't feasible.
Limit database user privileges to minimize potential damage.
Keep your application and database software up-to-date with security patches.

1. Use Prepared Statements (Parameterized Queries)

Prepared statements ensure that SQL code and user input are strictly separated. This method is the most effective and recommended practice for preventing SQL injection.

// Secure code using prepared statements
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
$stmt->bind_param("ss", $username, $password);  // "ss" represents the data types (string, string)
$stmt->execute();
$result = $stmt->get_result();

In this case, ? placeholders are used for user inputs, and the bind_param() function ensures the user inputs are treated as data rather than executable code.

Example with PDO:

// Secure code using PDO
$stmt = $conn->prepare("SELECT * FROM users WHERE username = :username AND password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
$result = $stmt->fetchAll();

2. Use Proper Data Validation and Escaping

Input validation ensures that user inputs conform to the expected format. For instance, if the input should be an integer, make sure it's validated as such.

// Input validation example
if (!filter_var($user_id, FILTER_VALIDATE_INT)) {
    die('Invalid user ID');
}

In cases where prepared statements cannot be used, escaping input with functions like mysqli_real_escape_string() or htmlspecialchars() helps mitigate risks by neutralizing harmful characters.

// Escaping example
$username = mysqli_real_escape_string($conn, $_POST['username']);

3. Limit User Privileges in the Database

Minimize the privileges of the database user account used by the PHP application. For example, an application account should not have DROP or DELETE privileges if they are not needed. This limits the damage an attacker can cause even if they manage to exploit an SQL injection vulnerability.

4. Avoid Displaying SQL Errors to Users

Do not expose database error messages to users, as they may provide useful information to attackers. Instead, log errors securely and show generic error messages to users.

// Example of handling errors
if (!$result) {
    error_log("Database query failed: " . mysqli_error($conn));
    echo "An error occurred. Please try again later.";
}

5. Use Web Application Firewalls (WAF)

A Web Application Firewall (WAF) can provide an additional layer of security by filtering out malicious SQL queries before they reach your application. While WAFs are not a substitute for proper coding practices, they can be a valuable tool in detecting and blocking SQL injection attempts.

6. Keep Software Updated

Regularly update your PHP version and database systems to patch known vulnerabilities. Outdated versions of PHP or database systems can have security flaws that may be exploited.

Conclusion

SQL injection remains a prevalent threat to PHP applications, but it can be easily avoided by following the best practices outlined above. Prepared statements are the most effective defense against SQL injection, but data validation, escaping, and secure error handling also play vital roles in protecting your application. By adopting these strategies, you can safeguard your web applications and maintain a secure development environment.

Upload Node.Js Code to azure using CI/CD pipeline using github actions

Dhaval Upadhyay — Sat, 24 Aug 2024 18:26:58 +0000

Introduction

In today’s agile development environment, continuous integration and continuous deployment (CI/CD) pipelines are essential for streamlining the software delivery process. In this blog, I’ll guide you through setting up a CI/CD pipeline using GitHub Actions to deploy your Node.js application to Azure.

Prerequisites

Before we start, ensure you have the following:

Azure Account: If you don’t have one, sign up for a free Azure account.
Azure Web App: Create a Web App in the Azure portal to host your Node.js application.
GitHub Repository: Store your Node.js application code in a GitHub repository.
Node.js Application: A basic Node.js application to deploy.

Step 1: Create an Azure Web App

Login to Azure Portal: Go to the Azure Portal.

Here’s a draft blog post on deploying Node.js code to Azure using a CI/CD pipeline with GitHub Actions. Feel free to modify it to match your style and preferences.

Title: Node.js Deployment Using Azure CI/CD Pipeline

Introduction
In today’s agile development environment, continuous integration and continuous deployment (CI/CD) pipelines are essential for streamlining the software delivery process. In this blog, I’ll guide you through setting up a CI/CD pipeline using GitHub Actions to deploy your Node.js application to Azure.

Prerequisites
Before we start, ensure you have the following:

Azure Account: If you don’t have one, sign up for a free Azure account.
Azure Web App: Create a Web App in the Azure portal to host your Node.js application.
GitHub Repository: Store your Node.js application code in a GitHub repository.
Node.js Application: A basic Node.js application to deploy.

Step 1: Create an Azure Web App

Login to Azure Portal: Go to the Azure Portal.

Click on “Create a resource” and choose “Web App.”

Fill in the required details, including the resource group, app name, and runtime stack (choose Node.js).

Step 2: Set Up GitHub Actions for CI/CD

Create a .github/workflows Directory:

Go To Deployment center

Select Code Resource and select github

Now Select github accout , repo and branch you want to deploy

Now click on preview you can see .yaml file structre here

In your github directory, you can see .github/workflows directory.

Step 3: Commit and Push Changes

Once your workflow file is set up, commit and push it to the main branch of your repository.

The pipeline will trigger automatically on every push to the main branch.

GitHub Actions will build your Node.js application, run tests, and deploy it to Azure.

You can also check the deployment logs in the GitHub Actions tab of your repository.

Conclusion

In this blog, we walked through the process of setting up a CI/CD pipeline using GitHub Actions to deploy a Node.js application to Azure. This setup not only automates the deployment process but also ensures that your application is always up-to-date with the latest code changes.

By leveraging Azure’s scalability and GitHub’s seamless integration, you can easily maintain and deploy your Node.js applications, allowing you to focus more on building features and less on managing deployments.

You can check Simple deployment without pipeline here https://dev.to/dhaval_upadhyay_30f8292a8/uploading-your-first-nodejs-code-to-azure-a-step-by-step-guide-43k5

Uploading Your First Node.js Code to Azure: A Step-by-Step Guide

Dhaval Upadhyay — Sun, 11 Aug 2024 09:19:06 +0000

Hello everyone! In this post, we'll walk through the process of uploading your first Node.js code to Azure. Whether you're new to Azure or just need a refresher, this guide will help you deploy your Node.js application with ease.

Prerequisites

Before we begin, ensure you have the following:

Node.js Installed: Make sure you have Node.js installed on your machine. You can download it from Node.js official website.

Azure Account: If you haven't already, sign up for an Azure account at azure.com.

Git Installed: You'll need Git to manage your code and push it to Azure.

Step 1: Create a Simple Node.js Application

Create one simple Node.js application and upload to github

Step 2: Prepare for Deployment

Login to azure
Click on App Services and click Create
click on create button and go to web app or click as per your requirement
create new resource group
Fill all necessary details and select pricing plans as per your requirement
go next and finally click Review & Create button
After creating you will see the overview of your app
click on deployment center
Here you will get FTP Creds to upload code.

In next step we will see how we can upload using github repo actions

azure #Node.js #devops #azureintegration #server #uploadNodecode