The latest articles on DEV Community by Manuchehr (@manuchehr). https://dev.to/manuchehr https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1197520%2F5bdc9a56-1a60-4ecd-a0a1-ae90dae5b2ba.jpg https://dev.to/manuchehr en Manuchehr Sat, 03 Jan 2026 04:44:59 +0000 https://dev.to/manuchehr/fixing-my-sleep-schedule-fixed-my-year-kad https://dev.to/manuchehr/fixing-my-sleep-schedule-fixed-my-year-kad <p>I've been thinking about this article for a bit long time. I didn't want to talk about something until I <em>finished</em>. For a record, I was a <strong>night coder</strong> who worked till 1-2 am and woke up barely at 10 am, that was a real mess, because I didn't feel productive but lazy and somewhat sleepy. I just decided to fix that because I used to sleep from 9-10 pm to 7 am and I really liked it so I gave it a shot.</p> <h2> New sleeping schedule </h2> <p>I made a goal: <strong>waking up early without laziness and unproductive</strong>, to do so I made a plan:</p> <ul> <li>Go to bed at <strong>10 pm</strong> no matter what.</li> <li>Wake up at <strong>6-7 am</strong>. First week it was a real struggle and I felt worse but I started to get used to it and most importantly I started to feel more productive and stress-free. Now, let's be more specific about the plan.</li> </ul> <h2> Go to bed at 10 pm no matter what </h2> <p>Well, logically I slept early to wake up early. Go to bed at 10 pm, no phones, no laptop, no light, no books, no kindle, no headsets, no music, nothing. Just go to bed, close my eyes and <em>sleep</em>. If you're sleeping with your phone (probably doom-scrolling) you SHOULD end this. It doesn't even help you sleep at all. Listening to music is controversial it may help you, maybe not, but it's probably the best without these. <br> As you've guessed, it was basically kinda crazy and boring. I did think about my future ideas, dreams, <strong>only</strong> good things. Don't think about your past mistakes, bad experience you had and so on. It will make you feel unease and don't help sleeping. If these <em>bad</em> thoughts start to coming to your mind, change the topic immediately, just ignore them and don't think about it. </p> <p>Environment is another factor to be considered. Personally, I just can't sleep in hot room temperature even in dead cold winter. I sleep better and easily in chill/less-warm room. Also, I eat light 1-3 hours earlier before I go to bed, because I also can't sleep with full stomach so I better sleep hungry rather than full. These are just personal examples, your preferences are probably different so pay attention to them too.</p> <p>Another most important thing is just <strong>stick to it</strong>. Do not break your sleeping schedule especially in early weeks <strong>no matter what</strong>. Don't have meeting with your boss in midnight, don't spend your whole night arguing with flerfs. Just sleep and count sheeps.</p> <p>Stop judging yourself for everything. Be little more forgiving. If you have weeks long streaks that's awesome always try to achieve that. But, life isn't easy, sometimes you just can't finish your daily goals so when that happens stop judging yourself and think about the present. Last night couldn't sleep earlier? No problem, past doesn't exist, it's gone so <strong>think about today</strong>.</p> <p>It took me around 2 weeks to get used to the schedule. It also depends on your body. It may take less or more but you never give up!</p> <h2> Wake up at 6-7 am </h2> <p>Now it's the moment of truth. You wake up early. You have more expectations than your government's promises. But... you.. don't feel good, aren't you? Now you're worse than before. It's part of the process, it should be like that. I remember when I just woke up, only thing I did wish is go back to bed and sleep and I didn't. I felt dizzy, sleepy, lazy, etc... I couldn't work on my projects obviously. In that situations you cannot I repeat <strong>YOU CANNOT go back to bed!</strong> Try to distract yourself but don't do doom-scrolling nor stress-causing activities. Try doing early light work-out or go out and have some fresh air. If you really really want to sleep and can't stop yourself, try playing games you like in your pc it may help. As I said earlier, it may take a while to get used to it, it took me around 2 weeks. <br> <strong>The result:</strong> I wake up at ~6:20 am without any alarm, I just wake up <strong>productive</strong>, <strong>fresh</strong> and ready to smash the tasks. </p> <h2> End </h2> <p>I really don't like writing complicated and long articles. I always prefer shorter and simple solutions. Little disclaimer here: None of these are medical advice nor scientific researches but personal experience and personal researches. I don't like including these things to make the article long instead I left these parts to you.<br> Worth to mention I wrote all of these myself without any AI or third party services that's why there could be grammar mistakes. </p> productivity Manuchehr Sun, 29 Jun 2025 13:03:46 +0000 https://dev.to/manuchehr/how-to-secure-your-server-easy-follow-up-steps-127a https://dev.to/manuchehr/how-to-secure-your-server-easy-follow-up-steps-127a <p>Securing the server is crucial. At least these things must be setup in order to make your <strong>Ubuntu</strong> server more secure.</p> <h2> Updates </h2> <p>First thing you should do when you connect to your fresh new server is update/upgrade packages. Keeping system is up-to-date is probably one of the most important thing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt full-upgrade <span class="nt">-y</span> <span class="c"># Remove unnecessary packages</span> <span class="nb">sudo </span>apt autoremove <span class="nt">-y</span> <span class="c"># One liner</span> <span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt dist-upgrade <span class="nt">-y</span> <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt autoremove <span class="nt">-y</span> </code></pre> </div> <h2> No root user! </h2> <p>You really shouldn't use default <code>root</code> user as it's <strong>always a bad practice</strong>. So let's create a normal user with super user privileges.</p> <h3> Create new user </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># adduser &lt;new user username&gt;</span> adduser ops </code></pre> </div> <p><em>Make sure to replace <code>ops</code> with the username you want to create. Then you'll be prompted to create and verify a password for new user:</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Output: Changing the user information for ops Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] </code></pre> </div> <h3> Add the user to the <code>sudo</code> group </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>usermod <span class="nt">-aG</span> <span class="nb">sudo </span>ops </code></pre> </div> <p><em>Again, make sure to replace <code>ops</code> with the username you just created.</em></p> <p>You can test new <code>sudo</code> permissions are working with <code>su</code> command to switch to the new user account.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>su - ops </code></pre> </div> <p>As the new user, run any command with <code>sudo</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo echo</span> <span class="s2">"Test"</span> </code></pre> </div> <p>For the first time you use <code>sudo</code> in a session, you'll be prompted for the password of that user's account. Enter the <strong>password of the user not the root user's password</strong> to proceed.</p> <p>Once you have done all of these above, you can logout/disconnect and be able connect to your server with new user you just created.</p> <h2> SSH &amp; SSHD </h2> <p>Using passwords to connect/login server is vulnerable. We should connect server without passwords with ssh signing keys. First we need to generate ssh key from our local computer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh-keygen <span class="nt">-t</span> ed25519 </code></pre> </div> <p>then you'll be prompted with following question:</p> <ul> <li>Where to save ssh key: You may want to provide specific path</li> <li>Passphrase: You can just skip this step </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Output: &gt; Generating public/private ed25519 key pair. &gt; Enter file in which to save the key (/Users/&lt;username&gt;/.ssh/id_ed25519): &gt; Enter passphrase for "/Users/&lt;usernam&gt;/.ssh/id_ed25519" (empty for no passphrase): &gt; Enter same passphrase again: </code></pre> </div> <p>Once you've completed all steps, there will be two ssh keys generated public (<code>id_ed25519.pub</code>) &amp; private (<code>id_ed25519</code>). You should copy public <code>&lt;ssh_file_name&gt;.pub</code> file content and add that to <code>~/.ssh/authorized_keys</code> file <strong>in server</strong> (create if it doesn't exist). Once you've added public key to server <code>authorized_keys</code>, you may want to reload sshd service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>service sshd reload </code></pre> </div> <p>To connect server using ssh file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh <span class="nt">-i</span> ~/.ssh/id_ed25519 ops@123.12.1.123 <span class="c"># ssh -i &lt;path_to_ssh_private_file&gt; &lt;USER&gt;@&lt;IP&gt;</span> </code></pre> </div> <p>Now, we're going to change default SSH port (<code>22</code>) to something else, <code>714</code> for example. First of all, let's backup current sshd config file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo cp</span> /etc/ssh/sshd_config /etc/ssh/sshd_config.bak </code></pre> </div> <p>Before editing configuration file, let's review current options are ok:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo ssh -T </code></pre> </div> <p>Now let's open sshd configuration file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Open with nano or vim</span> <span class="nb">sudo </span>nano /etc/ssh/sshd_config <span class="c"># Edit with vim</span> <span class="c"># sudo vi /etc/ssh/sshd_config</span> </code></pre> </div> <blockquote> <p>When editing your configuration file, some options may be commented out by default using a single hash character (<code>#</code>) at the start of the line. In order to edit these options, or have the commented option be recognized, you’ll need to uncomment them by removing the hash.</p> </blockquote> <p>As mentioned above firstly change default ssh port:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Port 714 </code></pre> </div> <p><em>You don't have to use this (714) specific port number. You may want to pick something else.</em></p> <p>Save the file, reload sshd:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>service sshd reload </code></pre> </div> <p>Once you reload sshd, you should be disconnected from server since we've changed default ssh port from <code>22</code> to <code>714</code>. Reconnect server with new ssh port:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh <span class="nt">-p</span> 714 <span class="nt">-i</span> ~/.ssh/id_ed25519 ops@123.12.1.123 <span class="c"># ssh -p &lt;PORT&gt; -i &lt;path_to_ssh_private_file&gt; &lt;USER&gt;@&lt;IP&gt;</span> </code></pre> </div> <p>Now, let's back to sshd config and change followings:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PermitRootLogin no MaxAuthTries 3 LoginGraceTime 20 PasswordAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no KerberosAuthentication no GSSAPIAuthentication no X11Forwarding no PermitUserEnvironment no AllowAgentForwarding no AllowTcpForwarding no PermitTunnel no DebianBanner no </code></pre> </div> <p><em>You can find detailed explanation for each of these in <a href="https://www.digitalocean.com/community/tutorials/how-to-harden-openssh-on-ubuntu-18-04#step-1-general-hardening" rel="noopener noreferrer">DigitalOcean's article.</a></em></p> <p>Now validate config file &amp; restart sshd:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>sshd <span class="nt">-T</span> <span class="nb">sudo </span>service sshd reload </code></pre> </div> <p>If you want to implement IP address allowlist, you can checkout <a href="https://www.digitalocean.com/community/tutorials/how-to-harden-openssh-on-ubuntu-18-04#step-2-implementing-an-ip-address-allowlist" rel="noopener noreferrer">DigitalOcean's article.</a></p> <h2> UFW (Firewall) </h2> <p>UFW is <a href="https://documentation.ubuntu.com/server/how-to/security/firewalls/" rel="noopener noreferrer">Ubuntu's default firewall</a> which is really useful. But it's usually disabled by default. We're going to setup firewall for our server.</p> <h3> Enable IPV6 </h3> <p>By default in most recent ubuntu servers, IPV6 is enabled. To enable this you need to open <code>/etc/default/ufw</code> and search/add <code>IPV6=yes</code> and save the file.</p> <h3> Setup default poicies </h3> <p>First of all we need to deny all incoming traffic while allowing all outgoing traffic.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw default deny incoming <span class="nb">sudo </span>ufw default allow outgoing </code></pre> </div> <p>We need to enable OpenSSH to being able to connect server using ssh:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw allow OpenSSH </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Output: OutputRule added Rule added (v6) </code></pre> </div> <p>then we need to disallow <code>22</code> ssh port and allow <code>714</code> (that we've changed earlier):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw allow 714 <span class="nb">sudo </span>ufw allow 714/tcp <span class="nb">sudo </span>ufw deny 22 </code></pre> </div> <blockquote> <p>⚠️ Be careful with these ports. You may loose being able to connect server if you specify wrong ports.</p> </blockquote> <h3> Allowing other connections </h3> <p>You may want to enable other connections (Nginx, Apache, etc...):</p> <ul> <li> <code>sudo ufw allow http</code> - Allows http (unencrypted) connections</li> <li> <code>sudo ufw allow https</code> - Allows https connection</li> <li> <code>sudo ufw allow 'Nginx Full'</code> - Nginx with both http and https</li> <li> <code>sudo ufw allow 'Apache Full'</code> - Apache with both http and https</li> </ul> <p>You can check available application profiles with following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw app list </code></pre> </div> <p>If you want to allow specific port ranges you can use following commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sudo ufw allow 3000:3005/tcp sudo ufw allow 3000:3005/udp </code></pre> </div> <p>Also you can allow specific IP Addresses:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw allow from 203.0.113.4 </code></pre> </div> <p><em>You can read more about UFW Setup in <a href="https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu#specific-ip-addresses." rel="noopener noreferrer">DigitalOcean's article</a></em></p> <h3> Enable UFW </h3> <p>Before enabling firewall, verify which rules were added so far:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw show added </code></pre> </div> <p>and to enable firewall run the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw <span class="nb">enable</span> </code></pre> </div> <p>sometimes firewall doesn't "enable" (take effect). You may just reboot the server and you're good to go.</p> <h2> Bonus </h2> <p>If you use nginx you may want to make it safer too. You can use DigitalOcean's handy tool here: <a href="https://www.digitalocean.com/community/tools/nginx" rel="noopener noreferrer">https://www.digitalocean.com/community/tools/nginx</a> </p> <p>If you use docker, you always don't need to expose services (postgres, redis) to outside of server. Not exposing these outside of server is recommended.</p> <p><em>Thanks for your attention. I'd be happy if this helps you somehow</em> 😊</p> <p>Written by <a href="https://manuchehr.me" rel="noopener noreferrer">manuchehr.me</a></p> devops security ubuntu Manuchehr Fri, 29 Nov 2024 08:40:32 +0000 https://dev.to/manuchehr/minio-integration-with-nestjs-file-upload-retrieve-f41 https://dev.to/manuchehr/minio-integration-with-nestjs-file-upload-retrieve-f41 <p>What is <a href="https://min.io/" rel="noopener noreferrer">minio</a>? Minio is *free, open-source, scalable S3 compatible <strong>object storage</strong>.</p> <p>First of all, let's setup minio in docker container. I use <a href="https://bitnami.com/" rel="noopener noreferrer">bitnami's</a> <a href="https://bitnami.com/stack/minio/containers" rel="noopener noreferrer">minio</a> package. Add minio service to your <code>docker-compose.yaml</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">minio</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">bitnami/minio:2024.11.7</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">${MINIO_PORT}:${MINIO_PORT}</span> <span class="pi">-</span> <span class="s">${MINIO_CONSOLE_PORT}:${MINIO_CONSOLE_PORT}</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">MINIO_ROOT_USER</span><span class="pi">:</span> <span class="s">${MINIO_USER}</span> <span class="na">MINIO_ROOT_PASSWORD</span><span class="pi">:</span> <span class="s">${MINIO_PASSWORD}</span> <span class="na">MINIO_DEFAULT_BUCKETS</span><span class="pi">:</span> <span class="s">${MINIO_BUCKET}</span> <span class="na">MINIO_API_PORT_NUMBER</span><span class="pi">:</span> <span class="s">${MINIO_PORT}</span> <span class="na">MINIO_CONSOLE_PORT_NUMBER</span><span class="pi">:</span> <span class="s">${MINIO_CONSOLE_PORT}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">minio-data:/bitnami/minio/data</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">minio-data</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">local</span> </code></pre> </div> <p>Let me explain this quickly:</p> <ol> <li><p><code>ports</code>: <code>MINIO_PORT</code> is minio's port for API requests, while as the name says <code>MINIO_CONSOLE_PORT</code> is minio's dashboard port:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6r7pnz6va07dfa7j0njw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6r7pnz6va07dfa7j0njw.png" alt="Minio console" width="800" height="454"></a></p></li> <li><p><code>MINIO_ROOT_USER</code> &amp; <code>MINIO_ROOT_PASSWORD</code> are for login credentials to login minio console dashboard.</p></li> </ol> <p><em>For more information about <code>env</code> variables of minio docker image, <a href="https://hub.docker.com/r/bitnami/minio/" rel="noopener noreferrer">visit bitnami's minion docker image</a></em></p> <p>Add these variables to your <code>.env</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>MINIO_PORT=9000 MINIO_CONSOLE_PORT=8000 MINIO_USER="admin" MINIO_PASSWORD="veryhardpassword" MINIO_BUCKET="main" MINIO_ENDPOINT="localhost" MINIO_ACCESS_KEY="" MINIO_SECRET_KEY="" </code></pre> </div> <p>To <strong>obtain access and secret</strong> keys:</p> <ol> <li><p>Go to minio console <em>(it's <a href="http://localhost:8000" rel="noopener noreferrer">http://localhost:8000</a> in our example)</em> &amp; sign in.</p></li> <li><p>Go <a href="http://localhost:8000/access-keys" rel="noopener noreferrer">Access Keys</a> &amp; <strong>Create access key</strong><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcmil47z9gwj9giiso6st.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcmil47z9gwj9giiso6st.png" alt="Minio console access keys" width="800" height="521"></a><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq7q9yvle8yxtcj09cpk0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq7q9yvle8yxtcj09cpk0.png" alt="Minio console create access key" width="800" height="521"></a></p></li> <li><p>Copy &amp; add access/secret keys to <code>.env</code></p></li> </ol> <h1> Setup minio client in nestjs </h1> <p>Install <a href="https://www.npmjs.com/package/minio" rel="noopener noreferrer">npm minio package</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pnpm add minio </code></pre> </div> <p>Create <code>minio/minio.decorator.ts</code> &amp; <code>minio/minio.module.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Inject</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">MINIO_TOKEN</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">MINIO_INJECT_TOKEN</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">InjectMinio</span><span class="p">():</span> <span class="nx">ParameterDecorator</span> <span class="p">{</span> <span class="k">return</span> <span class="nc">Inject</span><span class="p">(</span><span class="nx">MINIO_TOKEN</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Global</span><span class="p">,</span> <span class="nx">Module</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ConfigService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/config</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">MINIO_TOKEN</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./minio.decorator</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">Minio</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">minio</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Global</span><span class="p">()</span> <span class="p">@</span><span class="nd">Module</span><span class="p">({</span> <span class="na">exports</span><span class="p">:</span> <span class="p">[</span><span class="nx">MINIO_TOKEN</span><span class="p">],</span> <span class="na">providers</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">inject</span><span class="p">:</span> <span class="p">[</span><span class="nx">ConfigService</span><span class="p">],</span> <span class="na">provide</span><span class="p">:</span> <span class="nx">MINIO_TOKEN</span><span class="p">,</span> <span class="na">useFactory</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span> <span class="na">configService</span><span class="p">:</span> <span class="nx">ConfigService</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">Minio</span><span class="p">.</span><span class="nx">Client</span><span class="o">&gt;</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">client</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Minio</span><span class="p">.</span><span class="nc">Client</span><span class="p">({</span> <span class="na">endPoint</span><span class="p">:</span> <span class="nx">configService</span><span class="p">.</span><span class="nf">getOrThrow</span><span class="p">(</span><span class="dl">"</span><span class="s2">MINIO_ENDPOINT</span><span class="dl">"</span><span class="p">),</span> <span class="na">port</span><span class="p">:</span> <span class="o">+</span><span class="nx">configService</span><span class="p">.</span><span class="nf">getOrThrow</span><span class="p">(</span><span class="dl">"</span><span class="s2">MINIO_PORT</span><span class="dl">"</span><span class="p">),</span> <span class="na">accessKey</span><span class="p">:</span> <span class="nx">configService</span><span class="p">.</span><span class="nf">getOrThrow</span><span class="p">(</span><span class="dl">"</span><span class="s2">MINIO_ACCESS_KEY</span><span class="dl">"</span><span class="p">),</span> <span class="na">secretKey</span><span class="p">:</span> <span class="nx">configService</span><span class="p">.</span><span class="nf">getOrThrow</span><span class="p">(</span><span class="dl">"</span><span class="s2">MINIO_SECRET_KEY</span><span class="dl">"</span><span class="p">),</span> <span class="na">useSSL</span><span class="p">:</span> <span class="kc">false</span><span class="p">,</span> <span class="p">});</span> <span class="k">return</span> <span class="nx">client</span><span class="p">;</span> <span class="p">},</span> <span class="p">},</span> <span class="p">],</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">MinioModule</span> <span class="p">{}</span> </code></pre> </div> <p>If you want to use minio in only one module <em>(files module for example)</em> you can remove <code>@Global()</code> decorator.</p> <p>Import it to <code>app.module.ts</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="p">@</span><span class="nd">Module</span><span class="p">({</span> <span class="na">imports</span><span class="p">:</span> <span class="p">[</span> <span class="p">...</span> <span class="nx">MinioModule</span><span class="p">,</span> <span class="p">],</span> <span class="p">})</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">AppModule</span> <span class="p">{}</span> </code></pre> </div> <p>Now let's test it out. Inject minio to your server <em>(<code>files.service.ts</code> for example)</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Injectable</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">randomUUID</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">crypto</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">Minio</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">minio</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">InjectMinio</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">src/minio/minio.decorator</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Injectable</span><span class="p">()</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">FilesService</span> <span class="p">{</span> <span class="k">protected</span> <span class="nx">_bucketName</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">main</span><span class="dl">'</span><span class="p">;</span> <span class="nf">constructor</span><span class="p">(@</span><span class="nd">InjectMinio</span><span class="p">()</span> <span class="k">private</span> <span class="k">readonly</span> <span class="nx">minioService</span><span class="p">:</span> <span class="nx">Minio</span><span class="p">.</span><span class="nx">Client</span><span class="p">)</span> <span class="p">{}</span> <span class="k">async</span> <span class="nf">bucketsList</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">minioService</span><span class="p">.</span><span class="nf">listBuckets</span><span class="p">();</span> <span class="p">}</span> <span class="k">async</span> <span class="nf">getFile</span><span class="p">(</span><span class="nx">filename</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">await</span> <span class="k">this</span><span class="p">.</span><span class="nx">minioService</span><span class="p">.</span><span class="nf">presignedUrl</span><span class="p">(</span> <span class="dl">'</span><span class="s1">GET</span><span class="dl">'</span><span class="p">,</span> <span class="k">this</span><span class="p">.</span><span class="nx">_bucketName</span><span class="p">,</span> <span class="nx">filename</span><span class="p">,</span> <span class="p">);</span> <span class="p">}</span> <span class="nf">uploadFile</span><span class="p">(</span><span class="nx">file</span><span class="p">:</span> <span class="nx">Express</span><span class="p">.</span><span class="nx">Multer</span><span class="p">.</span><span class="nx">File</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">((</span><span class="nx">resolve</span><span class="p">,</span> <span class="nx">reject</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">filename</span> <span class="o">=</span> <span class="s2">`</span><span class="p">${</span><span class="nf">randomUUID</span><span class="p">().</span><span class="nf">toString</span><span class="p">()}</span><span class="s2">-</span><span class="p">${</span><span class="nx">file</span><span class="p">.</span><span class="nx">originalname</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="k">this</span><span class="p">.</span><span class="nx">minioService</span><span class="p">.</span><span class="nf">putObject</span><span class="p">(</span> <span class="k">this</span><span class="p">.</span><span class="nx">_bucketName</span><span class="p">,</span> <span class="nx">filename</span><span class="p">,</span> <span class="nx">file</span><span class="p">.</span><span class="nx">buffer</span><span class="p">,</span> <span class="nx">file</span><span class="p">.</span><span class="nx">size</span><span class="p">,</span> <span class="p">(</span><span class="nx">error</span><span class="p">,</span> <span class="nx">objInfo</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">error</span><span class="p">)</span> <span class="p">{</span> <span class="nf">reject</span><span class="p">(</span><span class="nx">error</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="nf">resolve</span><span class="p">(</span><span class="nx">objInfo</span><span class="p">);</span> <span class="p">}</span> <span class="p">},</span> <span class="p">);</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>and it's my <code>files.controller.ts</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">Body</span><span class="p">,</span> <span class="nx">Controller</span><span class="p">,</span> <span class="nx">Get</span><span class="p">,</span> <span class="nx">Param</span><span class="p">,</span> <span class="nx">Post</span><span class="p">,</span> <span class="nx">UploadedFile</span><span class="p">,</span> <span class="nx">UseInterceptors</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/common</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">FilesService</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./files.service</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">FileInterceptor</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@nestjs/platform-express</span><span class="dl">'</span><span class="p">;</span> <span class="p">@</span><span class="nd">Controller</span><span class="p">(</span><span class="dl">'</span><span class="s1">files</span><span class="dl">'</span><span class="p">)</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">FilesController</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="k">readonly</span> <span class="nx">service</span><span class="p">:</span> <span class="nx">FilesService</span><span class="p">)</span> <span class="p">{}</span> <span class="p">@</span><span class="nd">Get</span><span class="p">(</span><span class="dl">'</span><span class="s1">buckets</span><span class="dl">'</span><span class="p">)</span> <span class="nf">bucketsList</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">service</span><span class="p">.</span><span class="nf">bucketsList</span><span class="p">();</span> <span class="p">}</span> <span class="p">@</span><span class="nd">Get</span><span class="p">(</span><span class="dl">'</span><span class="s1">file-url/:name</span><span class="dl">'</span><span class="p">)</span> <span class="nf">getFile</span><span class="p">(@</span><span class="nd">Param</span><span class="p">(</span><span class="dl">'</span><span class="s1">name</span><span class="dl">'</span><span class="p">)</span> <span class="nx">name</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">service</span><span class="p">.</span><span class="nf">getFile</span><span class="p">(</span><span class="nx">name</span><span class="p">);</span> <span class="p">}</span> <span class="p">@</span><span class="nd">Post</span><span class="p">(</span><span class="dl">'</span><span class="s1">upload</span><span class="dl">'</span><span class="p">)</span> <span class="p">@</span><span class="nd">UseInterceptors</span><span class="p">(</span><span class="nc">FileInterceptor</span><span class="p">(</span><span class="dl">'</span><span class="s1">file</span><span class="dl">'</span><span class="p">))</span> <span class="nf">uploadFile</span><span class="p">(</span> <span class="p">@</span><span class="nd">UploadedFile</span><span class="p">(</span><span class="dl">'</span><span class="s1">file</span><span class="dl">'</span><span class="p">)</span> <span class="nx">file</span><span class="p">:</span> <span class="nx">Express</span><span class="p">.</span><span class="nx">Multer</span><span class="p">.</span><span class="nx">File</span><span class="p">,</span> <span class="p">)</span> <span class="p">{</span> <span class="nx">payload</span><span class="p">.</span><span class="nx">file</span> <span class="o">=</span> <span class="nx">file</span><span class="p">;</span> <span class="k">return</span> <span class="k">this</span><span class="p">.</span><span class="nx">service</span><span class="p">.</span><span class="nf">uploadFile</span><span class="p">(</span><span class="nx">file</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Send a file to <code>POST /files/upload</code> endpoint. It should return this response:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqfgjn6j6ny7xscwoxxt3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqfgjn6j6ny7xscwoxxt3.png" alt="Minio integration with nestjs | file upload &amp; retrieve" width="800" height="353"></a></p> <p>Let's visit minio console and go main bucket to check if file was uploaded<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5x3wnvgy5v9dsk4lsvxq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5x3wnvgy5v9dsk4lsvxq.png" alt="Minio integration with nestjs | file upload &amp; retrieve" width="800" height="453"></a><br> It's uploaded 🥳</p> <p>Now let's test generating file URL for uploaded file (retrieve file) <code>GET /files/file-url/&lt;file_name&gt;</code>. It should return URL to retrieve file something like this:<br> <code>http://localhost:8000/main/2254a964-28dd-4c35-8494-5e767693cd26-iOS%2BSyllabus.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&amp;X-Amz-Credential=m0iWmenUgJi2xBcFNNPF%2F20241129%2Fus-east-1%2Fs3%2Faws4_request&amp;X-Amz-Date=20241129T065735Z&amp;X-Amz-Expires=604800&amp;X-Amz-SignedHeaders=host&amp;X-Amz-Signature=a052b98dcfa95a4d1cdb1c9b0b91d1263440adf184aab5238e6d572c0f42e7c5</code><br> If you visit this URL you can retrieve that file.</p> <blockquote> <p>You can find all minio methods <a href="https://min.io/docs/minio/linux/developers/javascript/API.html" rel="noopener noreferrer">with this link</a></p> </blockquote> <p><em>*free - MinIO is free for self-hosted use under the GNU AGPLv3 license, which allows you to run and modify the software as long as any modifications you make are also made available under the same license. This license ensures freedom to use, study, share, and modify the software.</em></p> <p><em>That's all. Thanks for reading I hope it's beneficial for you. If you find any mistake or issue in this post, feel free to comment or let me know.</em></p> minio nestjs webdev fileuploading Manuchehr Mon, 25 Nov 2024 04:50:48 +0000 https://dev.to/manuchehr/dockerize-secure-nestjs-app-with-postgres-redis-56md https://dev.to/manuchehr/dockerize-secure-nestjs-app-with-postgres-redis-56md <p>I wrote about this <em>exact</em> topic earlier: <br> </p> <div class="ltag__link"> <a href="/manuchehr" class="ltag__link__link"> <div class="ltag__link__pic"> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1197520%2F5bdc9a56-1a60-4ecd-a0a1-ae90dae5b2ba.jpg" alt="manuchehr"> </div> </a> <a href="https://dev.to/manuchehr/dockerize-nestjs-app-with-postgres-redis-prisma-orm-1130" class="ltag__link__link"> <div class="ltag__link__content"> <h2>Dockerize Nestjs app with Postgres + Redis + Prisma ORM</h2> <h3>Manuchehr ・ Dec 28 '23</h3> <div class="ltag__link__taglist"> <span class="ltag__link__tag">#docker</span> <span class="ltag__link__tag">#nestjs</span> <span class="ltag__link__tag">#devops</span> <span class="ltag__link__tag">#prisma</span> </div> </div> </a> </div> <strong>So why again?</strong> First of all, my previous post was more about Nestjs + prisma and basic <code>Dockerfile</code>, in this post I'm going to cover <strong>secure</strong> general Dockerization for Nestjs. <h2> Let's create a <code>Dockerfile</code> </h2> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Stage 1: Build the app</span> <span class="k">FROM</span><span class="w"> </span><span class="s">node:22-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /usr/src/app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">COPY</span><span class="s"> entrypoint.sh ./</span> <span class="k">COPY</span><span class="s"> .env ./</span> <span class="k">RUN </span>yarn <span class="nb">install</span> <span class="nt">--omit</span><span class="o">=</span>dev <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>yarn build <span class="c"># Stage 2: Setup prod</span> <span class="k">FROM</span><span class="s"> node:22-alpine</span> <span class="k">WORKDIR</span><span class="s"> /usr/src/app</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/src/app/dist ./dist</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/src/app/entrypoint.sh ./</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/src/app/package*.json ./</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/src/app/.env ./</span> <span class="k">ENV</span><span class="s"> NODE_ENV production</span> <span class="k">RUN </span><span class="nb">chmod</span> +x ./entrypoint.sh <span class="k">USER</span><span class="s"> node</span> <span class="k">ENTRYPOINT</span><span class="s"> ["./entrypoint.sh"]</span> <span class="k">CMD</span><span class="s"> ["node", "dist/main.js"]</span> </code></pre> </div> <p>As you can see, <code>Dockerfile</code> consists of two stages: Build &amp; Prod. We need this to minimize build size by only copying essential files or directories (dist) to the final stage. I'm not going deep into <code>Dockerfile</code> in this post, but I'll explain some of the lines:</p> <ul> <li><p><code>RUN yarn install --omit=dev</code>: Install only production dependencies possible. <a href="https://cheatsheetseries.owasp.org/cheatsheets/NodeJS_Docker_Cheat_Sheet.html#2-install-only-production-dependencies-in-the-nodejs-docker-image" rel="noopener noreferrer">Read here</a></p></li> <li><p><code>entrypoint.sh</code> it's a <code>bash</code> file containing commands run before our Nestjs application. For example, you may have to run db migrations before Nestjs starts check my previous post.</p></li> </ul> <blockquote> <p>⚠️ REMEMBER: If you use dev commands in <code>entrypoint.sh</code> file, make sure to install dev dependencies by removing <code>--omit=dev</code> flag from <code>yarn install</code>. Also you need to copy <code>node_modules</code> to final stage.</p> </blockquote> <ul> <li><p><code>ENV NODE_ENV production</code>: Always run your Nestjs app on <code>production</code> environment. When you build your Node.js Docker image for production, you want to ensure that all frameworks and libraries are using the optimal settings for performance and security. <a href="https://cheatsheetseries.owasp.org/cheatsheets/NodeJS_Docker_Cheat_Sheet.html#3-optimize-nodejs-tooling-for-production" rel="noopener noreferrer">Read here</a></p></li> <li><p><code>USER node</code>: Use <code>node</code> user <code>node:22-alpine</code> image provides. Because you really don't want to run your app as <code>root</code> user. <a href="https://cheatsheetseries.owasp.org/cheatsheets/NodeJS_Docker_Cheat_Sheet.html#4-dont-run-containers-as-root" rel="noopener noreferrer">Read here</a></p></li> <li><p><code>CMD ["node", "dist/main.js"]</code>: It's good way to run your node/nestjs application with directly <code>node</code> command instead of <code>npm run start:prod</code> (don't do that like I did in my prev post :D). <a href="https://cheatsheetseries.owasp.org/cheatsheets/NodeJS_Docker_Cheat_Sheet.html#5-properly-handle-events-to-safely-terminate-a-nodejs-docker-web-application" rel="noopener noreferrer">Read here</a></p></li> </ul> <h2> Bonus </h2> <h3> Docker services (Postgres &amp; Redis) setup </h3> <p>Create <code>docker-compose.yaml</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">nestjs-app'</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">.</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">REDIS_HOST</span><span class="pi">:</span> <span class="s">redis</span> <span class="na">DB_HOST</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">PORT</span><span class="pi">:</span> <span class="s">${PORT}</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">${PORT}:${PORT}</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">nestjs-net</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">restart</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">restart</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">nestjs-redis'</span> <span class="na">image</span><span class="pi">:</span> <span class="s">bitnami/redis:7.4</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">${REDIS_PORT}:${REDIS_PORT}</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">REDIS_PASSWORD</span><span class="pi">:</span> <span class="s">${REDIS_PASSWORD}</span> <span class="na">REDIS_PORT_NUMBER</span><span class="pi">:</span> <span class="s">${REDIS_PORT}</span> <span class="na">REDIS_DB</span><span class="pi">:</span> <span class="s">${REDIS_DB}</span> <span class="na">REDIS_IO_THREADS</span><span class="pi">:</span> <span class="m">4</span> <span class="na">REDIS_IO_THREADS_DO_READS</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">REDIS_DISABLE_COMMANDS</span><span class="pi">:</span> <span class="s">FLUSHDB,FLUSHALL</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">CMD'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">redis-cli'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">--raw'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">incr'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">ping'</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">nestjs-redis-data:/bitnami/redis/data</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">nestjs-net</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s1">'</span><span class="s">nestjs-postgres'</span> <span class="na">image</span><span class="pi">:</span> <span class="s">bitnami/postgresql:17</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRESQL_PORT_NUMBER</span><span class="pi">:</span> <span class="s">${DB_PORT}</span> <span class="na">POSTGRESQL_USERNAME</span><span class="pi">:</span> <span class="s">${DB_USER}</span> <span class="na">POSTGRESQL_PASSWORD</span><span class="pi">:</span> <span class="s">${DB_PASSWORD}</span> <span class="na">POSTGRESQL_DATABASE</span><span class="pi">:</span> <span class="s">${DB_NAME}</span> <span class="na">POSTGRESQL_TIMEZONE</span><span class="pi">:</span> <span class="s1">'</span><span class="s">Asia/Tashkent'</span> <span class="s">// Set your timezone</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">CMD-SHELL'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">postgres'</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">${DB_PORT}:${DB_PORT}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">nestjs-postgres-data:/bitnami/postgresql</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">nestjs-net</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">nestjs-redis-data</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">local</span> <span class="na">nestjs-postgres-data</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">local</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">nestjs-net</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">bridge</span> </code></pre> </div> <p>Example <code>.env</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PORT=9000 # Redis REDIS_PASSWORD= REDIS_HOST=localhost REDIS_PORT=6379 REDIS_DB=0 # Postgres DB_USER= DB_PASSWORD= DB_NAME= DB_PORT=5432 DB_HOST=localhost </code></pre> </div> <p><em>That's it! Thanks for reading. I don't say it's 100% secure Docker image because you can always implement something better. If you find any mistake please leave a comment. For more visit: <a href="https://cheatsheetseries.owasp.org/cheatsheets/NodeJS_Docker_Cheat_Sheet.html#nodejs-docker-cheat-sheet" rel="noopener noreferrer">OWASP Node.js Docker Cheat Sheet</a></em></p> docker nestjs security devops Manuchehr Mon, 06 May 2024 17:01:32 +0000 https://dev.to/manuchehr/arc-browser-is-a-game-changer-4894 https://dev.to/manuchehr/arc-browser-is-a-game-changer-4894 <h2> Why Arc? </h2> <p>After using Chrome for around 8 years I switched to <a href="https://arc.net/" rel="noopener noreferrer">Arc</a> browser &amp; I love it! Arc browser is based on <a href="https://www.chromium.org/Home/" rel="noopener noreferrer">Chromium</a> which means you can use Chrome's extensions in Arc without a problem. Currently, it's available for Mac &amp; Windows 11 (hot released).<br> It's faster, more beautiful, and user-friendly &amp; also if you're new to Arc it's easy to migrate to Arc from other browsers such as Chrome with just one click.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F79y3dof8pnet1719dxr8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F79y3dof8pnet1719dxr8.png" alt="Arc browser" width="800" height="488"></a></p> <p>I love vertical tabs 'cause it's so comfortable compared to horizontal tabs. Also, it's highly customizable, you can customize your own Arc. If you have multiple devices Arc has a sync feature &amp; you can have Arc profiles.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6air4jpfytkvvl3xe4yp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6air4jpfytkvvl3xe4yp.png" alt="Arc sync screenshot" width="800" height="757"></a></p> <p>As a full-stack web developer, I really hate Apple's Safari browser, probably <a href="https://www.reddit.com/r/webdev/comments/fyo5zj/safari_sucks_and_i_hope_it_dies_out_soon/" rel="noopener noreferrer">every web developer hates it</a> :P, so we have Chrome which is famous for "eating" RAM</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmiy75g6v54im9xin0ple.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmiy75g6v54im9xin0ple.png" alt="Chrome ram eater" width="700" height="738"></a></p> <p>and Internet explorer of course (R.I.P).</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdwq4xjgynhh5efd4io1o.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdwq4xjgynhh5efd4io1o.png" alt="Internet explorer rip" width="800" height="533"></a></p> <p>Firefox? Are you Linux user? You can say "I use Arc btw" after using Arc (browser)...</p> arcbrowser webdev productivity recommendation Manuchehr Thu, 28 Dec 2023 13:04:26 +0000 https://dev.to/manuchehr/dockerize-nestjs-app-with-postgres-redis-prisma-orm-1130 https://dev.to/manuchehr/dockerize-nestjs-app-with-postgres-redis-prisma-orm-1130 <p>We're about to embark on an epic journey into the world of containerization. In this guide, we'll be turning a regular NestJS app into a Dockerized powerhouse, complete with PostgreSQL, Redis, and the magic touch of Prisma ORM.</p> <h2> First of all we should create <code>Dockerfile</code>: </h2> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> node:18-alpine </span> <span class="k">WORKDIR</span><span class="s"> /usr/src/app </span> <span class="k">COPY</span><span class="s"> package*.json ./ </span> <span class="k">COPY</span><span class="s"> entrypoint.sh ./ </span> <span class="k">RUN </span>npm <span class="nb">install</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span><span class="nb">chmod</span> +x /usr/src/app <span class="k">RUN </span><span class="nb">chmod</span> +x /usr/src/app/entrypoint.sh <span class="k">RUN </span>npx prisma generate <span class="nt">--schema</span><span class="o">=</span>/usr/src/app/src/database/schema.prisma <span class="k">RUN </span>npm run build <span class="k">ENTRYPOINT</span><span class="s"> ["/usr/src/app/entrypoint.sh", "npm", "run", "start:prod"] </span> <span class="k">CMD</span><span class="s"> ["npm", "run", "start:prod"]</span> </code></pre> </div> <ol> <li><p><strong><code>FROM node:18-alpine</code></strong> - This line sets the base image for the Docker image. It specifies that the image should be based on the official Node.js 18 Alpine image. Alpine is a lightweight Linux distribution, making the resulting Docker image smaller.</p></li> <li><p><strong><code>WORKDIR /usr/src/app</code></strong> - This line sets the working directory inside the container to <code>/usr/src/app</code>. Subsequent commands will be executed from this directory.</p></li> <li><p><strong><code>COPY package*.json ./</code></strong> - Copies the <code>package.json</code> and <code>package-lock.json</code> files from the host machine to the <code>/usr/src/app</code> directory inside the container. This allows for efficient installation of Node.js dependencies.</p></li> <li><p><strong><code>COPY entrypoint.sh ./</code></strong> - Copies the <code>entrypoint.sh</code> script from the host machine to the <code>/usr/src/app</code> directory inside the container. This script might be used to perform additional setup or configuration before starting the application.</p></li> <li><p><strong><code>RUN npm install</code></strong> - Executes the <code>npm install</code> command inside the container, installing the Node.js dependencies specified in the <code>package.json</code> file. This step is crucial for setting up the application environment.</p></li> <li><p><strong><code>COPY . ./</code></strong> - Copies the entire application source code from the host machine to the <code>/usr/src/app</code> directory inside the container. This includes all the application files, not just the <code>package.json</code> and <code>package-lock.json</code> files.</p></li> <li><p><strong><code>RUN npx prisma generate --schema=/usr/src/app/src/database/schema.prisma</code></strong> - Executes the Prisma CLI command to generate Prisma client code based on the schema defined in <code>/usr/src/app/src/database/schema.prisma</code>. This step is specific to Prisma and is part of the database setup.</p></li> <li><p><strong><code>RUN npm run build</code></strong> - Executes the <code>npm run build</code> command inside the container. This command is often used to compile TypeScript code or perform other build-related tasks for the Node.js application.</p></li> <li><p><strong><code>ENTRYPOINT ["/usr/src/app/entrypoint.sh", "npm", "run", "start:prod"]</code></strong> - Specifies the default command to run when the container starts. In this case, it uses the <code>entrypoint.sh</code> script followed by the command <code>npm run start:prod</code>. The <code>entrypoint.sh</code> script handles additional setup before running the application.</p></li> <li><p><strong><code>CMD ["npm", "run", "start:prod"]</code></strong> - Provides a default command to run when the container starts if no other command is specified. This is overridden by the <code>ENTRYPOINT</code> command. Here, it's set to run <code>npm run start:prod</code>.</p></li> </ol> <p>by following <code>.dockerignore</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Dockerfile .dockerignore node_modules npm-debug.log dist </code></pre> </div> <p>You should also create <code>entrypoint.sh</code> this file is executed once docker image is started to make prisma migrations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/sh </span> <span class="c"># Apply Prisma migrations and start the application </span> npx prisma migrate deploy <span class="nt">--schema</span><span class="o">=</span>/usr/src/app/src/database/schema.prisma npx prisma generate <span class="nt">--schema</span><span class="o">=</span>/usr/src/app/src/database/schema.prisma <span class="c"># Run database migrations </span> npx prisma migrate dev <span class="nt">--name</span> init <span class="nt">--schema</span><span class="o">=</span>/usr/src/app/src/database/schema.prisma <span class="c"># Run the main container command </span> <span class="nb">exec</span> <span class="s2">"</span><span class="nv">$@</span><span class="s2">"</span> </code></pre> </div> <blockquote> <p><strong>Attention!</strong> You should specify the path of your <code>prisma.schema</code> file. </p> </blockquote> <h2> Create a <code>docker-compose.yml</code> file: </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">myapp_web_app"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">.</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">PORT</span><span class="pi">:</span> <span class="s">${PORT}</span> <span class="na">POSTGRES_HOST</span><span class="pi">:</span> <span class="s">postgres_db</span> <span class="c1"># localhost doesn't work in docker container, hence you should use postgres container name instead of localhost</span> <span class="na">REDIS_HOST</span><span class="pi">:</span> <span class="s">redis</span> <span class="c1"># the same for redis. Use redis container name instead of localhost</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">${PORT}:${PORT}</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">postgres_db</span> <span class="pi">-</span> <span class="s">redis</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">myapp_net</span><span class="pi">:</span> <span class="na">postgres_db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">bitnami/postgresql:15</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">myapp_postgres_db"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRESQL_USERNAME</span><span class="pi">:</span> <span class="s">${POSTGRES_USER}</span> <span class="na">POSTGRESQL_PASSWORD</span><span class="pi">:</span> <span class="s">${POSTGRES_PASSWORD}</span> <span class="na">POSTGRESQL_DATABASE</span><span class="pi">:</span> <span class="s">${POSTGRES_DB}</span> <span class="na">POSTGRESQL_TIMEZONE</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Asia/Tashkent"</span> <span class="c1"># This is optional</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">${POSTGRES_PORT}:5432</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">postgres_data:/bitnami/postgresql"</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">myapp_net</span><span class="pi">:</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s2">"</span><span class="s">bitnami/redis:7.2"</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">myapp_redis"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">${REDIS_PORT}:${REDIS_PORT}</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">redis_data:/bitnami/redis/data"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">REDIS_PASSWORD</span><span class="pi">:</span> <span class="s">${REDIS_PASSWORD}</span> <span class="na">REDIS_PORT</span><span class="pi">:</span> <span class="s">${REDIS_PORT}</span> <span class="na">REDIS_DB</span><span class="pi">:</span> <span class="s">${REDIS_DB}</span> <span class="na">REDIS_IO_THREADS</span><span class="pi">:</span> <span class="s">4</span> <span class="na">REDIS_IO_THREADS_DO_READS</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">REDIS_DISABLE_COMMANDS</span><span class="pi">:</span> <span class="s">FLUSHDB,FLUSHALL</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">myapp_net</span><span class="pi">:</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">postgres_data</span><span class="pi">:</span> <span class="na">redis_data</span><span class="pi">:</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">myapp_net</span><span class="pi">:</span> </code></pre> </div> <p>This is my <code>.env</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PORT=9000 # Postgres POSTGRES_DB=sampledb POSTGRES_HOST=localhost POSTGRES_PORT=5432 POSTGRES_USER=username POSTGRES_PASSWORD=password DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?schema=public # Redis REDIS_HOST=localhost REDIS_PORT=6379 REDIS_PASSWORD=veryhardpassword REDIS_DB=0 </code></pre> </div> <h2> Run docker compose </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>docker compose up <span class="nt">-d</span> <span class="nt">--build</span> </code></pre> </div> <p>For windows users:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker-compose up <span class="nt">-d</span> <span class="nt">--build</span> </code></pre> </div> <p>That’s all! I apologize for any mistake I made. If you find any mistake, please let me know.<br> <strong>I hope it’s helpful</strong></p> docker nestjs devops prisma Manuchehr Wed, 13 Dec 2023 13:51:39 +0000 https://dev.to/manuchehr/deploying-nestjs-app-to-vps-with-nginx-postgres-redis-1blk https://dev.to/manuchehr/deploying-nestjs-app-to-vps-with-nginx-postgres-redis-1blk <p>Let’s deploy nestjs + postgres + redis + docker app to VPS. Everything is from scratch, hopefully understandable for beginners.</p> <blockquote> <p>Written by Full stack developer (not a master devops :)</p> </blockquote> <p>Setting up a basic nginx is not hard. Just a few things you should do:</p> <ul> <li>Install nginx to Linux (ubuntu 20.04)</li> <li>Create Nginx config file + proxy server</li> <li>Generate an SSL certificate for your domain name (if you have one)</li> <li>That’s all. Don’t worry we’ll cover all of these.</li> </ul> <h2> Starting nestjs app </h2> <p><strong>First of all, clone your project to the server via git.</strong> After that, you run your project. First of all, you need nodejs to run nestjs application. If you use Docker, you can skip these steps &amp; run the Dockerfile.</p> <ol> <li>I recommend to install nvm (Node Version Manager): </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl https://raw.githubusercontent.com/creationix/nvm/master/install.sh | bash <span class="nb">source</span> ~/.bashrc </code></pre> </div> <p>Once you’ve installed nvm, you need to install node (v18):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nvm i 18 </code></pre> </div> <p>If you use yarn, install it too:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm i <span class="nt">-g</span> yarn </code></pre> </div> <p>Then go to your project dir, and install packages via npm or yarn, then build your app. After that, install <a href="https://pm2.keymetrics.io/" rel="noopener noreferrer">pm2</a> to run your app (forever):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm i <span class="nt">-g</span> pm2 </code></pre> </div> <p>Once you have installed pm2, check if it’s working:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pm2 </code></pre> </div> <p>If so, you can run your app by following the command. If there is postgres or redis, you need to run them first then run your app (see 2)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pm2 start ./dist/main.js <span class="nt">--name</span> my-nestjs-app <span class="c"># pm2 start &lt;script_file_path.js&gt; --name &lt;name_optional&gt;</span> </code></pre> </div> <ol> <li>If you use Postgres or Redis, I recommend using a Docker Compose for these. This is my sample docker-compose.yml file for Postgres and Redis: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">postgres</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">postgres</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">${POSTGRES_DB}</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">${POSTGRES_USER}</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">${POSTGRES_PASSWORD}</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">5432:5432'</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">my-nestjs-app:/var/lib/postgresql/data</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s2">"</span><span class="s">bitnami/redis:7.2"</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">6379:6379"</span> <span class="c1"># volumes:</span> <span class="c1"># - "redis_data:/bitnami/redis/data"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">REDIS_PASSWORD</span><span class="pi">:</span> <span class="s">${REDIS_PASSWORD}</span> <span class="na">REDIS_PORT</span><span class="pi">:</span> <span class="s">${REDIS_PORT}</span> <span class="na">REDIS_DB</span><span class="pi">:</span> <span class="s">${REDIS_DB}</span> <span class="na">REDIS_IO_THREADS</span><span class="pi">:</span> <span class="m">4</span> <span class="na">REDIS_IO_THREADS_DO_READS</span><span class="pi">:</span> <span class="s">yes</span> <span class="na">REDIS_DISABLE_COMMANDS</span><span class="pi">:</span> <span class="s">FLUSHDB,FLUSHALL</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">my-nestjs-app</span><span class="pi">:</span> </code></pre> </div> <p>To run docker compose you need to have docker. <a href="https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-20-04#step-1-installing-docker" rel="noopener noreferrer">Complete guide to install docker on ubuntu.</a> Once you have installed docker, run docker-compose:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>docker compose up <span class="nt">-d</span> </code></pre> </div> <h2> Setup nginx </h2> <p>So let’s set up nginx for nestjs app. Before installing nginx, update your existing list of packages:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update </code></pre> </div> <p>Then install nginx:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>nginx </code></pre> </div> <p>Check nginx if it is working:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl status nginx </code></pre> </div> <p>You will get:<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy0vuhk5xce7xxiw9dypo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy0vuhk5xce7xxiw9dypo.png" alt=" " width="720" height="254"></a><br> Create an nginx configuration file in /etc/nginx/sites-available/my-nestjs-app<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>vim /etc/nginx/sites-available/my-nestjs-app </code></pre> </div> <p>Then copy/paste this configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">server_name</span> <span class="s">domain.com</span><span class="p">;</span> <span class="kn">client_max_body_size</span> <span class="mi">300M</span><span class="p">;</span> <span class="c1"># add_header 'Access-Control-Allow-Origin' '*';</span> <span class="kn">location</span> <span class="p">=</span> <span class="n">/favicon.ico</span> <span class="p">{</span> <span class="kn">access_log</span> <span class="no">off</span><span class="p">;</span> <span class="kn">log_not_found</span> <span class="no">off</span><span class="p">;</span> <span class="p">}</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$http_host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="s">https</span><span class="p">;</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:3000</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Let’s understand this configuration:</p> <ul> <li> <strong>server_name</strong> — According to <a href="https://nginx.org/en/docs/http/server_names.html" rel="noopener noreferrer">nginx docs</a>: it is used for a given request. They may be defined using exact names, wildcard names (like domain.com sub.dobmain.com), or regular expressions.</li> <li> <strong>client_max_body_size</strong> — the maximum size of a client request body. If this size is exceeded, nginx returns a 413 status code error. If you don’t want that just comment it.</li> <li> <strong>location /</strong> — means if the request matches this “/” or the value of location then nginx runs “the code inside of its block”. We used proxy_set_header and proxy_pass directives. proxy_set_header sets the header for the defined request. proxy_pass kinda forwards requests to the given URL or path. We set localhost 3000 so, every request in server_name and location forwards to location 3000 (domain.com/ -&gt; localhost:3000/)</li> </ul> <p>After that, save the file (in vim type :wq) and test the conf file with nginx command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nginx <span class="nt">-t</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft8skmb2kq5ubev9scnr4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft8skmb2kq5ubev9scnr4.png" alt=" " width="720" height="110"></a></p> <p>If you make a syntax error, it will be shown. If everything is ok, create a link:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/my-nestjs-app /etc/nginx/sites-enabled/my-nestjs-app </code></pre> </div> <p>then test nginx &amp; restart nginx:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart nginx </code></pre> </div> <h2> Setup domain name </h2> <p>First of all, you need to forward the domain name to your VPS. Go to your domain provider dashboard &gt; DNS Records &gt; create a record with A name, and put the IP address of your VPS in the “name” field (<a href="https://help.one.com/hc/en-us/articles/360000799298-How-do-I-create-an-A-record-" rel="noopener noreferrer">example</a>). Then check it’s forwarded to your IP address (<code>$ hostname -I</code> to see IP):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ping domain.com </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzo4mbtsiwm4iwt7gk9fw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzo4mbtsiwm4iwt7gk9fw.png" alt=" " width="720" height="173"></a><br> If these IP addresses are not the same as the IP address of your VPS, you should wait to be the same (it might take minutes to days depending on your domain registrar), otherwise you will face problems.</p> <p>You need to add an SSL certificate to your domain. It’s easy with certbot, so install cerbot:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install </span>certbot python3-certbot-nginx </code></pre> </div> <p>After that run this command to generate SSL certificates for your domain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>certbot <span class="nt">--nginx</span> <span class="nt">-d</span> example.com </code></pre> </div> <p>After that test the nginx conf file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nginx <span class="nt">-t</span> </code></pre> </div> <p>If it’s ok, restart nginx:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart nginx </code></pre> </div> <p>That’s all! I apologize for any mistake I made. If you find any mistake, please let me know.<br> <em>I hope it’s helpful</em></p> devops nginx nestjs vps