DEV Community: samnang rosady

Redis Commander

samnang rosady — Fri, 15 Aug 2025 11:29:13 +0000

🔍 What is Redis Commander?

Redis Commander is a lightweight, open-source web-based GUI for managing Redis databases. It allows users to:

Browse and query keys
View and edit key values
Add or delete keys
Monitor Redis memory usage
Connect to remote or local Redis instances Redis Commander runs as a web server, and once it's up and running, you can access it through your browser.

❓ Why Use Redis Commander?

While Redis CLI is fast and flexible, it can be intimidating for beginners and time-consuming for more complex operations.
Redis Commander provides a user-friendly interface, and based on Node.js.

⚙️ Features:

Simple and user-friendly interface
Supports basic key management tasks
Built-in command console
Customizable themes

🤔 Pros and Cons

👍🏼 Pros:

Free and open-source
Easy to learn and use
Lightweight and portable

👎🏼 Cons:

Lacks some advanced features found in other tools
Limited customization options
May not be suitable for very large datasets
Performance can be impacted by the web interface

💻 Available on:

Windows
macOS
Linux

Jinja: The Templating Wizard That Saves Devs From Keyboard Trauma

samnang rosady — Thu, 08 May 2025 16:37:58 +0000

💡 What is Jinja?

🧙‍♂️ Jinja is a modern and designer-friendly templating language for Python, used to generate files dynamically. Think of it like Mad Libs for config files, where you can inject variables into a template and programmatically generate output.

It’s used heavily in:

Any scenario where you want to avoid copy-paste hell 🔥
Infrastructure as Code (Ansible, SaltStack)
Web frameworks (like Flask or Django)
Easy to learn if you have experience some template engine such as Laravel Blade, Twig, Haml, 11ty

🎯 Why Use Jinja?

Use Jinja when you want to:

Reduce human errors by avoiding repetitive copy-paste
Dynamically change parameters like server names, ports, or environments
Reusable: You can write once and render thousands of variations. Efficiency FTW.
Clean separation: Keeps logic out of your final output, whether it’s HTML or NGINX configs.
CLI support (jinja-cli)
Make your deployments look like wizardry ✨

❌ Don't Use Jinja

When...	Why
You only need one or two static files	Overkill. Just use Vim and be done.
You need real-time updates (e.g. hot reload UIs)	Jinja is static. It renders once and that's it.
Your team has zero Python experience	Might be a steep ramp-up.
You want complex business logic in templates	Templates are not codebases! 🤯

Example: Automating NGINX Config with Jinja

Let’s break it down with an imaginative metaphor:

"Using vim for 1,000 NGINX config files is like writing wedding invitations by hand. Sweet, but painful."
Jinja is like a laser printer with your best handwriting.

Scenario:
You run a massive fleet of servers and each one needs its own NGINX configuration:

Without Jinja:

→ vim  
 → Modify 
  → Save
→ Repeat 999 times 🔁
 → Cry 😭

With Jinja:

You write one template:

# nginx_template.j2
upstream {{ upstream }} {
  {% for upstream_item in upstream_servers%}
    {{- upstream_item }};
  {% endfor %}
}

server {
  listen 80;
  server_name {{ domain_name }};
  rewrite ^(.*) https://$host$1 permanent;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name {{ domain_name }};

  server_tokens off;
  ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem;

  client_max_body_size 50M;

  access_log /var/log/nginx/{{ domain_name }}-access.log;
  error_log /var/log/nginx/{{ domain_name }}-error.log;

  {%- if auth %}
  auth_basic {{ auth.auth_basic }};
  auth_basic_user_file {{ auth.auth_user_file }};
  {% endif -%}

  location / {
    access_log /var/log/nginx/{{ domain_name }}-access.log;
    proxy_pass {{ upstream }};
    proxy_redirect off;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port $server_port;
  }
}

With dynamic data with json

app.local.json
{
  "domain_name" : "app.local",
  "upstream" : "http://proxy-app",
  "upstream_servers" : [
    "server 10.143.41.104:8081",
    "server 10.143.41.104:8082",
    "server 10.143.41.104:8083"
  ],
  "auth" : {
    "auth_basic" : "Restricted Area",
    "auth_user_file" : "/etc/nginx/htpasswd/auth"
  }
}

Run-time 🏃

jinja2 ./nginx_template.j2 ./app.local.json --format=json --outfile=./app.local.conf

Now you’ve got a thousand configs generated faster than a barista can spell your name wrong.

Final Thoughts

Jinja is the unsung hero of DevOps, backend automation, and lazy (smart) developers everywhere. It’s not flashy, but it’s reliable, fast, and scales beautifully. 🚀

Use it wisely — and maybe, just maybe, save your fingers from vim-induced arthritis.

GitHub Sample Repository 🐳

Enjoy you practice 🌟

A Guide to Setting Up Local HTTPS Portals with Docker

samnang rosady — Fri, 02 May 2025 03:16:21 +0000

Understanding Local HTTPS Portals

Local HTTPS portals enable developers to create secure connections within their development environments. By utilizing HTTPS, data transmitted between services remains encrypted, safeguarding sensitive information from potential security threats.

Why Use Local HTTPS Portals with Docker?

Enhanced Security: HTTPS encryption protects data integrity and confidentiality, crucial for handling sensitive information during development.
Realistic Testing Environment: Mimicking production environments with HTTPS setups ensures more accurate testing, reducing the likelihood of issues when deploying to live servers.
Streamlined Development Workflow: Docker's containerization capabilities facilitate easy setup and teardown of services, making it effortless to create and manage secure development environments.
Collaboration and Consistency: By standardizing HTTPS setups with Docker, developers can collaborate seamlessly and ensure consistent configurations across team members.

Practice

Imagine you have local services frontend and API running on ports 3000 and 3001, respectively. You want to set up a local HTTPS portal using Docker to secure these services. You want access https://api.local.test for the API and https://front.local.test for the frontend.

Docker

docker-compose.yml Create a docker-compose.yml file to define the services and their configurations.

services:
  frontend:
    container_name: frontend
    image: nginxdemos/hello
    ports:
      - "3000:80"

  api:
    container_name: api
    image: nmatsui/hello-world-api
    ports:
      - "3001:3000"

  https-portal:
    image: steveltn/https-portal:1
    ports:
      - "80:80"
      - "443:443"
    restart: always
    environment:
      DOMAINS: 'api.local.test -> http://api:3001, front.local.test -> http://frontend:80'
    volumes:
      - https-portal-data:/var/lib/https-portal

volumes:
  https-portal-data:

Update your system's hosts file to point the domains to your Docker host

Linux/MacOS

echo "127.0.0.1       local.test api.local.test" | sudo tee -a /etc/hosts

Windows: On Windows: Add these lines to C:\Windows\System32\drivers\etc\hosts

127.0.0.1 local.test
127.0.0.1 api.local.test

Run

docker compose up -d

Enjoy your practice 🌟

Rclone: Cloudflare R2 and Nginx Reverse Proxy

samnang rosady — Mon, 24 Mar 2025 06:16:09 +0000

Rclone is a powerful command-line tool that allows you to sync, copy, and manage files across multiple cloud storage providers. Cloudflare R2 is an object storage service designed to provide low-latency, high-availability storage without egress fees. By integrating Rclone with Cloudflare R2, you can efficiently manage your cloud storage with ease.

Installation

sudo yum install epel-release
sudo yum -y install fuse rclone -y
ln -s /bin/fusermount /bin/fusermount3

Rclone config

vim ~/.config/rclone/rclone.conf

rclone.conf

[r2demo]
type = s3
provider = Cloudflare
access_key_id = xxx
secret_access_key = xxxx
endpoint = xxxxx
region = auto
acl = private"

Rclone mount R2 remote to local

Option 1 (Debugging):

rclone mount r2demo:<bucket-name> <local-destination> --vfs-cache-mode off --log-file rclone.log  --log-level DEBUG

Option 2:
Run in the background

nohup rclone mount r2demo:<bucket-name> <local-destination> --vfs-cache-mode off --log-file /var/log/rclone.log --log-level NOTICE > /dev/null 2>&1 &

Using --log-file, in case of debugging.

--log-level LEVEL
- DEBUG is equivalent to -vv. It outputs lots of debug info - useful for bug reports and really finding out what rclone is doing.
- INFO is equivalent to -v. It outputs information about each transfer and prints stats once a minute by default.
- NOTICE is the default log level if no logging flags are supplied. It outputs very little when things are working normally. It outputs warnings and significant events.

Symlink

ln -s <local-destination> <project-storage-destination>

Nginx reverse proxy

✅ Faster global delivery due to Cloudflare’s CDN caching.
✅ Potential cost savings by reducing server bandwidth usage.
✅ Decreased load on server, especially for high-traffic websites.

map $uri $new_uploads_uri {
  ~^/<storage-uri>/(.*)$ //$1;
}
server {
  .....
  location ^~ /<storage-uri>/ {
     resolver 1.1.1.1;
     proxy_ssl_server_name on;
     proxy_pass https://<public-r2-domain>$new_uploads_uri;
  }
}

Sample:

< storage-uri >: wp-content/upload. We want to reverse from $HOST/wp-content/upload/xxx/xxx/xxx.jpg to <public-r2-domain>/upload/xxx/xxx/xxx.jpg

Conclusion

By combining Rclone, Nginx, and Cloudflare R2, you can serve static files efficiently with:
✅ Custom domain support
✅ SSL encryption
✅ Caching & compression
✅ No egress fees

🌟 Stay tuned 🌟

Gitlab CI/CD Auto-Pull

samnang rosady — Wed, 19 Mar 2025 05:33:45 +0000

GitLab CI/CD Auto-Pull is a technique that allows your remote server to automatically pull the latest code changes whenever updates are pushed to a GitLab repository. This eliminates the need for manual intervention in deployments, making the process seamless and efficient.

Why Use Auto-Pull in GitLab CI/CD? 🚀

Manually logging into a server and pulling new code updates can be tedious and error-prone. Automating this process offers several benefits:

✅ Efficiency – No need to manually pull changes after every commit.
✅ Consistency – Ensures that the correct version of the code is deployed.
✅ Reduced Human Error – Eliminates the risk of forgetting to pull updates.
✅ Faster Deployments – Code updates are available on the server as soon as they are pushed.

1. Get SSH Access:

How to get openssh-private-key

Test SSH Access

ssh <linux-user>@<PRODUCTION_IP>

Get openssh-private-key

ssh -o StrictHostKeyChecking=no ssh <linux-user>@<PRODUCTION_IP> "cat ~/.ssh/id_rsa"

Value should be:

-----BEGIN OPENSSH PRIVATE KEY-----
....
-----END OPENSSH PRIVATE KEY-----

2. Set variables credential:

Go to GitLab Project → Settings → CI/CD → Variables
You can add credential variable there.
For example: openssh-private-key (PROD_SSH_PRIVATE_KEY).

PROD_SSH_PRIVATE_KEY: Should openssh-private-key of <linux-user> which accessable to project directory, should not be root user.

Key: PROD_SSH_PRIVATE_KEY
Value: <openssh-private-key>
Type: Variable
Environment scope: All (default)
Protect variable: Checked
Mask variable: Checked

Create `.gitlab-ci.yml`

Go to GitLab Project → Build → Pipeline editor

variables:
  DOCKER_HOST: tcp://docker:2375
  SSH_USER: <linux-user>
  PRODUCTION_IP: <server-ip: xx.xx.xx.xx>

services:
  - docker:dind

stages:
  - deploy_production

deploy-prod:
  stage: deploy_production
  image: alpine:latest
  before_script:
    - apk add openssh-client openssh
    - eval $(ssh-agent -s)
    - echo "$PROD_SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
  script:
    - echo -e "This CI job deploys Stage= [$CI_JOB_STAGE], Branch= [$CI_COMMIT_BRANCH], Server IP= [$PRODUCTION_IP]"
    - ssh -o StrictHostKeyChecking=no ${SSH_USER}@${PRODUCTION_IP} -p 22 "cd <project-path> && git pull origin <branch>"
    - echo -e "\033[0;32mPulled [$CI_COMMIT_BRANCH] \033[0m"
  rules:
    - if: '$CI_COMMIT_BRANCH == "<branch>"'
      when: manual

🌟 Stay tuned 🌟

Fail2ban

samnang rosady — Wed, 29 Jan 2025 04:56:18 +0000

What is Fail2ban?

Fail2Ban is a free, open-source software tool that protects servers from brute-force attacks and other types of malicious activity. It monitors log files for suspicious activity and blocks IP addresses that are trying to access a server.

Why use Fail2ban?

There are several reasons to use Fail2ban:

Prevents brute force attacks on services
Reduces server load from automated login attempts
Provides an extra layer of security beyond firewalls
Notify when there is an IP is ban/unban through SMTP, Webhook

How it works

Fail2Ban scans log files for suspicious activity, such as too many access, failed attempts through access or error files
Fail2Ban creates a firewall rule to block the IP address that is causing the suspicious activity
The IP address is blocked for a specified amount of time

Basic understanding Fail2ban

Jails:

Jails serve as rule sets that dictate the conditions under which an IP address should face a ban which defined by monitoring log files
Predefined jail configurations can be found in /etc/fail2ban/jail.conf within Fail2ban

Filters:

Filters are instrumental in scrutinizing service logs using regex patterns to identify potentially malicious activities, like intrusion attempts.
These filters are typically stored in /etc/fail2ban/filter.d/

Actions:

Actions encompass a range of responses, from IP address bans to notifications and the execution of custom scripts
Commands outlining ban or unban procedures for IP addresses are typically housed in /etc/fail2ban/action.d/

GitHub Sample Repository 🐳

Enjoy you practice 🌟

nginx-mod-http-geoip

samnang rosady — Wed, 15 Jan 2025 03:02:35 +0000

nginx-mod-http-geoip

nginx-mod-http-geoip is an nginx module that allows you to determine the geographical location of an IP address. The geo of country is presented by Alpha-2 code.

You can find ISO ISO’s full, searchable list of all country codes to find your code.

map $geoip_country_code $allowed_country {
  default no;
  RU yes; # <ISO 3166-1 alpha-2> <yes/no>
}

server {
  ...
  if ($allowed_country = no) {
    return 403;
  }
  ...
}

GitHub Sample Repository 🐳

Enjoy you practice 🌟

ngx whitelist/blacklist module

samnang rosady — Tue, 14 Jan 2025 09:09:24 +0000

The ngx whitelist/blacklist module in nginx provides a straightforward way to restrict or permit access to your server based on the IP address of the client making the request. You can define specific IP addresses or ranges in your configuration to either allow or deny access to your server resources.

ngx_http_geo_module

http_geo_module module creates variables with values depending on the client IP address. That means $c_ip_addr set value from ip value in file.

/etc/nginx/ip_rules/ips.conf

163.38.139.42       1;
15.228.203.250      1;
146.16.251.134      0;

/etc/nginx/sites-available/

geo $c_ip_addr {
  default 0;
  include /etc/nginx/ip_rules/ips.conf;
}

server {
  listen 80;
  server_name _;

  if ($c_ip_addr = 0) {
    return 403;
  }

  location / {

  }
}

Restricting Access ngx_http_access_module

/etc/nginx/ip_rules/ip_block_rules.conf

allow 192.168.1.1;
allow 10.10.10.0/24;
allow 203.0.113.0/24;

/etc/nginx/sites-available/

server {
  listen 80;
  server_name nest.ubuntu.com;

  include /etc/nginx/ip_rules/ip_block_rules.conf;
  deny all;

  location / {

  }
}

Which to Use:

Use ngx_http_geo_module: when you need granular control over access based on various criteria, require dynamic updates, or need to manage a large number of IP addresses efficiently.
Use ngx_http_access_module directives: when you have a simple use case of allowing or denying access to specific IP addresses or ranges and want a straightforward solution without the need for complex rules.

GitHub Sample Repository 🐳

Enjoy you practice 🌟

DEV Community: samnang rosady

Redis Commander

🔍 What is Redis Commander?

❓ Why Use Redis Commander?

⚙️ Features:

🤔 Pros and Cons

👍🏼 Pros:

👎🏼 Cons:

💻 Available on:

Jinja: The Templating Wizard That Saves Devs From Keyboard Trauma

💡 What is Jinja?

🎯 Why Use Jinja?

❌ Don't Use Jinja

Example: Automating NGINX Config with Jinja

Without Jinja:

With Jinja:

Final Thoughts

A Guide to Setting Up Local HTTPS Portals with Docker

Understanding Local HTTPS Portals

Why Use Local HTTPS Portals with Docker?

Practice

Docker

Update your system's hosts file to point the domains to your Docker host

Rclone: Cloudflare R2 and Nginx Reverse Proxy

Installation

Rclone config

Rclone mount R2 remote to local

Symlink

Nginx reverse proxy

Conclusion

Gitlab CI/CD Auto-Pull

Why Use Auto-Pull in GitLab CI/CD? 🚀

1. Get SSH Access:

2. Set variables credential:

Create .gitlab-ci.yml

Fail2ban

What is Fail2ban?

Why use Fail2ban?

How it works

Basic understanding Fail2ban

Jails:

Filters:

Actions:

nginx-mod-http-geoip

nginx-mod-http-geoip

ngx whitelist/blacklist module

Create `.gitlab-ci.yml`