DEV Community: Prajwol Shrestha

Hosting a Dockerized Node.js App on Oracle Cloud Free Tier

Prajwol Shrestha — Sun, 15 Feb 2026 14:06:10 +0000

I recently decided to host one of my Dockerized Node.js apps on a VPS using Oracle Cloud Free Tier - not just to deploy it, but to understand what’s actually happening under the hood.

I wanted to learn:

How to create and configure a compute instance
How Docker behaves on a VPS
Why backend ports shouldn't be exposed directly
How NGINX fits into the picture
What restart policies actually do

Here's exactly how I set it up - and what I learned along the way.

Step 1 - Create a Compute Instance on Oracle Cloud

Inside Oracle Cloud:

Go to Compute -> Instances
Click Create Instance
Choose Ubuntu (I used 22.04)
Select an Always Free eligible shape (1 vCPU, ~1GB RAM)

When creating the instance, upload your SSH public key or download the key Oracle provides.

Once the instance is running:

ssh -i your-key.pem ubuntu@YOUR_SERVER_IP

Now you're inside a real Linux server - not a managed environment.

Step 2 - Basic Setup & Firewall

First, update the system:

sudo apt update
sudo apt upgrade -y

Then enable UFW:

sudo apt install ufw -y
sudo ufw allow OpenSSH
sudo ufw enable

At this point:

Only SSH is allowed
Everything else is blocked

Important lesson:

Oracle Cloud has its own Security List (cloud firewall).

Ubuntu has UFW (OS firewall).

If something doesn't work later, check both.

Step 3 - Install Docker

Install Docker

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

After installing Docker, I added my user to the docker group:

sudo usermod -aG docker $USER
exit

Reconnect and test:

docker run hello-world

Docker is now ready to run containers.

Step 4 - Create a Private Docker Network

Before running anything, I created a custom Docker network:

docker network create web

This was important.

Instead of exposing my Node.js app like this:

docker run -p 3000:3000 my-app

I wanted the app to stay internal and let NGINX handle public traffic.

Containers attached to the same custom network:

Can talk to each other using their names
Are not exposed publicly unless you publish ports

Think of it as a private network inside your VPS.

Step 5 - Install NGINX Reverse Proxy

At this point, the Node.js app is internal. But something still needs to handle incoming HTTP requests from the outside world. That’s where NGINX comes in.

I used NGINX Proxy Manager for simplicity.

Create a directory for it in VPS:

mkdir nginx-proxy
cd nginx-proxy

Then create docker-compose.yml

Here's the simplified docker-compose.yml:

version: "3.8"

services:
  npm:
    image: jc21/nginx-proxy-manager:latest
    container_name: nginx-proxy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "81:81"
    volumes:
      - ./data:/data
      - ./letsencrypt:/etc/letsencrypt
    networks:
      - web

networks:
  web:
    external: true

`networks: web`

This attaches NGINX to the same private network as the app.

So it can forward traffic internally.

`volumes`

This ensures configuration and SSL certificates survive container restarts.

`restart: unless-stopped`

It means:

If the VPS reboots -> the container starts automatically
If Docker restarts -> container comes back
If it crashes -> it restarts
If you manually stop it -> it stays stopped

Then start it:

docker compose up -d

Now NGINX is running.

Step 6 - Open Ports in Oracle Cloud

Open ports in OS level

sudo ufw allow 80
sudo ufw allow 443

Even after configuring UFW, I couldn't access the server from the browser.

That's because Oracle Cloud blocks traffic by default.

I had to allow:

Port 80
Port 443

Inside:

Networking - VCN -> Security List

This reinforced something important:

Cloud firewall and OS firewall are separate layers.

Step 7 - Deploy the Dockerized Node.js App

I pushed my Node.js image to a container registry (I used Docker Hub).

On the VPS:

docker login
docker pull myusername/my-node-app:latest

Then created a folder:

mkdir app
cd app

Created .env:

NODE_ENV=production
PORT=3000

Then docker-compose.yml:

version: "3.8"

services:
  node-app:
    image: myusername/my-node-app:latest
    container_name: node-app
    restart: unless-stopped
    env_file:
      - .env
    networks:
      - web

networks:
  web:
    external: true

Notice something important:

There is no -p 3000:3000.

The Node.js app is running - but only inside the Docker network.

It is not publicly accessible.

Start it:

docker compose up -d

Step 8 - Connect NGINX to the Node.js App

Inside NGINX Proxy Manager:

Add Proxy Host
Forward Hostname: node-app
Forward Port: 3000
Enable SSL (if using a domain)

Now traffic flows like this:

Browser -> NGINX -> Node.js container

Port 3000 remains internal.

This separation reduces your public attack surface. Only NGINX is exposed. Your application server stays internal.

Free Tier Reality

Oracle Free Tier gives ~1GB RAM.

You can monitor usage:

htop
docker stats

This comfortably runs:

NGINX
One or two small Node.js apps

What I Learned From This

Setting this up myself helped me understand:

What a compute instance actually is
Why reverse proxies are important
How Docker networking isolates services
Why backend ports shouldn't be exposed
How restart policies affect uptime
How cloud and OS firewalls interact

It's very different from just deploying code.

You start understanding the system your app runs on.

And that's what made this exercise worth it.

Building a Chrome Extension: From Idea to Automated Release

Prajwol Shrestha — Sun, 11 Jan 2026 06:27:22 +0000

Chrome extensions are one of the fastest ways to ship useful software.
They’re lightweight, powerful, and force you to think in clear boundaries.

This article walks through how to build a Chrome extension using modern tooling, and how to automate versioning and releases using GitHub Actions.

What We’re Building

We’ll build a simple Chrome extension with:

A content script that interacts with web pages
A background script that handles logic and coordination
A popup UI for user interaction
Automated build, versioning, and GitHub releases

Key Components

Manifest

Defines metadata, permissions, and entry points.

Content Script

Runs in the context of a web page.
Can read and manipulate the DOM.

Background Script

Runs independently of pages.
Handles state, messaging, and lifecycle events.

Popup UI

A short-lived interface shown when the extension icon is clicked.

Messaging Model

Chrome extensions are event-driven.
Components never directly access each other.

Popup -> sends user intent
Background -> coordinates logic
Content Script -> affects the page

Distribution Strategies

Chrome extensions are commonly distributed using one of the following approaches, depending on the stage of the project.

Chrome Web Store (Public & Auto-Updating)

For public distribution, Chrome extensions can be published to the Chrome Web Store.

Requires a one-time $5 USD developer registration fee
Enables automatic updates
Makes the extension discoverable to non-technical users

GitHub Releases (Free & Flexible)

Users install the extension by downloading the release archive and loading it manually in Chrome.
Using GitHub Actions, releases can be fully automated:

Versioned ZIP artifacts
Consistent builds
No review or approval process
No cost

Auto Scroll Extension

As a practical example, I built a Chrome auto-scroller extension and set it up with a fully automated release pipeline using GitHub Actions.
The project includes:

A content script that controls page scrolling
A popup UI for user interaction
A background script for coordination
Automated versioned releases on every Git tag

Source code

https://github.com/Prajwol-Shrestha/auto-scroll-browser-extenstion

Release Automation Overview

In this project, releases are automated as follows:

A Git tag (e.g. v1.0.1) is pushed
GitHub Actions builds the extension
The build output is packaged into a ZIP
A GitHub Release is created automatically
The ZIP is attached as a release asset

Automatically Post Incoming Emails with attachments to Facebook Using n8n

Prajwol Shrestha — Sun, 28 Dec 2025 05:33:03 +0000

I kept doing the same thing over and over:

an email arrives → copy the subject → download attachments → convert attachments to images → post to Facebook.

After the third or fourth time, I stopped and automated it with n8n.

Now, whenever a new email lands in a specific mailbox, it automatically becomes a Facebook post — attachments included.

This post is a quick breakdown of what I built, why I made certain choices, and what actually worked for me.

What This Automation Does

Watches an email inbox
Uses the email subject as the Facebook caption
Converts and uploads image attachments
Publishes the post automatically

Workflow Overview

High-level view of the email → Facebook automation workflow

Why IMAP (and Not the Gmail Trigger)

I initially tried using n8n’s Gmail Trigger because it felt like the more “native” option.

In practice, it wasn’t reliable enough for my use case:

New emails didn’t always trigger the workflow
Occasionally, nothing fired at all

For an automation that posts publicly, missing even one email isn’t acceptable.

I switched to IMAP for a few practical reasons:

Consistent execution — new emails were picked up every time
Works with any email provider — not locked into Gmail's API

It’s simple, reliable, and kept the workflow firing every time — exactly what I needed.

Handling Facebook Image Posts

Facebook doesn’t let you upload multiple images directly in a single post.

Instead, you have to:

Upload each image as unpublished
Collect the returned media_fbids
Attach those IDs when creating the final post

Here's what that looks like in n8n:

Step 1: Loop through attachments

Use a Loop Over Items node to process each attachment individually

Step 2: Upload as unpublished

Endpoint: /{page-id}/photos
Method: POST
Set published: false and pass the attachment URL

Each upload returns a media_fbid — save these.

Step 3: Create the final post

Endpoint: /{page-id}/feed
Use the email subject as the message
Attach all the media_fbids you collected

Once I understood this flow, the rest was straightforward.

Gotchas I Ran Into

Attachment format matters

n8n treats email attachments as binary data. I had to use the Convert to File node before uploading to Facebook, otherwise the API rejected them

Facebook permissions

Make sure your app has pages_manage_posts and pages_read_engagement permissions, or uploads will fail.

Final Thoughts

This isn’t a flashy automation — but it quietly saves time and removes friction.

If you’re already using n8n and dealing with repetitive posting, this kind of workflow is absolutely worth building.

Sometimes the best automations are the ones you don’t even notice anymore.

How to Dockerize and Deploy a NestJS App on Render for Free

Prajwol Shrestha — Sat, 13 Sep 2025 15:29:11 +0000

So, you’ve built your NestJS app and now want to deploy it online, without spending any money or adding a credit card. In this blog, we’ll walk through a clear, step-by-step process to Dockerize your app and deploy it on Render for free.

Render’s free tier makes it easy to deploy Dockerized apps, while Docker ensures your project runs consistently everywhere. In this guide, we’ll:

🐳 Dockerize a NestJS app using pnpm.
🚀 Deploy it to Render in two different ways.
🔁 Add CI/CD for automatic deployments on every push to main.
🎁 Bonus: Keep your free Render app alive 24/7 using a Cloudflare Worker.

Let’s dive in! 🐳

Why Docker for NestJS?

Docker helps package your NestJS app with all its dependencies so it runs exactly the same in all environments.

Render supports two ways of deploying Docker apps:

From a Dockerfile → Render builds the image itself
From a prebuilt Docker image → You push your image to Docker Hub (or any registry), and Render pulls it

We’ll cover both options.

Step 1: Dockerizing the NestJS App

First, we need to containerize our application. If you don’t have Docker installed, grab it here.

Create the `Dockerfile`

Create a file named Dockerfile in your project's root directory:

Here’s a example Dockerfile using pnpm:

# Use a lightweight Node.js base image
FROM node:20-slim 

# Set working directory
WORKDIR /app

# Copy dependency files first (better cache usage)
COPY package.json pnpm-lock.yaml* ./

# Install dependencies
RUN npm install -g pnpm && pnpm install --frozen-lockfile

# Copy the rest of the source code
COPY . .

# Build the NestJS project
RUN pnpm run build

# Expose the app’s port
EXPOSE 3000

# Start the app
CMD ["pnpm", "run", "start:prod"]

Don't Forget the `.dockerignore`

Create a .dockerignore file to keep your image lean and mean by excluding unnecessary files:

node_modules
dist
.git
Dockerfile
.dockerignore
.env

Test It Locally First

Before we deploy, let's build and run the container locally to make sure everything works.

docker build -t nest-backend .
docker run -p 3000:3000 nest-backend

Head over to http://localhost:3000 to verify your app is running. If it works, you're ready for deployment! ✅

Step 2: Deploying to Render

Now that your NestJS app is Dockerized, let's get it deployed on Render. We have two options:

Option A: The Simple Way (Let Render Build the Image)

This is the easiest way:

Push your code to GitHub/GitLab
In Render Dashboard → New → Web Service
Connect your repository
Render will detect the Dockerfile and build the image automatically

That's it! Render will now build your Docker image from the Dockerfile and deploy your app. Easy. 🎉

Option B: The CI/CD Way (Prebuilt Images with GitHub Actions)

This method gives you more control and enables automatic deployments.

Build the Docker image locally
Push it to Docker Hub
Trigger Render to pull the new image

This also enables automatic CI/CD deployments on every push.

Step 1: Push to Docker Hub

# Build image
docker build -t nest-backend .

# Tag with Docker Hub username
docker tag nest-backend your-username/nest-backend:latest

# Push to Docker Hub
docker push your-username/nest-backend:latest

On Render, choose Deploy an existing Docker image and use:

docker.io/your-username/nest-backend:latest

Render will fetch the latest image whenever you trigger a redeploy.

📝 Notes on tags:

Render redeploys based on the tag you specify (latest, v1.0.0, etc.).

Using latest is simple, but versioned tags (e.g., v1.0.0) are safer for production since they make rollbacks easier.

Render only fetches a new image from Docker Hub when you trigger a redeploy (manually or via CI/CD).

Step 2: Automate with GitHub Actions

Create .github/workflows/docker-build.yml:

name: Build & Push Docker Image
on:
  push:
    branches: [ "main" ]

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v3

      - name: Log in to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          tags: your-username/nest-backend:latest

      - name: Trigger Render Deploy
        run: |
          curl -X POST ${{ secrets.RENDER_DEPLOY_HOOK }}

In your GitHub repo → Settings → Secrets → add:

DOCKER_USERNAME → your Docker Hub username
DOCKER_PASSWORD → your Docker Hub access token
RENDER_DEPLOY_HOOK → from Render dashboard (service → settings → deploy hook URL)

Now every push to main will:

Build the Docker image
Push it to Docker Hub
Trigger a new Render deployment

🎁 Bonus: Keep Your Render App Alive 24/7

On Render’s free tier, your service goes to sleep after 15 minutes of inactivity to save resources. When that happens, the next request can feel slow because the app has to “cold start.”

To prevent this, you can set up a simple heartbeat that pings your app every few minutes.

You don’t have to use Cloudflare Workers — you could also use:

n8n (self-hosted or cloud)
Google Apps Script
Any external cron job service

In this tutorial, we’ll go with with Cloudflare Workers (free tier).

Create a Worker

Install Wrangler, Cloudflare’s CLI.

npm install -g wrangler

Generate a new worker:

wrangler init keep-alive-worker

Configure the Worker

In wrangler.toml:

name = "keep-alive-worker"
main = "src/index.ts"
compatibility_date = "2025-09-13"

# Add this
[triggers]
crons = ["*/15 * * * *"]

# (Optional) to enable logs for worker
[observability.logs]
enabled = true

Worker Code

In src/index.ts:

const SERVICES = [
  'https://your-app-name.onrender.com', // Your app's URL
  // Add more services here if needed!
];

export default {
  async scheduled(event, env, ctx) {
    for (const url of SERVICES) {
      try {
        const res = await fetch(url);
        console.log(`✅ Pinged ${url} → ${res.status}`);
      } catch (err) {
        console.error(`❌ Failed to ping ${url}`, err);
      }
    }
  },
};

Deploy the Worker

wrangler deploy

That’s it! 🎉 Your Cloudflare Worker will automatically ping your Render app(s) every 15 minutes, keeping them awake and responsive.

Deploying Next.js App to Cloudflare Workers with OpenNext

Prajwol Shrestha — Sun, 31 Aug 2025 16:57:44 +0000

If you’ve ever tried deploying a Next.js app to Cloudflare Workers, you’ve probably noticed a gap: Next.js expects Node.js APIs, while Workers traditionally run in a restricted edge runtime.

Enter OpenNext. With the @opennextjs/cloudflare adapter, you can run your Next.js app on Workers using the Node.js runtime, giving you access to many familiar Node APIs — something @cloudflare/next-on-pages can’t provide.

In this guide, we’ll walk through deploying a Next.js app to Cloudflare Workers using OpenNext, step by step.

⚖️ Edge Runtime vs Node.js Runtime

Aspect	Edge Runtime (`@cloudflare/next-on-pages`)	Node.js Runtime (`@opennextjs/cloudflare`)
Speed / Weight	Super fast, lightweight	Fast, slightly heavier
Next.js Features	Limited; some features won’t work	Most features supported (SSR, ISR, middleware, streaming)
Node.js APIs	Very restricted	Many supported via Workers’ Node.js compatibility

TL;DR: Use Node.js runtime if you need full Next.js features and Node API support; Edge runtime is great for ultra-lightweight functions.

🚀 Let’s Dive In: Creating or Using a Next.js App

Option 1: Start a new Next.js app preconfigured for Workers

If you’re creating a new project, OpenNext can scaffold everything for you:

npm create cloudflare@latest -- my-next-app --framework=next --platform=workers

Option 2: Use with an Existing Next.js App

Step 1: Install the Cloudflare Adapter

npm install -D @opennextjs/cloudflare wrangler

Step 2: Create `wrangler.jsonc` (optional)

This file will be auto-generated if not present during build. The nodejs_compat flag enables Node.js APIs in Cloudflare Workers.

{
  "$schema": "node_modules/wrangler/config-schema.json",
  "main": ".open-next/worker.js",
  "name": "demo-app",
  "compatibility_date": "2025-08-31",
  "compatibility_flags": ["nodejs_compat", "global_fetch_strictly_public"],
  "assets": {
    "directory": ".open-next/assets",
    "binding": "ASSETS"
  },
  "services": [
    {
      "binding": "WORKER_SELF_REFERENCE",
      "service": "demo-app"
    }
  ]
}

Step 3: Create `open-next.config.ts` (optional)

This file will also be auto-generated if not present during build. The R2 incremental cache is optional and requires R2 enabled on your Cloudflare account.

import { defineCloudflareConfig } from "@opennextjs/cloudflare";
import r2IncrementalCache from "@opennextjs/cloudflare/overrides/incremental-cache/r2-incremental-cache";

export default defineCloudflareConfig({
  incrementalCache: r2IncrementalCache,
});

Step 4: Update `package.json` Scripts

{
  "scripts": {
    "dev": "next dev",
    "preview": "opennextjs-cloudflare build && opennextjs-cloudflare preview",
    "deploy": "opennextjs-cloudflare build && opennextjs-cloudflare deploy",
    "upload": "opennextjs-cloudflare build && opennextjs-cloudflare upload",
    "cf-typegen": "wrangler types --env-interface CloudflareEnv cloudflare-env.d.ts"
  }
}

Step 5: Remove `export const runtime = "edge";`

Edge runtime is not supported with @opennextjs/cloudflare. Make sure to remove this line from any of your source files before deploying.

This ensures your app runs in the Node.js runtime, which is fully compatible with OpenNext and Cloudflare Workers.

Step 6: Update `.gitignore`

Add .open-next to your .gitignore file to prevent the build output from being committed.

Step 7: Add Static Asset Caching

Create a public/_headers file with the following content:

/_next/static/*
 Cache-Control: public,max-age=31536000,immutable

This ensures that your static assets (JS, CSS) are cached for one year, improving performance for repeat visitors.

Step 8: Preview and Deploy

Preview your app locally first:

npm run preview

Then deploy to Cloudflare Workers:

npm run deploy

⚠️ Next.js Version & Known Issues

If you run into errors like:

NextJS request failed. Error: An error occurred while loading the instrumentation hook
at NextNodeServer.loadInstrumentationModule

This is a known issue (GitHub #667).
The workaround is to downgrade your Next.js version to 15.3.

Other known issues and limitations with OpenNext on Cloudflare Workers can be found here:
OpenNext Cloudflare Known Issues

Enhancing Your Development Workflow with Husky, Commitlint, Prettier, and Lint-Staged

Prajwol Shrestha — Tue, 29 Oct 2024 10:21:34 +0000

Setting up an automated workflow can greatly enhance code quality and consistency in your projects. In this guide, we’ll walk through setting up Husky, Commitlint, Prettier, and Lint-Staged to ensure your codebase is consistently formatted, follows commit message conventions, and has up-to-date dependencies after each merge.

Setting Up Husky

Husky helps you manage Git hooks effortlessly, allowing for automated tasks like code quality checks to run before every commit.

Installation

Install Husky as a dev dependency using npm (we will be using npm in this article):

npm install --save-dev husky

Initialization

To create a .husky directory where Git hooks will be stored, run:

npx husky init

Next, add the following script in your package.json to set up Husky when installing dependencies:

"scripts": {
  "prepare": "husky install"
}

Configuring Commitlint

Commitlint ensures that all commit messages follow a consistent format, maintaining a clean commit history.

Installation

Install Commitlint along with a conventional config:

npm install --save-dev @commitlint/config-conventional @commitlint/cli

Setup

Create a commit-msg hook in .husky: Now create a new file in .husky directory named commit-msg and add this line:

npx husky add .husky/commit-msg "npx --no-install commitlint --edit \"$1\""

Add a commitlint.config.js file to the root of your project with the following content:

module.exports = {
  extends: ['@commitlint/config-conventional'],
  rules: {
    //   TODO Add Scope Enum Here
    // 'scope-enum': [2, 'always', ['yourscope', 'yourscope']],
    'type-enum': [
      2,
      'always',
      [
        'feat',
        'fix',
        'docs',
        'chore',
        'style',
        'refactor',
        'ci',
        'test',
        'revert',
        'perf',
        'vercel',
      ],
    ],
  },
};

Adding Lint-Staged and Prettier

Lint-Staged allows you to run scripts on staged files, and Prettier enforces a consistent style in your codebase.

Installation

Install both as dev dependencies:

npm install --save-dev lint-staged prettier

Prettier Configuration

Create a .prettierrc.json file in your project root with your preferred configuration. Here’s an example:

{
  "plugins": ["prettier-plugin-tailwindcss"],
  "printWidth": 120,
  "useTabs": false,
  "tabWidth": 2,
  "trailingComma": "es5", 
  "semi": true, 
  "singleQuote": true,
  "bracketSpacing": true, 
  "arrowParens": "always",
  "jsxSingleQuote": false, 
  "bracketSameLine": false,
  "endOfLine": "lf"
}

Lint-Staged Configuration

Add the following configuration to your package.json under lint-staged:

"lint-staged": {
    "**/*.{js,jsx,ts,tsx}": [
      "eslint --max-warnings=0",
      "prettier --write"
    ],
    "**/*.{html,json,css,scss,md,mdx}": [
      "prettier -w"
    ]
  }

Add a pre-commit hook to run Lint-Staged:

npx husky add .husky/pre-commit "npx lint-staged"

Adding a Post-Merge Hook for Dependencies

A post-merge hook ensures that your dependencies are updated after each merge by running npm install or any package manager.

Create a post-merge hook:

npx husky add .husky/post-merge "npm install"

Conclusion

With this setup, your project will maintain a standardized commit message format, automatically format code, and keep dependencies up-to-date post-merge. This robust workflow will streamline collaboration and improve code quality, helping you focus on building great features.

8 Most Common Type Of Cyber Attacks

Prajwol Shrestha — Sat, 13 Nov 2021 14:43:43 +0000

Before learning about types of cyber attacks, you must know what a cyber attack is. Basically, it is an attack performed by a group or an individual to gain unauthorized access to a system with the intent to harm the victim.

In this article, we will briefly learn about some of the most common types of cyber attacks and how to protect yourself from them.

1. Phishing:

Phishing involves sending emails that appear to be from trusted sources. The goal is to make the victim click on the link and trick them into giving their login credentials or spreading malware.

Spear phishing is carried out in the same way, except it is more focused on particular people. The attacker has to do some research on the victim before sending them the malicious link. For example, with a little research an attacker can find your friend’s email and send you the malicious link which might appear to be a legitimate email from your friend.

How to Protect yourself:

Think before you click.
Verify a site’s security.
Never give out personal information.

2. Password Attack & Credential Reuse:

The attacker will use an array of password hacking techniques. The attacker might use a list of common ‘weak’ passwords, to sophisticated ‘Rainbow table’ attacks using previously hacked/cracked passwords.

How to protect yourself:
*Use a strong password.
*Don’t use the same password on different platforms.
*Use two-factor authentication (2FA).

3. DOS and DDOS:

It stands for Denial Of Service and Distributed Denial Of Service respectively. The difference between them is that DOS is an attack mode between a single machine and a single machine, whereas a DDOS attack is a large-scale attack mode based on DOS. DDOS uses a group of controlled computers (Botnets) to attack a host.
The idea of both these attacks is to send a high volume of data or traffic through a network that is making a lot of connection requests until the server becomes overloaded and can no longer function.

How to prevent DDOS attacks:
*Protect your DNS Servers.
*Configure your network hardware against DDOS attacks.

4. Drive-By Downloads:

Unlike other cyber attacks, you don’t have to open an email attachment or download anything. You will get infected simply by viewing an email or by visiting a website that will automatically download malware.

How to protect yourself:
*Keep your OS and browsers updated.
*Only keep the programs you need, the more plug-ins you have, the more vulnerable you are.

5. Man In The Middle(MitM):

The hacker places himself between two communicating hosts and listens to their information.
This attack is similar to the Eavesdropping attack but is much more dangerous. The attacker can not only listen to their information but can also impersonate one of them or change the context of the information being sent.

How to Protect Yourself:
*Make sure you use SSL certificates (HTTPS, not just HTTP) to enhance security.
*Use VPN to enhance security when using untrusted networks.

6. Malvertising:

This attack will compromise your system with malicious code that is automatically downloaded to your system when you click on an infected advertisement.

How to protect yourself:
*Don’t click on advertisements just because they look appealing.
*Keep your OS, browsers, and plug-in updated.

7. SQL Injection:

It stands for Structured Query Language Injection. The attacker inserts malicious SQL code into the website’s search box or input box. Once the code has been deployed, it might delete or modify data on the database and even copy the whole database.

How to protect yourself:
*Use input validation on input fields.
*Update and patch your software and database.

8. Zero-Day Exploit:

A Zero-Day exploit is an attack that occurs on the same day a weakness is discovered on software. This type of attack is usually hard to defend against since the precise nature of the attack is only known after it has happened. When a person discovers a vulnerability on software instead of directly reporting to the creators of the software, he decides to share this vulnerability on the internet. The hackers then exploit this vulnerability before the creators of the software could patch the vulnerability.
How to protect yourself:
*Keep your OS and software up-to-date.
*Only use SSL certified websites.

How cookies track you around the Internet

Prajwol Shrestha — Sat, 06 Nov 2021 12:31:34 +0000

What are cookies?

Cookies are small text files that a website stores in your browser. Cookies are utilized to recall things about sites: your login data, what you have in your shopping basket, what language you prefer. They are generated by websites and remain in your browser until they expire.

Different Types of Cookies

Cookies are classified based on their different characteristics:

Based on their function, cookies are divided as necessary and unnecessary. The necessary cookies are crucial for the functioning of a website, and the unnecessary cookies are the ones that are added additionally by the website and are not so crucial for the functioning of the website.
Based on their source, cookies are divided into first-party and third-party cookies. First-party cookies are set by the site that the user is visiting presently, say, to check whether or not the user is logged in. Whereas third-party cookies are set by other websites that track the user for showing related advertisements.
Based on their span, cookies are classified as persistent and session cookies. Session cookies are set when the user begins a session and are temporary cookies. They terminate once the browser is closed and the session ends. Whereas Persistent cookies stay on the user’s browser for a long period and expire when they reach their expiration period.

Can cookies track you around the internet?

Yes, cookies can be used to invade your privacy and track you around the internet. Most browsers only allow websites to store a maximum of 300 cookies and they cannot store a lot of data. Cookies set by one website cannot be accessed by that other site. And that raises a question, How can cookies be used to track us around the internet, especially if cookies from one website cannot be accessed by another? For instance, How can Facebook track what website we visit?

The whole process starts when you log into Facebook, to remember that you are logged in Facebook, it stores a cookie on your browser, many other websites do the same thing. This cookie is bound to the Facebook domain name, meaning that nobody else besides facebook.com can read what’s inside the cookie. Let’s now assume, you are visiting another website, this website cannot access Facebook cookies and vice versa. But let’s assume that the owner of another website places a Facebook like button on his website, to show this like button your browser has to download some content from the Facebook servers. And when it’s talking to Facebook.com, it sends along with the cookie that Facebook had stored in your browser. Facebook now knows who you are and that you visited this site.

Many other companies also use this technique to track you around the internet. The trick is easy, convince as many as websites to place some of your code in their websites.

What can you do to prevent cookies from tracking you?

You can prevent cookies from tracking you by:

Using browser extensions like Privacy Badger, Ghostery, etc.
Switching to a browser that has built-in privacy protection tools like Brave or safari.
Enable Do Not Track (DNT) on browsers. Even though not all websites respect the DNT setting, it is one feature that users can use.

Python Projects For Beginners

Prajwol Shrestha — Fri, 05 Nov 2021 05:34:56 +0000

So, You have just finished learning Python and looking to get your hands on some easy yet interesting projects. Then this article is for you. In this article, I have listed some interesting projects that you might want to try. If you are confused about how to create the program you can refer to my GitHub profile and get some ideas given below each respective projects.

1. Mad Libs:

This program is actually quite easy to create. It is a program based on the traditional Mad Libs game. The user is asked by the program to input some words. The program then takes those words and inserts them into paragraphs that are predefined in the program. When the execution is finished, the program displays the recreated paragraph with some words replaced by the user-given phrases at random places.
You can make this more interesting by importing a CSV file that contains a number of paragraphs and code the program to select a random paragraph each time the program executes. OR you can even code your program to replace the word in random places by making use of the random module and string indexing.
GitHub: https://github.com/Prajwol-Shrestha/Mad_libs

2. Number Guessing:

As the name suggests, this program is quite easy to code. Let me explain this program structure simple way. Generate a random number, ask the user for a number, check if the number matches, and finally display the result.
But creating a program to do only this much seems quite boring, right? So to make this more interesting you can make this program a point and attempt-based program. Simply put, You are giving the user a certain amount of attempts to try and guess the number, If the user guesses the correct number he/she gets a point, and if the user guesses the incorrect number he/she gets a point deducted. You can also give the user hints like mathematical equations but adding this feature seems quite complicated for a beginner's program.
GitHub: https://github.com/Prajwol-Shrestha/Number_guessing

3. Email Slicer:

As the name states, this program slices the email address. Simply put, This program actually separates the part of the email address. For This program, we will ask the user to input an email address. Then we will take that email address and separate it at the '@' symbol. That's it! and we have successfully separated the email address and extracted the hostname and username from the given email address.
For example, say we have a dummy email address (ABC@gmail.com) when we feed this email address into the program, the program will slice the email address at the ‘@’ symbol and display the Username as ABC and the domain name or hostname as gmail.com.
GitHub:https://github.com/Prajwol-Shrestha/Email_slicer

4. Rock, paper, and scissor:

We all are familiar with traditional rock, paper, and scissor game.
Simply put, You have to code your program to display one of these options when you input your option, Check who wins or if it is a draw and display the result. You can make this game more interesting by making it the best out of three or giving the user a prompt to have a rematch after the game ends.
You can make use of the random module to randomly generate a number and assign them to a single choice(rock, paper, or scissor). Then, Each time the program executes the computer will throw up a different choice. You will have to compare the choice given by the user and the computer to determine the results.
GitHub:https://github.com/Prajwol-Shrestha/rock_paper_scissor

5. Dice rolling simulator:

This program is actually the easiest one among all the programs listed here. simulates the rolling of a dice. You just have to generate a random number between 1 to 6 (as on a standard dice) each time the program executes. With each execution, a random number is generated and displayed to the user. You can also ask if the user wants to roll the dice again without terminating the program.
GitHub: https://github.com/Prajwol-Shrestha/dice_rolling_simulator

6. Hangman:

This is probably the hardest one among the above 5 programs. It is quite similar to guessing the number program except for the user having to guess the letters. The user has to guess the letter in a word for the given number of blank spaces. Give the users a certain number of attempts, if the user guesses the correct letter then the user gets a point and vice-versa. Also when the guess is correct the program should print the result and ask for the next letter in the word. You can create your own wordlist and select a random word each time the program executes.

7. YouTube Video downloader:

It is one of the best projects for beginners to develop his/her skills in python programming. Everybody uses YouTube, there are many cases where we want to download some of those videos on our device permanently, but YouTube doesn’t provide those options to us. So, All you have to do is create your own YouTube video downloader. It may sound tedious, but with python, it is fairly easy to do so. To build this program you will need to install a third-party module named pytube which allows us to download YouTube videos. By implementing this module we can easily build our own YouTube video downloader.
GitHub:https://github.com/PrajwolShrestha/Youtube_video_downloader

DEV Community: Prajwol Shrestha

Hosting a Dockerized Node.js App on Oracle Cloud Free Tier

Step 1 - Create a Compute Instance on Oracle Cloud

Step 2 - Basic Setup & Firewall

Step 3 - Install Docker

Step 4 - Create a Private Docker Network

Step 5 - Install NGINX Reverse Proxy

networks: web

volumes

restart: unless-stopped

Step 6 - Open Ports in Oracle Cloud

Step 7 - Deploy the Dockerized Node.js App

Step 8 - Connect NGINX to the Node.js App

Free Tier Reality

What I Learned From This

Building a Chrome Extension: From Idea to Automated Release

What We’re Building

Key Components

Manifest

Content Script

Background Script

Popup UI

Messaging Model

Distribution Strategies

Chrome Web Store (Public & Auto-Updating)

GitHub Releases (Free & Flexible)

Auto Scroll Extension

Source code

Release Automation Overview

Automatically Post Incoming Emails with attachments to Facebook Using n8n

What This Automation Does

Workflow Overview

Why IMAP (and Not the Gmail Trigger)

Handling Facebook Image Posts

Gotchas I Ran Into

Attachment format matters

Facebook permissions

Final Thoughts

How to Dockerize and Deploy a NestJS App on Render for Free

Why Docker for NestJS?

Step 1: Dockerizing the NestJS App

Create the Dockerfile

Don't Forget the .dockerignore

Test It Locally First

Step 2: Deploying to Render

Option A: The Simple Way (Let Render Build the Image)

Option B: The CI/CD Way (Prebuilt Images with GitHub Actions)

Step 1: Push to Docker Hub

Step 2: Automate with GitHub Actions

🎁 Bonus: Keep Your Render App Alive 24/7

Create a Worker

Configure the Worker

Worker Code

Deploy the Worker

Deploying Next.js App to Cloudflare Workers with OpenNext

⚖️ Edge Runtime vs Node.js Runtime

🚀 Let’s Dive In: Creating or Using a Next.js App

Option 1: Start a new Next.js app preconfigured for Workers

Option 2: Use with an Existing Next.js App

Step 1: Install the Cloudflare Adapter

Step 2: Create wrangler.jsonc (optional)

Step 3: Create open-next.config.ts (optional)

Step 4: Update package.json Scripts

Step 5: Remove export const runtime = "edge";

Step 6: Update .gitignore

Step 7: Add Static Asset Caching

Step 8: Preview and Deploy

⚠️ Next.js Version & Known Issues

Enhancing Your Development Workflow with Husky, Commitlint, Prettier, and Lint-Staged

Setting Up Husky

Installation

Initialization

Configuring Commitlint

Installation

Setup

Adding Lint-Staged and Prettier

Installation

Prettier Configuration

Lint-Staged Configuration

Adding a Post-Merge Hook for Dependencies

`networks: web`

`volumes`

`restart: unless-stopped`

Create the `Dockerfile`

Don't Forget the `.dockerignore`

Step 2: Create `wrangler.jsonc` (optional)

Step 3: Create `open-next.config.ts` (optional)

Step 4: Update `package.json` Scripts

Step 5: Remove `export const runtime = "edge";`

Step 6: Update `.gitignore`