We're full-stack JavaScript(building with TypeScript). If something is not JS based it has to be RESTfull and run in Docker container.

Our technology stack is

Frontend

• Material
• Aurelia

Backend

• Docker Swarm for orchestration (even on standalone)
• NGINX for TLS termination, caching, load balancing, proxying and serving static content
• ArangoDB for graph, document, key-value store, search and data-centric microservices
• Node-RED for wiring together APIs and online services with Flow-based JavaScript powered way
• crate for logs
• minio for tier 1 storage
• imgproxy for fast and secure resizing and converting remote images
• borg for backups

Infrastructure services

• VULTR for compute
• Sysdig for monitoring
• healthchecks.io for cron monitoring
• Cloudflare for CDN, WAF, NS, Load Balancing, CA
• Postmark for transactional emails
• Mailgun for mass emails
• Twilio for sms
• rsync.net for offsite backups
• B2, wasabi for tier 2 storage
• Stripe for payments, Stripe Atlas for incorporation

Security

• exposed services accessible only over https and only through Cloudflare with WAF, some with active rate limiting, some processed by workers
• SSH via jump host behind VULTR FW, open only for admin IP, closed when connection is closed. using short lived SSH keys (YubiKey on the way)

BizDevSecOps

• GitLab
• Google Suite