Now days with the adoption of Serverless architectures, microservices are becoming a great way to breakdown problem into smaller pieces. One situation that is common to find, is multiple backend services running on technologies like NodeJS, Python, Go, etc. that need to be accessible via HTTPS. It is possible to enable these internal microservices directly with SSL over HTTPS, but a cleaner approach is to use a reverse proxy that front ends these microservices and provides a single HTTPS access channel, allowing a simple internal routing.
In this blog, I am showing how simple it is to create this front end with Nginx and leveraging “Let’s encrypt” to generate trusted certificates attached to it, with strong security policies, so that our website can score an A+ on cryptographic SSL tests conducted by third party organizations.
Continue reading “Teaching How to use Nginx to frontend your backend services with Trusted CA certificates on HTTPS”
In this post, I am going to show how to build and containerize a Vue.js application and let it run on Container Cloud Service (OCCS) using the following steps:
- Build a Vue.js Web App
- Build Docker image based on the above Vue.js SPA
- Push it on Docker-Hub
- Create a Service in Oracle Container Cloud Service (OCCS)
- Deploy Service (the vue.js app)
Continue reading “Dockerising a Vue.js based SPA, ship and run on Oracle Container Cloud Service”
There are no shortage of acronyms in the security space, and shifting towards centralised-security, rather than perimeter-based-security, has added even more. As I have been playing with solutions around centralised identity services, such as Oracle’s Identity Cloud Service, I have found myself spending more and more time in IETF RFCs in order to understand these concepts. While there is a lot of value in the standards documents, they assume a lot of knowledge and I often found myself wishing for a slightly more approachable, high level description of the elements I was dealing with. While there is something tempting about being part of the secret ‘We read the security RFCs’ club, I resisted this, and took it upon myself to provide this higher level overview of these important concepts.
Continue reading “JWTs? JWKs? ‘kid’s? ‘x5t’s? Oh my!”
In today’s environment where systems run in the cloud and so much business and personal activity occurs online, passwords are not strong enough by themselves to protect applications. Scandals about password breaches seem to happen on a regular basis. It’s easy to find many case studies where passwords have been compromised as a result of malware, email scams and other techniques. The key point is that no matter how strong our passwords, no matter how much we educate our users, there will be situations where people are caught off guard and click on the wrong link, look at the wrong email or open the wrong document. Once this happens, our passwords can be compromised.
Continue reading “Multi Factor Authentication is Critical for Everyone”
This blog walks you through the steps I used to get WebLogic Server and the MedRec sample application installed into a Docker image. There are many well documented GitHub projects for the Oracle Docker Images. This blog is meant to simply narrow down exactly what I did to get this going in my environment. I was using Ubuntu 16.04, and already had Docker installed.
Continue reading “Building a Docker Image for WebLogic 22.214.171.124 MedRec app”
The May 2017 update for ACCS (17.2.3) brought a cool new feature to ACCS, zero-downtime updates. While previously, there was support for performing a rolling restart of an application instance, where each instance would be brought down and updated in turn, this only enabled zero-downtime updates if you had an application running two or more instances, and your application could satisfy performance requirements with one fewer node. While any production system should be able to satisfy these requirements, many of the utility systems I ran were on a single node, and I had to send out an email blast to avoid being disruptive when I wanted to push a quick code fix.
Continue reading “ACCS Zero Downtime Updates and Re-Deployments”