Forem: Nurul Islam Rimon

Secure Your Server in 5 Minutes: Ditch Root + Password SSH Forever

Nurul Islam Rimon — Mon, 26 Jan 2026 11:26:09 +0000

Why root login is dangerous

Root + password = easy target for bots. One weak password = full server compromise.
The secure way (best practice in 2025):

Steps:

Create a normal sudo user

adduser admin
usermod -aG sudo admin

Set up SSH key authentication

mkdir -p /home/admin/.ssh
chmod 700 /home/admin/.ssh
chown admin:admin /home/admin/.ssh

Add public key

# On your local machine: copy public key
cat ~/.ssh/id_ed25519.pub   # or id_rsa.pub

# On server (as admin user):
nano ~/.ssh/authorized_keys   # paste the key
chmod 600 ~/.ssh/authorized_keys

Test login

ssh admin@YOUR_SERVER_IP

Disable root & password login

PermitRootLogin no
PasswordAuthentication no

Restart SSH:

sudo systemctl restart ssh

Done!
Your server is now way harder to hack.
Use ed25519 keys (faster & more secure):

ssh-keygen -t ed25519 -C "your@email.com"

Monitoring Linux servers without Grafana, Docker, or agents

Nurul Islam Rimon — Thu, 22 Jan 2026 06:10:47 +0000

Checking server health usually means running the same commands again and again:

top, free, df, ss, ps…

Grafana is powerful — but often overkill for quick monitoring.

So I built Server Status.

A real-time, Grafana-inspired dashboard that runs entirely inside the terminal.

No browser.
No services.
No setup.

Just run:

server-status

And instantly see:

CPU (total + per core)
Memory & swap
Disk usage
Network RX/TX
Active connections
Processes
Top CPU-hungry tasks
Service status (nginx, mysql, docker, custom)
Fast. Lightweight. Flicker-free.

Install in 10 seconds:

curl -fsSL https://raw.githubusercontent.com/nurulislamrimon/server-status/main/server-status.sh -o server-status
chmod +x server-status
sudo mv server-status /usr/local/bin/server-status

Customize it:

server-status --refresh 2 --services "nginx,mysql,docker"

GitHub: https://github.com/nurulislamrimon/server-status

If it helps you, a ⭐ means a lot.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Code. Scale. Repeat.

Nurul Islam Rimon,

Fullstack Dev at ExpertSquad.net

Uploading Files to Cloudflare R2 from the Frontend (No Axios Needed!)

Nurul Islam Rimon — Tue, 13 May 2025 10:43:29 +0000

Are you building a file upload feature for your web app?
Want to keep things fast and efficient without using any backend for the actual upload?
Let me show you how to upload files directly to Cloudflare R2 using a pre-signed URL and plain fetch — no axios, no SDKs, no stress.

Step 1: Generate a Signed Upload URL on the Server
To avoid exposing your R2 credentials on the frontend, you should generate a signed PUT URL on the backend.
Click here to read article about generating signed url.

Here’s an example response from your backend API:

{
  "signedUrl": "https://your-bucket.r2.cloudflarestorage.com/filename.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&..."
}

Step 2: Upload from the Frontend Using Fetch
Here’s a minimal example using an HTML file input and plain JavaScript:

✅ HTML:

<input type="file" id="fileInput" />
<button onclick="uploadFile()">Upload</button>

✅ JavaScript:

async function uploadFile() {
  const input = document.getElementById('fileInput');
  const file = input.files[0];
  if (!file) return alert("Please select a file!");

  // 1. Get a signed upload URL from your backend
  const res = await fetch(`/api/r2-signed-url?filename=${encodeURIComponent(file.name)}`);
  const { signedUrl } = await res.json();

  // 2. Upload the file directly to R2
  const uploadRes = await fetch(signedUrl, {
    method: 'PUT',
    body: file,
  });

  if (uploadRes.ok) {
    alert("✅ Upload successful!");
  } else {
    alert("❌ Upload failed.");
  }
}

Why This Works

No extra libraries (no axios)
Faster uploads because the file goes straight from browser → Cloudflare
Secure: your app’s R2 credentials stay on the server
Scalable: you don’t stress your backend with file payloads

Don't Forget CORS!
Make sure your R2 bucket has CORS enabled for PUT requests.
Example:

<CORSRule>
  <AllowedMethod>PUT</AllowedMethod>
  <AllowedOrigin>*</AllowedOrigin> <!-- or restrict to your domain -->
  <AllowedHeader>*</AllowedHeader>
</CORSRule>

📌 Author: Nurul Islam Rimon
🔧 Fullstack Developer | Expertsquad

Stop Using Repetitive Validation Logic – Embrace Zod

Nurul Islam Rimon — Sun, 11 May 2025 06:25:00 +0000

If you're a backend or fullstack developer, you've probably written this kind of code more times than you'd like to admit:

if (!req.body.email || !req.body.password) {
  return res.status(400).json({ message: 'Missing fields' });
}

It works... but it gets messy really fast.
As your project grows, repeating this kind of manual validation on every route becomes painful and error-prone.

Let me introduce you to something better.

✅ Meet Zod – The Cleaner Way to Validate

Zod is a TypeScript-first schema validation library. It helps you define what your data should look like and automatically validates it.

No more writing if (!email) and if (typeof password !== 'string') every time.

🔧 Example: Login Request Validation
Let’s take a simple login API example.

❌ Without Zod:

app.post('/login', (req, res) => {
  const { email, password } = req.body;

  if (!email || !password) {
    return res.status(400).json({ message: 'Missing email or password' });
  }

  if (typeof email !== 'string' || typeof password !== 'string') {
    return res.status(400).json({ message: 'Invalid input types' });
  }

  // Continue with login logic...
});

This is already ugly — and we’ve just started.

✅ With Zod:

import { z } from 'zod';

const loginSchema = z.object({
  email: z.string().email(),
  password: z.string().min(6),
});

app.post('/login', (req, res) => {
  const result = loginSchema.safeParse(req.body);

  if (!result.success) {
    return res.status(400).json({ message: 'Invalid input', errors: result.error.format() });
  }

  const { email, password } = result.data;

  // Continue with login logic...
});

Much cleaner. More reliable. Fully typed.

🔁 Reusability Is a Bonus
Once you define a schema, you can reuse it anywhere: routes, services, unit tests, even the frontend.

// validators/user.ts
export const registerSchema = z.object({
  name: z.string().min(1),
  email: z.string().email(),
  password: z.string().min(6),
});

Then use it wherever you need:

import { registerSchema } from './validators/user';

const result = registerSchema.safeParse(req.body);

No more duplicate validation logic across your app.

💥 Bonus: It Works with TypeScript Seamlessly
Zod works great with TypeScript out of the box.

type LoginInput = z.infer<typeof loginSchema>;

You get type-safety and runtime validation. No extra setup needed.

So,
If you’re tired of repeating the same if (!value) checks and want your code to look cleaner, safer, and more modern — try Zod.
It’s simple to use, works beautifully with TypeScript, and helps you write better backend logic faster.

Let your validation work for you, not against you.

Thanks

🔌 Accessing Localhost from the Internet – Simple Tunneling Tools

Nurul Islam Rimon — Sun, 04 May 2025 11:49:06 +0000

When you're building a web app on your local machine, sometimes you need to share it with someone online — maybe a teammate, client, or even for testing on your mobile device. But localhost only works on your computer.

That’s where tunneling tools come in! They create a secure public URL that maps to your local server. Below are three popular options:

1. 🌐 ngrok

Website: https://ngrok.com

How it works: You run a command like

ngrok http 3000

and ngrok gives you a public HTTPS link that forwards traffic to your localhost:3000.

Pros:

Very fast and reliable
Works well with webhooks (e.g., Stripe, GitHub)
Dashboard to inspect requests

Cons:

Free tier has time and region limits
Requires an account after initial use

2. 🌍 localtunnel

GitHub: https://github.com/localtunnel/localtunnel

How it works:
Install it globally with

npm i -g localtunnel

Then run

lt --port 3000

Pros:

Super simple and open source
No signup required

Cons:

Can be slower or less reliable than others
Fewer features, no UI

3. ☁️ Cloudflare Tunnel (formerly Argo Tunnel)

Docs: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/

How it works:
You install Cloudflare’s cloudflared CLI and connect your app through Cloudflare.

Pros:

Very secure
Great if you're already using Cloudflare DNS
Free with more generous limits than ngrok

Cons:

Slightly more setup steps
Best for advanced users or teams

🧠 Final Thoughts
These tunneling tools are a must-have in every web developer’s toolkit. They save time, help with collaboration, and enable real-time testing across devices or the internet.

Just pick the one that fits your workflow and you're good to go!

Thanks!

Jin – The Easiest Way to View JSON from Any API

Nurul Islam Rimon — Sun, 04 May 2025 10:36:14 +0000

If you've ever needed to test an API endpoint or just wanted to see the structure of a JSON response quickly, you know it can be a hassle opening heavy tools or browser consoles. That’s where Jin comes in — a beautifully minimal and fast JSON API viewer that works right in your browser.

🌟 What Is Jin?
Jin is a lightweight web app that lets you paste any public API URL and view its JSON response instantly in a clean, color-coded format. No signup, no installation, no clutter — just the JSON you want, clearly formatted and easy to read.

Whether you're a developer, a student, or someone working with APIs, Jin is your quick go-to tool.

✨ Key Features
Instant Visualization: Paste your API link, hit Enter, and instantly see the response.

Syntax Highlighting: Color-coded formatting helps you easily distinguish keys, values, strings, numbers, and booleans.

Clean UI: Designed with simplicity and elegance in mind — easy to use even on your first visit.

Dark Mode Output: Keeps your eyes comfortable while browsing complex JSON data.

Keyboard Friendly: Supports Enter to fetch — no need to click the button every time.

No Setup Needed: It's hosted on GitHub Pages, meaning it's always online and ready to use.

🧪 How to Use It
Visit https://nurulislamrimon.github.io/jin/

Paste any API endpoint URL into the input box
Example: https://jsonplaceholder.typicode.com/users

Press Enter or click Fetch

Instantly see the JSON response formatted in a beautiful and readable way

🌍 Share-Ready & Discoverable
Jin is SEO-optimized and comes with social meta tags. So when you share it on social media, you’ll see a clean preview and description — perfect for sharing tools within dev teams or communities.

🧰 Perfect For:
Developers quickly testing endpoints

Students learning how APIs work

QA testers validating JSON structures

Anyone who wants a fast and clean way to preview JSON

Try It Now
👉 Launch Jin
No login. No setup. Just paste, fetch, and read.

Thanks
N I Rimon

Steps to Use Subdomains on localhost Manually

Nurul Islam Rimon — Sat, 03 May 2025 12:25:35 +0000

1. Edit the hosts file
Tell your computer that certain domain names point to your own machine.

Open your hosts file:

Windows: C:\Windows\System32\drivers\etc\hosts
macOS/Linux: /etc/hosts

Add this at the bottom:

127.0.0.1 myapp.localhost
127.0.0.1 api.myapp.localhost
127.0.0.1 admin.myapp.localhost

Save the file. (You might need admin rights.)

2. Start Your Local Server
Make sure your local server (Node.js, PHP, etc.) is running and listening on localhost.

If you're using Express, you can detect subdomains like this:

app.use((req, res, next) => {
  console.log(req.subdomains); // ['api'] from api.myapp.localhost
  next();
});

3. Open in Browser
Now you can visit:

http://myapp.localhost

http://api.myapp.localhost

http://admin.myapp.localhost

Each one still points to your local machine.

If you don't want to config manually read this. lvh.me could help you to use subdomain in localhost.

Thanks

Resolving CORS Errors in a NestJS App Deployed on Vercel

Nurul Islam Rimon — Wed, 23 Apr 2025 06:23:10 +0000

When deploying a NestJS application on Vercel, you may encounter CORS (Cross-Origin Resource Sharing) issues, particularly when your API is accessed from different domains. To resolve these issues and allow your application to accept cross-origin requests, you can configure the necessary CORS headers in your Vercel deployment settings.

Why CORS is Important

CORS is a security mechanism that allows servers to control which domains are permitted to access their resources. This is important to prevent malicious websites from interacting with your server on behalf of the user without their consent. When you deploy a NestJS application and try to access its API from another domain, the browser sends a preflight request to check if the server allows it. If the server doesn't respond with the correct headers, you’ll encounter CORS errors.

The Solution

In Vercel, you can manage CORS headers using a combination of rewrites and headers in your vercel.json configuration file. This configuration will allow your API to accept requests from any domain, which is particularly useful during development or when you want to expose your API to the public.

Here’s a step-by-step guide on how to configure CORS headers in your Vercel deployment:

1. Update Your vercel.json Configuration

You can set up rewrites and headers in the vercel.json file. This will ensure that all incoming requests to your Vercel server will correctly include the necessary CORS headers.

Here’s an example configuration:

{
  "rewrites": [
    {
      "source": "/(.*)",
      "destination": "/api"
    }
  ],
  "headers": [
    {
      "source": "/(.*)",
      "headers": [
        { "key": "Access-Control-Allow-Credentials", "value": "true" },
        { "key": "Access-Control-Allow-Origin", "value": "*" },
        {
          "key": "Access-Control-Allow-Methods",
          "value": "GET,OPTIONS,PATCH,DELETE,POST,PUT"
        },
        {
          "key": "Access-Control-Allow-Headers",
          "value": "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version"
        }
      ]
    }
  ]
}

Explanation of the Configuration:

Rewrites:
This part of the configuration ensures that all incoming requests to any path (/(.*)) are rewritten to the /api route. You can adjust the destination based on your application structure.
Headers:
The headers section defines the CORS headers that will be sent with every request:
Access-Control-Allow-Credentials: Allows cookies and credentials to be included in the request.
Access-Control-Allow-Origin: Specifies which origins are allowed to access the resources. Setting it to * allows requests from any domain. Be cautious with this in production environments, as it might open up your API to abuse.
Access-Control-Allow-Methods: Specifies which HTTP methods are allowed when making requests. In this case, it allows all common HTTP methods.
Access-Control-Allow-Headers: Specifies which headers can be used in the actual request.

2. Deploy Your Changes to Vercel

Once you've updated the vercel.json file, deploy your changes to Vercel. This will automatically apply the CORS configuration, allowing your application to accept cross-origin requests from any domain.

Regards,
N I Rimon

🌙 Daily MySQL Backup (Windows)

Nurul Islam Rimon — Mon, 21 Apr 2025 14:37:40 +0000

🧾 What It Does

📦 Exports your MySQL database to a .sql file
🕒 Runs automatically every day
🧹 Deletes old backups after 7 days (optional)

📁 Folder Setup

Create this folder on your PC:

D:\datas\Automatic_Backup

🧑‍💻 Backup Script

Create a file named:
D:\datas\Automatic_Backup\auto_mysql_backup.bat

Paste this:

@echo off
set TIMESTAMP=%DATE:~10,4%-%DATE:~4,2%-%DATE:~7,2%_%TIME:~0,2%-%TIME:~3,2%
set TIMESTAMP=%TIMESTAMP: =0%

set BACKUP_DIR=D:\datas\Automatic_Backup
set DB_HOST=82.197.71.175
set DB_USER=ni
set DB_PASS=your_password_here
set DB_NAME=bdcommerce_37295

mkdir "%BACKUP_DIR%" 2>nul
mysqldump -h %DB_HOST% -u %DB_USER% -p%DB_PASS% %DB_NAME% > "%BACKUP_DIR%\%DB_NAME%_%TIMESTAMP%.sql"

forfiles /p "%BACKUP_DIR%" /m *.sql /d -7 /c "cmd /c del @path"

✅ Replace your_password_here with your actual password.

🕒 Automate It

Open Task Scheduler
Click Create Basic Task
Trigger: Daily
Action: Start a Program → Select your .bat file
Done 🎉

✅ Example Output

bdcommerce_37295_2025-04-21_03-00.sql

Regards,
N I Rimon

How to Deploy a NestJS App on Vercel – The Simple Guide (Deploy API on Vercel)

Nurul Islam Rimon — Mon, 21 Apr 2025 10:17:05 +0000

Want to deploy your NestJS backend on Vercel? Great choice! Vercel is super fast and easy to use, and it supports serverless apps out of the box. Here’s a step-by-step guide to help you get your NestJS app live in minutes.

What You’ll Need

Node.js installed
A NestJS project (nest new my-app)
A GitHub account
A Vercel account

Step 1: Create Your NestJS App

If you haven’t created your app yet:

npm i -g @nestjs/cli
nest new my-app
cd my-app

Step 2: Add vercel.json File

In the root of your project, create a file called vercel.json.

{
  "version": 2,
  "builds": [
    {
      "src": "src/main.ts",
      "use": "@vercel/node"
    }
  ],
  "routes": [
    {
      "src": "/(.*)",
      "dest": "src/main.ts",
      "methods": ["GET", "POST", "PUT", "PATCH", "DELETE"]
    }
  ]
}

This tells Vercel how to build and route your app.

Step 5: Deploy to Vercel

Option A: With Vercel CLI
Install Vercel CLI:

npm i -g vercel

Run:

vercel .

Follow the prompts — done!

Option B: Through GitHub

Push your code to GitHub.
Go to vercel.com, click “New Project”.
Import your repo, and Vercel handles the rest.

That’s It!
Your NestJS app is now deployed on a URL like:

https://your-project-name.vercel.app

Tips

Use .env for secrets → add them in Vercel's settings.
Keep api/index.ts minimal — it’s your serverless function.
Use vercel dev to test locally like production.

Regards,
N I Rimon

Are SQL Joins Expensive?

Nurul Islam Rimon — Thu, 17 Apr 2025 11:10:27 +0000

If you’re building a web app or working with a database, you’ve probably used joins — they help you combine data from multiple tables.
But you might wonder:
"Are joins slow or expensive?"

Let’s break it down in a simple way.

What is a Join?

A join is a way to get related data from two or more tables.
Example:

SELECT users.name, orders.total
FROM users
JOIN orders ON users.id = orders.user_id;

This gives you the user’s name along with their order total.

When Joins Are Fast

Joins work well when:
✅ You use indexes on foreign keys (like user_id)
✅ You limit the number of rows with WHERE or LIMIT
✅ You select only the fields you need
✅ You don’t join too many tables at once

Modern databases like MySQL or PostgreSQL are built to handle joins efficiently.

When Joins Can Be Slow

Joins get slow when:
❌ You don’t use indexes
❌ You join huge tables without filters
❌ You use too many nested joins
❌ You join unnecessary data (e.g., SELECT * everywhere)

Also, repeating joins in loops (N+1 problem) can make things worse, especially with ORMs.

💡 How to Keep Joins Fast

Always index your join fields
Use SELECT column_name, not SELECT *
Filter your queries with WHERE
Don’t fetch unnecessary related data

If you’re using an ORM like Prisma, it does joins smartly under the hood. Just don’t over-fetch.

Are joins expensive?

🤞 Not really — if used the right way.

They’re safe, powerful, and essential for working with relational data.

Just follow a few best practices, and you’ll be fine!

Regards,
N I Rimon

How to Avoid Repeating Types and Arrays in TypeScript

Nurul Islam Rimon — Wed, 16 Apr 2025 13:42:00 +0000

When working with TypeScript, you might define both a list of values and a type like this:

type Fruit = 'apple' | 'banana' | 'orange';

const fruits = ['apple', 'banana', 'orange'];

But writing the same values twice is:

❌ Not clean

❌ Hard to update

❌ Easy to make mistakes

Let’s learn a better way!

One Simple Trick: Write Once, Use Everywhere

You can define your list once, and TypeScript can turn it into a type automatically.

const fruits = ['apple', 'banana', 'orange'] as const;

type Fruit = (typeof fruits)[number];

Now:

✅ fruits is a normal array you can use in your app

✅ Fruit is a type that only allows 'apple' | 'banana' | 'orange'

Benefits
✅ Autocomplete works in your editor

✅ You only update one place

✅ Code is cleaner and safer

Final Tip
Use as const to make TypeScript treat the array as readonly, so it can safely create the union type.

Regards,
N I Rimon