Forem: Vinayak Kalushe

Forward vs Reverse Proxies: Understanding Their Role in Network Architecture

Vinayak Kalushe — Tue, 24 Sep 2024 12:23:41 +0000

What Are Forward and Reverse Proxies?

In the realm of network architecture, proxies play a critical role in managing and optimizing the flow of data between clients and servers. Forward proxies and reverse proxies are two common types of proxies. Despite their similar names, they serve very different purposes and are used in distinct scenarios. This blog post aims to shed light on what forward proxies and reverse proxies are, how they work, and their respective benefits.

What is a Forward Proxy?

A forward proxy, often simply called a proxy, acts as an intermediary between a client and the internet. When a client requests a resource from the internet, the client’s request is first directed to the forward proxy., which then forwards the request to the appropriate server. The server responds to the forward proxy, which in turn sends the response back to the client.

Use Cases for Forward Proxies

Anonymity and Privacy: Forward proxies can hide the client's IP address from the server, providing a layer of anonymity.
Content Filtering: Organizations can use forward proxies to block access to certain websites or content, enforcing internet usage policies.
Caching: Forward proxies cache frequently requested resources, reducing bandwidth usage and improving load times.
Bypassing Geo-restrictions: Users can use forward proxies to access content that is restricted to certain geographical locations.

Example Scenario

Imagine you're in an office environment where certain websites are restricted. When you try to access a blocked website, your request is sent to a forward proxy server, which checks the company's policy. If the site is allowed, the proxy fetches the data and sends it to you; if not, it blocks access.

What is a Reverse Proxy?

A reverse proxy, on the other hand, sits in front of the servers and acts as an intermediary for requests coming from clients. When a client makes a request to a server, the request goes to the reverse proxy first. The reverse proxy then forwards the request to the appropriate server, receives the response, and sends it back to the client.

Use Cases for Reverse Proxies

Load Balancing: Reverse proxies can distribute incoming traffic across multiple servers, preventing any single server from becoming overwhelmed.
Security: By hiding the IP addresses of backend servers, reverse proxies add a layer of security, making it harder for attackers to target the servers directly.
SSL Termination: Reverse proxies can handle SSL encryption and decryption, reducing the load on backend servers.
Caching and Compression: Similar to forward proxies, reverse proxies can cache content and compress responses, improving performance and reducing bandwidth usage.

Examples of Reverse Proxy Software

Nginx: A popular web server and reverse proxy known for its performance and scalability.
Caddy Server: An open-source web server with automatic HTTPS functions as a reverse proxy.

Example Scenario

Consider a popular e-commerce website that receives millions of visitors daily. Instead of all users directly hitting the main server, their requests go through a reverse proxy. The proxy efficiently distributes requests across multiple servers, ensuring no single server is overwhelmed and that the website remains responsive.

Key Differences Between Forward and Reverse Proxies

Direction of Traffic:
- Forward Proxy: Manages traffic from a client to an external server, acting as an intermediary.
- Reverse Proxy: Routes client requests to internal backend servers, ensuring optimized distribution and security.
Primary Purpose:
- Forward Proxy: Primarily used for client-side benefits such as anonymity, content filtering, and bypassing restrictions.
- Reverse Proxy: Primarily used for server-side benefits such as load balancing, security, and SSL termination.
Visibility:
- Forward Proxy: The server sees the proxy as the client.
- Reverse Proxy: The client sees the proxy as the server.

Conclusion

Both forward proxies and reverse proxies play essential roles in network architecture, but they serve different purposes and are deployed in different scenarios. Understanding the distinctions between them can help you choose the right proxy type for your specific needs, whether it's enhancing client privacy, improving server performance, or adding an extra layer of security.

By leveraging the appropriate proxy type, organizations can optimize their network infrastructure, ensuring efficient, secure, and reliable communication between clients and servers.

How to Create an SSL Certificate for Nginx on Ubuntu 22

Vinayak Kalushe — Tue, 27 Feb 2024 12:11:13 +0000

When running a web server, it's crucial to secure it with SSL (Secure Sockets Layer) to ensure your website's data is encrypted and secure. This article will guide you through the process of creating an SSL certificate for Nginx on Ubuntu 22.

SSL (Secure Sockets Layer) is a security protocol used to establish encrypted links between a web server and a browser. It ensures that all data passing between the web server and browsers remain private and integral, preventing hackers from stealing private information such as credit card numbers, names, and addresses. SSL is an essential component of web security and is used by millions of websites to protect their online transactions with their customers.

Step 1: Install Certbot

First, you need to install Certbot, a free, open-source software tool developed by the Electronic Frontier Foundation (EFF). Certbot is designed to simplify the process of setting up and renewing SSL certificates on your server. It uses Let’s Encrypt certificates, which are free, automated, and open certificates provided by the Internet Security Research Group (ISRG).

To install Certbot, run the following commands in your terminal:

sudo apt-get update
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot

As a final step, it's recommended to link the Certbot command from the snap install directory to your system path. This will allow you to run Certbot by simply typing 'certbot' in your terminal. This step isn't always necessary with all packages, but it's useful when using snaps as they are designed to be less intrusive and avoid conflicts with other system packages.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

These commands will update your package lists, ensure you have the necessary software to manage repositories, add the necessary repositories, and finally install Certbot and its Nginx plugin.

Step 2: Obtain a Certificate

Next, you'll need to obtain the SSL certificate from Let's Encrypt. You can do this using the following command:

sudo certbot --nginx -d example.com

This command will start the certification process. You'll be prompted to enter your email address, which is used for urgent notices and certificate expiry warnings. You'll also need to agree to the terms of service.

After providing the necessary information, Certbot will communicate with the Let's Encrypt CA (Certificate Authority). It will then run a challenge to verify that you control the domain you're requesting a certificate for. This ensures that only the legitimate owner of a domain can get a Let's Encrypt certificate for it.

To create multiple certificates use the following command:

sudo certbot --nginx -d example.com -d example2.com

It's important to be aware that the Certbot command highlighted above is designed to automatically alter your Nginx configuration file. This tool is very useful as it automates the process, reducing the risk of human error and simplifying the task. However, if your specific situation requires you to generate only the certificate, without any modifications to the Nginx configuration file, then the Certbot command might not be the best choice for you. In such a case, use the following command:

sudo certbot certonly --nginx -d example.com

Step 3: Configure the UFW Firewall

Before we proceed, it's important to ensure that your server's firewall is set to allow traffic on Nginx Full. UFW, or Uncomplicated Firewall, is the default firewall configuration tool for Ubuntu.

To enable the UFW firewall, you can use the following command:

sudo ufw enable

Next, allow Nginx Full, which will enable both HTTP and HTTPS traffic, with the following command:

sudo ufw allow 'Nginx Full'

To delete the redundant Nginx HTTP profile allowance, you can use the following command:

sudo ufw delete allow 'Nginx HTTP'

You can then verify the changes by checking the status of the UFW firewall:

sudo ufw status

The output should show Nginx Full in the list of allowed services, meaning your firewall is now set up to allow web traffic.

Step 4: Configure Nginx

Once you've obtained your SSL certificate, Certbot will automatically configure Nginx to use it. It modifies the Nginx configuration file to point to the new certificate and sets up automatic renewal. This means you don't have to worry about manually configuring your web server or renewing your certificate as Certbot takes care of it.

If “certonly” is used then certbot will not automatically configure Nginx. Add the following line in nginx.conf file

server {
    ...
    #replace example.com with your domain
    server_name example.com;
    ...
    #enalbe 443 ssl port
    listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Use the command sudo nginx -t to test your Nginx configuration. If the syntax is okay, the system will return a message saying "syntax is okay. configuration file /etc/nginx/nginx.conf test is successful." If you see this message, it means that your configuration file has no syntax errors.

To ensure the changes take effect, restart Nginx using the command sudo systemctl restart nginx. This will apply the configuration changes.

Step 5: Verify Certbot Auto-Renewal

Let’s Encrypt’s certificates are valid for 90 days. However, Certbot automatically renews the certificates before they expire to prevent any downtime due to an expired certificate.

sudo systemctl status snap.certbot.renew.service

To verify that automatic renewal is set up correctly, you can run a dry run with the following command:

sudo certbot renew --dry-run

If the dry run completes successfully, it means automatic renewal is set up correctly. Your website is now secured with an SSL certificate, and you can rest easy knowing that Certbot will automatically renew your certificate before it expires.

Conclusion

While Certbot offers convenience and automation, it's important to understand the basics of SSL, how certificates work, and when they need to be renewed to ensure the security of your site. It's also important to note that SSL certificates should be just one part of your overall web server security strategy.

Setting Up Nginx for Laravel: A Comprehensive Guide

Vinayak Kalushe — Fri, 23 Feb 2024 21:48:43 +0000

Introduction

In the ever-evolving world of web development, Laravel has consistently secured its position as one of the most popular PHP frameworks. Its elegant syntax, extensive set of features, and robustness have made it a favorite among developers world over. However, to bring a Laravel application to life, a server is needed. This is where Nginx comes in.

Nginx is a high-performance HTTP server that is known for its stability, rich feature set, simple configuration, and low resource consumption. Nginx can be efficiently configured for Laravel, hence making it a suitable choice for running Laravel applications. This blog post aims to guide you through the process of setting up Nginx for Laravel. It will cover the steps involved in installing Nginx, configuring Laravel, and setting up Nginx to work with Laravel.

Installing Nginx

Before we can configure Nginx for Laravel, Nginx itself needs to be installed on the server. This guide will focus on installing Nginx on a Ubuntu machine. This can be accomplished by executing the following commands in the terminal:

sudo apt update
sudo apt install nginx

These commands update your package lists for upgrades and new package installations followed by the installation of Nginx. After the installation is complete, it's crucial to verify that Nginx was installed correctly. You can do this by checking the version of Nginx installed on your server. To check the Nginx version, use the command nginx -v. If Nginx has been installed successfully, the version number will be displayed.

Installing PHP

Before Laravel can run on your Nginx server, you need to install PHP and PHP-FPM (FastCGI Process Manager). PHP-FPM is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites. Here is how you can install PHP and PHP-FPM on Ubuntu:

Install PHP and PHP-FPM. If you want to install a specific version of PHP, replace 'php' with the version you want to install. For example, if you want to install PHP 7.4, you would use 'php7.4' and 'php7.4-fpm':

sudo apt install php php-fpm php-mysql

After the installation is complete, you can verify that PHP and PHP-FPM have been installed correctly by checking their versions. Use these commands to check the PHP and PHP-FPM versions:

php -v

If PHP and PHP-FPM have been installed successfully, the version numbers will be displayed.

Laravel Configuration

Before we jump into configuring Nginx, it's essential that your Laravel project is set up and ready. If you haven't yet created a Laravel project, you can do so by executing the command composer create-project --prefer-dist laravel/laravel blog, where 'blog' is the name of your project.

After creating a Laravel project, it's imperative to set the appropriate permissions for the storage and bootstrap/cache directories to ensure that Laravel functions correctly. Use the following commands to set these permissions:

sudo chown -R :www-data /path/to/your/laravel/root/directory
sudo chmod -R 775 /path/to/your/laravel/root/directory/storage
sudo chmod -R 775 /path/to/your/laravel/root/directory/bootstrap/cache

Remember to replace '/path/to/your/laravel/root/directory' with the actual path to your Laravel project.

Configuring Nginx for Laravel

Create a New Configuration File

Navigate to Nginx's sites-available directory and create a configuration file for your project:

sudo nano /etc/nginx/sites-available/your_domain.com

Configuration File Content

Paste the following configuration, adjusting your_domain.com, the root directory, and the PHP version as necessary:

server {
    listen 80;
    server_name your_domain.com;
    root /var/www/your_domain.com/public;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

Enabling Your Site and Restarting Nginx

Enable the Site

Link your site to Nginx's sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/your_domain.com /etc/nginx/sites-enabled/

Test Nginx Configuration

Ensure there are no syntax errors:

sudo nginx -t

Restart Nginx

Apply your changes:

sudo systemctl restart nginx

Conclusion

While setting up Nginx for Laravel might seem like a daunting task initially, especially for beginners, it is not as complicated as it appears. Once you delve into the process and understand each step, it becomes pretty straightforward.

The crux of the setup involves three primary steps: the installation of Nginx, the configuration of Laravel, and the Nginx configuration for Laravel. A smooth and successful setup is often achieved by meticulously following these steps and paying close attention to the configurations.

Once set up, you can enjoy the benefits of a high-performance HTTP server running your Laravel applications. Happy coding, and here's to creating fantastic applications with Laravel and Nginx!

Gridsome FaunaDB Todo App

Vinayak Kalushe — Thu, 30 Apr 2020 16:08:18 +0000

Link to Demo: https://gridsome-faunadb-todo.netlify.app/

JAM stack is a very new way of developing modern world applications. When we talk about JAM stack we no longer have to worry about the operating systems, web servers, backend programming languages, and databases. JAM Stack is a software development philosophy that only makes use of Javascript, API's, and Markups. With the help of JAM stack, you can build fast and secure sites and web apps that are delivered directly from the CDN's rather than a specific web server. This allows you to worry less about setting up the servers, databases, hosting, etc and focus mostly on the purpose of the application that you are developing.

During the course of the COVID-19 pandemic, I decided to explore JAM stack and found out that it allowed me to build my apps way more easily and way faster than a traditional approach. So I decided to build a small ToDo application. The following is the Tech Stack that I have used to develop the ToDo application.

FaunaDB

FaunaDB is a globally-distributed, serverless, cloud database management system for modern applications, such as those based on JAMstack. It enables you to instantly create a full-featured data backend for applications, in seconds. Just sign up and query! FaunaDB transforms the traditional DBMS into a Data API that gives you all of the capabilities of an old-guard database, without sacrificing flexibility, scale, and performance. FaunaDB core functions are inspired by Calvin: a clock-less, strictly-serializable transactional protocol for multi-region environments.

Getting started with FaunaDB

Register on https://dashboard.fauna.com/accounts/register
Create a new Database.
Create a new Collections named “todos”
Create the secret key for your application under the security tab. Make sure to save this key because it is only displayed once. This is the key that we are going to use to make a connection with our faunadb’s database form out Gridsome application.
Save secret key in .env variable to use it later
Install the faunadb’s library npm install --save faunadb
Initialize library by follow code

const faunadb = require(“faunadb”);
const client = new faunadb.Client({
secret:process.env.VUE_APP_FAUNA_SECRET
});
const q = faunadb.query;

Gridsome

Gridsome generates static HTML that hydrates into a Vue SPA once loaded in the browser. This means you can build both static websites & dynamic apps with Gridsome. It’s perfect for JAMstack workflow

Getting started with Gridsome
Install Gridsome CLI tool

Using NPM
npm install --global @gridsome/cli

Using Yarn
yarn global add @gridsome/cli

Create a Gridsome Project

gridsome create my-gridsome-site to install default starter
cd my-gridsome-site to open the folder
gridsome develop to start a local dev server at http://localhost:8080

Netlify

Netlify is one of the fastest growing deployment solutions which is a great solution for your serverless webapps. Using netlify is very easy too, you can just drag and drop and your website folder and it’s done in an instance

TailwindCSS and Buefy

TailwindCSS and Buefy are great combinations when it comes to developing the frontend of your application. I have made use of Tailwind’s utilities and Buefy’s components to develop the ToDo app.

Getting started with the application. Firstly we’ll have a look at all the CRUD operations in our ToDo app. We can create a todo, update a todo as completed, and delete a todo.

Let’s first have a look at how to create a todo.

 const faunadbt = require("faunadb");
 const client = new faunadbt.Client({
      Secret: process.env.VUE_APP_FAUNA_SECRET
 });
 const q = faunadbt.query;
 var moment = require("moment");
 export default {
    methods: {
        addTodo() {
          client
          .query(
            q.Create(q.Collection("todo"), {
              data: {
                name: this.todoname,
                completed: false,
                trashed: false,
                user_id: this.$store.state.id,
                date: Date.now()
              }
            })
          )
          .then(res => {
            this.todoname = "";
            this.todo_data.unshift(res);
          });
        },
  }
  };

Fetching all the todo’s and store it in a variable

        client
          .query(
            q.Paginate(
              q.Match(q.Index("all_todo"),       String(this.$store.state.id))
            )
          )
          .then(res => {
            var x = res.data;
            const data = x.map(ref => {
              return q.Get(ref);
            });
            client.query(data).then(res => {
              this.todo_data = res;
              this.todo_data.reverse()
            });
          });

Marks as Complete

      client
        .query(
          q.Update(q.Ref(q.Collection("todo"), id), {
            data: {
              completed: completed
            }
          })
        )
        .then(res => {});

Deleting a record

         client
          .query(
            q.Delete(
              q.Ref(q.Collection(“todo”), id)
            )
          )
          .then(res => {});

To create production build of you application run command gridsome build

It will generate production ready code in the dist folder

To deploy production ready project on netlify

You can clone the entire app and play around with it.
https://github.com/Vinayak-k160/Gridsome-FaunaDB-Todo