Hardening and security best practices

YAMLadvanced

HAPI FHIR Server application.yaml with PostgreSQL and SMART Auth

Complete HAPI FHIR server application.yaml: PostgreSQL JPA persistence, SMART-on-FHIR OAuth2 interceptor, subscription support, binary storage and audit logging - HIPAA-aware baseline.

HAPI FHIR

SecurityDatabaseLoggingHIPAAAdvancedOAuth2FHIR

JavaScriptintermediate

Next.js Production next.config.mjs with Security Headers

A production next.config.mjs with security headers, image domain allowlisting, bundle analyser integration, standalone output mode for Docker, and environment variable validation.

Next.js

ProductionSecurityPerformanceDockerISR

Nginxintermediate

Setting Up Netdata with Basic Authentication on Nginx

This guide explains how to configure Netdata with basic authentication using Nginx, ensuring secure access to your monitoring dashboard.

Netdata

SecurityMonitoring

YAMLintermediate

Configuring Open Policy Agent as a Kubernetes Sidecar

This guide outlines the steps to set up Open Policy Agent (OPA) as a sidecar in a Kubernetes environment, utilizing a configuration file stored in a ConfigMap.

Open Policy Agent

SecurityKubernetes

YAMLbeginner

Persisting Policies in Open Policy Agent (OPA)

Learn how to ensure your policies in Open Policy Agent are saved permanently, even after server restarts.

Open Policy Agent

Security

YAMLintermediate

Using Local Environment Variables in Helm Charts

Learn how to securely pass local environment variables to your Helm deployments, keeping sensitive information hidden.

Helm

SecurityKubernetes

PLAINTEXTintermediate

Configuring SAML 2.0 with Okta: Handling Assertion Consumer Service URLs

This article provides guidance on configuring the Assertion Consumer Service (ACS) URL in a SAML 2.0 setup using Okta as the Identity Provider.

Okta

Security

GOintermediate

Validating JWT Signatures in Go with Okta's JWKs

This guide provides a step-by-step approach to validating JWT signatures in Go using Okta's JSON Web Keys (JWKs).

Okta

SecurityJWT

Bashintermediate

Ignoring Vulnerabilities in Snyk: A Step-by-Step Guide

Learn how to effectively ignore specific vulnerabilities in Snyk using the CLI and policy files.

Snyk

Security

Bashintermediate

Scanning Local Docker Images with Trivy: Troubleshooting Unauthorized Errors

Learn how to effectively scan local Docker images using Trivy and troubleshoot common unauthorized access errors.

Trivy

SecurityDocker

PHPintermediate

Implementing IP Address Filtering for User Logins

This guide explains how to set up IP address filtering for user logins, allowing users to specify their allowed IPs.

Tink

Security

Nginxintermediate

Nginx API Rate Limiting with Burst Zones

Protect API endpoints from abuse using Nginx limit_req_zone. Defines separate zones for authenticated vs anonymous users with burst allowances and appropriate 429 error responses.

Nginx

ProductionSecurityPerformanceRate Limiting

INIintermediate

Production Redis Configuration with Persistence and Memory Policy

A hardened redis.conf for production use: disabled commands, maxmemory with LRU eviction, combined RDB + AOF persistence, bind to localhost, and requirepass authentication.

Redis

ProductionSecurityPerformanceCachingHigh AvailabilityBackup

Nginxintermediate

Nginx HTTPS Reverse Proxy with SSL/TLS Hardening

Complete Nginx server block that terminates HTTPS, enforces TLS 1.2+, sets HSTS and security headers, enables gzip compression, and proxies to an upstream application server.

Nginx

ProductionSecurityPerformanceSSL/TLSHTTP/2gzip

Dockerfileintermediate

Production Multi-Stage Dockerfile for Node.js

A minimal, secure multi-stage Dockerfile for Node.js apps. The build stage installs devDependencies, the production stage copies only the compiled output - keeping the final image under 150 MB.

Docker

ProductionSecurityPerformanceDockerMulti-stage Build