Hardening and security best practices

YAMLadvancedVerified

HAPI FHIR Server application.yaml with PostgreSQL and SMART Auth

Complete HAPI FHIR server application.yaml: PostgreSQL JPA persistence, SMART-on-FHIR OAuth2 interceptor, subscription support, binary storage and audit logging — HIPAA-aware baseline.

HAPI FHIR

SecurityDatabaseLoggingHIPAAAdvancedOAuth2FHIR

JavaScriptintermediateVerified

Next.js Production next.config.mjs with Security Headers

A production next.config.mjs with security headers, image domain allowlisting, bundle analyser integration, standalone output mode for Docker, and environment variable validation.

Next.js

ProductionSecurityPerformanceDockerISR

NginxintermediateVerified

Nginx API Rate Limiting with Burst Zones

Protect API endpoints from abuse using Nginx limit_req_zone. Defines separate zones for authenticated vs anonymous users with burst allowances and appropriate 429 error responses.

Nginx

ProductionSecurityPerformanceRate Limiting

INIintermediateVerified

Production Redis Configuration with Persistence and Memory Policy

A hardened redis.conf for production use: disabled commands, maxmemory with LRU eviction, combined RDB + AOF persistence, bind to localhost, and requirepass authentication.

Redis

ProductionSecurityPerformanceCachingHigh AvailabilityBackup

NginxintermediateVerified

Nginx HTTPS Reverse Proxy with SSL/TLS Hardening

Complete Nginx server block that terminates HTTPS, enforces TLS 1.2+, sets HSTS and security headers, enables gzip compression, and proxies to an upstream application server.

Nginx

ProductionSecurityPerformanceSSL/TLSHTTP/2gzip

DockerfileintermediateVerified

Production Multi-Stage Dockerfile for Node.js

A minimal, secure multi-stage Dockerfile for Node.js apps. The build stage installs devDependencies, the production stage copies only the compiled output — keeping the final image under 150 MB.

Docker

ProductionSecurityPerformanceDockerMulti-stage Build