Kumar Chaudhary

Build Your Own Private ChatGPT: Secure AI API on Oracle Free Tier with Ollama, Nginx & Cloudflare

Kumar Chaudhary — Mon, 17 Nov 2025 02:04:21 GMT

Let’s build a Secure Personal AI API with Ollama, Nginx, and Cloudflare Tunnel using oracle ubuntu instance

Prerequisites and Target Audience

⚠️ Important Notice: This is not a beginner-friendly tutorial. This guide assumes you have practical, hands-on experience with Linux system administration, cloud infrastructure, and networking concepts. You'll need to be comfortable with:

Linux Command Line: Working with Ubuntu/Debian systems, managing services with systemd, and editing configuration files
Docker: Understanding containerization, port mapping, and container networking
Nginx: Basic knowledge of reverse proxy configuration and web server management
DNS & Networking: Understanding of subdomains, CNAME records, and how internet routing works
API Concepts: Familiarity with REST APIs, HTTP methods, and authentication mechanisms
Cloud Infrastructure: Experience with cloud providers (Oracle Cloud in this case) and their networking/security configurations

What You'll Build: By the end of this tutorial, you'll have a production-grade, secure AI API endpoint accessible via your custom domain, featuring:

A self-hosted large language model (deepseek-coder-v2) running on your own infrastructure
Bearer token authentication to protect your API from unauthorized access
Automatic HTTPS encryption via Cloudflare Tunnel (no SSL certificate management needed)
A clean web interface for interactive chat
Zero exposed ports on your server (everything routed through secure tunnels)

Time Investment: 30-45 minutes for the complete setup

Required Resources:

Oracle Cloud Free Tier account (or any cloud provider with 11GB+ RAM)
A registered domain name
Cloudflare account (free tier works perfectly)
Basic familiarity with Postman or curl for API testing

Why Build This?

Before we jump into the technical implementation, let me address the obvious question: "Why go through all this trouble when I can just use ChatGPT's API?"

Complete Control & Privacy: Your data never leaves your server. No third-party can train on your prompts or access your sensitive information.

Cost Efficiency: After the initial setup, running costs are minimal (or free with Oracle's generous free tier). No per-token pricing, no usage limits.

Customization: Want to fine-tune the model for your specific use case? You own the entire stack.

Learning Experience: Understanding how modern AI infrastructure works is invaluable. This knowledge transfers to enterprise environments.

API Flexibility: Build your own applications, integrate into existing workflows, or share access with your team—all under your control.

Architecture Overview

Before diving into the implementation, let's understand what we're building:

Internet (Public)
    ↓
Cloudflare Tunnel (HTTPS, encrypted, no open ports)
    ↓
Nginx:8080 (Authentication Layer - Bearer Token Validation)
    ↓
Ollama:11434 (AI Model Engine - deepseek-coder-v2)

The Flow:

Client sends HTTPS request with Bearer token to your domain
Cloudflare Tunnel routes the encrypted traffic to your server
Nginx validates the Bearer token
If valid, Nginx forwards the request to Ollama
Ollama processes the request using the AI model
Response travels back through the same secure path

Port Mapping:

Ollama: Port 11434 (localhost only, never exposed)
Nginx: Port 8080 (accessible only via Cloudflare Tunnel)
Open WebUI: Port 4000 (web interface for chat)

Part 1: Installing Ollama (I’m using Ubuntu here)

Ollama is a tool that allows you to run large language models locally. It's incredibly efficient and easy to use.

Step 1.1: Install Ollama

SSH into your Oracle Cloud Ubuntu instance and run:

bash

curl -fsSL https://ollama.com/install.sh | sh

Expected Output:

>>> Installing ollama to /usr/local
>>> Downloading Linux amd64 bundle
######################################################################## 100.0%
>>> Creating ollama user...
>>> Adding ollama user to render group...
>>> Adding ollama user to video group...
>>> Adding current user to ollama group...
>>> Creating ollama systemd service...
>>> Enabling and starting ollama service...
Created symlink /etc/systemd/system/default.target.wants/ollama.service
WARNING: Unable to detect NVIDIA/AMD GPU.

The GPU warning is normal if you're using a CPU-only instance.

Step 1.2: Verify Installation

bash

ollama --version
systemctl status ollama

Step 1.3: Understanding Model Selection

Initially, you might be tempted to pull large models. Here's what happened in practice:

Mistake #1: Trying gpt-oss

bash

ollama pull gpt-oss
# Downloads 13GB successfully...

ollama run gpt-oss
# Error: model requires more system memory (13.1 GiB) than is available (10.2 GiB)

Lesson Learned: Always check your available memory first:

bash

free -h

Output on Oracle Free Tier ARM instance:

              total        used        free      shared  buff/cache   available
Mem:           11Gi       1.1Gi       8.6Gi       1.0Mi       1.9Gi        10Gi
Swap:            0B          0B          0B

With 11GB total RAM, you need models that fit comfortably in memory.

Step 1.4: Pull the Right Model

bash

# Remove the too-large model
ollama rm gpt-oss

# Pull deepseek-coder-v2 (8.9GB - perfect fit)
ollama pull deepseek-coder-v2

Why deepseek-coder-v2?

15.7B parameters (quantized to Q4_0)
Only 8.9GB in size
Excellent for coding tasks
Fits comfortably in 11GB RAM

Alternative models for your RAM:

bash

# If you want smaller/faster:
ollama pull llama3.2:3b      # 3B parameters, ~2.3GB
ollama pull phi3:mini         # 3B parameters, ~2.3GB
ollama pull gemma2:2b         # 2B parameters, ~1.6GB

# If you want more capable (but slower):
ollama pull llama3.1          # 8B parameters, ~4.7GB
ollama pull mistral           # 7B parameters, ~4.1GB

Step 1.5: Verify Your Model

bash

ollama list

Output:

NAME                        ID              SIZE      MODIFIED       
deepseek-coder-v2:latest    63fb193b3a9b    8.9 GB    5 minutes ago

Step 1.6: Test the Model Locally

bash

ollama run deepseek-coder-v2

You should see an interactive prompt. Try asking: "Write a Python function to calculate fibonacci numbers"

Type /bye to exit.

Part 2: Configure Ollama for Network Access

By default, Ollama only listens on 127.0.0.1 (localhost), which means Docker containers and external services can't reach it.

Step 2.1: Check Current Configuration

bash

sudo netstat -tlnp | grep 11434

Current Output (Problem):

tcp        0      0 127.0.0.1:11434         0.0.0.0:*               LISTEN      36287/ollama

See the problem? It's only listening on 127.0.0.1.

Step 2.2: Configure Ollama to Listen on All Interfaces

Create a systemd override file:

bash

sudo mkdir -p /etc/systemd/system/ollama.service.d/
sudo tee /etc/systemd/system/ollama.service.d/override.conf > /dev/null << 'EOF'
[Service]
Environment="OLLAMA_HOST=0.0.0.0:11434"
EOF

Step 2.3: Apply Configuration

bash

# Verify the file was created
cat /etc/systemd/system/ollama.service.d/override.conf

# Reload systemd and restart Ollama
sudo systemctl daemon-reload
sudo systemctl restart ollama

# Wait for Ollama to start
sleep 5

Step 2.4: Verify Ollama is Now Accessible

bash

sudo netstat -tlnp | grep 11434

Correct Output:

tcp6       0      0 :::11434                :::*                    LISTEN      37406/ollama

Perfect! Now it's listening on all interfaces (the :::11434 indicates IPv6 which includes IPv4).

Step 2.5: Test the API

bash

curl http://localhost:11434/api/tags

Expected Response:

json

{
  "models": [
    {
      "name": "deepseek-coder-v2:latest",
      "model": "deepseek-coder-v2:latest",
      "modified_at": "2025-11-16T22:41:09.74190977Z",
      "size": 8905126121,
      "digest": "63fb193b3a9b4322a18e8c6b250ca2e70a5ff531e962dbf95ba089b2566f2fa5",
      "details": {
        "parent_model": "",
        "format": "gguf",
        "family": "deepseek2",
        "families": ["deepseek2"],
        "parameter_size": "15.7B",
        "quantization_level": "Q4_0"
      }
    }
  ]
}

Part 3: Install Docker and Open WebUI

Open WebUI provides a beautiful ChatGPT-like interface for interacting with your models.

Why Docker? Docker containerizes Open WebUI with all its dependencies (Node.js, Python, databases) in one isolated package. This means: zero dependency conflicts, one-command installation, easy updates (docker pull and restart), automatic restarts on crashes, and simple rollback if something breaks. Without Docker, you'd manually install 10+ packages, manage version conflicts, and troubleshoot environment issues. Docker turns a 30-minute setup into a 30-second command.

Step 3.1: Install Docker

bash

sudo apt update
sudo apt install -y docker.io
sudo systemctl start docker
sudo systemctl enable docker
sudo usermod -aG docker $USER

Important: Log out and log back in for the docker group changes to take effect.

bash

exit
# SSH back in

Step 3.2: Configure Docker Networking for Ollama Access

Critical Issue: Docker containers run in isolated networks and can't access the host's localhost by default.

Solution: Add a firewall rule to allow Docker's network to reach Ollama:

bash

# Allow Docker bridge network (172.17.0.0/16) to access Ollama
sudo iptables -I INPUT -s 172.17.0.0/16 -p tcp --dport 11434 -j ACCEPT

# Install iptables-persistent to save rules
sudo apt install -y iptables-persistent

# Save the rules
sudo netfilter-persistent save

Step 3.3: Run Open WebUI

bash

docker run -d \
  --name open-webui \
  -p 4000:8080 \
  -v open-webui:/app/backend/data \
  -e OLLAMA_BASE_URL=http://172.17.0.1:11434 \
  --restart always \
  ghcr.io/open-webui/open-webui:main

Configuration Explained:

-p 4000:8080: Maps container port 8080 to host port 4000
-v open-webui:/app/backend/data: Persists your chat history
-e OLLAMA_BASE_URL=http://172.17.0.1:11434: Docker's default bridge IP to reach the host
--restart always: Auto-restart on server reboot

Step 3.4: Verify Open WebUI is Running

bash

docker ps

Expected Output:

CONTAINER ID   IMAGE                                COMMAND           CREATED         STATUS                   PORTS
52fdefabd5f1   ghcr.io/open-webui/open-webui:main   "bash start.sh"   5 seconds ago   Up 5 seconds (healthy)   0.0.0.0:4000->8080/tcp

Step 3.5: Test Connection from Container to Ollama

bash

# Test from inside the container
docker exec open-webui curl http://172.17.0.1:11434/api/tags

Expected Response:

json

{
  "models": [
    {
      "name": "deepseek-coder-v2:latest",
      ...
    }
  ]
}

If this fails, go back and verify:

Ollama is listening on 0.0.0.0:11434 (not just 127.0.0.1)
Firewall rule allows Docker network access
Docker container is using the correct bridge IP

Part 4: Setup Cloudflare Tunnel

Cloudflare Tunnel creates a secure connection from your server to Cloudflare's edge network without exposing any ports.

Step 4.1: Install Cloudflared

bash

wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared-linux-amd64.deb

Step 4.2: Authenticate with Cloudflare

bash

cloudflared tunnel login

This will output a URL. Open it in your browser, log in to Cloudflare, and select your domain for example (kumarchaudhary.com.np).

After authentication, a certificate is saved at ~/.cloudflared/cert.pem.

Step 4.3: Create a Tunnel

bash

cloudflared tunnel create my-oracle-tunnel

Output:

Tunnel credentials written to /home/ubuntu/.cloudflared/12345678-1234-1234-1234-12345678.json
Created tunnel my-oracle-tunnel with id d778463d-04a6-4641-a0d4-b375065351a9

Save your tunnel ID: 12345678-1234-1234-1234-12345678

Step 4.4: Create Tunnel Configuration

bash

nano ~/.cloudflared/config.yml

Add this configuration (replace with your tunnel ID):

Replace tunnel id with yours.

tunnel: 12345678-1234-1234-1234-12345678
credentials-file: /home/ubuntu/.cloudflared/12345678-1234-1234-1234-12345678.json

ingress:
  - hostname: ai.kumarchaudhary.com.np
    service: http://localhost:4000
  - service: http_status:404

Configuration Explained:

tunnel: Your unique tunnel ID
credentials-file: Path to tunnel credentials
ingress: Routing rules (hostname → service)
Final catch-all rule returns 404 for unmatched requests

Step 4.5: Configure DNS

Route your subdomain through the tunnel:

bash

tunnel-id: 12345678-1234-1234-1234-12345678

cloudflared tunnel route dns 12345678-1234-1234-1234-12345678 ai.kumarchaudhary.com.np

Replace tunnel id with yours.

Alternative: Manually add a CNAME record in Cloudflare Dashboard:

Type: CNAME
Name: ai
Target: insert_your_tunnel id.cfargotunnel.com
Proxy status: Proxied (orange cloud)

Step 4.6: Install as System Service

bash

# Copy configuration to system directory
sudo mkdir -p /etc/cloudflared
sudo cp ~/.cloudflared/config.yml /etc/cloudflared/
sudo cp ~/.cloudflared/insert_your_tunnel_id.json /etc/cloudflared/

# Update config file to use system paths
sudo nano /etc/cloudflared/config.yml

Update the credentials-file path:

credentials-file: /etc/cloudflared/insert_your_tunnel_id.json

Install and start the service:

sudo cloudflared service install
sudo systemctl start cloudflared
sudo systemctl enable cloudflared
sudo systemctl status cloudflared

Step 4.7: Verify Tunnel is Running

cloudflared tunnel info my-oracle-tunnel

Expected Output:

NAME:     my-oracle-tunnel
ID:       your_tunnel_id
CREATED:  2025-11-15 20:38:10.173885 +0000 UTC
CONNECTOR ID                         CREATED              ARCHITECTURE VERSION   ORIGIN IP      EDGE
cdccbf66-5703-4111-a3cc-bde3e95f54d2 2025-11-16T21:58:23Z linux_amd64  2025.11.1 132.145.32.154 1xlhr09, 2xlhr13

Step 4.8: Access Open WebUI

Open your browser and go to your subdomain in my case: https://ai.kumarchaudhary.com.np

First-time setup:

Create an account (first user becomes admin)
Click the model selector dropdown
Select deepseek-coder-v2:latest
Start chatting!

Part 5: Add More Subdomains (Optional)

You can route multiple subdomains through the same tunnel.

Step 5.1: Update Tunnel Config

bash

nano ~/.cloudflared/config.yml

Add more hostname routes:

yaml

tunnel: d778463d-04a6-4641-a0d4-b375065351a9
credentials-file: /home/ubuntu/.cloudflared/d778463d-04a6-4641-a0d4-b375065351a9.json

ingress:
  - hostname: orababy.kumarchaudhary.com.np
    service: http://localhost:3000
  - hostname: ai.kumarchaudhary.com.np
    service: http://localhost:4000
  - hostname: aiapi.kumarchaudhary.com.np
    service: http://localhost:8080
  - service: http_status:404

Step 5.2: Add DNS Records

bash

cloudflared tunnel route dns d778463d-04a6-4641-a0d4-b375065351a9 orababy.kumarchaudhary.com.np
cloudflared tunnel route dns d778463d-04a6-4641-a0d4-b375065351a9 aiapi.kumarchaudhary.com.np

Step 5.3: Update System Config

bash

sudo cp ~/.cloudflared/config.yml /etc/cloudflared/
sudo systemctl restart cloudflared

Part 6: Secure Your API with Nginx Authentication

The Problem: Right now, anyone who knows your domain can access your API. We need to add authentication. This is the most important part what about our blog article is about how to use nginx for secure authentication.

The Solution: Use Nginx as a reverse proxy with Bearer token authentication.

Step 6.1: Install Nginx

bash

sudo apt update
sudo apt install -y nginx

Step 6.2: Generate a Secure Bearer Token

bash

openssl rand -hex 32

Example Output:

a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6

Save this token securely! This is your API key.

Step 6.3: Create Nginx Configuration

bash

sudo nano /etc/nginx/sites-available/ollama-api

Add this configuration (replace YOUR_TOKEN_HERE with your generated token):

nginx

server {
    listen 8080;
    server_name localhost;

    location / {
        # Check for Bearer token
        if ($http_authorization != "Bearer YOUR_TOKEN_HERE") {
            return 401 '{"error": "Unauthorized"}';
        }

        proxy_pass http://127.0.0.1:11434;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }
}

Configuration Explained:

listen 8080: Nginx listens on port 8080
if ($http_authorization != "Bearer ..."): Validates Bearer token
return 401: Rejects unauthorized requests
proxy_pass http://127.0.0.1:11434: Forwards valid requests to Ollama

Step 6.4: Enable the Site

bash

sudo ln -s /etc/nginx/sites-available/ollama-api /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

Step 6.5: Verify Nginx is Running

bash

sudo systemctl status nginx
sudo netstat -tlnp | grep 8080

Expected Output:

tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      12345/nginx

Step 6.6: Test Authentication Locally

Without token (should fail):

bash

curl http://localhost:8080/api/tags

Expected: {"error": "Unauthorized"}

With token (should work):

bash

curl http://localhost:8080/api/tags \
  -H "Authorization: Bearer YOUR_TOKEN_HERE"

Expected: Full JSON response with model list

Step 6.7: Update Cloudflare Tunnel

Now route the API subdomain through Nginx (not directly to Ollama):

bash

nano ~/.cloudflared/config.yml

Update to:

yaml

tunnel: d778463d-04a6-4641-a0d4-b375065351a9
credentials-file: /home/ubuntu/.cloudflared/d778463d-04a6-4641-a0d4-b375065351a9.json

ingress:
  - hostname: orababy.kumarchaudhary.com.np
    service: http://localhost:3000
  - hostname: ai.kumarchaudhary.com.np
    service: http://localhost:4000
  - hostname: aiapi.kumarchaudhary.com.np
    service: http://localhost:8080
  - service: http_status:404

Key Change: aiapi.kumarchaudhary.com.np now points to port 8080 (Nginx), not 11434 (Ollama).

Step 6.8: Restart Tunnel

bash

sudo cp ~/.cloudflared/config.yml /etc/cloudflared/
sudo systemctl restart cloudflared

Part 7: Test Your Secured API

Step 7.1: Test Without Authentication (Should Fail)

bash

curl https://aiapi.kumarchaudhary.com.np/api/chat -d '{
  "model": "deepseek-coder-v2",
  "messages": [{"role": "user", "content": "test"}],
  "stream": false
}'

Expected Response:

json

{"error": "Unauthorized"}

Step 7.2: Test With Authentication (Should Work but you need token for authentication that we generate earlier) Or You can use Postman to send request if it didn’t work for you.

bash

curl https://aiapi.kumarchaudhary.com.np/api/chat \
  -H "Authorization: Bearer YOUR_TOKEN_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "deepseek-coder-v2",
    "messages": [
      {
        "role": "user",
        "content": "Write a Python function to reverse a string"
      }
    ],
    "stream": false
  }'

Expected Response: You will get response don’t worry

json

{
  "model": "deepseek-coder-v2",
  "created_at": "2025-11-16T23:30:00Z",
  "message": {
    "role": "assistant",
    "content": "Here's a Python function to reverse a string:\n\n```python\ndef reverse_string(s):\n    return s[::-1]\n```"
  },
  "done": true
}

Step 7.3: Test with Postman

Setup in Postman:

Method: POST
URL: https://aiapi.kumarchaudhary.com.np/api/chat
Headers:
- Content-Type: application/json
- Authorization: Bearer YOUR_TOKEN_HERE
Body (raw JSON):

json

{
  "model": "deepseek-coder-v2",
  "messages": [
    {
      "role": "user",
      "content": "Explain how async/await works in JavaScript"
    }
  ],
  "stream": false
}

Click Send

Understanding the Complete Architecture

Let's recap what we've built and how it all works together:

The Request Flow:

1. Client (Postman/Browser)
   ↓ HTTPS Request + Bearer Token
   https://aiapi.kumarchaudhary.com.np/api/chat

2. Cloudflare Edge Network
   ↓ (DDoS protection, caching, SSL termination)
   Cloudflare Tunnel (encrypted connection)

3. Your Oracle Server - Cloudflared Service
   ↓ (routes to localhost:8080)

4. Nginx (Port 8080) - Authentication Layer
   ↓ Validates: Authorization: Bearer token
   ├─ ❌ Invalid/Missing token → 401 Unauthorized
   └─ ✅ Valid token → proxy_pass to Ollama

5. Ollama (Port 11434) - AI Engine
   ↓ (processes request with deepseek-coder-v2)
   Generates AI response

6. Response Path (Reverse)
   Ollama → Nginx → Cloudflared → Cloudflare → Client

Security Layers:

Layer 1 - Cloudflare:

DDoS protection
SSL/TLS encryption
Rate limiting at edge
No server IP exposed

Layer 2 - Cloudflare Tunnel:

No open ports on server
Encrypted tunnel to Cloudflare
Only authorized tunnels can connect

Layer 3 - Nginx:

Bearer token authentication
Can add rate limiting per IP
Request validation
Access logs for monitoring

Layer 4 - Ollama:

Only accessible from localhost
No direct internet exposure
Isolated from external attacks

Port Configuration Summary:

ServicePortAccessible FromPurposeOllama11434localhost + Docker bridgeAI model processingNginx8080Cloudflare Tunnel onlyAuthentication & reverse proxyOpen WebUI4000Cloudflare Tunnel onlyWeb chat interfaceCloudflared-Cloudflare edge onlySecure tunnel daemon

Why This Architecture is Production-Ready:

✅ Defense in Depth: Multiple security layers
✅ Zero Trust: Every request validated
✅ Encrypted End-to-End: HTTPS via Cloudflare
✅ No Exposed Ports: Everything via secure tunnel
✅ Scalable: Can add more models/services easily
✅ Monitorable: Nginx logs all requests
✅ Cost-Effective: Runs on free tier
✅ Private: Data never leaves your server

Available API Endpoints

1. Chat API (Recommended)

Endpoint: POST https://aiapi.kumarchaudhary.com.np/api/chat

Headers:

Content-Type: application/json
Authorization: Bearer YOUR_TOKEN_HERE

Request Body:

json

{
  "model": "deepseek-coder-v2",
  "messages": [
    {
      "role": "system",
      "content": "You are a helpful coding assistant."
    },
    {
      "role": "user",
      "content": "Write a REST API in Node.js"
    }
  ],
  "stream": false,
  "options": {
    "temperature": 0.7,
    "top_p": 0.9,
    "num_predict": 1000
  }
}

2. Generate API (Simple Prompts)

Endpoint: POST https://aiapi.kumarchaudhary.com.np/api/generate

Request Body:

json

{
  "model": "deepseek-coder-v2",
  "prompt": "Write a Python function to calculate factorial",
  "stream": false
}

3. List Models

Endpoint: GET https://aiapi.kumarchaudhary.com.np/api/tags

Headers:

Authorization: Bearer YOUR_TOKEN_HERE

4. Model Information

Endpoint: POST https://aiapi.kumarchaudhary.com.np/api/show

Request Body:

json

{
  "name": "deepseek-coder-v2"
}

Advanced Configuration

Option 1: Multiple API Keys

For different users or applications, create a key mapping file:

bash

sudo nano /etc/nginx/api-keys.conf

nginx

map $http_authorization $api_key_valid {
    default 0;
    "Bearer token_for_app1" 1;
    "Bearer token_for_app2" 1;
    "Bearer token_for_user1" 1;
}

Update Nginx config:

bash

sudo nano /etc/nginx/sites-available/ollama-api

nginx

server {
    listen 8080;
    server_name localhost;

    include /etc/nginx/api-keys.conf;

    location / {
        if ($api_key_valid = 0) {
            return 401 '{"error": "Unauthorized - Invalid or missing API key"}';
        }

        proxy_pass http://127.0.0.1:11434;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }
}

Restart Nginx:

bash

sudo nginx -t
sudo systemctl restart nginx

Option 2: Rate Limiting

Prevent API abuse by limiting requests:

bash

sudo nano /etc/nginx/nginx.conf

Add inside the http block:

nginx

http {
    # ... existing config ...

    # Define rate limit zone: 10 requests per minute per IP
    limit_req_zone $binary_remote_addr zone=ollama_limit:10m rate=10r/m;

    # ... rest of config ...
}

Update your site config:

bash

sudo nano /etc/nginx/sites-available/ollama-api

nginx

server {
    listen 8080;
    server_name localhost;

    location / {
        # Apply rate limiting
        limit_req zone=ollama_limit burst=5 nodelay;

        # Check authentication
        if ($http_authorization != "Bearer YOUR_TOKEN_HERE") {
            return 401 '{"error": "Unauthorized"}';
        }

        proxy_pass http://127.0.0.1:11434;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_read_timeout 300s;
    }
}

Test and restart:

bash

sudo nginx -t
sudo systemctl restart nginx

Rate Limiting Explained:

rate=10r/m: 10 requests per minute per IP
burst=5: Allow brief bursts up to 5 requests
nodelay: Process burst requests immediately

Option 3: Request Logging

Track all API requests for monitoring and debugging:

bash

sudo nano /etc/nginx/sites-available/ollama-api

Add logging configuration:

nginx

server {
    listen 8080;
    server_name localhost;

    # Custom log format with authentication info
    log_format api_access '$remote_addr - $remote_user [$time_local] '
                         '"$request" $status $body_bytes_sent '
                         '"$http_authorization" "$http_user_agent"';

    access_log /var/log/nginx/ollama-api-access.log api_access;
    error_log /var/log/nginx/ollama-api-error.log;

    location / {
        if ($http_authorization != "Bearer YOUR_TOKEN_HERE") {
            return 401 '{"error": "Unauthorized"}';
        }

        proxy_pass http://127.0.0.1:11434;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }
}

View logs in real-time:

bash

# Watch access logs
sudo tail -f /var/log/nginx/ollama-api-access.log

# Watch error logs
sudo tail -f /var/log/nginx/ollama-api-error.log

Option 4: CORS Configuration (For Web Applications)

If you're building a web app that calls your API:

bash

sudo nano /etc/nginx/sites-available/ollama-api

Add CORS headers:

nginx

server {
    listen 8080;
    server_name localhost;

    location / {
        # Check authentication
        if ($http_authorization != "Bearer YOUR_TOKEN_HERE") {
            return 401 '{"error": "Unauthorized"}';
        }

        # CORS headers
        add_header 'Access-Control-Allow-Origin' 'https://yourapp.com' always;
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
        add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
        add_header 'Access-Control-Max-Age' 1728000 always;

        # Handle preflight requests
        if ($request_method = 'OPTIONS') {
            return 204;
        }

        proxy_pass http://127.0.0.1:11434;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }
}

Troubleshooting Common Issues

Issue 1: Model Not Appearing in Open WebUI

Symptoms:

Open WebUI loads but no models in dropdown
"No models available" message

Diagnosis:

bash

# Check if Ollama is running
systemctl status ollama

# Check if Ollama has models
ollama list

# Test Ollama API directly
curl http://localhost:11434/api/tags

# Check if Docker can reach Ollama
docker exec open-webui curl http://172.17.0.1:11434/api/tags

Solutions:

Ollama not listening on all interfaces:

bash

sudo netstat -tlnp | grep 11434
# Should show :::11434, not 127.0.0.1:11434

# If wrong, reconfigure:
cat /etc/systemd/system/ollama.service.d/override.conf
# Should contain: Environment="OLLAMA_HOST=0.0.0.0:11434"

sudo systemctl daemon-reload
sudo systemctl restart ollama

Docker can't reach Ollama (firewall issue):

bash

# Add firewall rule
sudo iptables -I INPUT -s 172.17.0.0/16 -p tcp --dport 11434 -j ACCEPT
sudo netfilter-persistent save

# Test again
docker exec open-webui curl http://172.17.0.1:11434/api/tags

Wrong Ollama URL in Open WebUI:

Go to Open WebUI → Settings → Connections
Ensure Ollama URL is: http://172.17.0.1:11434
Click refresh icon
Should show green checkmark

Issue 2: 502 Bad Gateway on API Requests

Symptoms:

Nginx returns 502 error
API requests timeout

Diagnosis:

bash

# Check if Ollama is responding
curl http://localhost:11434/api/tags

# Check Nginx error logs
sudo tail -50 /var/log/nginx/error.log

# Check if Nginx can reach Ollama
sudo nginx -t

Solutions:

Ollama is down:

bash

systemctl status ollama
sudo systemctl restart ollama

Nginx configuration error:

bash

sudo nginx -t
# Fix any errors shown
sudo systemctl restart nginx

Timeout too short for large responses:

bash

sudo nano /etc/nginx/sites-available/ollama-api

Increase timeout values:

nginx

proxy_read_timeout 600s;  # Increase from 300s to 600s
proxy_connect_timeout 120s;

bash

sudo systemctl restart nginx

Issue 3: 401 Unauthorized Even with Correct Token

Symptoms:

Authentication fails with correct Bearer token
All requests return 401

Diagnosis:

bash

# Test locally first
curl http://localhost:8080/api/tags \
  -H "Authorization: Bearer YOUR_TOKEN_HERE"

# Check Nginx config
sudo cat /etc/nginx/sites-available/ollama-api | grep Bearer

Solutions:

Token mismatch (extra spaces, wrong token):

bash

# View exact token in config
sudo cat /etc/nginx/sites-available/ollama-api

Make sure:

No extra spaces before/after token
Token is exactly as generated
Format is: "Bearer YOUR_TOKEN_HERE" (with quotes)

Special characters in token causing issues:

Regenerate a simpler token:

bash

openssl rand -hex 32

Update Nginx config with new token and restart.

Issue 4: Cloudflare Tunnel Not Working

Symptoms:

Domain shows "Connection timeout"
Can't access https://ai.kumarchaudhary.com.np

Diagnosis:

bash

# Check tunnel status
sudo systemctl status cloudflared

# Check tunnel info
cloudflared tunnel info my-oracle-tunnel

# Check logs
sudo journalctl -u cloudflared -n 50

Solutions:

Cloudflared service not running:

bash

sudo systemctl start cloudflared
sudo systemctl enable cloudflared

DNS not configured:

bash

# Add DNS record
cloudflared tunnel route dns TUNNEL_ID subdomain.domain.com

# Or check Cloudflare Dashboard → DNS
# Should have CNAME: subdomain → TUNNEL_ID.cfargotunnel.com

Config file path wrong:

bash

# Check if system config exists
sudo cat /etc/cloudflared/config.yml

# If missing, copy from home directory
sudo cp ~/.cloudflared/config.yml /etc/cloudflared/
sudo systemctl restart cloudflared

Wrong service port in config:

bash

sudo nano /etc/cloudflared/config.yml

Verify ports match:

Open WebUI: port 4000
Nginx/API: port 8080

Issue 5: Out of Memory Errors

Symptoms:

Ollama crashes randomly
"Out of memory" errors in logs
System becomes unresponsive

Diagnosis:

bash

# Check memory usage
free -h

# Check which model is loaded
ollama list

# Check Ollama logs
sudo journalctl -u ollama -n 100

Solutions:

Model too large for available RAM:

bash

# Remove large model
ollama rm deepseek-coder-v2

# Pull smaller model
ollama pull llama3.2:3b  # Only ~2.3GB

Add swap space (not recommended for production):

bash

# Create 4GB swap file
sudo fallocate -l 4G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

# Make permanent
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Optimize Ollama for low memory:

bash

sudo systemctl edit ollama

Add:

ini

[Service]
Environment="OLLAMA_MAX_LOADED_MODELS=1"
Environment="OLLAMA_NUM_PARALLEL=1"

bash

sudo systemctl daemon-reload
sudo systemctl restart ollama

Issue 6: Slow Response Times

Symptoms:

API requests take 30+ seconds
Streaming responses are choppy

Diagnosis:

bash

# Check system load
top
htop

# Check if model is loaded
curl http://localhost:11434/api/tags

# Test response time
time curl http://localhost:11434/api/generate -d '{
  "model": "deepseek-coder-v2",
  "prompt": "Hello",
  "stream": false
}'

Solutions:

First request loads model (expected):

First request: 10-30 seconds (loading model into RAM)
Subsequent requests: 2-5 seconds (model cached)
This is normal behavior

CPU-only inference is slower:

Oracle ARM instances use CPU (no GPU)
Consider smaller, faster models:
- llama3.2:3b - faster than deepseek-coder-v2
- phi3:mini - optimized for speed
- gemma2:2b - very fast

Concurrent requests slowing down:

bash

sudo systemctl edit ollama

Limit parallel requests:

ini

[Service]
Environment="OLLAMA_NUM_PARALLEL=1"

Monitoring and Maintenance

Daily Health Checks

Create a monitoring script:

bash

nano ~/check-ollama-health.sh

bash

#!/bin/bash

echo "=== Ollama Health Check ==="
echo "Date: $(date)"
echo ""

# Check Ollama service
echo "1. Ollama Service Status:"
systemctl is-active ollama && echo "✅ Running" || echo "❌ Stopped"
echo ""

# Check Ollama API
echo "2. Ollama API Status:"
curl -s http://localhost:11434/api/tags > /dev/null && echo "✅ Responding" || echo "❌ Not responding"
echo ""

# Check available models
echo "3. Available Models:"
ollama list
echo ""

# Check memory usage
echo "4. Memory Usage:"
free -h | grep Mem
echo ""

# Check disk space
echo "5. Disk Space:"
df -h / | tail -1
echo ""

# Check Nginx
echo "6. Nginx Status:"
systemctl is-active nginx && echo "✅ Running" || echo "❌ Stopped"
echo ""

# Check Cloudflare Tunnel
echo "7. Cloudflare Tunnel Status:"
systemctl is-active cloudflared && echo "✅ Running" || echo "❌ Stopped"
echo ""

# Check Open WebUI
echo "8. Open WebUI Status:"
docker ps | grep open-webui > /dev/null && echo "✅ Running" || echo "❌ Stopped"
echo ""

echo "=== End Health Check ==="

Make executable:

bash

chmod +x ~/check-ollama-health.sh

Run daily:

bash

crontab -e

Add:

0 9 * * * /home/ubuntu/check-ollama-health.sh >> /home/ubuntu/health-check.log 2>&1

Log Rotation

Prevent logs from filling disk:

bash

sudo nano /etc/logrotate.d/ollama-api

/var/log/nginx/ollama-api-*.log {
    daily
    rotate 7
    compress
    delaycompress
    notifempty
    missingok
    sharedscripts
    postrotate
        [ -f /var/run/nginx.pid ] && kill -USR1 $(cat /var/run/nginx.pid)
    endscript
}

Backup Configuration

Create a backup script:

bash

nano ~/backup-ollama-config.sh

bash

#!/bin/bash

BACKUP_DIR="/home/ubuntu/ollama-backups"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $BACKUP_DIR

# Backup Ollama config
sudo cp /etc/systemd/system/ollama.service.d/override.conf $BACKUP_DIR/ollama-override-$DATE.conf

# Backup Nginx config
sudo cp /etc/nginx/sites-available/ollama-api $BACKUP_DIR/nginx-ollama-api-$DATE.conf

# Backup Cloudflare Tunnel config
sudo cp /etc/cloudflared/config.yml $BACKUP_DIR/cloudflared-config-$DATE.yml

# Backup Open WebUI data (Docker volume)
docker run --rm -v open-webui:/data -v $BACKUP_DIR:/backup alpine tar czf /backup/open-webui-data-$DATE.tar.gz -C /data .

echo "Backup completed: $DATE"
ls -lh $BACKUP_DIR/*$DATE*

Make executable:

bash

chmod +x ~/backup-ollama-config.sh

Run weekly:

bash

crontab -e

Add:

0 2 * * 0 /home/ubuntu/backup-ollama-config.sh

Performance Optimization

1. Optimize Ollama Settings

bash

sudo systemctl edit ollama

Add performance tuning:

ini

[Service]
Environment="OLLAMA_HOST=0.0.0.0:11434"
Environment="OLLAMA_MAX_LOADED_MODELS=1"
Environment="OLLAMA_NUM_PARALLEL=2"
Environment="OLLAMA_FLASH_ATTENTION=1"
Environment="OLLAMA_MAX_QUEUE=10"

Parameters Explained:

OLLAMA_MAX_LOADED_MODELS=1: Keep only 1 model in memory
OLLAMA_NUM_PARALLEL=2: Handle 2 requests simultaneously
OLLAMA_FLASH_ATTENTION=1: Use optimized attention mechanism
OLLAMA_MAX_QUEUE=10: Queue up to 10 requests

Restart:

bash

sudo systemctl daemon-reload
sudo systemctl restart ollama

2. Nginx Performance Tuning

bash

sudo nano /etc/nginx/nginx.conf

Optimize worker settings:

nginx

user www-data;
worker_processes auto;
worker_rlimit_nofile 65535;

events {
    worker_connections 4096;
    multi_accept on;
    use epoll;
}

http {
    # Keepalive
    keepalive_timeout 65;
    keepalive_requests 100;

    # Buffers
    client_body_buffer_size 128k;
    client_max_body_size 100m;
    client_header_buffer_size 1k;
    large_client_header_buffers 4 16k;

    # Timeouts
    send_timeout 300s;
    client_body_timeout 300s;
    client_header_timeout 300s;

    # Compression
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    # Rest of your config...
}

Test and restart:

bash

sudo nginx -t
sudo systemctl restart nginx

3. Docker Performance

Limit Open WebUI resource usage:

bash

docker stop open-webui
docker rm open-webui

docker run -d \
  --name open-webui \
  -p 4000:8080 \
  -v open-webui:/app/backend/data \
  -e OLLAMA_BASE_URL=http://172.17.0.1:11434 \
  --memory="2g" \
  --cpus="2.0" \
  --restart always \
  ghcr.io/open-webui/open-webui:main

Security Best Practices

1. Rotate API Tokens Regularly

Create a token rotation script:

bash

nano ~/rotate-api-token.sh

bash

#!/bin/bash

# Generate new token
NEW_TOKEN=$(openssl rand -hex 32)

echo "New API Token: $NEW_TOKEN"
echo ""
echo "Update the following locations:"
echo "1. /etc/nginx/sites-available/ollama-api"
echo "2. Your application configuration"
echo "3. Postman/API client settings"
echo ""
echo "Steps:"
echo "sudo nano /etc/nginx/sites-available/ollama-api"
echo "# Replace the Bearer token with: $NEW_TOKEN"
echo "sudo nginx -t"
echo "sudo systemctl restart nginx"

Make executable:

bash

chmod +x ~/rotate-api-token.sh

Run monthly and update token:

bash

./rotate-api-token.sh

2. Enable Fail2Ban for Nginx

Protect against brute force attacks:

bash

sudo apt install -y fail2ban

Create Nginx jail:

bash

sudo nano /etc/fail2ban/jail.local

ini

[nginx-auth]
enabled = true
filter = nginx-auth
logpath = /var/log/nginx/ollama-api-access.log
maxretry = 5
bantime = 3600
findtime = 600

Create filter:

bash

sudo nano /etc/fail2ban/filter.d/nginx-auth.conf

ini

[Definition]
failregex = ^ .* 401 .*$
ignoreregex =

Restart Fail2Ban:

bash

sudo systemctl restart fail2ban
sudo fail2ban-client status nginx-auth

3. Regular Security Updates

bash

# Weekly security updates
sudo apt update
sudo apt upgrade -y

# Update Ollama
curl -fsSL https://ollama.com/install.sh | sh

# Update Cloudflared
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
sudo dpkg -i cloudflared-linux-amd64.deb
sudo systemctl restart cloudflared

# Update Docker images
docker pull ghcr.io/open-webui/open-webui:main
docker stop open-webui
docker rm open-webui
# Re-run docker run command with new image

4. Audit Logs Regularly

bash

# Check who accessed your API
sudo grep "Bearer" /var/log/nginx/ollama-api-access.log | tail -20

# Check failed authentication attempts
sudo grep "401" /var/log/nginx/ollama-api-access.log | tail -20

# Check most active IPs
sudo awk '{print $1}' /var/log/nginx/ollama-api-access.log | sort | uniq -c | sort -rn | head -10

Cost Analysis

Oracle Cloud Free Tier

What you get (forever free):

4 ARM-based Ampere A1 cores (up to 24GB RAM total)
200GB block storage
10TB outbound data transfer per month
We're using: 4 cores, 11GB RAM, ~20GB storage

Monthly costs: $0.00 ✅

Cloudflare Free Tier

What you get:

Unlimited bandwidth through tunnel
DDoS protection
SSL certificates
CDN caching

Monthly costs: $0.00 ✅

Domain Cost

Variable cost:

.com.np domains: Usually free or ~$10/year
Your domain: kumarchaudhary.com.np

Total Monthly Cost: $0 (excluding domain registration)

Comparison with OpenAI API:

GPT-4 Turbo: $10/1M input tokens, $30/1M output tokens
Average conversation (~1000 tokens): $0.04
1000 conversations/month: $40/month

Your setup:

Unlimited conversations
Zero per-request cost
Full data privacy

Use Cases and Integration Examples

1. Node.js Integration

javascript

// ollama-client.js
const OLLAMA_API_URL = 'https://aiapi.kumarchaudhary.com.np';
const API_TOKEN = process.env.OLLAMA_API_KEY;

async function chat(message) {
  const response = await fetch(`${OLLAMA_API_URL}/api/chat`, {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Authorization': `Bearer ${API_TOKEN}`
    },
    body: JSON.stringify({
      model: 'deepseek-coder-v2',
      messages: [
        { role: 'user', content: message }
      ],
      stream: false
    })
  });

  const data = await response.json();
  return data.message.content;
}

// Usage
chat('Explain async/await in JavaScript')
  .then(response => console.log(response))
  .catch(error => console.error('Error:', error));

2. Python Integration

python

# ollama_client.py
import os
import requests

OLLAMA_API_URL = 'https://aiapi.kumarchaudhary.com.np'
API_TOKEN = os.getenv('OLLAMA_API_KEY')

def chat(message, system_prompt=None):
    messages = []

    if system_prompt:
        messages.append({'role': 'system', 'content': system_prompt})

    messages.append({'role': 'user', 'content': message})

    response = requests.post(
        f'{OLLAMA_API_URL}/api/chat',
        headers={
            'Content-Type': 'application/json',
            'Authorization': f'Bearer {API_TOKEN}'
        },
        json={
            'model': 'deepseek-coder-v2',
            'messages': messages,
            'stream': False
        }
    )

    response.raise_for_status()
    return response.json()['message']['content']

# Usage
if __name__ == '__main__':
    result = chat(
        'Write a Python function to find prime numbers',
        system_prompt='You are an expert Python developer'
    )
    print(result)

3. Bash Script Integration

bash

#!/bin/bash
# ask-ai.sh

OLLAMA_API_URL="https://aiapi.kumarchaudhary.com.np"
API_TOKEN="YOUR_TOKEN_HERE"

ask_ai() {
    local question="$1"

    curl -s "$OLLAMA_API_URL/api/chat" \
      -H "Authorization: Bearer $API_TOKEN" \
      -H "Content-Type: application/json" \
      -d "{
        \"model\": \"deepseek-coder-v2\",
        \"messages\": [{\"role\": \"user\", \"content\": \"$question\"}],
        \"stream\": false
      }" | jq -r '.message.content'
}

# Usage
ask_ai "Explain what the ls command does in Linux"

Make executable:

bash

chmod +x ask-ai.sh
./ask-ai.sh

4. Build a Slack Bot

javascript

// slack-ollama-bot.js
const { App } = require('@slack/bolt');

const app = new App({
  token: process.env.SLACK_BOT_TOKEN,
  signingSecret: process.env.SLACK_SIGNING_SECRET
});

async function askOllama(question) {
  const response = await fetch('https://aiapi.kumarchaudhary.com.np/api/chat', {
    method: 'POST',
    headers: {
      'Content-Type': 'application/json',
      'Authorization': `Bearer ${process.env.OLLAMA_API_KEY}`
    },
    body: JSON.stringify({
      model: 'deepseek-coder-v2',
      messages: [{ role: 'user', content: question }],
      stream: false
    })
  });

  const data = await response.json();
  return data.message.content;
}

app.message(/ask:(.*)/, async ({ message, say }) => {
  const question = message.text.replace(/ask:\s*/, '');
  const answer = await askOllama(question);
  await say(answer);
});

(async () => {
  await app.start(process.env.PORT || 3000);
  console.log('⚡️ Slack bot is running!');
})();

5. Discord Bot Integration

python

# discord_ollama_bot.py
import discord
import os
import requests

intents = discord.Intents.default()
intents.message_content = True
client = discord.Client(intents=intents)

OLLAMA_API_URL = 'https://aiapi.kumarchaudhary.com.np'
API_TOKEN = os.getenv('OLLAMA_API_KEY')

def ask_ollama(question):
    response = requests.post(
        f'{OLLAMA_API_URL}/api/chat',
        headers={
            'Authorization': f'Bearer {API_TOKEN}',
            'Content-Type': 'application/json'
        },
        json={
            'model': 'deepseek-coder-v2',
            'messages': [{'role': 'user', 'content': question}],
            'stream': False
        }
    )
    return response.json()['message']['content']

@client.event
async def on_message(message):
    if message.author == client.user:
        return

    if message.content.startswith('!ask'):
        question = message.content[5:].strip()
        answer = ask_ollama(question)
        await message.channel.send(answer)

client.run(os.getenv('DISCORD_TOKEN'))

Scaling Considerations

Adding More Models

You can run multiple models simultaneously (memory permitting):

bash

# Pull additional models
ollama pull codellama        # For coding tasks
ollama pull mistral          # For general tasks
ollama pull llama3.1         # For reasoning

# Check total size
ollama list

Memory calculation:

Current: deepseek-coder-v2 (8.9GB)
Available: ~10GB
You can add one more small model (~2-3GB)

Model switching in API:

json

{
  "model": "codellama",
  "messages": [...]
}

Horizontal Scaling (Multiple Servers)

For production workloads, you might need multiple servers:

Architecture:

Cloudflare Load Balancer
    ↓
Multiple Oracle Instances (each running Ollama)
    ↓
Shared PostgreSQL for user data

Load balancing with Cloudflare:

Create multiple tunnels (one per server)
Use Cloudflare Load Balancer to distribute traffic
Each tunnel points to a different Oracle instance

Vertical Scaling (More RAM)

Upgrade to Oracle Cloud paid tier:

8 cores, 48GB RAM: ~$50/month
Run multiple large models simultaneously
Faster response times with more parallel requests

Alternative Models to Try

For Coding Tasks:

bash

ollama pull codellama          # 7B, specialized for code
ollama pull deepseek-coder     # Alternative to deepseek-coder-v2
ollama pull starcoder2         # 3B-7B, fast coding model

For General Chat:

bash

ollama pull llama3.1           # 8B, excellent all-rounder
ollama pull mistral            # 7B, fast and capable
ollama pull phi3               # 3B, Microsoft's efficient model

For Specialized Tasks:

bash

ollama pull nous-hermes2       # Instruction following
ollama pull neural-chat        # Conversational AI
ollama pull orca-mini          # Reasoning tasks

Model Selection Guide:

ModelSizeRAM NeededBest ForSpeedgemma2:2b1.6GB3GBQuick answers⚡⚡⚡⚡⚡phi3:mini2.3GB4GBEfficiency⚡⚡⚡⚡llama3.2:3b2.3GB4GBBalanced⚡⚡⚡⚡mistral4.1GB6GBGeneral use⚡⚡⚡codellama3.8GB6GBCoding⚡⚡⚡llama3.14.7GB7GBReasoning⚡⚡deepseek-coder-v28.9GB11GBAdvanced coding⚡⚡

Frequently Asked Questions

Q1: Can I use this in production?

A: Yes, with considerations:

✅ Good for: Internal tools, personal projects, small teams
⚠️ Consider for production:
- Add monitoring (Prometheus, Grafana)
- Set up automated backups
- Implement proper logging
- Add alerting for downtime
- Consider multiple servers for redundancy

Q2: How do I update Ollama?

bash

curl -fsSL https://ollama.com/install.sh | sh
sudo systemctl restart ollama

Models stay intact during updates.

Q3: Can I fine-tune models?

A: Yes! Ollama supports fine-tuning:

bash

# Create a Modelfile
nano Modelfile

FROM deepseek-coder-v2
PARAMETER temperature 0.8
SYSTEM You are an expert Python developer specializing in Django.

bash

ollama create my-django-expert -f Modelfile
ollama run my-django-expert

Q4: What about data privacy?

A: Complete privacy:

All data stays on your server
No external API calls
No telemetry to Ollama/anyone
You control everything

Q5: Can I use a GPU?

A: Oracle Free Tier doesn't include GPUs, but you can:

Use Oracle paid tier with GPU ($1-3/hour)
Use other providers (AWS, GCP, Azure) with GPU
CPU-only is fine for most use cases

Q6: How do I add more storage?

A: Oracle Free Tier includes 200GB:

bash

# Check current usage
df -h

# If needed, add Oracle block storage:
# - Go to Oracle Cloud Console
# - Create Block Volume (up to 200GB free)
# - Attach to instance
# - Mount and use

Q7: Can I monetize this setup?

A: Yes, several ways:

Sell API access to clients
Build SaaS products on top
Offer consulting for similar setups
Create niche AI applications

Legal considerations:

Check Ollama's license (Apache 2.0 - commercial use allowed)
Check individual model licenses
Comply with your local laws

Q8: What if Oracle shuts down my free tier?

A: Backup and portability:

bash

# Backup everything
./backup-ollama-config.sh

# Export Docker volumes
docker run --rm -v open-webui:/data -v $(pwd):/backup alpine tar czf /backup/open-webui-backup.tar.gz -C /data .

# Export models
ollama list  # Note which models you have
# Re-pull them on new server

Migration is straightforward - same setup works on any Ubuntu server.

Advanced Topics

Running Multiple Ollama Instances

For high availability, run multiple Ollama instances:

Setup on ports 11434, 11435, 11436:

bash

# Create separate systemd services for each instance
sudo cp /etc/systemd/system/ollama.service /etc/systemd/system/ollama-2.service
sudo cp /etc/systemd/system/ollama.service /etc/systemd/system/ollama-3.service

# Edit each service file
sudo nano /etc/systemd/system/ollama-2.service
# Change: Environment="OLLAMA_HOST=0.0.0.0:11435"

sudo nano /etc/systemd/system/ollama-3.service
# Change: Environment="OLLAMA_HOST=0.0.0.0:11436"

# Start all instances
sudo systemctl start ollama-2
sudo systemctl start ollama-3
sudo systemctl enable ollama-2
sudo systemctl enable ollama-3

Load balance with Nginx:

nginx

upstream ollama_backend {
    least_conn;
    server 127.0.0.1:11434;
    server 127.0.0.1:11435;
    server 127.0.0.1:11436;
}

server {
    listen 8080;
    location / {
        if ($http_authorization != "Bearer YOUR_TOKEN") {
            return 401;
        }
        proxy_pass http://ollama_backend;
    }
}

Implementing Caching

Reduce redundant API calls with caching:

nginx

# Add to nginx.conf http block
proxy_cache_path /var/cache/nginx/ollama levels=1:2 keys_zone=ollama_cache:10m max_size=1g inactive=60m;

# In your server block
location /api/generate {
    proxy_cache ollama_cache;
    proxy_cache_valid 200 10m;
    proxy_cache_key "$request_body";

    # Rest of proxy config...
}

WebSocket Support for Streaming

Enable real-time streaming responses:

nginx

location / {
    proxy_pass http://127.0.0.1:11434;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_read_timeout 86400;
}

Custom Model Repository

Host your own model repository:

bash

# Create model storage
mkdir -p /opt/ollama-models

# Set Ollama to use custom path
sudo systemctl edit ollama

ini

[Service]
Environment="OLLAMA_MODELS=/opt/ollama-models"

bash

sudo systemctl daemon-reload
sudo systemctl restart ollama

Comparison with Other Solutions

vs ChatGPT API

FeatureYour SetupChatGPT APICostFree (after setup)$0.03-0.12 per 1K tokensPrivacy100% privateData sent to OpenAICustomizationFull controlLimitedLatencyMedium (no GPU)FastSetup complexityHighLowScalabilityLimited by hardwareUnlimited

vs Claude API

FeatureYour SetupClaude APICostFree$0.80-24 per 1M tokensContext windowModel dependentUp to 200K tokensPrivacyCompleteData sent to AnthropicSpeedMediumFastQualityModel dependentVery high

vs Hosting on Dedicated GPU Server

FeatureOracle Free Tier + CPUGPU ServerCost$0/month$100-500/monthSpeedMedium (3-5s/response)Fast (0.5-1s/response)Setup complexityMediumHighScalabilityLimitedHighModel sizeUp to 8B parameters70B+ parameters

Conclusion

You've now built a complete, production-ready AI API infrastructure that:

✅ Costs nothing (using free tiers)
✅ Is fully secure (multi-layer authentication, encryption)
✅ Respects privacy (all data stays on your server)
✅ Scales reasonably (handles moderate traffic)
✅ Is maintainable (clear architecture, logging, monitoring)
✅ Is flexible (swap models, add features easily)

What You've Learned:

Infrastructure as Code: Setting up services with configuration files
Networking: Understanding tunnels, proxies, and routing
Security: Implementing defense-in-depth with multiple layers
Containerization: Using Docker for isolated services
API Design: Creating and securing RESTful endpoints
System Administration: Managing Linux services and resources

Next Steps:

Immediate:

Test your API thoroughly with various prompts
Set up monitoring and alerting
Create backups
Document your API for your team

Short-term: 5. Build an application using your API 6. Experiment with different models 7. Optimize performance based on usage patterns 8. Add rate limiting per user/API key

Long-term: 9. Consider adding more servers for redundancy 10. Implement advanced caching strategies 11. Build custom fine-tuned models 12. Create a developer portal for your API

Resources:

Ollama Documentation: https://github.com/ollama/ollama
Open WebUI: https://github.com/open-webui/open-webui
Cloudflare Tunnel Docs: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/
Nginx Documentation: https://nginx.org/en/docs/
Model Library: https://ollama.com/library

Community:

Join these communities for help:

Ollama Discord: https://discord.gg/ollama
r/selfhosted on Reddit
r/LocalLLaMA on Reddit

Final Thoughts

Building your own AI infrastructure is more than just following steps—it's about understanding how modern cloud-native applications work. The skills you've gained here transfer directly to enterprise environments where these same patterns are used at scale.

Key Takeaways:

Separation of Concerns: Each component (Ollama, Nginx, Cloudflare) does one thing well
Security by Design: Authentication and encryption at every layer
Observability Matters: Logging and monitoring are not optional
Automation is Key: Scripts and systemd services make everything reproducible
Cost Optimization: Free tiers can run serious workloads

Remember: The most secure system is one you understand completely. You now own every layer of your AI stack, from the network tunnel to the model weights. That's powerful.

Appendix A: Complete Configuration Files

Ollama Service Override

File: /etc/systemd/system/ollama.service.d/override.conf

ini

[Service]
Environment="OLLAMA_HOST=0.0.0.0:11434"
Environment="OLLAMA_MAX_LOADED_MODELS=1"
Environment="OLLAMA_NUM_PARALLEL=2"

Nginx Configuration

File: /etc/nginx/sites-available/ollama-api

nginx

server {
    listen 8080;
    server_name localhost;

    # Logging
    log_format api_access '$remote_addr - $remote_user [$time_local] '
                         '"$request" $status $body_bytes_sent '
                         '"$http_authorization" "$http_user_agent"';
    access_log /var/log/nginx/ollama-api-access.log api_access;
    error_log /var/log/nginx/ollama-api-error.log;

    location / {
        # Authentication
        if ($http_authorization != "Bearer YOUR_TOKEN_HERE") {
            return 401 '{"error": "Unauthorized"}';
        }

        # Proxy to Ollama
        proxy_pass http://127.0.0.1:11434;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }
}

Cloudflare Tunnel Configuration

File: /etc/cloudflared/config.yml

yaml

tunnel: YOUR_TUNNEL_ID
credentials-file: /etc/cloudflared/YOUR_TUNNEL_ID.json

ingress:
  - hostname: ai.yourdomain.com
    service: http://localhost:4000
  - hostname: aiapi.yourdomain.com
    service: http://localhost:8080
  - service: http_status:404

Docker Compose (Alternative to docker run)

File: docker-compose.yml

yaml

version: '3.8'

services:
  open-webui:
    image: ghcr.io/open-webui/open-webui:main
    container_name: open-webui
    ports:
      - "4000:8080"
    volumes:
      - open-webui:/app/backend/data
    environment:
      - OLLAMA_BASE_URL=http://172.17.0.1:11434
    restart: always
    deploy:
      resources:
        limits:
          memory: 2G
          cpus: '2.0'

volumes:
  open-webui:

Appendix B: Useful Commands Cheat Sheet

Ollama Commands

bash

# List models
ollama list

# Pull a model
ollama pull model-name

# Remove a model
ollama rm model-name

# Run interactive chat
ollama run model-name

# Show model info
ollama show model-name

# Check Ollama version
ollama --version

Service Management

bash

# Ollama
sudo systemctl status ollama
sudo systemctl restart ollama
sudo systemctl stop ollama
sudo journalctl -u ollama -f

# Nginx
sudo systemctl status nginx
sudo systemctl restart nginx
sudo nginx -t
sudo tail -f /var/log/nginx/ollama-api-access.log

# Cloudflare Tunnel
sudo systemctl status cloudflared
sudo systemctl restart cloudflared
sudo journalctl -u cloudflared -f
cloudflared tunnel info my-oracle-tunnel

Docker Commands

bash

# List containers
docker ps
docker ps -a

# View logs
docker logs open-webui
docker logs -f open-webui

# Restart container
docker restart open-webui

# Stop and remove
docker stop open-webui
docker rm open-webui

# Execute command in container
docker exec open-webui curl http://172.17.0.1:11434/api/tags

System Monitoring

bash

# Memory usage
free -h

# Disk usage
df -h

# CPU usage
top
htop

# Network connections
sudo netstat -tlnp
sudo ss -tlnp

# Process list
ps aux | grep ollama
ps aux | grep nginx

API Testing

bash

# List models
curl http://localhost:11434/api/tags

# Generate completion
curl http://localhost:11434/api/generate -d '{
  "model": "deepseek-coder-v2",
  "prompt": "Hello",
  "stream": false
}'

# Chat
curl http://localhost:11434/api/chat -d '{
  "model": "deepseek-coder-v2",
  "messages": [{"role": "user", "content": "Hi"}],
  "stream": false
}'

# With authentication
curl https://aiapi.yourdomain.com/api/chat \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"model": "deepseek-coder-v2", "messages": [{"role": "user", "content": "test"}]}'

Appendix C: Troubleshooting Decision Tree

API not responding?
├─ Cloudflare Tunnel issue?
│  ├─ Check: sudo systemctl status cloudflared
│  ├─ Check: cloudflared tunnel info my-oracle-tunnel
│  └─ Fix: sudo systemctl restart cloudflared
│
├─ Nginx issue?
│  ├─ Check: sudo systemctl status nginx
│  ├─ Check: sudo nginx -t
│  ├─ Check: sudo tail -50 /var/log/nginx/error.log
│  └─ Fix: sudo systemctl restart nginx
│
├─ Ollama issue?
│  ├─ Check: systemctl status ollama
│  ├─ Check: curl http://localhost:11434/api/tags
│  ├─ Check: sudo journalctl -u ollama -n 100
│  └─ Fix: sudo systemctl restart ollama
│
└─ Network/Firewall issue?
   ├─ Check: sudo iptables -L -n
   ├─ Check: docker exec open-webui curl http://172.17.0.1:11434/api/tags
   └─ Fix: sudo iptables -I INPUT -s 172.17.0.0/16 -p tcp --dport 11434 -j ACCEPT

Thank you for following this guide! If you found it helpful, consider:

Sharing it with others building similar systems
Contributing improvements via GitHub
Joining the community discussions

Happy building! 🚀

Last updated: November 2025
Author: Kumar Chaudhary
License: MIT

Complete Guide: Running Production Services on Oracle Cloud with Systemd and Cloudflare Tunnel

Kumar Chaudhary — Sat, 15 Nov 2025 22:56:45 GMT

Introduction

Running applications on Oracle Cloud Infrastructure (OCI) requires more than just starting your server—you need a robust setup that ensures your services stay running, restart automatically after crashes, and survive system reboots. This comprehensive guide walks you through setting up production-grade services using systemd, the industry-standard service manager for Linux systems.

Whether you're hosting a Node.js API, Python web application, or any other service on an Oracle Cloud compute instance, this guide will show you how to configure everything properly using systemd alongside Cloudflare Tunnel for secure external access.

What is an Oracle Cloud Instance?

Before diving into the technical setup, let's clarify what we mean by an "Oracle instance." In cloud computing terminology, an instance refers to a virtual machine (VM)—a virtualized server running on physical infrastructure maintained by the cloud provider.

Oracle Cloud Infrastructure calls these compute instances, similar to how:

Amazon Web Services calls them "EC2 instances"
Microsoft Azure calls them "Virtual Machines"
Google Cloud calls them "Compute Engine instances"

Your Oracle instance is essentially a server running in Oracle's data center that you can access remotely via SSH. It has its own:

Operating system (typically Ubuntu, CentOS, or Oracle Linux)
CPU and memory resources
Network interface and IP address
Storage volumes

Understanding the Architecture

When hosting a service on Oracle Cloud with external access, you typically need three components:

Your Application Server - The actual service you want to run (Node.js, Python, Go, etc.)
Cloudflare Tunnel - Securely exposes your application to the internet without opening firewall ports
Systemd - Manages both services, ensuring they run reliably

Why Use Cloudflare Tunnel?

Cloudflare Tunnel creates a secure, encrypted connection between your Oracle instance and Cloudflare's edge network. This allows you to:

Expose services without opening firewall ports
Route traffic through a custom subdomain
Benefit from Cloudflare's DDoS protection and CDN
Avoid dealing with dynamic IP addresses

The Problem with Manual Server Management

When you SSH into your Oracle instance and manually start your application:

bash

node server.js

Everything works fine—until you close your SSH connection. The moment you disconnect, your application stops running. Your subdomain becomes unreachable, and your service goes offline.

You could run it in the background with nohup or use screen/tmux, but these are development workarounds, not production solutions. They don't:

Auto-start your service when the VM reboots
Automatically restart your application if it crashes
Provide proper logging and monitoring
Follow industry best practices

This is where systemd becomes essential.

Why Systemd is Essential for Production

Systemd is the initialization system and service manager used by most modern Linux distributions, including Ubuntu (which commonly runs on Oracle Cloud instances). Think of it as the control center for all services running on your server.

Key Benefits of Using Systemd

1. Automatic Startup on Boot

If your Oracle instance reboots due to maintenance, updates, or unexpected issues, systemd automatically starts your services without any manual intervention. Your application comes back online automatically.

2. Automatic Restart on Failure

Applications crash—it's inevitable. With systemd, you can configure services to automatically restart when they fail, minimizing downtime to seconds rather than hours (or until you notice and SSH in to fix it).

3. Centralized Logging

Systemd integrates with journalctl, providing powerful, searchable logs for all your services. You can easily:

View real-time logs
Search through historical logs
Filter by time period
Export logs for analysis

4. Resource Management

You can set limits on CPU usage, memory consumption, and other resources to prevent runaway processes from crashing your entire instance.

5. Dependency Management

Systemd can ensure services start in the correct order. For example, your Cloudflare tunnel should only start after your application is running.

6. Industry Standard

Systemd is the expected way to manage services in production Linux environments. Any system administrator will know how to work with it.

Comparison with Alternatives

Verdict: While screen, tmux, and nohup work for development and testing, systemd is the only proper solution for production environments.

Prerequisites

Before proceeding with this guide, ensure you have:

Oracle Cloud Instance running Ubuntu (or another Linux distribution with systemd)
SSH access to your instance
Your application already developed and tested
Cloudflare Tunnel set up and configured (tunnel created, but not necessarily running)
sudo privileges on the instance

Step-by-Step Systemd Setup

Step 1: Identify Your Application Details

Before creating systemd service files, gather this information about your application:

Application type: Node.js, Python, Go, Java, Ruby, etc.
Start command: The exact command to start your application
- Node.js: node server.js or npm start
- Python: python3 app.py or flask run
- Go: ./myapp (compiled binary)
Working directory: Full path where your application code lives
- Example: /home/ubuntu/tunnel-node
Port: Which port your application listens on
- Example: 3000, 8080, 5000
Environment variables: Any required environment variables
- Database URLs, API keys, NODE_ENV, etc.

Step 2: Create Systemd Service for Your Application

Systemd service files are stored in /etc/systemd/system/ and use the .service extension. Let's create one for your application.

For Node.js Applications

bash

sudo nano /etc/systemd/system/myapp.service

Paste this configuration:

ini

[Unit]
Description=My Node.js Application
After=network.target

[Service]
Type=simple
User=ubuntu
WorkingDirectory=/home/ubuntu/your-app-folder (where is your application folder)
Environment="NODE_ENV=production"
Environment="PORT=3000"
ExecStart=/usr/bin/node server.js
Restart=always
RestartSec=10

# Optional: Resource limits
# MemoryLimit=512M
# CPUQuota=50%

# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=myapp

[Install]
WantedBy=multi-user.target

Understanding Each Section:

[Unit] Section:

Description: Human-readable name for your service
After=network.target: Ensures the service starts after the network is available

[Service] Section:

Type=simple: Service runs in the foreground
User=ubuntu: Run as the ubuntu user (adjust if different)
WorkingDirectory: Where your application files are located
Environment: Sets environment variables
ExecStart: The exact command to start your application
Restart=always: Always restart the service if it stops
RestartSec=10: Wait 10 seconds before restarting
StandardOutput/StandardError=journal: Send logs to journalctl
SyslogIdentifier: Name used in logs

[Install] Section:

WantedBy=multi-user.target: Start service when system reaches multi-user mode

For Python Applications

ini

[Unit]
Description=My Python Application
After=network.target

[Service]
Type=simple
User=ubuntu
WorkingDirectory=/home/ubuntu/your-app-folder
Environment="PYTHONUNBUFFERED=1"
Environment="FLASK_ENV=production"
ExecStart=/usr/bin/python3 app.py
Restart=always
RestartSec=10

StandardOutput=journal
StandardError=journal
SyslogIdentifier=myapp

[Install]
WantedBy=multi-user.target

Note: PYTHONUNBUFFERED=1 ensures Python output appears in logs immediately.

For Compiled Binaries (Go, Rust, etc.)

ini

[Unit]
Description=My Application
After=network.target

[Service]
Type=simple
User=ubuntu
WorkingDirectory=/home/ubuntu/your-app-folder
ExecStart=/home/ubuntu/your-app-folder/myapp
Restart=always
RestartSec=10

StandardOutput=journal
StandardError=journal
SyslogIdentifier=myapp

[Install]
WantedBy=multi-user.target

Important: Replace /home/ubuntu/your-app-folder with your actual application directory path!

Save and exit: Press Ctrl+X, then Y, then Enter

Step 3: Create Systemd Service for Cloudflare Tunnel

Now let's create a service for Cloudflare Tunnel that will route external traffic to your application.

bash

sudo nano /etc/systemd/system/cloudflared-tunnel.service

Paste this configuration:

ini

[Unit]
Description=Cloudflare Tunnel
After=network.target myapp.service
Wants=myapp.service

[Service]
Type=simple
User=ubuntu
ExecStart=/usr/local/bin/cloudflared tunnel run my-oracle-tunnel
Restart=always
RestartSec=10

StandardOutput=journal
StandardError=journal
SyslogIdentifier=cloudflared

[Install]
WantedBy=multi-user.target

Key Configuration Details:

After=network.target myapp.service: Ensures the tunnel starts after your application
Wants=myapp.service: Systemd will try to start your app before the tunnel
ExecStart: Replace my-oracle-tunnel with your actual tunnel name

Finding Your Tunnel Name:

If you're unsure of your tunnel name:

bash

cloudflared tunnel list

Finding Cloudflared Location:

If cloudflared is installed elsewhere:

bash

which cloudflared

Update the ExecStart path accordingly.

Save and exit: Press Ctrl+X, then Y, then Enter

Step 4: Reload Systemd and Enable Services

After creating the service files, systemd needs to reload its configuration and enable the services.

bash

# Reload systemd to recognize new services
sudo systemctl daemon-reload

# Enable services to start on boot
sudo systemctl enable myapp.service
sudo systemctl enable cloudflared-tunnel.service

# Start the services immediately
sudo systemctl start myapp.service
sudo systemctl start cloudflared-tunnel.service

What Each Command Does:

daemon-reload: Tells systemd to scan for new or modified service files
enable: Configures the service to start automatically on boot
start: Starts the service immediately

Step 5: Verify Everything is Running

Check that both services are active and running correctly:

bash

# Check status of your application
sudo systemctl status myapp.service

# Check status of Cloudflare tunnel
sudo systemctl status cloudflared-tunnel.service

What to Look For:

You should see Active: active (running) in green text. Example output:

● myapp.service - My Node.js Application
     Loaded: loaded (/etc/systemd/system/myapp.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2025-11-15 22:00:00 UTC; 2min ago
   Main PID: 1234 (node)
      Tasks: 11 (limit: 14273)
     Memory: 45.2M
        CPU: 250ms
     CGroup: /system.slice/myapp.service
             └─1234 /usr/bin/node server.js

Success Indicators:

Loaded: loaded - Service file is recognized
enabled - Will start on boot
Active: active (running) - Currently running
Main PID shows the process ID
No error messages

Essential Systemd Commands

Now that your services are running, here are the commands you'll use regularly to manage them.

Managing Services

bash

# Start a service
sudo systemctl start myapp.service

# Stop a service
sudo systemctl stop myapp.service

# Restart a service (stop then start)
sudo systemctl restart myapp.service

# Reload service configuration without stopping
sudo systemctl reload myapp.service

# Check if service is running
sudo systemctl status myapp.service

# Enable service to start on boot
sudo systemctl enable myapp.service

# Disable service from starting on boot
sudo systemctl disable myapp.service

# Check if service is enabled
sudo systemctl is-enabled myapp.service

# Check if service is active
sudo systemctl is-active myapp.service

Viewing Logs with Journalctl

Systemd's logging system is incredibly powerful. Here's how to use it:

bash

# View logs in real-time (like tail -f)
sudo journalctl -u myapp.service -f

# View last 100 lines
sudo journalctl -u myapp.service -n 100

# View logs from today
sudo journalctl -u myapp.service --since today

# View logs since specific time
sudo journalctl -u myapp.service --since "2025-11-15 20:00:00"

# View logs between two times
sudo journalctl -u myapp.service --since "2025-11-15 20:00:00" --until "2025-11-15 22:00:00"

# View logs with priority level (error and higher)
sudo journalctl -u myapp.service -p err

# Export logs to file
sudo journalctl -u myapp.service > myapp-logs.txt

# View logs from both services simultaneously
sudo journalctl -u myapp.service -u cloudflared-tunnel.service -f

Log Priority Levels:

emerg (0): System unusable
alert (1): Action must be taken immediately
crit (2): Critical conditions
err (3): Error conditions
warning (4): Warning conditions
notice (5): Normal but significant
info (6): Informational
debug (7): Debug-level messages

Advanced Service Management

bash

# See all enabled services
sudo systemctl list-unit-files | grep enabled

# See all running services
sudo systemctl list-units --type=service --state=running

# View service dependencies
sudo systemctl list-dependencies myapp.service

# Show all properties of a service
sudo systemctl show myapp.service

# Edit service file directly
sudo systemctl edit --full myapp.service

# Create override file (for modifications without editing main file)
sudo systemctl edit myapp.service

Troubleshooting Common Issues

Even with proper configuration, you may encounter issues. Here's how to diagnose and fix them.

Issue 1: Service Fails to Start

Symptoms:

Active: failed status
code=exited, status=1/FAILURE

Diagnosis:

bash

# Check detailed error logs
sudo journalctl -u myapp.service -n 50 --no-pager

# Verify the executable path
which node  # or python3, or check your binary path

# Check file permissions
ls -la /home/ubuntu/your-app-folder

# Try running the command manually
cd /home/ubuntu/your-app-folder
node server.js

Common Causes:

Wrong WorkingDirectory path
- Solution: Use absolute paths, verify with pwd
Missing executable
- Solution: Install required runtime (sudo apt install nodejs)
Incorrect file permissions
- Solution: chmod +x your-binary or chown ubuntu:ubuntu -R /path
Missing dependencies
- Node.js: npm install
- Python: pip install -r requirements.txt
Syntax errors in code
- Solution: Test application manually first

Issue 2: Service Starts Then Immediately Stops

Symptoms:

Service status shows activating (auto-restart)
Constant restart loop

Diagnosis:

bash

# Watch logs in real-time
sudo journalctl -u myapp.service -f

# Check application-specific logs
cat /home/ubuntu/your-app-folder/app.log

Common Causes:

Port already in use

bash

   # Check what's using the port
   sudo lsof -i :3000

   # Kill the process
   sudo kill

Missing environment variables
- Solution: Add them to service file under Environment=
Application crashes on startup
- Solution: Fix application bugs, check logs
Incorrect ExecStart command
- Solution: Test command manually first

Issue 3: Can't Find Cloudflared

Symptoms:

cloudflared-tunnel.service fails with "No such file or directory"

Solution:

bash

# Find where cloudflared is installed
which cloudflared

# Update the service file with correct path
sudo nano /etc/systemd/system/cloudflared-tunnel.service
# Change ExecStart to the path returned by 'which'

# Reload and restart
sudo systemctl daemon-reload
sudo systemctl restart cloudflared-tunnel.service

Issue 4: Permission Denied Errors

Symptoms:

Logs show "Permission denied" errors
Service can't write to files or directories

Solution:

bash

# Change ownership of application directory
sudo chown -R ubuntu:ubuntu /home/ubuntu/your-app-folder

# Give execute permissions to binaries
chmod +x /home/ubuntu/your-app-folder/myapp

# Check what user the service runs as
sudo systemctl show myapp.service | grep User

Issue 5: Service Running but Subdomain Not Working

Symptoms:

Both services show active (running)
Subdomain returns 502 Bad Gateway or connection timeout

Diagnosis:

bash

# Check if app is listening on the correct port
sudo netstat -tlnp | grep :3000

# Check Cloudflare tunnel logs
sudo journalctl -u cloudflared-tunnel.service -n 100

# Test local connectivity
curl http://localhost:3000

Common Causes:

Application not listening on correct host
- Solution: Ensure app listens on 0.0.0.0 or localhost
Cloudflare tunnel misconfigured
- Solution: Check tunnel ingress rules in Cloudflare dashboard
Firewall blocking connections
- Solution: Check Oracle Cloud security lists and instance firewall

Issue 6: High Memory or CPU Usage

Solution - Add Resource Limits:

bash

sudo nano /etc/systemd/system/myapp.service

Add these lines in the [Service] section:

ini

# Limit memory to 512MB
MemoryLimit=512M

# Limit CPU to 50%
CPUQuota=50%

# Limit number of processes
TasksMax=50

Then reload:

bash

sudo systemctl daemon-reload
sudo systemctl restart myapp.service

Advanced Configuration Options

Configuring Restart Policies

Customize how systemd handles service failures:

ini

[Service]
# Only restart on failure (not clean exit)
Restart=on-failure

# Restart on any exit except clean stop
Restart=on-abnormal

# Restart on success or failure
Restart=always

# Never restart
Restart=no

# Wait before restarting
RestartSec=10

# Maximum restarts within time window
StartLimitIntervalSec=300
StartLimitBurst=5

Example: Restart maximum 5 times within 5 minutes, then give up:

ini

[Service]
Restart=on-failure
RestartSec=10
StartLimitIntervalSec=300
StartLimitBurst=5

Adding Multiple Environment Variables

ini

[Service]
Environment="NODE_ENV=production"
Environment="PORT=3000"
Environment="DATABASE_URL=postgresql://..."
Environment="API_KEY=your-key-here"

# Or load from file
EnvironmentFile=/home/ubuntu/your-app/.env

Running as Different User

For security, you might want a dedicated user:

bash

# Create dedicated user
sudo useradd -r -s /bin/false myappuser

# Change ownership
sudo chown -R myappuser:myappuser /home/ubuntu/your-app-folder

# Update service file
[Service]
User=myappuser
Group=myappuser

Service Dependencies

Ensure correct startup order:

ini

[Unit]
# Start after these services
After=network.target postgresql.service redis.service

# Require these services (hard dependency)
Requires=postgresql.service

# Want these services (soft dependency)
Wants=redis.service

Timeout Configuration

ini

[Service]
# Time to wait for service to start
TimeoutStartSec=60

# Time to wait for service to stop
TimeoutStopSec=30

# Send SIGKILL if stop timeout exceeded
KillMode=mixed

Security Best Practices

1. Run with Minimal Privileges

Never run services as root unless absolutely necessary:

ini

[Service]
User=ubuntu
Group=ubuntu

2. Use Environment Files for Secrets

Instead of hardcoding secrets in service files:

bash

# Create environment file
sudo nano /home/ubuntu/your-app/.env

DATABASE_URL=postgresql://user:pass@host/db
API_KEY=secret-key-here

bash

# Secure the file
sudo chmod 600 /home/ubuntu/your-app/.env
sudo chown ubuntu:ubuntu /home/ubuntu/your-app/.env

Update service file:

ini

[Service]
EnvironmentFile=/home/ubuntu/your-app/.env

3. Restrict File System Access

ini

[Service]
# Make /home, /root, /run/user read-only
ProtectHome=read-only

# Make /usr, /boot, /efi read-only
ProtectSystem=strict

# Only allow writing to specific directories
ReadWritePaths=/home/ubuntu/your-app/logs

4. Limit Network Access

ini

[Service]
# Only allow IPv4
RestrictAddressFamilies=AF_INET

# Block all except specific ports
IPAddressDeny=any
IPAddressAllow=localhost
IPAddressAllow=10.0.0.0/8

Monitoring and Maintenance

Setting Up Log Rotation

Prevent logs from filling up your disk:

bash

# Check journal disk usage
journalctl --disk-usage

# Limit journal size
sudo nano /etc/systemd/journald.conf

Add:

ini

[Journal]
SystemMaxUse=500M
SystemMaxFileSize=100M

Restart journald:

bash

sudo systemctl restart systemd-journald

Creating Monitoring Alerts

Set up email alerts for service failures:

ini

[Unit]
OnFailure=status-email@%n.service

[Service]
# Your service configuration

Checking Service Health

Create a monitoring script:

bash

#!/bin/bash
# check-services.sh

SERVICES=("myapp.service" "cloudflared-tunnel.service")

for service in "${SERVICES[@]}"; do
    if ! systemctl is-active --quiet "$service"; then
        echo "$service is not running!"
        # Send alert (email, Slack, etc.)
    fi
done

Run via cron every 5 minutes:

bash

crontab -e

Add:

*/5 * * * * /home/ubuntu/check-services.sh

Quick Setup Script

For faster deployment, here's an automated setup script:

bash

#!/bin/bash
# setup-services.sh

# Configuration - EDIT THESE
APP_NAME="myapp"
APP_DIR="/home/ubuntu/tunnel-node"
APP_TYPE="node"  # node, python, or binary
APP_COMMAND="node server.js"
APP_PORT="3000"
TUNNEL_NAME="my-oracle-tunnel"

echo "Setting up systemd services..."

# Create application service
sudo tee /etc/systemd/system/${APP_NAME}.service > /dev/null <${APP_NAME} Application
After=network.target

[Service]
Type=simple
User=ubuntu
WorkingDirectory=${APP_DIR}
Environment="NODE_ENV=production"
Environment="PORT=${APP_PORT}"
ExecStart=/usr/bin/${APP_COMMAND}
Restart=always
RestartSec=10

StandardOutput=journal
StandardError=journal
SyslogIdentifier=${APP_NAME}

[Install]
WantedBy=multi-user.target
EOF

# Create Cloudflare tunnel service
sudo tee /etc/systemd/system/cloudflared-tunnel.service > /dev/null <${APP_NAME}.service
Wants=${APP_NAME}.service

[Service]
Type=simple
User=ubuntu
ExecStart=/usr/local/bin/cloudflared tunnel run ${TUNNEL_NAME}
Restart=always
RestartSec=10

StandardOutput=journal
StandardError=journal
SyslogIdentifier=cloudflared

[Install]
WantedBy=multi-user.target
EOF

# Reload systemd
echo "Reloading systemd..."
sudo systemctl daemon-reload

# Enable services
echo "Enabling services..."
sudo systemctl enable ${APP_NAME}.service
sudo systemctl enable cloudflared-tunnel.service

# Start services
echo "Starting services..."
sudo systemctl start ${APP_NAME}.service
sudo systemctl start cloudflared-tunnel.service

# Show status
echo ""
echo "========================================="
echo "Service Status:"
echo "========================================="
sudo systemctl status ${APP_NAME}.service
echo ""
sudo systemctl status cloudflared-tunnel.service

echo ""
echo "Setup complete!"
echo "Check logs with: sudo journalctl -u ${APP_NAME}.service -f"

Make it executable and run:

bash

chmod +x setup-services.sh
./setup-services.sh

Testing Your Setup

After everything is configured, test thoroughly:

1. Test Service Survival After SSH Disconnect

bash

# Start both services
sudo systemctl start myapp.service cloudflared-tunnel.service

# Verify they're running
sudo systemctl status myapp.service

# Exit SSH
exit

# Reconnect and check
ssh ubuntu@your-instance-ip
sudo systemctl status myapp.service

Both services should still be running.

2. Test Automatic Restart

bash

# Find the process ID
sudo systemctl status myapp.service | grep "Main PID"

# Kill the process
sudo kill -9 

# Wait a few seconds and check status
sleep 15
sudo systemctl status myapp.service

The service should have automatically restarted.

3. Test Boot Persistence

bash

# Reboot the instance
sudo reboot

# After it comes back up, SSH in and check
ssh ubuntu@your-instance-ip
sudo systemctl status myapp.service cloudflared-tunnel.service

Both services should be running automatically.

4. Test External Access

bash

# From your local machine
curl https://your-subdomain.your-domain.com

# Should return your application's response

Performance Optimization

Tune Restart Behavior

For applications that take time to initialize:

ini

[Service]
# Give app 2 minutes to start
TimeoutStartSec=120

# Wait 30 seconds before restarting
RestartSec=30

# If it fails 3 times in 5 minutes, stop trying
StartLimitIntervalSec=300
StartLimitBurst=3

Optimize Resource Usage

ini

[Service]
# Limit memory
MemoryMax=1G
MemoryHigh=800M

# Limit CPU
CPUQuota=75%

# Set CPU scheduling priority (higher = lower priority)
Nice=10

# Set I/O scheduling priority
IOSchedulingClass=best-effort
IOSchedulingPriority=4

Improve Startup Time

ini

[Service]
# Don't wait for all "After" services
# DefaultDependencies=no  # Use carefully!

# Reduce startup timeout
TimeoutStartSec=30

Backup and Migration

Backing Up Service Configurations

bash

# Create backup directory
mkdir -p ~/systemd-backups

# Copy service files
sudo cp /etc/systemd/system/myapp.service ~/systemd-backups/
sudo cp /etc/systemd/system/cloudflared-tunnel.service ~/systemd-backups/

# Backup with date
sudo cp /etc/systemd/system/myapp.service ~/systemd-backups/myapp.service.$(date +%Y%m%d)

Migrating to Another Instance

bash

# On old instance - export configurations
tar -czf services-backup.tar.gz \
    /etc/systemd/system/myapp.service \
    /etc/systemd/system/cloudflared-tunnel.service \
    /home/ubuntu/your-app-folder

# Transfer to new instance
scp services-backup.tar.gz ubuntu@new-instance-ip:~

# On new instance - restore
tar -xzf services-backup.tar.gz -C /
sudo systemctl daemon-reload
sudo systemctl enable myapp.service cloudflared-tunnel.service
sudo systemctl start myapp.service cloudflared-tunnel.service

Conclusion

Setting up systemd for production services on Oracle Cloud Infrastructure transforms your deployment from fragile to robust. You've learned:

Why systemd is essential for production environments
How to create service files for your application and Cloudflare Tunnel
Essential commands for managing and monitoring services
Troubleshooting techniques for common issues
Advanced configurations for security and performance
Best practices for production deployments

With this setup:

Your services survive SSH disconnections
They automatically restart after crashes
They start automatically after VM reboots
You have centralized, searchable logs
You can manage everything with standard systemd commands

This is the foundation of professional production deployments. Your Oracle Cloud instance now runs services the way they should be run—reliably, automatically, and with proper monitoring.

Next Steps

Set up monitoring: Configure alerts for service failures
Implement log aggregation: Consider tools like Loki or ELK stack
Add health checks: Implement endpoint monitoring
Configure backups: Automate regular backups of your application and data
Document your setup: Keep notes on your specific configuration

Additional Resources

Remember: Systemd isn't just about keeping services running—it's about running them professionally, with proper logging, monitoring, and fault tolerance. Take the time to configure it correctly, and your future self will thank you when your services stay online through reboots, crashes, and unexpected issues.

From Localhost to Global: Expose Your Development Server to the Internet with Cloudflare Tunnel

Kumar Chaudhary — Thu, 04 Sep 2025 06:46:58 GMT

Ever found yourself in one of these situations?

"Can you check my website?" but your app is running on localhost:3000
Need to test webhooks from external services but they can't reach your local machine
Want to show a client your work-in-progress without deploying to production
Working with a team and need to share your local development environment

Traditional solutions like ngrok work, but they're limited, expensive for permanent use, and give you random URLs that change every time. What if I told you there's a free, permanent solution that gives you a professional domain and enterprise-grade security?

Meet Cloudflare Tunnel – your gateway to making any localhost application accessible from anywhere in the world, with a custom domain, HTTPS, and zero configuration headaches.

What is Cloudflare Tunnel?

Cloudflare Tunnel creates a secure, outbound-only connection from your machine to Cloudflare's global network. Instead of opening ports on your router or dealing with dynamic IPs, the tunnel connects from inside your network to Cloudflare, which then serves your application to the world.

Think of it as a secure bridge between your localhost and the internet, with Cloudflare handling all the networking complexity.

Why Choose Cloudflare Tunnel Over Alternatives?

Feature	Cloudflare Tunnel	ngrok (Free)	Port Forwarding
Custom Domain	✅ Your domain	❌ Random URLs	✅ Your domain
Permanent URLs	✅ Never changes	❌ Changes each restart	✅ Static
HTTPS/SSL	✅ Automatic	✅ Basic	⚠️ Manual setup
No Router Config	✅ Works anywhere	✅ Works anywhere	❌ Complex setup
Multiple Services	✅ Unlimited	❌ 1 tunnel (free)	✅ Multiple ports
Cost	✅ Free	✅ Free (limited)	✅ Free
DDoS Protection	✅ Enterprise grade	❌ Basic	❌ None
Bandwidth	✅ Unlimited	⚠️ Limited	✅ Unlimited

Prerequisites

Before we begin, you'll need:

A domain name (can be purchased from Namecheap, Google Domains, etc.)
A free Cloudflare account
Your development application running locally
Basic command-line knowledge

Note: You can use any subdomain of your existing domain – no need to buy a separate one!

Step 1: Set Up Your Domain in Cloudflare

Add Your Domain to Cloudflare

Sign up for a free Cloudflare account at cloudflare.com
Add your domain:
- Click "Add Site" in the dashboard
- Enter your domain name (e.g., mydomain.com)
- Choose the Free plan
Update nameservers:
- Cloudflare will provide you with nameservers
- Go to your domain registrar (where you bought the domain)
- Replace the existing nameservers with Cloudflare's
- Wait for propagation (5 minutes to 24 hours)

Verify Domain Connection

Once your domain is active in Cloudflare, you'll see a green checkmark and can proceed to the next step.

Step 2: Install Cloudflare Tunnel (cloudflared)

On macOS

# Using Homebrew
brew install cloudflared

# Or download directly
curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-darwin-amd64.tgz -o cloudflared.tgz
tar -xzf cloudflared.tgz
sudo mv cloudflared /usr/local/bin/

On Ubuntu/Debian Linux

# Download the .deb package
curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -o cloudflared.deb

# Install
sudo dpkg -i cloudflared.deb

On Windows

Download cloudflared-windows-amd64.exe from the GitHub releases page
Rename it to cloudflared.exe
Move it to a directory in your PATH, or run from the download location

Verify Installation

cloudflared --version

You should see output like: cloudflared version 2025.8.1

Step 3: Authenticate with Cloudflare

Run the authentication command:

cloudflared tunnel login

This will:

Open a browser window
Prompt you to log into Cloudflare
Ask you to select your domain
Save authentication credentials to your machine

Success message: You'll see "You have successfully logged in" and credentials will be saved to ~/.cloudflared/cert.pem (macOS/Linux) or %USERPROFILE%\.cloudflared\cert.pem (Windows).

Step 4: Create Your First Tunnel

Create the Tunnel

cloudflared tunnel create my-dev-tunnel

Output example:

Tunnel credentials written to /Users/yourname/.cloudflared/12345678-abcd-1234-efgh-123456789012.json
Created tunnel my-dev-tunnel with id 12345678-abcd-1234-efgh-123456789012

Important: Save that tunnel ID! You'll need it for configuration.

Create Configuration File

Create a configuration file at ~/.cloudflared/config.yml (macOS/Linux) or %USERPROFILE%\.cloudflared\config.yml (Windows):

tunnel: 12345678-abcd-1234-efgh-123456789012
credentials-file: /Users/yourname/.cloudflared/12345678-abcd-1234-efgh-123456789012.json

ingress:
  - hostname: dev.yourdomain.com
    service: http://localhost:3000
  - service: http_status:404

Configuration explained:

tunnel: Your tunnel ID from the previous step
credentials-file: Path to the JSON file created
hostname: The subdomain you want to use
service: Your local application URL
The final service: http_status:404 catches all other requests

Step 5: Configure DNS

Link your subdomain to the tunnel:

cloudflared tunnel route dns my-dev-tunnel dev.yourdomain.com

This automatically creates a CNAME record in your Cloudflare DNS pointing dev.yourdomain.com to your tunnel.

Step 6: Start Your Local Application

Make sure your development server is running. Here are common examples:

Here you need to create your own service. As i’m providing only command to start the services of different web services during local development mode.

React Development Server

npm start
# Usually runs on http://localhost:3000

Next.js Development Server

npm run dev
# Usually runs on http://localhost:3000

Node.js/Express Server

node server.js
# Check your app's documentation for the port

Python Flask

flask run
# Usually runs on http://localhost:5000

Python Django

python manage.py runserver
# Usually runs on http://localhost:8000

Step 7: Run the Tunnel

Start your tunnel:

cloudflared tunnel run my-dev-tunnel

Success! Your localhost application is now accessible at https://dev.yourdomain.com 🎉

What Happens Behind the Scenes

Outbound Connection: Your machine connects to Cloudflare (no inbound ports needed)
DNS Resolution: dev.yourdomain.com resolves to Cloudflare's servers
Traffic Routing: Cloudflare routes requests through the tunnel to your localhost
SSL Termination: Cloudflare handles HTTPS automatically
Response: Your local app responds, and Cloudflare serves it globally

Advanced Configurations

Multiple Applications on Different Subdomains

You can expose multiple localhost services with one tunnel:

tunnel: 12345678-abcd-1234-efgh-123456789012
credentials-file: /Users/yourname/.cloudflared/12345678-abcd-1234-efgh-123456789012.json

ingress:
  - hostname: api.yourdomain.com
    service: http://localhost:3001
  - hostname: frontend.yourdomain.com
    service: http://localhost:3000
  - hostname: admin.yourdomain.com
    service: http://localhost:4000
  - service: http_status:404

Path-Based Routing

Route different paths to different local services:

tunnel: 12345678-abcd-1234-efgh-123456789012
credentials-file: /Users/yourname/.cloudflared/12345678-abcd-1234-efgh-123456789012.json

ingress:
  - hostname: dev.yourdomain.com
    path: /api/*
    service: http://localhost:3001
  - hostname: dev.yourdomain.com
    path: /admin/*
    service: http://localhost:4000
  - hostname: dev.yourdomain.com
    service: http://localhost:3000
  - service: http_status:404

Custom Headers

Add custom headers for debugging or authentication:

tunnel: 12345678-abcd-1234-efgh-123456789012
credentials-file: /Users/yourname/.cloudflared/12345678-abcd-1234-efgh-123456789012.json

ingress:
  - hostname: dev.yourdomain.com
    service: http://localhost:3000
    originRequest:
      httpHeaderHost: dev.yourdomain.com
      httpHeaderFields:
        X-Forwarded-For: $CF_CONNECTING_IP
        X-Original-URL: $CF_RAY
  - service: http_status:404

Running Tunnel as a Background Service

On macOS/Linux

Install as a system service:

sudo cloudflared service install
sudo systemctl enable cloudflared
sudo systemctl start cloudflared

On Windows

Install as a Windows service:

cloudflared service install

Benefits of Running as a Service

Auto-start: Tunnel starts automatically when your computer boots
Background operation: Runs without keeping a terminal window open
Reliability: Automatically restarts if it crashes
System integration: Managed like other system services

Use Cases and Practical Examples

1. Client Demos and Reviews

Scenario: You're a freelance developer showing work to a client.

# config.yml for client demo
tunnel: your-tunnel-id
credentials-file: /path/to/credentials.json

ingress:
  - hostname: client-demo.yourdomain.com
    service: http://localhost:3000
  - service: http_status:404

Benefits:

Professional domain instead of localhost:3000
Client can access from anywhere
HTTPS by default (builds trust)
No need to deploy unfinished work

2. Webhook Development and Testing

Scenario: Testing Stripe webhooks, GitHub webhooks, or any external service that needs to reach your local app.

# config.yml for webhook testing
tunnel: your-tunnel-id
credentials-file: /path/to/credentials.json

ingress:
  - hostname: webhooks.yourdomain.com
    service: http://localhost:4000
  - service: http_status:404

Usage:

# Your webhook endpoint becomes:
# https://webhooks.yourdomain.com/stripe-webhook
# Instead of: http://localhost:4000/stripe-webhook

3. Team Development and Testing

Scenario: Multiple developers need to test the same backend API or frontend.

# config.yml for team development
tunnel: your-tunnel-id
credentials-file: /path/to/credentials.json

ingress:
  - hostname: team-api.yourdomain.com
    service: http://localhost:8080
  - hostname: team-frontend.yourdomain.com
    service: http://localhost:3000
  - service: http_status:404

4. Mobile App Development

Scenario: Testing your API with a mobile app that can't access localhost.

# config.yml for mobile testing
tunnel: your-tunnel-id
credentials-file: /path/to/credentials.json

ingress:
  - hostname: mobile-api.yourdomain.com
    service: http://localhost:5000
  - service: http_status:404

Security Considerations

Network Security

✅ Pros:

No inbound ports opened on your router
Outbound-only connections (more secure)
Cloudflare's DDoS protection
Automatic HTTPS/TLS encryption

⚠️ Considerations:

Your development app is now public (add authentication if needed)
Environment variables and secrets should be properly managed
Consider IP restrictions for sensitive applications

Access Control

For sensitive development environments, add basic authentication:

// Example: Express.js with basic auth
const express = require('express');
const basicAuth = require('express-basic-auth');

const app = express();

// Add basic authentication
app.use(basicAuth({
    users: { 'dev': 'password123' },
    challenge: true
}));

// Your app routes
app.get('/', (req, res) => {
    res.send('Hello World!');
});

app.listen(3000);

IP Restrictions

Limit access to specific IP addresses:

# config.yml with IP restrictions
tunnel: your-tunnel-id
credentials-file: /path/to/credentials.json

ingress:
  - hostname: secure-dev.yourdomain.com
    service: http://localhost:3000
    originRequest:
      ipRules:
        - ip: 192.168.1.100/32
          action: allow
        - ip: 0.0.0.0/0
          action: deny
  - service: http_status:404

Troubleshooting Common Issues

Connection Refused

Error: dial tcp 127.0.0.1:3000: connect: connection refused

Solutions:

Verify your local app is running: curl http://localhost:3000
Check the port number in your config
Make sure your app binds to 0.0.0.0:3000 not just 127.0.0.1:3000

DNS Not Propagating

Error: dns: no such host

Solutions:

Wait up to 24 hours for DNS propagation
Check DNS with: nslookup dev.yourdomain.com
Verify CNAME record exists in Cloudflare DNS
Try accessing from a different network or use a VPN

Tunnel Authentication Issues

Error: failed to request Cloudflare Tunnel connection

Solutions:

Re-run cloudflared tunnel login
Check credentials file path in config.yml
Verify tunnel ID is correct
Ensure domain ownership in Cloudflare

SSL Certificate Errors

Error: Certificate warnings in browser

Solutions:

Set Cloudflare SSL mode to "Full" or "Flexible"
Wait a few minutes for SSL provisioning
Clear browser cache
Check that you're using https:// not http://

Performance Optimization

Reduce Latency

Choose Closest Cloudflare Data Center: Cloudflare automatically routes to the nearest location
Enable Argo Smart Routing (paid feature): Routes traffic via fastest paths
Use HTTP/2: Cloudflare enables this automatically
Enable Brotli Compression: Available in Cloudflare dashboard

Optimize for Development

# Development-optimized config
tunnel: your-tunnel-id
credentials-file: /path/to/credentials.json

ingress:
  - hostname: dev.yourdomain.com
    service: http://localhost:3000
    originRequest:
      connectTimeout: 30s
      tlsTimeout: 30s
      tcpKeepAlive: 30s
      keepAliveTimeout: 90s
  - service: http_status:404

Monitoring and Logs

View Tunnel Status

Check if your tunnel is running:

# List all tunnels
cloudflared tunnel list

# Show tunnel info
cloudflared tunnel info my-dev-tunnel

# View tunnel logs
cloudflared tunnel --loglevel debug run my-dev-tunnel

Cloudflare Analytics

Access detailed analytics in your Cloudflare dashboard:

Traffic volume: Requests per day/hour
Response codes: Success/error rates
Geographic distribution: Where your users are located
Bandwidth usage: Data transfer statistics

Cost Comparison

Solution	Setup Time	Monthly Cost	Custom Domain	HTTPS	Bandwidth
Cloudflare Tunnel	10 minutes	Free	✅	✅	Unlimited
ngrok Pro	2 minutes	$8-$20	✅	✅	Limited
Serveo	1 minute	Free	❌	✅	Limited
Port Forwarding	30+ minutes	ISP costs	✅	Manual	ISP limited

Best Practices

Development Workflow

Separate Tunnels for Different Projects: Create individual tunnels for each project
Use Descriptive Subdomains: api-v2.yourdomain.com instead of test.yourdomain.com
Version Your Configurations: Keep config files in version control
Document Team Access: Share tunnel URLs with team members

Configuration Management

# Organize multiple tunnel configs
mkdir ~/.cloudflared/projects/
mkdir ~/.cloudflared/projects/ecommerce/
mkdir ~/.cloudflared/projects/blog/

# Use project-specific configs
cloudflared tunnel --config ~/.cloudflared/projects/ecommerce/config.yml run ecommerce-tunnel

Environment-Specific Domains

# Development
dev-api.yourdomain.com -> localhost:3000

# Staging  
staging-api.yourdomain.com -> localhost:3001

# Feature branches
feature-auth.yourdomain.com -> localhost:3002

Conclusion

Cloudflare Tunnel transforms localhost development from a local-only experience to a globally accessible, production-like environment. Whether you're:

Sharing work with clients without deploying half-finished features
Testing webhooks from external services
Collaborating with remote team members on localhost applications
Developing mobile apps that need to connect to your local API
Learning web development and want to show friends your projects

This setup provides enterprise-grade features (custom domains, HTTPS, global CDN, DDoS protection) at zero cost, with a setup time of just 10 minutes.

The days of "works on my machine" are over. With Cloudflare Tunnel, your machine works everywhere.

Quick Setup Summary

# 1. Install cloudflared
brew install cloudflared  # or download for your OS

# 2. Authenticate  
cloudflared tunnel login

# 3. Create tunnel
cloudflared tunnel create my-tunnel

# 4. Configure DNS
cloudflared tunnel route dns my-tunnel dev.yourdomain.com  

# 5. Run tunnel
cloudflared tunnel run my-tunnel

Total time: Under 10 minutes
Total cost: $0
Result: Professional localhost hosting with your custom domain

Ready to make your localhost globally accessible? Your development workflow will never be the same! 🚀

Have questions about specific frameworks or need help with advanced tunnel configurations? Drop a comment below or connect with me on social media. Happy tunneling!

NestJS JWT Authentication – End-to-End Production Guide

Kumar Chaudhary — Mon, 11 Aug 2025 18:23:31 GMT

This article walks you through every single file required to get a secure, refresh-token-enabled JWT authentication system in NestJS with Prisma, bcrypt, Passport, and class-validator.
Copy / paste the snippets in order and you will have a working project.

1. Install dependencies

npm i @nestjs/jwt @nestjs/passport passport passport-jwt bcrypt
npm i -D @types/passport-jwt @types/bcrypt

2. Environment variables (`.env`)

DATABASE_URL="postgresql://user:pass@localhost:5432/mydb"
JWT_SECRET="super-secret-access"
JWT_REFRESH_SECRET="super-secret-refresh"
JWT_EXPIRES="15m"
JWT_REFRESH_EXPIRES="7d"

This configuration file likely contains environment variables used by a web application.

DATABASE_URL: This variable stores the connection information for the PostgreSQL database, including the username, password, host, port, and database name.
JWT_SECRET: This variable stores a secret key used for generating JSON Web Tokens (JWT) for authentication and authorization purposes. It should be kept private and secure to prevent unauthorized access.
JWT_REFRESH_SECRET: This variable stores a separate secret key used specifically for generating refresh tokens in a JWT-based authentication system. Refresh tokens are used to obtain new access tokens after they expire without requiring re-authentication.
JWT_EXPIRES: This variable specifies the expiration time for access tokens created by the application. In this case, it is set to 15 minutes, meaning that access tokens will be valid for 15 minutes before they expire.
JWT_REFRESH_EXPIRES: This variable specifies the expiration time for refresh tokens generated by the application. In this case, it is set to 7 days, allowing users to obtain new access tokens for a week without having to re-authenticate.

By using these environment variables, the application can securely store sensitive information such as database credentials and authentication secrets, without having to hardcode them in the codebase.

3. Prisma schema (`prisma/schema.prisma`)

generator client {
  provider = "prisma-client-js"
}

datasource db {
  provider = "postgresql"
  url      = env("DATABASE_URL")
}

enum RoleEnum {
  IT_HEAD
  SYSTEM_OWNER
  FINANCE_OFFICER
  REGISTRATION_CLERK
  AUDITOR
  VIEWER
}

model FncciUser {
  id             Int       @id @default(autoincrement())
  email          String    @unique
  password       String
  role           RoleEnum  @default(VIEWER)
  firstName      String
  lastName       String
  phoneNumber    String
  refreshToken   String?   // stores hashed refresh token
  createdAt      DateTime  @default(now())
  updatedAt      DateTime  @updatedAt
}

After editing:

npx prisma migrate dev --name init
npx prisma generate

4. Create DTOs

src/auth/dto/create-auth.dto.ts

import { ApiProperty } from '@nestjs/swagger';
import { IsEmail, IsEnum, IsNotEmpty, IsString, MaxLength, MinLength } from 'class-validator';
import { RoleEnum } from '@prisma/client';

export class CreateAuthDto {
  @ApiProperty({ example: 'john@doe.com' })
  @IsEmail() @IsNotEmpty()
  email: string;

  @ApiProperty({ minLength: 8, maxLength: 20 })
  @IsString() @MinLength(8) @MaxLength(20) @IsNotEmpty()
  password: string;

  @ApiProperty({ enum: RoleEnum, example: RoleEnum.VIEWER })
  @IsEnum(RoleEnum) @IsNotEmpty()
  role: RoleEnum;

  @ApiProperty({ example: 'John' })
  @IsString() @IsNotEmpty()
  firstName: string;

  @ApiProperty({ example: 'Doe' })
  @IsString() @IsNotEmpty()
  lastName: string;

  @ApiProperty({ example: '+977-9801234567' })
  @IsString() @IsNotEmpty()
  phoneNumber: string;
}

src/auth/dto/login-auth.dto.ts

import { IsEmail, IsNotEmpty, IsString } from 'class-validator';

export class LoginAuthDto {
  @IsEmail() @IsNotEmpty()
  email: string;

  @IsString() @IsNotEmpty()
  password: string;
}

5. Create decorators

src/decorator/public.decorator.ts

import { SetMetadata } from '@nestjs/common';
export const IS_PUBLIC_KEY = 'isPublic';
export const Public = () => SetMetadata(IS_PUBLIC_KEY, true);

6. JWT Guard with public-route support

src/auth/guard/jwt-auth.guard.ts

import { ExecutionContext, Injectable } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { AuthGuard } from '@nestjs/passport';
import { IS_PUBLIC_KEY } from '../decorator/public.decorator';

@Injectable()
export class JwtAuthGuard extends AuthGuard('jwt') {
  constructor(private reflector: Reflector) {
    super();
  }

  canActivate(context: ExecutionContext) {
    const isPublic = this.reflector.getAllAndOverride<boolean>(IS_PUBLIC_KEY, [
      context.getHandler(),
      context.getClass(),
    ]);
    return isPublic ? true : super.canActivate(context);
  }
}

7. Passport JWT Strategy

src/auth/strategy/jwt.strategy.ts

import { Injectable } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { PassportStrategy } from '@nestjs/passport';
import { ExtractJwt, Strategy } from 'passport-jwt';

@Injectable()
export class JwtStrategy extends PassportStrategy(Strategy) {
  constructor(private config: ConfigService) {
    super({
      jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
      secretOrKey: config.get<string>('JWT_SECRET'),
    });
  }

  async validate(payload: any) {
    return { id: payload.sub, email: payload.email, role: payload.role };
  }
}

8. Refresh-token Strategy (optional but recommended)

src/auth/strategy/jwt-refresh.strategy.ts

import { Injectable } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { PassportStrategy } from '@nestjs/passport';
import { Request } from 'express';
import { ExtractJwt, Strategy } from 'passport-jwt';

@Injectable()
export class JwtRefreshStrategy extends PassportStrategy(Strategy, 'jwt-refresh') {
  constructor(private config: ConfigService) {
    super({
      jwtFromRequest: ExtractJwt.fromBodyField('refreshToken'),
      secretOrKey: config.get<string>('JWT_REFRESH_SECRET'),
      passReqToCallback: true,
    });
  }

  async validate(req: Request, payload: any) {
    return { id: payload.sub, email: payload.email, role: payload.role, refreshToken: req.body.refreshToken };
  }
}

src/auth/auth.service.ts

import { ConflictException, ForbiddenException, Injectable, NotFoundException, UnauthorizedException } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import * as bcrypt from 'bcrypt';
import { PrismaService } from '../prisma/prisma.service';
import { CreateAuthDto } from './dto/create-auth.dto';
import { LoginAuthDto } from './dto/login-auth.dto';

@Injectable()
export class AuthService {
  private readonly salt = 10;

  constructor(
    private prisma: PrismaService,
    private jwt: JwtService,
  ) {}

  async register(dto: CreateAuthDto) {
    const exists = await this.prisma.fncciUser.findUnique({ where: { email: dto.email } });
    if (exists) throw new ConflictException('Email already taken');

    const hashed = await bcrypt.hash(dto.password, this.salt);
    const user = await this.prisma.fncciUser.create({
      data: { ...dto, password: hashed },
      select: { id: true, email: true, role: true, firstName: true, lastName: true, phoneNumber: true, createdAt: true },
    });
    return user;
  }

  async login(dto: LoginAuthDto) {
    const user = await this.prisma.fncciUser.findUnique({ where: { email: dto.email } });
    if (!user) throw new NotFoundException('User not found');

    const ok = await bcrypt.compare(dto.password, user.password);
    if (!ok) throw new UnauthorizedException('Wrong password');

    const payload = { sub: user.id, email: user.email, role: user.role };

    const accessToken = this.jwt.sign(payload, { expiresIn: '15m' });
    const refreshToken = this.jwt.sign(payload, { secret: process.env.JWT_REFRESH_SECRET, expiresIn: '7d' });

    await this.prisma.fncciUser.update({ where: { id: user.id }, data: { refreshToken: await bcrypt.hash(refreshToken, this.salt) } });

    return { accessToken, refreshToken };
  }

  async refreshTokens(refreshToken: string) {
    try {
      const payload = this.jwt.verify(refreshToken, { secret: process.env.JWT_REFRESH_SECRET });
      const user = await this.prisma.fncciUser.findUnique({ where: { id: payload.sub } });
      if (!user || !user.refreshToken) throw new ForbiddenException('Access Denied');

      const rtMatches = await bcrypt.compare(refreshToken, user.refreshToken);
      if (!rtMatches) throw new ForbiddenException('Access Denied');

      const newPayload = { sub: user.id, email: user.email, role: user.role };
      const newAccess = this.jwt.sign(newPayload, { expiresIn: '15m' });
      const newRefresh = this.jwt.sign(newPayload, { secret: process.env.JWT_REFRESH_SECRET, expiresIn: '7d' });

      await this.prisma.fncciUser.update({ where: { id: user.id }, data: { refreshToken: await bcrypt.hash(newRefresh, this.salt) } });

      return { accessToken: newAccess, refreshToken: newRefresh };
    } catch {
      throw new ForbiddenException('Invalid refresh token');
    }
  }

  async logout(userId: number) {
    await this.prisma.fncciUser.update({ where: { id: userId }, data: { refreshToken: null } });
    return { message: 'Logged out' };
  }
}

10. Auth Controller

src/auth/auth.controller.ts

import { Body, Controller, HttpCode, HttpStatus, Post, Req, UseGuards, ValidationPipe } from '@nestjs/common';
import { AuthService } from './auth.service';
import { CreateAuthDto } from './dto/create-auth.dto';
import { LoginAuthDto } from './dto/login-auth.dto';
import { Public } from '../decorator/public.decorator';
import { Request } from 'express';

@Controller('auth')
export class AuthController {
  constructor(private auth: AuthService) {}

  @Public()
  @Post('register')
  async register(@Body(ValidationPipe) dto: CreateAuthDto) {
    return this.auth.register(dto);
  }

  @Public()
  @HttpCode(HttpStatus.OK)
  @Post('login')
  async login(@Body() dto: LoginAuthDto) {
    return this.auth.login(dto);
  }

  @Public()
  @HttpCode(HttpStatus.OK)
  @Post('refresh')
  async refresh(@Body('refreshToken') refreshToken: string) {
    return this.auth.refreshTokens(refreshToken);
  }

  @Post('logout')
  async logout(@Req() req: Request) {
    const user = req.user as any;
    return this.auth.logout(user.id);
  }
}

11. Auth Module wiring

src/auth/auth.module.ts

import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { PassportModule } from '@nestjs/passport';
import { PrismaModule } from '../prisma/prisma.module';
import { AuthService } from './auth.service';
import { AuthController } from './auth.controller';
import { JwtStrategy } from './strategy/jwt.strategy';
import { JwtRefreshStrategy } from './strategy/jwt-refresh.strategy';

@Module({
  imports: [
    PassportModule,
    JwtModule.register({}),
    PrismaModule,
  ],
  providers: [AuthService, JwtStrategy, JwtRefreshStrategy],
  controllers: [AuthController],
  exports: [AuthService],
})
export class AuthModule {}

12. Global setup (`main.ts`)

src/main.ts

import { ValidationPipe } from '@nestjs/common';
import { NestFactory } from '@nestjs/core';
import { AppModule } from './app.module';

async function bootstrap() {
  const app = await NestFactory.create(AppModule);
  app.useGlobalPipes(new ValidationPipe({ whitelist: true, transform: true }));
  app.enableCors({ origin: true, credentials: true });
  await app.listen(process.env.PORT || 3000);
}
bootstrap();

13. Global guard registration

src/app.module.ts

import { Module } from '@nestjs/common';
import { APP_GUARD } from '@nestjs/core';
import { AuthModule } from './auth/auth.module';
import { JwtAuthGuard } from './auth/guard/jwt-auth.guard';

@Module({
  imports: [AuthModule],
  providers: [
    {
      provide: APP_GUARD,
      useClass: JwtAuthGuard,
    },
  ],
})
export class AppModule {}

14. Run & test

npm run start:dev

Endpoint	Public	Body	Response
POST /auth/register	✅	CreateAuthDto	{ id, email, … }
POST /auth/login	✅	LoginAuthDto	{ accessToken, refreshToken }
POST /auth/refresh	✅	{ refreshToken }	{ accessToken, refreshToken }
POST /auth/logout	❌	–	{ message }

All other routes automatically require a valid bearer token.

That’s the complete, production-ready JWT authentication system you can drop into any NestJS project.

Module 2: Compute in the Cloud

Kumar Chaudhary — Sun, 10 Aug 2025 09:42:31 GMT

Introduction to Amazon EC2

Compute refers to the processing power needed to run applications, manage data, and perform calculations. In the cloud, this power is available on-demand. You can access it remotely without owning or maintaining physical hardware. Essentially, compute in the cloud means creating virtual machines with a cloud provider to run applications and tasks over the internet. In the following lessons, you will gain a thorough understanding of Amazon Elastic Compute Cloud (Amazon EC2), a powerful compute service from AWS, as you explore its flexibility, cost-effectiveness, and scalability.

In this lesson, you will learn how to do the following:

Describe how compute resources are provisioned and managed in the cloud.
Compare the benefits and challenges of using virtual servers to managing physical servers on premises.
Identify the concept of multi-tenancy in Amazon EC2.

In this lesson, you will get an overview of Amazon EC2. You will learn about provisioning and managing virtual servers to host your applications and business resources.

Amazon EC2

Amazon EC2 is more flexible, cost-effective, and faster than managing on-premises servers. It offers on-demand compute capacity that can be quickly launched, scaled, and terminated, with costs based only on active usage.

The flexibility of Amazon EC2 allows for faster development and deployment of applications. You can launch as many or as few virtual servers as needed and configure security, networking, and storage. You can also scale resources up or down based on usage, such as handling high traffic or compute-heavy tasks.

Key takeaways: Comparing on-premises and cloud resources

When designing infrastructure for your business, selecting the right resources can significantly affect your efficiency, flexibility, and overall costs. Review the key differences between on-premises and cloud resource management.

Challenges of on-premises resources

Imagine that you're responsible for designing your company's infrastructure to support new websites. With traditional on-premises resources, you must purchase hardware upfront, wait for delivery, and handle installation and configuration. This process is time-consuming, costly, and inflexible because you're locked into a specific capacity that might not align with changing demands.

Benefits of using Cloud Resources

In contrast, with Amazon EC2, you can quickly launch, scale, and stop instances based on your needs without the delays and upfront costs associated with traditional on-premises resources.

How Amazon EC2 works

You’ve learned that AWS manages complex infrastructure, offering on-demand compute capacity that’s available whenever you need it. You can request EC2 instances and have them ready to use within minutes. But how do you actually get started?

Step 1:- Launch an instance

When launching an EC2 instance, you start by selecting an Amazon Machine Image (AMI), which defines the operating system and might include additional software. You also choose an instance type, which determines the underlying hardware resources, such as CPU, memory, and network performance.

Step 2:- Connect to the instance

You can connect to an EC2 instance in various ways. Applications can interact with services running on the instance over the network.

Users or administrators can connect using SSH for Linux instances or Remote Desktop Protocol (RDP) for Windows instances. Alternatively, AWS services like AWS Systems Manager offer a secure and simplified method for accessing instances.

Step 3:- Use the instance

After you are connected to the instance, you can begin using it to run commands, install software, add storage, organize files, and perform other tasks.

Test your skills

How does Amazon EC2 compare to running servers on premises?

It is more expensive but offers more control.
It is more flexible, cost-effective, and quicker to get started.
It requires more time to set up and maintain.
It is only useful for large businesses.

COMPUTE IN CLOUD

Amazon EC2 Instance Types

In this lesson, you will learn how to do the following:

Explain the different EC2 instance types and their characteristics.
Identify appropriate use cases for each EC2 instance type.

Amazon EC2 offers a broad range of instance types, each tailored to meet specific use case requirements. These instances come with varying combinations of CPU, memory, storage, and networking capabilities, so you can choose the right mix of resources to optimize performance for your applications.

Key takeaways: EC2 instance types

Whether you're running a simple web service or complex data processing tasks, Amazon EC2 provides the flexibility to select the ideal instance type for your needs.

To review EC2 instance types, read each of the five numbered markers.

General purpose

General purpose instances provide a balanced mix of compute, memory, and networking resources. They are ideal for diverse workloads, like web services, code repositories, and when workload performance is uncertain.

Compute optimized

Compute optimized instances are ideal for compute-intensive tasks, such as gaming servers, high performance computing (HPC), machine learning, and scientific modeling.

Memory optimized

Memory optimized instances are used for memory-intensive tasks like processing large datasets, data analytics, and databases. They provide fast performance for memory-heavy workloads.

Accelerated computing

Accelerated computing instances use hardware accelerators, like graphics processing units (GPUs), to efficiently handle tasks, such as floating-point calculations, graphics processing, and machine learning.

Storage optimized

Storage optimized instances are designed for workloads that require high performance for locally stored data, such as large databases, data warehousing, and I/O-intensive applications.

Test your skills

A financial institution is running a real-time analytics application that processes large datasets stored across multiple servers to provide quick query results. The application requires fast processing of data with a focus on handling large volumes of information efficiently.

Which Amazon EC2 instance type would be the BEST choice for this task?
- General purpose
- Compute optimized
- Storage optimized
- Memory optimized
A retail company is setting up a solution to analyze historical sales data that is stored locally. The solution requires fast access to large datasets with consistent, high disk throughput for quick data retrieval.

Which Amazon EC2 instance type would be the MOST suitable for this use case?
- General purpose
- Compute optimized
- Accelerated computing
- Storage optimized

Demo: Launching an Amazon EC2 Instance

In this lesson, you will learn how to do the following:

Identify the key configurations needed when setting up an EC2 instance.
Explain how an AMI maintains consistency and efficiency when scaling applications.

Amazon EC2 demonstration

If you're eager to understand how Amazon EC2 works, this is your chance to see it in action! In this demo, you learn about the basic steps of launching an EC2 instance. By the end of this demo, you will have a fully functional EC2 instance.

Amazon Machine Images

In the demo, you got a quick introduction to AMIs. AMIs are pre-built virtual machine images that have the basic components for what is needed to start an instance. Now, let's explore AMIs in more detail.

AMI components

An AMI includes the operating system, storage setup, architecture type, permissions for launching, and any extra software that is already installed. You can use one AMI to launch several EC2 instances that all have the same setup.
Three ways to use AMIs

AMIs can be used in three ways. First, you can create your own by building a custom AMI with specific configurations and software tailored to your needs. Second, you can use pre-configured AWS AMIs, which are set up for common operating systems and software. Lastly, you can purchase AMIs from the AWS Marketplace, where third-party vendors offer specialized software designed for specific use cases.
AMI repeatability

AMIs provide repeatability through a consistent environment for every new instance. Because configurations are identical and deployments automated, development and testing environments are consistent. This helps when scaling, reduces errors, and streamlines managing large-scale environments.

Test your skills

What are the required configurations when launching an Amazon EC2 instance for a web server? (Select THREE.)
- Amazon Machine Image (AMI)
- Load balancing
- Instance type
- Permissions
- Storage
- Instance termination behavior

What is an Amazon Machine Image (AMI) used for when launching an Amazon EC2 instance?
- To choose the instance size
- To configure networking settings
- To pre-configure the operating system and software
- To store instance data

Amazon EC2 Pricing

In this lesson, you will learn how to do the following:

Explain the available Amazon EC2 pricing options.
Describe when to use each pricing option based on specific use cases.
Describe Amazon EC2 Capacity Reservations and Reserved Instance (RI) flexibility.

In this lesson, you will learn about the pricing options for Amazon EC2. This information will help you find the most cost-effective solution for your workloads—whether you're just getting started or aiming to maximize savings on long-term usage.

Key takeaways: AWS pricing options

By understanding the different Amazon EC2 pricing options, you can make more informed decisions and optimize your costs based on your specific usage needs. To review the AWS pricing options, Observe each of the following flashcards.

On-Demand Instances:

Pay only for the compute capacity you consume with no upfront payments or long-term commitments required.

Reserved Instances:

Get a savings of up to 75 percent by committing to a 1-year or 3-year term for predictable workloads using specific instance families and AWS Regions.

Spot Instances:

Bid on spare compute capacity at up to 90 percent off the On-Demand price, with the flexibility to be interrupted when AWS reclaims the instance.

Savings Plans:

Save up to 72 percent across a variety of instance types and services by committing to a consistent usage level for 1 or 3 years.

Dedicated Hosts:

Reserve an entire physical server for your exclusive use. This option offers full control and is ideal for workloads with strict security or licensing needs.

Dedicated Instances:

Pay for instances running on hardware dedicated solely to your account. This option provides isolation from other AWS customers.

Dedicated Instances

Dedicated Hosts provide exclusive use of physical servers, offering full control over instance placement and resource allocation. This makes them ideal for security- or compliance-driven workloads. But what if you don’t need that level of control?

You could use Dedicated Instances, which offer physical isolation from other AWS accounts while still benefiting from the flexibility and cost savings of shared infrastructure.

The key difference is that Dedicated Instances provide isolation without you choosing which physical server they run on. Dedicated Hosts give you an entire physical server for exclusive use, providing complete control over instance placement and resource allocation.

Ultimately, the right choice depends on your specific workload requirements and the level of control you need over your infrastructure.

Dedicated Hosts offer exclusive use of a server with full control, whereas Dedicated Instances provide isolation without server control.

More about cost optimization

To optimize costs and resource allocation, AWS offers a range of pricing options including Savings Plans, Amazon EC2 Capacity Reservations, and Reserved Instances (RIs). Each of these is tailored to meet different workload and capacity needs.

Savings Plans

Good for: Predictable workloads

Savings Plans offer discounts compared to On-Demand rates in exchange for a commitment to use a specified amount of compute power (measured per hour) over a one-year or three-year period. They provide flexible pricing for Amazon EC2, AWS Fargate, AWS Lambda, and Amazon SageMaker AI usage, regardless of instance type or AWS Region. Payment options include All upfront, Partial upfront, or No upfront.

Capacity Reservations

Good for: Critical workloads with strict capacity requirements

With Amazon EC2 Capacity Reservations, you reserve compute capacity in a specific Availability Zone for critical workloads. Reservations are charged at the On-Demand rate, whether used or not. You only pay for the instances you run. This is ideal for strict capacity requirements for current or future business-critical workloads.

Reserved Instance flexibility

Good for: Steady-state workloads with predictable usage

RIs offer up to 75 percent savings over On-Demand pricing by applying discounts across instance sizes and multiple Availability Zones within a Region. When you purchase a Reserved Instance (RI), AWS automatically applies the discount to other instance sizes within the same family based on the instance size footprint. It also applies the discount across multiple Availability Zones for enhanced resource distribution and fault tolerance.

Test your skills

A financial services company needs to run sensitive applications that handle confidential customer data and require compliance with industry regulations. They need complete control over the physical server, including instance placement and resource allocation.

Which pricing option should they choose?
- Dedicated Hosts
- Savings Plans
- On Demand
- Spot Instances
A startup is running a batch processing workload that can tolerate occasional interruptions, and they want to reduce costs by taking advantage of unused Amazon EC2 capacity.

Which pricing option would offer them the most savings?
- Reserved Instances
- Savings Plans
- On Demand
- Spot Instances
A customer is building a new application and is unsure of their usage patterns but expects to grow and stabilize usage over time. They want to start without a long-term commitment.

Which pricing option should they use?
- Reserved Instances
- Savings Plans
- On Demand
- Spot Instances

AUTO SCALING AND LOAD BALANCING

Scaling Amazon EC2

In this lesson, you will learn how to do the following:

Recognize the concepts of scalability and elasticity as they apply to AWS.
Describe how AWS can help businesses adjust compute capacity based on varying demands.

If you've ever tried to access a website that wouldn't load and kept timing out, it might have been overwhelmed by more requests than it could handle. In this lesson, you will explore how scalability helps you manage fluctuating demand by adjusting compute capacity.

Key takeaways

Scalability is about a system’s potential to grow over time, whereas elasticity is about the dynamic, on-demand adjustment of resources.

Scalability

Scalability refers to the ability of a system to handle an increased load by adding resources. You can scale up by adding more power to existing machines, or you can scale out by adding more machines. Scalability focuses on long-term capacity planning to make sure that the system can grow and accommodate more users or workloads as needed.

Elasticity

Elasticity is the ability to automatically scale resources up or down in response to real-time demand. A system can then rapidly adjust its resources, scaling out during periods of high demand and scaling in when the demand decreases. Elasticity provides cost efficiency and optimal resource usage at any given moment.

Amazon EC2 Auto Scaling

Amazon EC2 Auto Scaling automatically adjusts the number of EC2 instances based on changes in application demand, providing better availability. It offers two approaches. Dynamic scaling adjusts in real time to fluctuations in demand. Predictive scaling preemptively schedules the right number of instances based on anticipated demand.

Example: Amazon EC2 Auto Scaling

With EC2 Auto Scaling, you maintain the desired amount of compute capacity for your application by dynamically adjusting the number of EC2 instances based on demand. You can create Auto Scaling groups, which are collections of EC2 instances that can scale in or out to meet your application’s needs.

An Auto Scaling group is configured with the following three key settings.

MINIMUM CAPACITY

The minimum capacity defines the least number of EC2 instances required to keep the application running. This makes sure that the system never scales below this threshold. It's the number of EC2 instances that launch immediately after you have created the Auto Scaling group.

In this example, the minimum capacity is four EC2 instances.
DESIRED CAPACITY

The desired capacity is the ideal number of instances needed to handle the current workload, which Auto Scaling aims to maintain. If you do not specify the desired number of EC2 instances in an Auto Scaling group, the desired capacity defaults to your minimum capacity.

In this example, the desired capacity is six EC2 instances.
MAXIMUM CAPACITY

The maximum capacity sets an upper limit on the number of instances that can be launched, preventing over-scaling and controlling costs. For example, you might configure the Auto Scaling group to scale out in response to increased demand.

In this example, a maximum of 12 EC2 instances can be launched. Amazon EC2 Auto Scaling will scale between the minimum and maximum number of instances.

Because Amazon EC2 Auto Scaling uses EC2 instances, you pay for only the instances you use, when you use them. This gives you a cost-effective architecture that provides the best customer experience while reducing expenses.

**Test your skills

**
1. What is the primary benefit of scalability and elasticity in AWS?
  - The ability to manually adjust resources based on peak usage
  - The ability to grow and shrink resources dynamically based on real-time demand
  - The ability to create fixed resources that never change in size
  - The ability to permanently increase resource capacity for long-term growth
2. What is the main reason for deploying Amazon EC2 instances across multiple Availability Zones?
  - To increase the power and speed of each individual instance
  - To provide high availability by allowing instances in different Availability Zones to handle traffic if one Availability Zone fails
  - To decrease the cost of instances by distributing them evenly across AWS Regions
  - To automatically scale instances based on resource usage in each Availability Zone
3. How does AWS make sure that a business can meet fluctuating demand without over-provisioning resources?
  - By providing fixed resources that are always available
  - By allowing businesses to provision resources that automatically scale based on demand
  - By requiring businesses to purchase excess resources in advance to handle peak demand
  - By offering resources that are always running, regardless of demand

Directing Traffic with Elastic Load Balancing

In this lesson, you will learn how to do the following:

Describe the challenge of traffic distribution and scalability in AWS environments.
Recognize the benefits of Elastic Load Balancing (ELB) in AWS.
Explain the relationship between Amazon EC2 Auto Scaling and ELB in managing AWS resources.

Spreading workloads improves the performance of your applications by preventing any single resource from having to handle the full workload on its own. In this lesson, you will learn how ELB simplifies traffic distribution and management for AWS applications.

Elastic Load Balancing

Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple resources, such as EC2 instances, to optimize performance and reliability. A load balancer serves as the single point of contact for all incoming web traffic to an Auto Scaling group. As the number of EC2 instances fluctuates in response to traffic demands, incoming requests are first directed to the load balancer. From there, the traffic is distributed evenly across the available instances.

Although ELB and Amazon EC2 Auto Scaling are distinct services, they work in tandem to enhance application performance and ensure high availability. Together, they enable applications running on Amazon EC2 to scale effectively while maintaining consistent performance.

Key takeaways: ELB benefits

Let's review the main benefits of elastic load balancing and how it enhances the performance, scalability, and management of your AWS environment. To learn more, choose each of the following flashcards.

Efficient traffic distribution:

ELB evenly distributes traffic across EC2 instances, preventing overload on any single instance and optimizing resource utilization.
Automatic scaling:

ELB scales with traffic and automatically adjusts to changes in demand for a seamless operation as backend instances are added or removed.
Simplified management:

ELB decouples front-end and backend tiers and reduces manual synchronization. It also handles maintenance, updates, and failover to ease operational overhead.

Routing methods

To optimize traffic distribution, ELB uses several routing methods: Round Robin, Least Connections, IP Hash, and Least Response Time. These routing strategies work together for efficient traffic management and optimal application performance.

Round Robin

Distributes traffic evenly across all available servers in a cyclic manner.

Least Connections

Routes traffic to the server with the fewest active connections, maintaining a balanced load.

IP Hash

Uses the client’s IP address to consistently route traffic to the same server

Least Response Time

Directs traffic to the server with the fastest response time, minimizing latency.

Example: Elastic Load Balancing

Let's look at an example to better understand how Elastic Load Balancing works in cloud computing. In the healthcare industry, particularly in hospitals and medical facilities that provide online appointment booking systems or patient portals, website traffic can vary greatly throughout the day.

INITIAL SETUP

Low-demand period: At the beginning of the day, only a few patients are accessing the system to book appointments or view medical records. The existing web servers are sufficient to handle the low traffic. This matches the demand, with no need for additional resources at this point.
SCALING UP

High-demand period: As the day progresses, especially during peak hours, such as early mornings or just before the weekend, more patients access the portal to book appointments, view test results, or contact medical professionals. To handle this surge in demand, the healthcare system automatically scales up the number of servers to help ensure that the system remains responsive and available for all users.
LOAD BALANCING

A load balancer directs the incoming traffic to different web servers based on their current load. For instance, if one server starts receiving too many requests, the load balancer will route new requests to a less busy server. This makes sure that no single server becomes overwhelmed. The traffic is evenly distributed across available EC2 instances.

By using Elastic Load Balancing and Auto Scaling, the healthcare industry can efficiently manage the varying levels of patient traffic to online services. This provides reliable access to medical portals even during high-demand periods.

**Test your skills

How does Elastic Load Balancing (ELB) improve scalability in AWS?
- It manually adjusts the number of Amazon EC2 instances based on traffic.
- It automatically routes traffic to instances based on various routing methods.
- It directly increases the size of Amazon EC2 instances.
- It creates new Amazon EC2 instances for each request.
Which task does Elastic Load Balancing (ELB) perform?
- Automatically adjusts the number of Amazon EC2 instances to match demand.
- Distributes a workload across several Amazon EC2 instances.
- Removes unneeded Amazon EC2 instances when demand is low.
- Adds a second Amazon EC2 instance during an online store's popular sale.

Messaging and Queuing

In this lesson, you will learn how to do the following:

Describe how Amazon Simple Queue Service (Amazon SQS) facilitates message queuing.
Explain how Amazon Simple Notification Service (Amazon SNS) uses a publish-subscribe model to distribute messages.
Identify the difference between tightly coupled and loosely coupled architectures.
Explain how message queues help improve communication between components.

Ever wonder how busy coffee shops keep everything running smoothly, even when the barista is on break or the cashier is overwhelmed? Well, the same principles apply to software architecture. In this lesson, you will look into how messaging and queuing help prevent slowdowns and failures.

Key takeaways: Decoupling services

In modern application development, reliability and resilience are important. One effective way to achieve this is by adopting a service-oriented approach.

Monolithic applications

Applications consist of multiple components that work together to transmit data, fulfill requests, and keep the application running smoothly. In a traditional approach to application architecture, the components—such as database logic, web application servers, user interfaces, and business logic—are tightly coupled. This means that if one component fails, it can cause the failure of other components, potentially bringing down the entire application.
Microservices architecture

To improve application availability and resilience, you can adopt a microservices architecture. In this approach, application components are loosely coupled, meaning that if one component fails, the others continue to function normally. The communication between components remains intact, and the failure of a single component does not impact the entire system. This design promotes greater flexibility and reliability in the application.

Supporting scalable and reliable cloud communication

Amazon EventBridge, Amazon SNS, and Amazon SQS are AWS services that help different parts of an application communicate effectively in the cloud. These services support building event-driven and message-based systems. Together, they help create scalable, reliable applications that can handle high traffic and can enhance communication between components.

EventBridge

EventBridge is a serverless service that helps connect different parts of an application using events, helping to build scalable, event-driven systems. With EventBridge, you route events from sources like custom apps, AWS services, and third-party software to other applications. EventBridge simplifies the process of receiving, filtering, transforming, and delivering events, so you can quickly build reliable applications.

Example: EventBridge

Customers use an online food delivery service to order meals from local restaurants through a mobile app. When a customer places an order, several steps need to happen simultaneously. To learn more about these steps, choose each of the four numbered markers.

Payment processing

The payment service must verify and process the customer's payment.
Restaurant notification

The restaurant receives a notification to start preparing the meal.
Inventory management

The inventory system checks if the ingredients for the order are available.
Delivery dispatch

A delivery driver is notified to pick up and deliver the meal.

How EventBridge helps: EventBridge can route events, like order placed or payment completed, to the relevant services (payment, restaurant, inventory, and delivery). It can handle high volumes of events during peak times, making sure each service works independently. Even if one service fails, EventBridge will store the event and process it as soon as the service is available again. EventBridge helps provide a smooth and reliable operation across the entire system.

Amazon SQS

Amazon SQS is a message queuing service that facilitates reliable communication between software components. It can send, store, and receive messages at any scale, making sure messages are not lost and that other services don't need to be available for processing. In Amazon SQS, an application places messages into a queue, and a user or service retrieves the message, processes it, and then removes it from the queue.

Example: Amazon SQS

As customer support teams grow and the volume of issues increases, traditional workflows can struggle to keep up. Let's consider how a customer support team might tackle this challenge.

SCENARIO

A customer support team consists of a support agent and a technical specialist. The support agent is responsible for receiving customer issues, and the technical specialist works on resolving them. This process works well as long as both the agent and specialist are available and coordinated.
CHALLANGE

However, what happens if the support agent creates a ticket but the technical specialist is busy working on another issue or unavailable? The agent would have to wait until the specialist is free to accept the new ticket, causing delays in resolving customer issues and extending wait times for customers. As the volume of customer issues increases, this process becomes inefficient.
SOLUTION

To improve efficiency, they implement a queue system using Amazon SQS. The support agent adds customer issues to the queue, creating a backlog. Even if the specialist is busy, the agent can continue adding new issues. The specialist checks the queue, resolves issues, and updates the agent. This system provides a smooth workflow and helps handle higher volumes without delays or bottlenecks.

Amazon SNS

Amazon SNS is a publish-subscribe service that publishers use to send messages to subscribers through SNS topics. In Amazon SNS, subscribers can include web servers, email addresses, Lambda functions, and various other endpoints. You will learn about Lambda in more detail later.

Example: Amazon SNS

A company that sells a variety of products is currently sending a single email to all customers with updates on various topics, such as new products, special offers, and upcoming events. Although this method worked initially, customers want to receive only the updates they’re interested in. The current email update is causing customer dissatisfaction and lower engagement.

To learn more about the solution, choose each of the three numbered markers.

Segment the communication

The company decides to divide the communication into three separate topics, including one for new products, one for special offers, and one for events. Each topic will focus on a specific area of interest.
Let customers choose topics

Customers can subscribe to the topics they care about, such as the following:
- A customer might subscribe only to new product updates.
- Another customer might opt only for event notifications.
- A third customer might choose to subscribe to new product updates and special offers.

Send tailored notifications

With Amazon SNS, the company can send personalized notifications to subscribers based on their specific interests. Amazon SNS makes sure that these notifications are promptly delivered to the right audience, improving the efficiency and relevance of the communication.

**Test your skills

**
1. What BEST describes the key difference between tightly coupled and loosely coupled architectures?
  - In a tightly coupled architecture, components are tightly connected and dependent on each other, whereas in a loosely coupled architecture, components can operate independently.
  - Tightly coupled systems are more flexible in adding new components, whereas loosely coupled systems require careful configuration to add new components.
  - Tightly coupled architectures are designed for scalability, whereas loosely coupled systems focus on maintaining high availability.
  - Loosely coupled systems require components to share data directly with each other, whereas tightly coupled systems store data in a central repository.
2. In a banking system, when customers transfer money, the transaction details are sent from the transaction service to a fraud detection service for verification. Sometimes, the fraud detection service is temporarily down.
  
  What is the MAIN advantage of using Amazon Simple Queue Service (Amazon SQS) in this banking scenario?
  - It guarantees immediate approval of transactions.
  - It stores transaction details until the fraud detection service can process them, even if the service is down.
  - It speeds up transaction processing by avoiding the use of a buffer.
  - It forces the transaction service and fraud detection service to depend on each other directly.

Module 1: Introduction to the Cloud

Kumar Chaudhary — Fri, 08 Aug 2025 13:19:01 GMT

Defining cloud computing

To review the definition of cloud computing, choose each of the following four numbered markers.

Cloud deployment types

You can deploy cloud resources in multiple ways: cloud, on-premises, and hybrid. Each type offers unique benefits and considerations, and exploring these options can help you make informed decisions about your cloud strategy. To learn more about cloud deployment types, choose each of the following flashcards.

Cloud
In a cloud-based deployment model, you have the flexibility to migrate your existing resources to the cloud, design and build new applications within the cloud environment, or use a combination of both.

For instance, a company might migrate data resources to the cloud, then develop an application comprised of virtual servers, databases, and networking components entirely hosted in the cloud.

On-premises
Deploying resources on premises using virtualization and resource management tools does not provide many of the benefits of cloud computing. However, it is sometimes sought for its ability to provide dedicated resources and low latency.

In most cases this deployment model is the same as legacy IT infrastructure while using application management and virtualization technologies to try increasing resource utilization.

Hybrid
In a hybrid deployment, cloud-based resources and on-premises infrastructure work together. This approach is ideal for situations where legacy applications must remain on premises due to maintenance preferences or regulatory requirements.

For instance, a company might choose to retain certain regulated legacy applications on-premises while using cloud services for advanced data processing and analytics.

Multi-cloud deployments can also be considered hybrid deployments.

Test your skills

You work for a local charity organization. Your organization has sensitive data that must remain within your country for compliance reasons. However, you also need a solution that can scale quickly to handle seasonal spikes in demand. You decide to keep on-premises resources for compliance and use cloud-based resources for dynamic scaling.

Which type of cloud deployment does this situation describe?

On-premises deployment

Public cloud deployment

Hybrid deployment

Data-compliance deployment

Benefits of the AWS Cloud

In this lesson, you will learn how to do the following:

Describe the six key benefits of cloud computing.

Now that you understand how the cloud operates at a fundamental level, you will explore some advantages of using the cloud for your business. In this lesson, you will learn about six key benefits of cloud computing.

Key benefits of the AWS Cloud

The six key benefits of the AWS Cloud are as follows.

Trade fixed expense for variable expense

By using the AWS Cloud, businesses can transition from fixed investments to variable costs. With variable costs, customer expenses are better aligned with actual usage, thus creating more financial flexibility.

Benefit from massive economies of scale

Like buying a product in bulk can result in lower prices per unit, the vast global infrastructure of AWS can result in lower costs for customers. This means that AWS can be used by many organizations, from small startups to major corporations. Businesses big and small can access advanced technologies that were previously only accessible to large enterprises.

Stop guessing capacity

Customers can dynamically scale AWS Cloud resources up or down based on real-time demand. This means businesses can achieve optimal performance without provisioning more or less infrastructure than they need.

Increase speed and agility

With the cloud, businesses can rapidly deploy applications and services, accelerating time to market and facilitating quicker responses to changing business needs and market conditions.

Stop spending money to run and maintain data centers

The AWS Cloud eliminates the need for businesses to invest in physical data centers. This means customers aren't required to spend time and money on utilities and ongoing maintenance. With AWS taking care of the physical infrastructure of the cloud, customer resources can be reallocated to more strategic initiatives.

Go global in minutes

Businesses don't need to set up their own infrastructure to expand internationally. AWS provides a robust global infrastructure that customers can use to deploy applications and services across multiple areas in minutes.

Introduction to AWS Global Infrastructure

In this lesson, you will learn how to do the following:

Define AWS Regions and Availability Zones.
Explain the benefits of high availability and fault tolerance.

In this lesson, you learn about the basics of the AWS Global Infrastructure. You learn about the unique physical setup of AWS resources, and you explore some benefits of AWS infrastructure, such as high availability and fault tolerance. You will learn about more advanced components of AWS infrastructure in a later lesson of this training. For now, it's helpful to have a fundamental understanding of basic AWS infrastructure elements, such as data centers, Availability Zones, and AWS Regions.

AWS Regions and Availability Zones

AWS Global Infrastructure consists of physical locations around the world that contain groups of data centers. To learn more about the design of AWS Regions and Availability Zones, choose each of the following two numbered markers.

Achieving high availability with AWS Global Infrastructure

AWS infrastructure is designed with high availability and fault tolerance in mind. Availability Zones (AZs) are configured as isolated resources, and they are each equipped with independent power, networking, and connectivity.

It's recommended to distribute your resources across multiple AZs. That way, if one AZ encounters an outage, your business applications will continue to operate without interruption. With this approach of redundancy and resource isolation, AWS customers can achieve the benefits of high availability and fault tolerance.

Test your skills

You just joined a tech start-up, and the business is growing rapidly. Your new company decides that they need to design a resilient and scalable infrastructure on AWS to handle increased traffic and help ensure high availability.

Which statement BEST describes the AWS Global Infrastructure benefit of high availability?

AWS stores all of your website’s data in a single AWS storage bucket to centralize data management.
AWS has many customer support options to ensure the answers to your questions are highly available on its website.
AWS provides multiple data centers across different geographic regions so your website can remain operational even if one location faces issues.
AWS offers a single, highly secure data center that can handle all your traffic, ensuring that your website is available.

The AWS Shared Responsibility Model

In this lesson, you will learn how to do the following:

Describe and differentiate between customer responsibilities, AWS responsibilities, and shared responsibilities in the AWS Cloud.
Describe the components of the AWS Shared Responsibility Model.

The AWS Shared Responsibility Model is a concept designed to help AWS and customers work together to create a secure, functional cloud environment. In this lesson, you learn about the components of the AWS Shared Responsibility Model. With a clear understanding of cloud computing responsibilities, organizations can better navigate the complexities of cloud security.

Components of the AWS Shared Responsibility Model

To review the components of the AWS Shared Responsibility model, choose each of the following three numbered markers.

Test your skills

You work for a startup company that is developing an application in the cloud. A new security update is available for your operating system (OS), and you are tasked with verifying that the OS is patched accordingly.

Which statement BEST describes which party is responsible for applying security patches to the OS that is running in the cloud?

AWS is responsible for applying security patches to the OS.
Your company is responsible for applying security patches to the OS.
Both AWS and the customer apply separate patches.
The OS vendor applies the patches.

Applying Cloud Concepts to Real Life Use Cases

In this lesson, you will learn how to do the following:

Explain how fundamental cloud concepts, such as the AWS Global Infrastructure and AWS Shared Responsibility Model, work together to form real-world business solutions.

You've learned about some fundamental cloud concepts, like how cloud computing works, the basics of AWS Global Infrastructure, and the AWS Shared Responsibility Model. It's important to build your knowledge of cloud computing piece by piece. However, in reality, the concepts you learn about in this training work together, not separately. In this lesson, you explore your first example of the Cloud in Real Life, piecing together how abstract cloud concepts work together to drive innovation and efficiency for your business.

Cloud in real life: Infrastructure and shared responsibility

In the preceding video, you examined how AWS Global Infrastructure and the AWS Shared Responsibility Model work together for your business solution. For this use case, the global ecommerce company deployed resources to multiple AWS Regions and Availability Zones. To learn more about the benefits this infrastructure design achieves and how AWS and the company share responsibility, choose each of the following three numbered markers.

Dynamic Code Injection with Frida – Hooking the InsecureBankv2 App

Kumar Chaudhary — Tue, 27 May 2025 15:38:13 GMT

1.Objective

Demonstrate how to intercept and manipulate sensitive app functionality using Frid a to bypass login checks on the InsecureBankv2 app.

1.1. Prerequisites

✅ Frida installed on your PC (pip install frida-tools)
✅ Rooted Android emulator/device (Genymotion or similar)
✅ InsecureBankv2 APK installed and running on the device
✅ USB debugging enabled (or virtual ADB over Genymotion)

1.2. Understanding Prerequisites

🐞 Frida – Dynamic Instrumentation Toolkit

Frida is a powerful tool used by developers and ethical hackers to inspect, modify, and control apps while they are running. Think of it like a "microscope" that lets you look inside an app and change what it does — without changing the actual app code.
✅ Common Uses:

Debugging mobile apps
Bypassing root detection
Hooking functions to see how they work

📱 Genymotion ADB – Android Bridge for Emulators

Genymotion ADB (Android Debug Bridge) connects your computer to a Genymotion virtual Android device. It works the same way as it does with a real phone.
✅ Why Use It?

Easy to test apps on different Android versions
Run scripts, install apps, and debug smoothly
Great for automation and security testing

💻 ADB Shell – Command Line Access to Android

ADB Shell lets you open a terminal directly inside the Android device (real or virtual). You can run commands to control the device or inspect files.
✅ What You Can Do:

Access system directories
Modify app files or settings
Run commands like pm list packages, am start, etc.

2.Environment Installation

Now you understand the basic term required for the dynamic code injection. we will then proceed to installing those requirements

✅ Here are the Prerequisites Setup for Frida on Kali Linux/Ubuntu (No virtual box is needed if you are linux)

If you are a window user then you must need to install virtual box with creating a virtual environment for installation of kali linux on virtual box and perform the operation on linux machine.

1. Install Frida

Make sure Python and pip are available:

sudo apt update
sudo apt install python3 python3-pip -y

Then install Frida:

pip3 install frida-tools

Check version to confirm:

frida --version

2. Install ADB (Android Debug Bridge)

ADB is needed to connect your PC to the Android emulator:

sudo apt install android-tools-adb -y

3. Set Up Genymotion Emulator (Rooted)

Download Genymotion from: https://www.genymotion.com/
Install and launch a rooted virtual device directly from Genymotion.
Enable ADB over network in the emulator settings.

Connect to the emulator:

adb connect :5555

Check connection:

adb devices

4. Install InsecureBankv2 APK

Download the APK, then install it on the emulator:
You will get problem to download the apk. so don’t worry here i’ll provide you a direct link.

App Link: https://github.com/dineshshetty/Android-InsecureBankv2/raw/master/InsecureBankv2.apk

adb install InsecureBankv2.apk

Make sure the app runs on the emulator.

5. Enable USB Debugging / ADB Over Network

On Genymotion, USB debugging is pre-enabled. Just connect using the IP shown in the emulator.

3. Setting up frida server on android(rooted)

Look your phone is not rooted at this point so i prefer you to use genymotion we talk about earlier. Once you've installed Frida on your Kali Linux or Ubuntu system and set up a rooted Android device/emulator (like Genymotion), it’s time to set up the Frida Server to start hooking into Android apps.

✅ Step 1: Download the Correct Frida Server

Frida server must match the Frida version installed on your PC and the CPU architecture of your Android device (e.g., arm, arm64, x86, x86_64).

Check your Frida version:
```
 frida --version
```
Go to: https://github.com/frida/frida/releases
Download the server binary like:
frida-server--android-x86_64.xz (for Genymotion)
OR
frida-server--android-arm64.xz (for real phones)
Extract the binary:
```
 tar -xf frida-server-*.xz
```

✅ Step 2: Push Frida Server to Android

Make sure ADB is connected:

adb devices

Push and set permissions:

adb push frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"

✅ Step 3: Start Frida Server on Android

Now open an ADB shell and run the server as root step by step one after another:

adb shell
su
cd /data/local/tmp/
./frida-server &

✅ You should now have Frida server running in the background on your device.

🕵️‍♂️ Step 4: Using Frida and frida-ps

List running processes (check if your target app is visible):
```
  frida-ps -U
```
-U stands for USB device (or connected emulator).
List only apps:
```
  frida-ps -Uai
```
-a = applications only
-i = include app identifiers (package names)

🎯 Step 5: Attach to a Running App

To attach to an app (e.g., InsecureBankv2), find the package name (like com.android.insecurebankv2) using frida-ps, then:

frida -U -n com.android.insecurebankv2

Sometimes com.android.insecurebankv2 might not work so in that situation

🧪 Step 6: Attach to the App Process when above snippet didn’t work

frida -U -p 3990

This attaches Frida to the app’s running process. Here 3990 is pid obtained from “frida-ps -Uai” command line. Then you will enter into frida REPL.

🧪 Step 7: Write a Frida Hook Script – `hook-login.js`

Now that Frida is running, let's create a custom script to hook into the app's login function.

Create a file called hook-login.js with the following content:

jsCopyEditJava.perform(function () {
    var loginClass = Java.use("com.android.insecurebankv2.LoginActivity");

    loginClass.performlogin.implementation = function () {
        console.log("🔒 performlogin() hooked!");

        // Skip original logic
        console.log("✅ Login bypassed (fake success)");
    };
});

🧠 Why Are We Doing This?

We're telling Frida:

“Hey, whenever the performlogin() function is called in the app, don’t do the real logic. Just show a fake success.”

This lets us bypass the actual login check — useful for testing how the app handles sessions, authentication logic, or insecure code.

🧪 Step 6: Inject the Script into the App

Now use Frida to inject the hook into the running app.

First, find the app’s PID (process ID):

frida-ps -U

Then inject the script:

frida -U -p  -l hook-login.js

Example:

frida -U -p 3990 -l hook-login.js

✅ If successful, Frida will inject your script, and you’ll return to a prompt where you can see logs printed from your hook.

🧪 Step 7: Trigger the Hook

Go back to the app and enter any credentials, even invalid ones.

If the hook works, you’ll see in the Frida console:

scssCopyEdit🔒 performlogin() hooked!
✅ Login bypassed (fake success)

✅ STEP-BY-STEP XSS ATTACK SIMULATION (Ubuntu Version)

Kumar Chaudhary — Fri, 23 May 2025 07:56:00 GMT

🔧 Step 1: Set Up Your Local Lab on Ubuntu

1.1 Install Required Packages

Open your terminal and run:

sudo apt update
sudo apt install apache2 mysql-server php php-mysqli git unzip

1.2 Start Apache and MySQL Services

sudo systemctl start apache2
sudo systemctl start mysql
sudo systemctl enable apache2
sudo systemctl enable mysql

📦 Step 2: Download and Configure DVWA

2.1 Clone DVWA Repository

/var/www/html
sudo git clone https://github.com/digininja/DVWA.git
sudo chown -R www-data:www-data DVWA

2.2 Configure Database

sudo mysql

Inside MySQL shell:

CREATE DATABASE dvwa;
CREATE USER 'dvwauser'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwauser'@'localhost';
FLUSH PRIVILEGES;
EXIT;

2.3 Edit DVWA Config

cd /var/www/html/DVWA/config
sudo cp config.inc.php.dist config.inc.php
sudo nano config.inc.php

Modify these lines:

$_DVWA['db_user'] = 'dvwauser';
$_DVWA['db_password'] = 'password';

2.4 Set Permissions

sudo chmod -R 755 /var/www/html/DVWA/hackable/uploads/

🌍 Step 3: Set Up and Launch DVWA in Browser

Open browser and go to: http://localhost/DVWA/setup.php
Click "Create / Reset Database"
Log in:
- Username: admin
- Password: password (default)
Go to DVWA Security tab, set security level to Low

🛡️ Step 4: Install and Configure Burp Suite

4.1 Install Burp Suite Community Edition

Download from: https://portswigger.net/burp/communitydownload
Give execution permission:

chmod +x burpsuite_community_linux.sh
./burpsuite_community_linux.sh

4.2 Configure Firefox Proxy

Open Firefox → Settings → Network Settings
Set Manual Proxy:
- HTTP Proxy: 127.0.0.1
- Port: 8080
- Check: "Use this proxy for all protocols"

4.3 Install Burp CA Certificate in Firefox

In Firefox, visit: http://burp
Download the CA certificate
Go to Settings → Certificates → Authorities → Import and trust the certificate

⚔️ Step 5: Perform XSS Attack in DVWA

5.1 Go to DVWA → Click “XSS (Stored)” or “XSS (Reflected)”

5.2 Inject Payload

In input field:

Submit → Alert box should appear

Try advanced:

💡 For simulation only. Replace with Burp Collaborator URL or a dummy address.

🔍 Step 6: Use Burp Suite to Intercept and Modify Request

Go to Proxy > Intercept in Burp → Ensure “Intercept is ON”
Submit the form again in DVWA
Request will be captured → Click "Send to Repeater"
Modify payload in Repeater → Re-send → Observe changes

🧪 Step 7: Analyze Output

Use Firefox Dev Tools (F12) → Console → document.cookie
Observe the execution and any captured data
Take screenshots of:
- Input form
- Alert box
- Burp Repeater
- Console output

⚠️ Ethical Note

Only test on your local Ubuntu/DVWA installation.
Never test XSS on live websites or without written permission.

The Best JavaScript ORM in 2025: A Deep Dive into Prisma, TypeORM, and Drizzle

Kumar Chaudhary — Mon, 31 Mar 2025 16:14:26 GMT

Choosing the right Object-Relational Mapping (ORM) tool for your JavaScript/TypeScript project is crucial for productivity, performance, and long-term maintainability. With several strong contenders—Prisma, TypeORM, and Drizzle ORM—each has its strengths and trade-offs. Picking between Prisma, TypeORM, and Drizzle ORM depends on your project requirements, team familiarity, and specific needs around ease of use, scalability, and performance.

In this in-depth guide, we’ll compare these three ORMs across key factors:
✅ Ease of Use – Developer experience, learning curve, and setup
✅ Performance – Query speed, overhead, and efficiency
✅ Scalability – Handling large applications and complex queries
✅ Type Safety – How well TypeScript is supported
✅ Migrations & Tooling – Database schema management
✅ Community & Ecosystem – Support, plugins, and future growth

By the end, you’ll have a clear answer on which ORM is best for your project.

Comparison Summary

Feature	Prisma	TypeORM	Drizzle ORM
Ease of Use	✅ Very intuitive schema, great DX	⚠️ Flexible but complex setup	✅ SQL-like, lightweight
Scalability	✅ Good for mid-large apps	⚠️ Can get messy in large apps	✅ Excellent (close-to-SQL)
Performance	⚠️ Good, but has overhead	⚠️ Can be slow in complex queries	✅ Near raw SQL speed
Type Safety	✅ Excellent (generated types)	⚠️ Decent (but runtime quirks)	✅ Strong (SQL-based)
Migrations	✅ Built-in (Prisma Migrate)	⚠️ Requires separate tools	✅ Flexible (SQL or drizzle-kit)
Transactions	✅ Good (client-side)	✅ Supports transactions	✅ Excellent (SQL-like)
Community	✅ Large & growing	✅ Largest (but fragmented)	⚠️ Smaller but growing

Recommendation Based on Priorities

For Ease of Use & Developer Experience (DX) → Prisma
- Best for startups & rapid development.
- Auto-generated types & migrations.
- Simple but powerful query API.
For Performance & Scalability → Drizzle ORM
- Closer to raw SQL, minimal overhead.
- Better for large-scale, high-performance apps.
- Type-safe SQL queries.
For Flexibility (if you need ActiveRecord-style patterns) → TypeORM
- Supports both Active Record & Data Mapper.
- More mature but has runtime quirks.
- Works well with established Node.js backends (NestJS, Express).

📈 Scalability (Handling Large Apps)

ORM	Scalability	Notes
Prisma	✅ Good for mid-large apps	Prisma Client can get bulky
TypeORM	⚠ Can get messy in large projects	Repository pattern helps, but requires discipline
Drizzle	✅ Excellent (close to raw SQL)	No magic, scales like handwritten SQL

Winner: Drizzle ORM (best for large-scale apps)

⚡ Performance (Query Speed & Efficiency)

ORM	Performance	Notes
Prisma	⚠ Good, but has some overhead	Optimized for DX, not raw speed
TypeORM	⚠ Can be slow with complex joins	Reflection-based queries add overhead
Drizzle	✅ Near raw SQL performance	Compiles to optimized SQL

Winner: Drizzle ORM (best for high-performance apps)

🛡 Type Safety (TypeScript Support)

ORM	Type Safety	Notes
Prisma	✅ Excellent (generated types)	Full autocompletion
TypeORM	⚠ Decent (but runtime issues)	Decorators can cause mismatches
Drizzle	✅ Strong (SQL-based types)	Almost no runtime surprises

Winner: Prisma & Drizzle (both excellent)

🔄 Migrations & Database Management

ORM	Migrations	Notes
Prisma	✅ Built-in (Prisma Migrate)	Easy but opinionated
TypeORM	⚠ Requires TypeORM CLI	Can be clunky
Drizzle	✅ Flexible (SQL or drizzle-kit)	More control, but manual work

Winner: Prisma (best for automation), Drizzle (best for control)

👥 Community & Ecosystem

ORM	Community	Notes
Prisma	✅ Large & growing	Strong corporate backing
TypeORM	✅ Largest (but fragmented)	Many plugins, but inconsistent quality
Drizzle	⚠ Smaller but growing	Gaining traction fast

Winner: TypeORM (most plugins), Prisma (best long-term support)

Comparison

📌 Ease of Use & Developer Experience (DX)

ORM	Pros	Cons
Prisma	✅ Intuitive schema definition

Winner: Prisma (best DX), Drizzle (if you prefer SQL control)

Final Verdict

Choose Prisma if you want the best developer experience and don’t need ultra-high performance.
Choose Drizzle ORM if you prioritize performance and prefer SQL-like control.
Choose TypeORM if you need flexibility and are okay with some trade-offs in type safety.

My Personal Preference?
If starting a new project today, I’d lean toward Drizzle ORM for performance & type safety, or Prisma for rapid prototyping. TypeORM is still viable but feels outdated compared to these two.

Roadmap to learn cybersecurity.

Kumar Chaudhary — Sun, 23 Mar 2025 04:48:29 GMT

1. Essential Skills to Learn

🔹 Networking & System Security

Learn TCP/IP, DNS, VPNs, Firewalls, IDS/IPS, and NAT.
Get familiar with Linux & Windows security.

🔹 Penetration Testing & Ethical Hacking

Learn OWASP Top 10 vulnerabilities.
Practice Web Application Security (SQL Injection, XSS, CSRF).
Work with tools like Burp Suite, Metasploit, Wireshark, and Nmap.

🔹 Programming & Scripting

Python (for automation & security scripting).
Bash or PowerShell (for system administration).
JavaScript (for understanding web security threats).

🔹 Cloud Security & DevSecOps

Learn AWS/Azure security best practices.
Get familiar with CI/CD security and infrastructure as code (IaC).

🔹 Incident Response & Digital Forensics

Learn how to analyze logs and detect cyber threats.
Use tools like Autopsy, Volatility, and ELK Stack (SIEM).

🔹 Governance, Risk, and Compliance (GRC)

Learn ISO 27001, GDPR, PCI-DSS, and NIST standards.
Get familiar with risk assessment frameworks.

2. Certifications to Boost Your Resume

🌟 Entry-Level
✔️ CompTIA Security+
✔️ Cisco CCNA Security
✔️ Certified Ethical Hacker (CEH)

🌟 Intermediate-Level
✔️ Offensive Security Certified Professional (OSCP)
✔️ Certified Information Systems Security Professional (CISSP)
✔️ AWS Certified Security - Specialty

🌟 Advanced-Level
✔️ GIAC Penetration Tester (GPEN)
✔️ Certified Information Security Manager (CISM)

3. Practical Experience to Gain in Nepal

💻 Freelancing & Bug Bounty

Work on Upwork, Fiverr, or Turing as a security consultant.
Participate in bug bounty programs (HackerOne, Bugcrowd).

🔍 Internships & Jobs in Nepal

Apply for cybersecurity roles at banks, fintech companies, IT firms, or government agencies.
Look for security analyst or penetration tester roles in companies like LogPoint, Vianet, eSewa, and Khalti.

🛠️ Open-Source & Personal Projects

Contribute to security-related open-source projects on GitHub.
Set up your own home lab for penetration testing using Kali Linux and Hack The Box.

4. How This Helps You Secure a Job in the UK

✅ Showcases hands-on experience (essential for UK employers).
✅ Proves you have global cybersecurity certifications.
✅ Bug bounty reports can act as real-world proof of expertise.
✅ Open-source contributions make your profile stand out.

What if your background is in software engineering (full-stack development) and you want to transition into cybersecurity, your research should focus on security challenges in software development. Here are some research topics that align with your experience for instance in Node.js, Nest.js, Prisma, PostgreSQL, React, Next.js, and React Native etc……..:

1. Web & API Security

🔹 Securing GraphQL APIs: Common Vulnerabilities and Best Practices
🔹 OWASP Top 10 Security Risks in Modern Web Frameworks: A Study on Next.js and React.js
🔹 API Security in Microservices: A Case Study on Node.js and Nest.js
🔹 Authorization and Authentication Models in Web Applications: A Comparative Study of JWT, OAuth, and Session-Based Authentication

2. Database Security

🔹 SQL Injection and NoSQL Injection Attacks: Security Implications in PostgreSQL and Prisma
🔹 Database Encryption Techniques: Enhancing Security in Prisma ORM
🔹 Role-Based Access Control (RBAC) vs. Attribute-Based Access Control (ABAC): Which is More Secure for Modern Applications?
🔹 Security Threats in Serverless Databases: A Case Study on Neon.tech and PostgreSQL

3. Cloud & DevSecOps Security

🔹 CI/CD Pipeline Security: Securing Automated Deployments in Next.js and Node.js
🔹 Cloud-Native Application Security: A Study on Protecting Serverless Functions in AWS and Firebase
🔹 Container Security in DevOps: Protecting Dockerized Applications in Node.js
🔹 Infrastructure as Code (IaC) Security: Best Practices for Terraform and Kubernetes

4. Mobile App Security (React Native)

🔹 Reverse Engineering and Code Obfuscation: Enhancing React Native App Security
🔹 Secure Storage of Sensitive Data in React Native Applications
🔹 Man-in-the-Middle Attacks in Mobile Apps: How Secure is React Native?
🔹 Mobile API Security: Securing Communication Between Frontend and Backend in React Native

5. AI & Cybersecurity

🔹 Using AI for Automated Threat Detection in Web Applications
🔹 Machine Learning for Fraud Detection in Online Transactions
🔹 AI-Driven Security Testing: Enhancing Software Security with GPT-Based Penetration Testing

6. Blockchain & Web3 Security

🔹 Smart Contract Security: Analyzing Vulnerabilities in Solidity-Based Applications
🔹 Blockchain for Identity Management: A Secure Alternative to Traditional Authentication Methods
🔹 Web3 Security: Preventing Phishing and Scams in Decentralized Applications

7. Ethical Hacking & Penetration Testing

🔹 Red Team vs. Blue Team in Web Application Security: A Practical Analysis
🔹 Penetration Testing on Modern JavaScript Frameworks: Case Study on Next.js
🔹 Automating Security Audits for Node.js Applications Using Open-Source Tools

How to Set Up SSH Keys for GitHub: Step-by-Step Instructions

Kumar Chaudhary — Tue, 11 Mar 2025 08:30:50 GMT

When working with GitHub, using SSH for authentication is a secure and efficient approach. Recently, I ran into an issue where my GitHub push attempts were met with a frustrating Permission denied (publickey) error. If you’re in the same boat, don’t worry! This article walks you through generating and adding an SSH key for GitHub, step by step.

1. Checking the Current SSH Configuration

First, let’s check if there are any existing SSH keys:

ls -al ~/.ssh

This command lists all the files in the .ssh directory. If you see files like id_rsa or id_ed25519, you likely already have SSH keys set up. In my case, the directory only contained authorized_keys and known_hosts, meaning no SSH key pair was available.

2. Generating a New SSH Key Pair

Since there was no key, I generated a new SSH key pair using the ED25519 algorithm, which is more secure and faster than RSA:

ssh-keygen -t ed25519 -C "your-email@example.com"

You’ll be prompted for a file location — just press Enter to accept the default (/home/yourusername/.ssh/id_ed25519). Then, enter a passphrase for added security (or leave it empty for convenience). Once done, you’ll see output like this:

Your identification has been saved in /home/yourusername/.ssh/id_ed25519
Your public key has been saved in /home/yourusername/.ssh/id_ed25519.pub

3. Starting the SSH Agent

The SSH agent manages your SSH keys, so you don’t need to enter the passphrase every time. Start it like this:

eval "$(ssh-agent -s)"

You’ll see a message like Agent pid 54866, confirming the agent is running.

4. Adding the SSH Key to the Agent

Now, add the private key to the agent:

ssh-add ~/.ssh/id_ed25519

If everything’s set up correctly, you won’t see any errors.

5. Adding the SSH Key to GitHub

The next step is to add your public key (id_ed25519.pub) to GitHub. Display the key with this command:

cat ~/.ssh/id_ed25519.pub

Copy the output and go to your GitHub account:

Go to Settings → SSH and GPG keys.
Click New SSH key.
Paste the copied key and give it a name.
Click Add SSH key.

6. Testing the SSH Connection

Let’s confirm everything works:

ssh -T git@github.com

If it’s successful, you’ll see a message like this:

Hi your-github-username! You've successfully authenticated.

7. Pushing to GitHub

Finally, try pushing your code again:

git push -u origin main

Everything should work perfectly now! 🎉

Final Thoughts Setting up SSH for GitHub takes a few steps, but once it’s done, you’ll have a secure and password-free way to manage your repositories. If you run into any snags, double-check your SSH agent, key permissions, and GitHub key settings.

Happy coding! 🚀

eSewa and Node.js: The Dynamic Duo of Payment Integration – No Capes Required!

Kumar Chaudhary — Tue, 05 Nov 2024 07:22:39 GMT

Alright, folks, it’s time to roll up our sleeves and dive into the exciting world of payment integration! To kick things off, we’ll create a payment initiation form in a file named form.html. This form will be the friendly face of our application, allowing users to input the amount they want to pay and any applicable taxes.

Step-1: Create Payment Initiation Form

html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js">script>
    <title>eSewa Payment Integrationtitle>
    <style>
      .container {
        max-width: 500px;
        margin: 50px auto;
        padding: 20px;
        border: 1px solid #ddd;
        border-radius: 8px;
        box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
      }
      .form-group {
        margin-bottom: 20px;
      }
      label {
        display: block;
        margin-bottom: 8px;
        font-weight: 600;
      }
      input {
        width: 100%;
        padding: 10px;
        border: 1px solid #ddd;
        border-radius: 4px;
        font-size: 16px;
      }
      button {
        background-color: #60bb46;
        color: white;
        padding: 12px 24px;
        border: none;
        border-radius: 4px;
        cursor: pointer;
        font-size: 16px;
        width: 100%;
      }
      button:hover {
        background-color: #4fa83d;
      }
      .error {
        color: #dc3545;
        margin-top: 10px;
        padding: 10px;
        border-radius: 4px;
        background-color: #fff3f3;
        display: none;
      }
    style>
  head>
  <body>
    <div class="container">
      <h2>eSewa Payment Testh2>
      <div id="payment-form">
        <div class="form-group">
          <label for="amount">Amount (NPR):label>
          <input type="number" id="amount" step="0.01" value="100" min="1" />
        div>
        <div class="form-group">
          <label for="tax_amount">Tax Amount (NPR):label>
          <input type="number" id="tax_amount" step="0.01" value="10" min="0" />
        div>
        <button onclick="initializePayment()">Pay with eSewabutton>
        <div id="error-message" class="error">div>
      div>
    div>
  body>
html>

Step-2: Setup Basic server

Now lets move on to Backend

Enter the following command on your terminal which will create package.json file where we can manage list of dependecies which are required for the project.

npm init -y

Install the follwing dependecises

 npm i axios body-parser cors crypto-js express nodemon uuid

After entering that command we will be having this on your package.json file

Importing Packages: CommonJS vs. ES Modules

Node.js supports two module systems: CommonJS (require) and ES Modules (import). Let’s look at each in detail.

CommonJS (`require`)

The CommonJS module system is the traditional way to handle modules in Node.js. Here’s how you would import a package using CommonJS:

const packageName = require('package-name');

This syntax is synchronous and works seamlessly with many older Node.js projects. CommonJS has been the default in Node.js for a long time, so it’s widely supported by packages.

ES Modules (`import`)

ES Modules use the import syntax, introduced as part of ECMAScript standards, and are generally the preferred approach for newer projects. Here’s how you would import a package using ES Modules:

import packageName from 'package-name';

To use this syntax in Node.js, make sure your package.json includes the following:

"type": "module"

Also add the script to start the server

"dev": "nodemon index.js"

This tells Node.js to interpret .js files as ES Modules by default.

If you encounter issues with your setup, you can replace your package.json with the code below and reinstall the dependencies. However, be cautious: do not overwrite your package.json if you’re working on an existing project—the listed packages are specific to this setup and may differ from the libraries your project depends on.

{
  "name": "payment-integration",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "type": "module",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "dev": "nodemon index.js"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "axios": "^1.7.7",
    "body-parser": "^1.20.3",
    "cors": "^2.8.5",
    "crypto": "^1.0.1",
    "crypto-js": "^4.2.0",
    "express": "^4.21.1",
    "nodemon": "^3.1.7",
    "uuid": "^10.0.0"
  }
}

When to Use CommonJS vs. ES Modules

CommonJS: Useful for compatibility with older libraries or projects that rely on synchronous imports.
ES Modules: Ideal for modern, asynchronous code and works well with the latest JavaScript features. It’s also becoming the standard, so consider using it for new projects.

For now create the index.js file in backend root directory where we will be handling our esewa payment integration code for you project you need write it down on your preferred project methods /files.

// server.js
import express from "express";
import bodyParser from "body-parser";
import cors from "cors";

const app = express();

app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(cors({ origin: "*" }));

app.listen(3000, () => {
  console.log("Server running on port 3000");
});

Firing Up Your Server: Let’s Get This Party Started!

So, you’ve set up your server script in package.json, and now it’s time for the moment of truth. To get things rolling, just type:

npm run dev

Hit enter, and... drumroll... hurray! 🎉 Your server is up and running! Give yourself a high-five (or a fist bump to your screen—just not too hard). Now you’re officially in business!

If you see the magic words “Server is running,” you’re all set. Go forth and conquer that code!

Step-3: Creating a Payment Signature and Kicking Off the Payment Process! 🎉

Let’s dive back into our payment form, shall we?

Here’s a breakdown of this code , explaining each part of the payment initialization and signature generation process:

Creating a Payment Signature and Initializing the Payment

This code snippet shows how to generate a secure payment signature and initialize the payment process in JavaScript. Let’s walk through it step by step.

i. `generateSignature` Function

The generateSignature function creates a secure, HMAC SHA-256 signature for the payment using the provided details. This is crucial for verifying and securing the transaction data.

Here’s what each part of this function does:

Inputs: total_amount, transaction_uuid, product_code, and secretKey are passed in as arguments.
Creating the Signed String: The code combines these values into a single string (signedFields), formatted as total_amount=,transaction_uuid=,product_code=.
Generating the HMAC SHA-256 Hash: It uses the CryptoJS.HmacSHA256 method to create a cryptographic hash based on the signedFields string and the secretKey.

Encoding to Base64: The resulting hash is converted to a base64 string using CryptoJS.enc.Base64.stringify, making it compatible with many API formats.

  function generateSignature(total_amount, transaction_uuid, product_code, secretKey) {
    const signedFields = `total_amount=${total_amount},transaction_uuid=${transaction_uuid},product_code=${product_code}`;
    const hash = CryptoJS.HmacSHA256(signedFields, secretKey);
    const base64Signature = CryptoJS.enc.Base64.stringify(hash);
    return base64Signature;
  }

Purpose: This signature, unique to each transaction, protects sensitive transaction details from tampering.

ii. `initializePayment` Function

The initializePayment function handles the start of the payment process. It validates the payment information and calculates the total_amount to ensure everything checks out before the payment proceeds.

Here’s what happens in initializePayment:

Hiding Error Messages: It first hides any error message that might be displayed from a previous attempt.
Fetching and Calculating Total Amount: It retrieves the amount and taxAmount from input fields, converts them to numbers, and calculates the total by adding the two values.
Generating a Transaction UUID: This function then creates a unique transaction ID, transaction_uuid, using a random string, making each transaction uniquely identifiable.

Setting the Product Code: The product_code is defined as a constant, EPAYTEST in this case, which could represent a demo or test product.

  async function initializePayment() {
    const errorElement = document.getElementById("error-message");
    errorElement.style.display = "none";
    try {
      const amount = document.getElementById("amount").value;
      const taxAmount = document.getElementById("tax_amount").value;
      const total_amount = (parseFloat(amount) + parseFloat(taxAmount)).toFixed(2);
      const transaction_uuid = Math.random().toString(36).substring(2, 14);
      const product_code = "EPAYTEST";
      console.log("Initiating payment with:", { total_amount, transaction_uuid, product_code });

Validating Total Amount: If the calculated total_amount is less than or equal to zero, it throws an error to alert the user that the entered amount is invalid.

Error Handling: If any error occurs during initialization, it logs the error and displays an error message on the page.

      if (parseFloat(total_amount) <= 0) {
        throw new Error("Please enter a valid amount greater than 0");
      }
    } catch (error) {
      console.error("Payment initialization error:", error);
      errorElement.style.display = "block";
      errorElement.innerText = error.message;
      errorElement.textContent = error.message;
    }
  }

Putting It All Together

With these two elements, you’ll have a fully functioning setup:

The payment button triggers the initializePayment function.
The CryptoJS library, added via CDN, powers the secure hashing process in generateSignature.

Below code the combination above two blockl code which generate a secure payment signature and initialize the payment process in JavaScript.First set

Step 3

Almost There: Bringing Up the eSewa Payment UI!

Alright, we’ve got the foundation laid out, but we’re only halfway to the finish line! We still need to make that magical eSewa payment UI pop up—the one that handles login and payment details on a third-party site. Ever wonder how sites open that fancy payment screen? Don’t worry if you’re not sure yet. I’m here to help, and I promise it’s simple!

Now, I could tell you to just copy-paste my code and call it a day… but hold on! Don’t do that until you understand what’s happening here. Let’s walk through it so you’re not just clicking buttons but actually mastering this process. Ready to dive in?

The Final Countdown: Making the eSewa Payment UI Appear!

Alright, we’ve set up our transaction data and secured it with a signature. Now it’s time to bring that eSewa payment screen to life! Let’s break down how this code sends everything over to eSewa so users can complete their payment with style.

Step i: Generating the Signature 🎩🔐

This bit of code is like our VIP pass. To make sure eSewa knows we’re legit, we use generateSignature() to create a secure signature with our secret key, "8gBm/:&EnhH.1/q". The secret key is provided by esewa fell free to check the documentation. OfCourse you will need a live secret to work in real world.As for now let’s procces with test secret key, this keeps our transaction data safe and sound. Add this below code after if statement in try catch block that we did on our previous step.

const signature = generateSignature(
  total_amount,
  transaction_uuid,
  product_code,
  "8gBm/:&EnhH.1/q"
);
console.log("Generated Signature:", signature);

Here we’ve got our signature in hand. You could even print it out as proof of your fancy crypto skills!

Step ii: Building the Payment Data 🛠️📦

Next up, we need a nicely packed box of paymentData. Think of this as the gift basket we’re sending to eSewa, packed with all the transaction details:

amount, total_amount, tax_amount: These tell eSewa how much we’re paying.
transaction_uuid: Like a fingerprint for our transaction.
product_code: The unique code for our product.
signature: Our security stamp from Step 1.
URLs for success and failure: These URLs let eSewa know where to send the user after they’ve paid or backed out.
Charges: Here we assume no delivery or service charge and set these to 0.

const paymentData = {
  amount: amount,
  total_amount: total_amount,
  tax_amount: taxAmount,
  transaction_uuid: transaction_uuid,
  product_code: product_code,
  signature: signature,
  success_url: "http://localhost:3000/payment-success",
  failure_url: "http://localhost:3000/payment-failure",
  product_delivery_charge: "0",
  product_service_charge: "0",
  signed_field_names: "total_amount,transaction_uuid,product_code",
};

Step iii: Creating the Form 📝📬

Now, we need to send this info over to eSewa. To do that, we create a form element, just like if we were filling out a web form manually:

Create the Form: Set it up to send a POST request directly to the eSewa payment API.
Put Everything in Order: eSewa expects specific fields, so we create a list to ensure everything is lined up just right.
Hidden Inputs: Add each field as a hidden input, so users don’t see them but the data goes along for the ride.
Send the Form: Finally, we add the form to the page and let form.submit() work its magic!

const form = document.createElement("form");
form.method = "POST";
form.action = "https://rc-epay.esewa.com.np/api/epay/main/v2/form";

const fields = [
  "amount",
  "failure_url",
  "product_delivery_charge",
  "product_service_charge",
  "product_code",
  "signature",
  "signed_field_names",
  "success_url",
  "tax_amount",
  "total_amount",
  "transaction_uuid",
];

fields.forEach((field) => {
  const input = document.createElement("input");
  input.type = "hidden";
  input.name = field;
  input.value = paymentData[field];
  form.appendChild(input);
});

document.body.appendChild(form);
form.submit();

And voilà! The form.submit() sends our package over to eSewa, popping up that familiar payment UI so users can complete their transaction. Just a click, and they’re off to the eSewa checkout page, ready to seal the deal!

Final Script

Time to Get Down to Business: Validating Payments on the Server

Alright, payment enthusiasts, it’s time to bring some server-side magic into our eSewa integration! We’ll validate our payment right after initiating it. This means we need to add a bit of code to our server that checks if everything is in order after the user tries to pay.

Step 1: Import the Crypto Library

First things first, we need to import our trusty sidekick, the CryptoJS library, which will help us decode those sneaky Base64 strings that eSewa sends back to us. Let’s get this party started!

import CryptoJS from "crypto-js";

Step 2: Decode the Base64 String

Next, we’ll write a function that decodes Base64 strings and converts them into a fancy JSON object that we can actually work with. This is how we do it:

function decodeBase64ToJson(base64String) {
  const decoded = CryptoJS.enc.Base64.parse(base64String);
  const decodedString = CryptoJS.enc.Utf8.stringify(decoded);
  try {
    const jsonObject = JSON.parse(decodedString);
    return jsonObject;
  } catch (error) {
    console.error("Error parsing JSON:", error);
    return null;
  }
}

What’s happening here?
We’re taking that mysterious Base64 string from eSewa, decoding it like a pro, and then trying to convert it into a JSON object. If it fails, we’ll just log an error and return null—because we’re all about keeping our code clean and informative!

Step 3: Setting Up Success and Failure Routes

Now, let’s set up the routes for when our payment succeeds or fails. This is where we check if everything went smoothly and respond accordingly:

app.get("/payment-success", (req, res) => {
  const data = decodeBase64ToJson(req.query.data);
  console.log(data);
  res.send("Success! Please check the console of index.js.");
});

app.get("/payment-failure", (req, res) => {
  const data = decodeBase64ToJson(req.query.data);
  console.log(data);
  res.send("Oops! There was an error. Please check the console of index.js.");
});

What do these routes do?

/payment-success: If everything goes according to plan and the user successfully makes a payment, this route is hit. We decode the data, log it for our records (and for your eyes), and send a happy message back to the user. 🎉
/payment-failure: If, heaven forbid, something goes wrong, this route kicks in. We decode the data, log the error, and send a friendly message letting the user know that something went wrong. 💔

Conclusion

And there you have it! We’ve successfully set up our server to validate payments with eSewa. Now we can handle success and failure cases like pros.

Day 4: Workshop Guide for Setting Up a Backend with Express and MongoDB

Kumar Chaudhary — Sat, 28 Sep 2024 15:01:47 GMT

1. Initialize the Project

Begin by creating a new project directory and initializing it with npm init:

mkdir blog-backend
cd blog-backend
npm init -y

This will create a package.json file for your project. Afterward, install the necessary dependencies with:

npm install express body-parser dotenv mongoose cookie-parser morgan nodemon bcrypt jsonwebtoken express-validator express-async-handler slugify

These packages include everything we need for creating and securing routes, handling requests, interacting with MongoDB, and managing cookies.

2. Project Structure

The basic structure of your project should look like this:

blog-backend/
├── config/
│   └── dbConnect.js
├── routes/
│   ├── authRoute.js
│   ├── productRoute.js
│   └── blogRoute.js
├── index.js
├── .env
└── package.json

config/dbConnect.js: For setting up the MongoDB connection.
routes/: Directory for handling different routes (auth, product, blog).
index.js: The main entry point for your application.

3. Database Connection

In the config/dbConnect.js file, establish a connection to MongoDB using Mongoose:

// dbconnect.js
import dotenv from "dotenv";
import mongoose from "mongoose";

dotenv.config();

export const dbConnect = async () => {
  try {
    console.log(
      "🚀 ~ dbConnect ~ process.env.MONGO_URI:",
      process.env.MONGO_URI
    );
    await mongoose.connect(process.env.MONGO_URI, {
      useNewUrlParser: true,
      useUnifiedTopology: true,
    });
    console.log("MongoDB connected successfully");
  } catch (error) {
    console.error("MongoDB connection failed");
  }
};

Make sure to create a .env file and add your MongoDB connection string:
```
  PORT=8000
  MONGO_URI=mongodb://localhost:27017/myDatabase
```

4. Setting Up the Server

In the index.js file, we will set up the server using Express.js:

// index.js
import express from "express";
import dotenv from "dotenv";
import bodyParser from "body-parser";
import cookieParser from "cookie-parser";
import { dbConnect } from "./config/dbconnect.js";

dotenv.config();
const app = express();
const port = process.env.PORT || 3000;

// Body parser is used to parse the incoming request bodies in a middleware before you handle it.
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));

app.listen(port, () => {
  console.log(`Server is running on port ${port}`);
});

dbConnect();

Morgan logs HTTP requests.
Body-parser allows us to parse incoming requests in JSON and URL-encoded formats.

Cookie-parser enables us to work with cookies.

Now if we run the server it must need to be notified with “MongoDB connected successfully”. If the database is not connected then you must need to ensure that it should be connected before proceeding to next step.

5. Creating Model

Create a model with name userModel.js which willl create a table in mongoDB where we will perform the crud operation from controller

// models/userModel.js
import mongoose from "mongoose";

var userSchema = new mongoose.Schema(
  {
    firstname: {
      type: String,
      required: true,
      trim: true,
      min: 3,
      max: 20,
    },
    lastname: {
      type: String,
      required: true,
      trim: true,
      min: 3,
      max: 20,
    },
    username: {
      type: String,
      required: true,
      trim: true,
      unique: true,
      index: true,
      lowercase: true,
    },
    email: {
      type: String,
      required: true,
      trim: true,
      unique: true,
      lowercase: true,
    },
    password: {
      type: String,
      required: true,
    },
  },
  {
    timestamps: true,
  }
);

export default mongoose.model("User", userSchema);

6. Creating Controller

Create the route files for authentication, products, and blogs. Each route file will contain the Express routing logic for handling requests.

Example for controller/UserController.js:

For testing: You canPlay with below code

import { validationResult } from "express-validator";
import expressAsyncHandler from "express-async-handler";

export const createUser = expressAsyncHandler(async (req, res) => {
  const errors = validationResult(req);
  if (!errors.isEmpty()) {
    return res.status(400).json({ errors: errors.array() });
  }
  res.send("User created successfully");
});

Before initiating any CRUD operations, please ensure that your route is functioning correctly. Once confirmed, you can proceed with performing the CRUD operations.

// UserController.js
import { validationResult } from "express-validator";
import User from "../models/userModel.js";
import expressAsyncHandler from "express-async-handler";
import { generateToken } from "../config/jwtToken.js";

export const createUser = async (req, res) => {
  try {
    const errors = validationResult(req);
    console.log("🚀 ~ createUser ~ req:", req.body);
    if (!errors.isEmpty()) {
      return res.status(400).json({
        errors: errors.array(),
        message: "validation error",
        success: false,
      });
    }
    //check if user already exists

    const isExist = await User.findOne({
      email: req.body.email,
    });
    console.log("🚀 ~ createUser ~ isExist:", isExist);
    if (isExist) {
      return res.status(400).json({
        message: "User already exists",
        success: false,
      });
    }

    const user = await User.create(req.body);

    return res.status(201).json({
      message: "User created successfully",
      success: true,
      data: user,
    });
  } catch (error) {
    console.error(
      "🚀 ~ file: UserController.js ~ line 13 ~ createUser ~ error",
      error
    );
  }
};

export const updateUser = expressAsyncHandler(async (req, res) => {
  try {
    const errors = validationResult(req);
    if (!errors.isEmpty()) {
      return res.status(400).json({
        errors: errors.array(),
        message: "validation error",
        success: false,
      });
    }

    const user = await User.findByIdAndUpdate(req.params.id, req.body, {
      new: true,
    });

    return res.status(200).json({
      message: "User updated successfully",
      success: true,
      data: user,
    });
  } catch (errro) {
    return res.status(400).json({
      message: "User not found",
      success: false,
    });
  }
});

export const getAllUsers = expressAsyncHandler(async (req, res) => {
  try {
    const users = await User.find();
    return res.status(200).json({
      message: "Users fetched successfully",
      success: true,
      data: users,
    });
  } catch (error) {
    console.error("🚀 ~ getAllUsers ~ error", error);
    return res.status(500).json({
      message: "Server error",
      success: false,
    });
  }
});

export const deleteUser = expressAsyncHandler(async (req, res) => {
  try {
    const user = await User.findById(req.params.id);

    if (!user) {
      return res.status(404).json({
        message: "User not found",
        success: false,
      });
    }

    await User.findByIdAndDelete(req.params.id);

    return res.status(200).json({
      message: "User deleted successfully",
      success: true,
    });
  } catch (error) {
    console.error("🚀 ~ deleteUser ~ error", error);
    return res.status(500).json({
      message: "Server error",
      success: false,
    });
  }
});

7. Creating Routes

Create the route files for authentication, products, and blogs. Each route file will contain the Express routing logic for handling requests. Likewise, the controller is imported in to the rooutes so whenever the route is hitted with certain http method it we response the desired output

Example for routes/authRoute.js:

//authRoute.js
import express from "express";
import { createUser } from "../controller/UserController.js";

const router = express.Router();

router.post("/createUser", createUser);

export { router as authRouter };

You can follow a similar structure for the productRoute.js and blogRoute.js.

Now then we should define our route in `index.js`, as it is the main serving file.

// index.js
import express from "express";
import dotenv from "dotenv";
import bodyParser from "body-parser";
import cookieParser from "cookie-parser";
import { dbConnect } from "./config/dbconnect.js";
import { authRouter } from "./routes/authRoute.js";

dotenv.config();
const app = express();
const port = process.env.PORT || 3000;

// Body parser is used to parse the incoming request bodies in a middleware before you handle it.
app.use(cookieParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));

app.listen(port, () => {
  console.log(`Server is running on port ${port}`);
});

app.use("/api/auth", authRouter);
dbConnect();

If you want some validation

Create `validators/userValidator.js`:

import { body } from "express-validator";

export const validateUser = [
  body("firstname")
    .trim()
    .notEmpty()
    .withMessage("Firstname is required")
    .isAlpha()
    .withMessage("Firstname must only contain letters")
    .isLength({ min: 2, max: 50 })
    .withMessage("Firstname must be between 2 and 50 characters"),

  body("lastname")
    .trim()
    .notEmpty()
    .withMessage("Lastname is required")
    .isAlpha()
    .withMessage("Lastname must only contain letters")
    .isLength({ min: 2, max: 50 })
    .withMessage("Lastname must be between 2 and 50 characters"),

  body("username")
    .trim()
    .notEmpty()
    .withMessage("Username is required")
    .isAlphanumeric()
    .withMessage("Username must only contain letters and numbers")
    .isLength({ min: 3, max: 30 })
    .withMessage("Username must be between 3 and 30 characters"),

  body("email")
    .trim()
    .notEmpty()
    .withMessage("Email is required")
    .isEmail()
    .withMessage("Invalid email format"),

  body("password")
    .notEmpty()
    .withMessage("Password is required")
    .isLength({ min: 8 })
    .withMessage("Password must be at least 8 characters long")
    .matches(/[A-Z]/)
    .withMessage("Password must contain at least one uppercase letter")
    .matches(/[a-z]/)
    .withMessage("Password must contain at least one lowercase letter")
    .matches(/[0-9]/)
    .withMessage("Password must contain at least one number")
    .matches(/[!@#$%^&*]/)
    .withMessage("Password must contain at least one special character"),
];

And then Update `authRoute.js`:

import express from "express";
import { createUser } from "../controller/UserController.js";
import { validateUser } from "../validators/userValidator.js";

const router = express.Router();

router.get("/login", createUser);
router.post("/createUser", validateUser, createUser);

export { router as authRouter };

8. Middleware for authorization

Create a middleware to authenticate the user. It check if the current user trying to perform the operation is autenticated user not.

// middleware/authMiddleware.js
import User from "../models/userModel.js";
import jwt from "jsonwebtoken";
import expressAsyncHandler from "express-async-handler";

export const authMiddleware = expressAsyncHandler(async (req, res, next) => {
  let token;
  if (req?.headers?.authorization?.startsWith("Bearer")) {
    token = req.headers.authorization.split(" ")[1];
    if (token) {
      const decoded = jwt.verify(token, process.env.JWT_SECRET);
      const user = await User.findById(decoded?.id);
      req.user = user;
      next();
    }
  } else {
    return res.status(401).json({
      message: "Not authorized token, Please login again",
      success: false,
    });
  }
});

9. Now Update the Route

authMiddleware is kept at the createUser Route or you can add it on any route as per your requirement which is middleware to secure action that we need perform.

import express from "express";
import {
  createUser,
  deleteUser,
  getAllUsers,
  updateUser,
  userLogin,
} from "../controller/UserController.js";
import { authMiddleware } from "../middleware/authMiddleware.js";

const router = express.Router();

router.post("/createUser", authMiddleware, createUser);
router.put("/updateUser/:id", updateUser);
router.get("/get-all", getAllUsers);
router.delete("/delete/:id", deleteUser);
router.post("/login", userLogin);

export { router as authRouter };

10. Testing the Server

To test if your server is running, start it by running:

npm run server

If everything is set up correctly, you should see:

Server is listening on port http://localhost:5000

// login user in UserController.js
import { generateToken } from "../config/jwtToken.js";

export const userLogin = expressAsyncHandler(async (req, res) => {
  const { email, password } = req.body;
  // findUser variable include all the information of that user with that email.
  const findUser = await User.findOne({ email });
  const accessToken = generateToken(findUser._id);
  // ava store garam  token lai cookie ma
  res.cookie("accessToken", accessToken, {
    httpOnly: true,
    maxAge: 72 * 60 * 60 * 1000,
  });
  if (findUser && (await findUser.isPasswordMatched(password))) {
    // res.json(findUser);
    res.json({
      // ?. syntax is called optional chaining introduced on ecma script in 2020
      _id: findUser?._id,
      firstname: findUser?.firstname,
      lastname: findUser?.lastname,
      email: findUser?.email,
      mobile: findUser?.mobile,
      token: generateToken(findUser?._id),
    });
  } else {
    throw new Error("Invalid Credentials");
  }
});

For that we need to generate AccessToken using JWT for Authentication

//config/jwtToken.js
import jwt from "jsonwebtoken";

export const generateToken = (id) => {
  return jwt.sign({ id }, process.env.JWT_SECRET, { expiresIn: "1d" });
};

Also in models/UserModel.js add the following to encrypt and check password

// Yo code chai password lai encrypt garna lai
userSchema.pre("save", async function (next) {
  if (!this.isModified("password")) {
    next();
  }
  const salt = await bcrypt.genSaltSync(10);
  this.password = await bcrypt.hash(this.password, salt);
});

// password match vaxa ki nai vanera check garna
userSchema.methods.isPasswordMatched = async function (enteredPassword) {
  return await bcrypt.compare(enteredPassword, this.password);
};

Overall, which will look like this

// models/userModel.js
import mongoose from "mongoose";
import bcrypt from "bcryptjs";

var userSchema = new mongoose.Schema(
  {
    firstname: {
      type: String,
      required: true,
      trim: true,
      min: 3,
      max: 20,
    },
    lastname: {
      type: String,
      required: true,
      trim: true,
      min: 3,
      max: 20,
    },
    username: {
      type: String,
      required: true,
      trim: true,
      unique: true,
      index: true,
      lowercase: true,
    },
    email: {
      type: String,
      required: true,
      trim: true,
      unique: true,
      lowercase: true,
    },
    password: {
      type: String,
      required: true,
    },
  },
  {
    timestamps: true,
  }
);

// Yo code chai password lai encrypt garna lai
userSchema.pre("save", async function (next) {
  if (!this.isModified("password")) {
    next();
  }
  const salt = await bcrypt.genSaltSync(10);
  this.password = await bcrypt.hash(this.password, salt);
});

// password match vaxa ki nai vanera check garna
userSchema.methods.isPasswordMatched = async function (enteredPassword) {
  return await bcrypt.compare(enteredPassword, this.password);
};

export default mongoose.model("User", userSchema);

Day 3: HTTP Module and Building a Basic Server In Node.JS

Kumar Chaudhary — Mon, 23 Sep 2024 16:53:51 GMT

1. Theory:

Introduction to Networking in Node.js

What is Networking?
- Networking refers to the communication between a client and a server using network protocols like HTTP, TCP, UDP, etc.
What is HTTP?
- HTTP (HyperText Transfer Protocol) is a protocol used for transferring data over the web. In Node.js, the http module allows you to create an HTTP server to listen for incoming requests and send responses to clients.

Understanding HTTP Protocols

Request and Response Cycle:
- The client (browser, Postman, etc.) sends an HTTP request to the server.
- The server processes the request and sends back an HTTP response.
HTTP Methods:
- GET: Used to retrieve data from the server.
- POST: Used to send data to the server.
- PUT, DELETE: Other methods used for modifying or deleting data.

Basics of Creating an HTTP Server in Node.js

Using the http Module:
- The http module in Node.js allows you to create a simple web server that can handle incoming HTTP requests and send responses.
- You can handle different routes (e.g., /home, /about) and different HTTP methods (e.g., GET, POST) to serve different types of content.

TCP (Transmission Control Protocol):

Strengths:
- Reliable: TCP ensures that all data is delivered in the correct order, with error checking and retransmission of lost packets.
- Connection-Oriented: A reliable connection is established between the two endpoints before data transfer begins, ensuring consistency.
- Use Case in Real-Time Communication:
  - Chat applications: Many real-time messaging apps, such as WhatsApp or Facebook Messenger, use TCP because reliability is crucial in text-based communication. Missing or out-of-order messages would disrupt the user experience.
  - VoIP with fallback to TCP: In cases where network conditions are unreliable, some VoIP systems fall back to TCP for improved reliability.
  - Video conferencing (with TCP fallback): Some systems use TCP to ensure delivery, but usually at the cost of higher latency.

    const net = require("net");
    const readline = require("readline");

    // Create a TCP server
    const server = net.createServer((socket) => {
      console.log("Client connected");
      socket.write("Hello, TCP World!\n");

      // Receive data from the client
      socket.on("data", (data) => {
        console.log(`Client says: ${data}`);
        socket.write(`You said: ${data}`); // Echo the message back
      });

      // Close the connection
      socket.on("end", () => {
        console.log("Client disconnected");
      });

      // Now allow input from the server terminal and send to client
      const rl = readline.createInterface({
        input: process.stdin,
        output: process.stdout,
      });

      rl.on("line", (input) => {
        socket.write(`Server says: ${input}\n`);
      });
    });

    // Listen on port 4000
    server.listen(4000, () => {
      console.log("TCP server listening on port 4000");
    });

UDP (User Datagram Protocol):

Strengths:
- Fast and Low Latency: UDP is faster than TCP because it doesn’t establish a connection or handle packet retransmission, which makes it ideal for real-time communication where speed is more important than reliability.
- Connectionless: UDP sends packets without establishing a connection, so it is lightweight and better for real-time, high-speed transmissions.
Use Case in Real-Time Communication:
- Voice over IP (VoIP): Applications like Zoom, Skype, or Google Meet often use UDP for transmitting voice data, as low latency is critical, and occasional packet loss is acceptable.
- Online Gaming: Many real-time multiplayer games use UDP for transmitting game data, where speed and low latency are prioritized over perfect delivery. Lost packets are usually acceptable because real-time updates happen continuously.
- Live Streaming: UDP is used for real-time video and audio streaming because it can handle large amounts of data without waiting for acknowledgment of each packet, reducing latency.

2. Practical:

Task 1: Create a Basic HTTP Server

What to do:

Create a simple Node.js HTTP server using the http module that listens on port 3000 and responds with a message.

Example:

const http = require('http');

// Create an HTTP server
const server = http.createServer((req, res) => {
  // Set the response header
  res.writeHead(200, { 'Content-Type': 'text/plain' });

  // Send a simple response
  res.end('Hello, World!\n');
});

// The server listens on port 3000
server.listen(3000, () => {
  console.log('Server is listening on port 3000...');
});

Run the server:

node server.js

Open the browser and go to http://localhost:3000, and you will see "Hello, World!" displayed.

Task 2: Responding with Static Content (HTML and JSON)

What to do:

Modify the server to respond with HTML content when the request URL is /home and with JSON data when the request URL is /api.

Example:

const http = require('http');

// Create an HTTP server
const server = http.createServer((req, res) => {
  if (req.url === '/home') {
    res.writeHead(200, { 'Content-Type': 'text/html' });
    res.end('Welcome to the Home Page!
');
  } else if (req.url === '/api') {
    res.writeHead(200, { 'Content-Type': 'application/json' });
    const data = {
      message: 'Hello, this is JSON data!',
      status: 'success',
    };
    res.end(JSON.stringify(data));
  } else {
    res.writeHead(404, { 'Content-Type': 'text/plain' });
    res.end('404 - Not Found');
  }
});

// The server listens on port 3000
server.listen(3000, () => {
  console.log('Server is listening on port 3000...');
});

Test the server:

Go to http://localhost:3000/home, and you will see the HTML content.
Go to http://localhost:3000/api, and you will receive the JSON response.

Task 3: Handling Different Routes and HTTP Methods (GET, POST)

What to do:

Modify the server to handle two different routes:
- /about: Responds with a simple HTML message using the GET method.
- /submit: Accepts POST requests and responds with the data that the client submits.

Example:

const http = require('http');

// Create an HTTP server
const server = http.createServer((req, res) => {
  if (req.method === 'GET' && req.url === '/about') {
    res.writeHead(200, { 'Content-Type': 'text/html' });
    res.end('About Us
This is the about page.
');
  } else if (req.method === 'POST' && req.url === '/submit') {
    let body = '';

    // Collect the data sent by the client
    req.on('data', chunk => {
      body += chunk.toString();
    });

    // Once all data is received, respond with it
    req.on('end', () => {
      res.writeHead(200, { 'Content-Type': 'text/plain' });
      res.end(`Received data: ${body}`);
    });
  } else {
    res.writeHead(404, { 'Content-Type': 'text/plain' });
    res.end('404 - Not Found');
  }
});

// The server listens on port 3000
server.listen(3000, () => {
  console.log('Server is listening on port 3000...');
});

Test the server:

Visit http://localhost:3000/about to see the GET request in action.
Use Postman or curl to send a POST request with data to http://localhost:3000/submit.

Example using curl:

curl -X POST -d "name=John&age=25" http://localhost:3000/submit

Output:

Received data: name=John&age=25

3. Extended Practical Examples:

Task 4: Serve a Static HTML File

What to do:

Create an HTML file (e.g., index.html) and serve it using the fs module with the HTTP server.

Example:

Create an index.html file:

 html>
 <html lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Portfoliotitle>
     <style>
       * {
         margin: 0;
         padding: 0;
         box-sizing: border-box;
       }
       body {
         font-family: Arial, sans-serif;
         line-height: 1.6;
         background-color: #f4f4f4;
         color: #333;
       }
       header {
         background-color: #333;
         color: #fff;
         padding: 1rem 0;
         text-align: center;
       }
       header h1 {
         margin-bottom: 0.5rem;
       }
       header p {
         font-size: 1.1rem;
       }
       nav {
         background-color: #444;
         padding: 1rem;
         text-align: center;
       }
       nav a {
         color: #fff;
         margin: 0 15px;
         text-decoration: none;
         font-weight: bold;
       }
       nav a:hover {
         text-decoration: underline;
       }
       .container {
         max-width: 1100px;
         margin: 2rem auto;
         padding: 0 2rem;
       }
       .about,
       .projects {
         background-color: #fff;
         padding: 2rem;
         margin-bottom: 1.5rem;
         border-radius: 5px;
         box-shadow: 0 2px 5px rgba(0, 0, 0, 0.1);
       }
       .about h2,
       .projects h2 {
         margin-bottom: 1rem;
       }
       .about p {
         font-size: 1.1rem;
         line-height: 1.8;
       }
       .projects {
         display: grid;
         grid-template-columns: repeat(auto-fit, minmax(250px, 1fr));
         gap: 1.5rem;
       }
       .project-card {
         background-color: #f9f9f9;
         padding: 1.5rem;
         border-radius: 5px;
         box-shadow: 0 2px 5px rgba(0, 0, 0, 0.1);
       }
       .project-card h3 {
         margin-bottom: 0.5rem;
       }
       .project-card p {
         margin-bottom: 1rem;
       }
       footer {
         background-color: #333;
         color: #fff;
         text-align: center;
         padding: 1rem 0;
       }
       footer p {
         margin: 0;
       }
     style>
   head>
   <body>
     <header>
       <h1>Sungava Collegeh1>
       <p>Web Developer | Designer | Programmerp>
     header>

     <nav>
       <a href="#about">Abouta>
       <a href="#projects">Projectsa>
       <a href="#contact">Contacta>
     nav>

     <div class="container">
       <section id="about" class="about">
         <h2>About Meh2>
         <p>
           Hello! I'm Apple, a passionate web developer with experience in
           building dynamic and responsive websites. I enjoy turning complex
           problems into simple, beautiful, and intuitive solutions.
         p>
       section>

       <section id="projects" class="projects">
         <h2>Projectsh2>
         <div class="project-card">
           <h3>Project Oneh3>
           <p>A responsive website built with HTML, CSS, and JavaScript.p>
           <a href="#">View Projecta>
         div>
         <div class="project-card">
           <h3>Project Twoh3>
           <p>A dynamic web application using the MERN stack.p>
           <a href="#">View Projecta>
         div>
         <div class="project-card">
           <h3>Project Threeh3>
           <p>An eCommerce platform built using React and Node.js.p>
           <a href="#">View Projecta>
         div>
       section>
     div>

     <footer>
       <p>© 2024 Sungava College. All Rights Reserved.p>
     footer>
   body>
 html>

Modify the server to read and serve this file:

 const http = require('http');
 const fs = require('fs');

 // Create an HTTP server
 const server = http.createServer((req, res) => {
   if (req.url === '/home') {
     fs.readFile('index.html', (err, data) => {
       if (err) {
         res.writeHead(500, { 'Content-Type': 'text/plain' });
         res.end('500 - Internal Server Error');
       } else {
         res.writeHead(200, { 'Content-Type': 'text/html' });
         res.end(data);
       }
     });
   } else {
     res.writeHead(404, { 'Content-Type': 'text/plain' });
     res.end('404 - Not Found');
   }
 });

 // The server listens on port 3000
 server.listen(3000, () => {
   console.log('Server is listening on port 3000...');
 });

Test the server:

Open http://localhost:3000/home to see the HTML file served by the Node.js server.

Task 5: Handle Query Parameters

What to do:

Handle query parameters from a URL and return dynamic content based on those parameters.

Example:

const http = require("http");
const url = require("url");

// Create an HTTP server
const server = http.createServer((req, res) => {
  // Parse the URL and extract query parameters
  const parsedUrl = url.parse(req.url, true);
  const queryObject = parsedUrl.query;

  // Check if the path starts with /greet/
  if (req.url.startsWith("/greet/")) {
    // Extract the "name" query parameter, or default to "Guest"
    const name = queryObject.name || "Guest";

    // Set response header and send the greeting message
    res.writeHead(200, { "Content-Type": "text/plain" });
    res.end(`Hello, ${name}!`);
  } else {
    // Handle 404 Not Found if the route doesn't match /greet/
    res.writeHead(404, { "Content-Type": "text/plain" });
    res.end("404 - Not Found");
  }
});

// The server listens on port 3000
server.listen(3000, () => {
  console.log("Server is listening on port 3000...");
});

Test the server:

Open http://localhost:3000/greet?name=John to see dynamic content generated based on the query parameter (name=John).

Day 2: Understanding Core Modules and the Event Loop: Using Modules and npm

Kumar Chaudhary — Mon, 23 Sep 2024 04:55:15 GMT

Node.js core modules (e.g., fs, path, http, os)
Understanding the Event Loop
Synchronous vs Asynchronous programming in Node.js
Practical: Basic file operations using fs module (read, write, append)
Handling paths with path module
Timing events with setTimeout and setInterval

Event Loop in Node.js

What is the Event Loop?

Node.js uses an event-driven, non-blocking I/O model which makes it lightweight and efficient. The event loop is responsible for handling asynchronous operations. It allows Node.js to handle multiple operations without creating multiple threads.

Example of Event Loop:

console.log('Start');

setTimeout(() => {
  console.log('Timeout function executed');
}, 2000);

console.log('End');

Synchronous vs Asynchronous Programming

Synchronous:
- Operations that block further code execution until the current task is finished. In Node.js, most operations can be done asynchronously to avoid blocking the event loop.

Example of Synchronous Code:

    const fs = require('fs');

    console.log('Start reading file...');
    const data = fs.readFileSync('example.txt', 'utf-8');
    console.log(data);
    console.log('Finished reading file.');

This code blocks further execution until the file is completely read.

Asynchronous:
- Non-blocking operations that allow the rest of the program to run while waiting for a task (like reading a file) to complete.

Example of Asynchronous Code:

    const fs = require('fs');

    console.log('Start reading file...');
    fs.readFile('example.txt', 'utf-8', (err, data) => {
      if (err) throw err;
      console.log(data);
    });
    console.log('Finished reading file.');

Here, Node.js will continue executing other code (e.g., "Finished reading file.") while waiting for the file to be read.

2. Practical:

Basic File Operations with `fs` Module

fs (File System) module:

Allows working with the file system, such as reading, writing, and appending to files.

Reading a File (Asynchronous):

  const fs = require('fs');

  fs.readFile('example.txt', 'utf-8', (err, data) => {
    if (err) throw err;
    console.log('File contents:', data);
  });

Writing to a File (Asynchronous):

  const fs = require('fs');

  fs.writeFile('output.txt', 'Hello, Node.js!', (err) => {
    if (err) throw err;
    console.log('File written successfully.');
  });

Appending to a File (Asynchronous):

  const fs = require('fs');

  fs.appendFile('output.txt', '\nAppended text.', (err) => {
    if (err) throw err;
    console.log('Text appended successfully.');
  });

Handling Paths with `path` Module

path module:

Helps with working with file and directory paths. It's especially useful when you need to manipulate or join paths across platforms.

Joining Paths:

  const path = require('path');

  const fullPath = path.join(__dirname, 'files', 'example.txt');
  console.log('Full Path:', fullPath);

Getting File Name from Path:

  const path = require('path');

  const filePath = '/users/documents/example.txt';
  console.log('File Name:', path.basename(filePath));

Getting Directory Name from Path:

  const path = require('path');

  const filePath = '/users/documents/example.txt';
  console.log('Directory Name:', path.dirname(filePath));

Timing Events with `setTimeout` and `setInterval`

setTimeout: Runs a function after a certain delay (once).

  setTimeout(() => {
    console.log('This runs after 3 seconds');
  }, 3000); // 3000 milliseconds = 3 seconds

setInterval: Runs a function repeatedly after a specified interval.

  setInterval(() => {
    console.log('This runs every 2 seconds');
  }, 2000); // 2000 milliseconds = 2 seconds

Clearing Intervals:

  const intervalId = setInterval(() => {
    console.log('Repeating...');
  }, 1000);

  setTimeout(() => {
    clearInterval(intervalId);
    console.log('Stopped interval');
  }, 5000); // Stop after 5 seconds

Working with Modules and npm
1. Theory:

Modular Programming in Node.js
- What is Modular Programming?
  - Modular programming is about breaking a program into smaller, reusable parts (called modules). Each module contains related functionality, making code easier to maintain and scale.
- Node.js uses CommonJS module system, which includes:
  - require(): Used to load modules.
  - module.exports: Used to export functionality from a module so other files can use it.

CommonJS: How Modules Work in Node.js

Creating a module:
- In Node.js, you can create your own module by writing code in a separate file and exporting the functionality you want to reuse.
Using require() to load a module:
- To use a module in another file, you load it with require().

Example:

        // math.js (your custom module)
        function add(a, b) {
          return a + b;
        }

        function subtract(a, b) {
          return a - b;
        }

        // Exporting the functions
        module.exports = { add, subtract };

Now, you can use the add and subtract functions from math.js in another file:

        // main.js
        const math = require('./math');

        console.log(math.add(5, 3)); // Output: 8
        console.log(math.subtract(10, 7)); // Output: 3

What is npm and Package Management?

What is npm?
- npm (Node Package Manager) is the default package manager for Node.js. It helps install, manage, and share reusable packages of code.
- npm allows you to easily download and integrate thousands of third-party libraries (packages) like lodash, axios, etc., into your project.
Package Management:
- Packages are collections of code that can be easily installed and managed using npm. They are stored in a registry (like npm's registry) and can be added to your project with simple commands.

Introduction to `package.json` and Dependencies

What is package.json?
- package.json is a file that holds metadata about your Node.js project (like project name, version, and dependencies). It is automatically generated when you run the npm init command.
Dependencies:
- Dependencies are packages your project relies on. They are listed in package.json so they can be easily installed on any machine using npm install.

3. Tasks for Day 2:

Task 1: File Operations
- What to do:
  - Create a new file called notes.txt and write "Learning Node.js" into it.
  - Read and display the content of notes.txt.
  - Append "Node.js is awesome!" to the same file and read it again.
Task 2: Path Operations
- What to do:
  - Use the path module to print the full path of your notes.txt file.
  - Extract and print only the file name from the path.
  - Extract and print the directory name from the path.
Task 3: Timing Events
- What to do:
  - Write a setTimeout function to print "Hello after 3 seconds."
  - Use setInterval to print "Learning is fun!" every 2 seconds and stop it after 10 seconds using clearInterval.
Reflection:
- Write a paragraph about your understanding of synchronous and asynchronous programming. Explain the difference in your own words.

Additional Resources:

Node.js Official Documentation
Understanding the Node.js Event Loop

Summary:

Theory: Focus on core modules like fs, path, and the Node.js event loop.
Practical: Perform file operations, handle paths, and understand timing events with setTimeout and setInterval.
Tasks: Reinforce learning by writing and manipulating files, handling paths, and experimenting with asynchronous timers.

Recursive Function Implementation in Backend

Kumar Chaudhary — Sun, 14 Jul 2024 16:42:45 GMT

Example: File System Traversal

Imagine you are developing a backend application that needs to traverse a file system to find all files with a specific extension (e.g., .txt, .jpg) and compute the total size of these files.

const fs = require('fs');
const path = require('path');

// Function to recursively traverse a directory
function traverseDirectory(dirPath, extension, totalSize = 0) {
  const files = fs.readdirSync(dirPath);

  files.forEach(file => {
    const filePath = path.join(dirPath, file);
    const stats = fs.statSync(filePath);

    if (stats.isDirectory()) {
      // Recursively traverse subdirectories
      totalSize = traverseDirectory(filePath, extension, totalSize);
    } else if (stats.isFile() && path.extname(file) === extension) {
      // Process files with the specified extension
      console.log(`Found file: ${filePath} (${stats.size} bytes)`);
      totalSize += stats.size;
    }
  });

  return totalSize;
}

// Example usage: Traverse the current directory recursively for .txt files
const directoryPath = './';
const fileExtension = '.txt';
const totalFileSize = traverseDirectory(directoryPath, fileExtension);

console.log(`Total size of ${fileExtension} files: ${totalFileSize} bytes`);

Explanation

Function traverseDirectory: This function uses fs.readdirSync to read the contents of a directory synchronously. It iterates through each file and directory within the specified dirPath.
Recursive Case: If the current item (file) is a directory (stats.isDirectory()), the function recursively calls itself with the directory path (filePath) to explore its contents further.
Base Case: If the current item (file) is a file (stats.isFile()) and has the specified extension (path.extname(file) === extension), it processes the file (in this case, printing its path and size) and adds its size (stats.size) to totalSize.
Returning Results: The function returns totalSize recursively accumulated from all files matching the extension in the directory tree.

Usage

In this example, the recursive function traverseDirectory is used to traverse a directory structure and find all .txt files, printing their paths and sizes. The function could easily be adapted to handle different file operations, such as copying files, counting files, or analyzing file contents recursively.

This scenario demonstrates how recursive functions are essential for tasks that involve hierarchical or nested data structures, such as file systems, directory trees, nested comments, organizational charts, and more.

"Mastering Higher-Order Functions and Loops in JavaScript: A Comprehensive Guide"

Kumar Chaudhary — Fri, 21 Jun 2024 15:00:51 GMT

In JavaScript, higher-order functions are functions that can take other functions as arguments or return functions as their result. They are fundamental in functional programming and allow for powerful abstractions. Here are some of the most commonly used higher-order functions in JavaScript:

Array Higher-Order Functions

Array.prototype.forEach Executes a provided function once for each array element.
```
 const array = [1, 2, 3];
 array.forEach(value => console.log(value));
```
Array.prototype.map Creates a new array populated with the results of calling a provided function on every element in the calling array.
```
 const array = [1, 2, 3];
 const doubled = array.map(value => value * 2);
```
Array.prototype.filter Creates a new array with all elements that pass the test implemented by the provided function.
```
 const array = [1, 2, 3];
 const even = array.filter(value => value % 2 === 0);
```

Array.prototype.reduce Executes a reducer function on each element of the array, resulting in a single output value.

 const array = [1, 2, 3];
 const sum = array.reduce((accumulator, currentValue) => accumulator + currentValue, 0);

Array.prototype.reduceRight Applies a function against an accumulator and each value of the array (from right-to-left) to reduce it to a single value.
```
 const array = [1, 2, 3];
 const sum = array.reduceRight((accumulator, currentValue) => accumulator + currentValue, 0);
```
Array.prototype.every Tests whether all elements in the array pass the test implemented by the provided function.
```
 const array = [1, 2, 3];
 const allEven = array.every(value => value % 2 === 0);
```
Array.prototype.some Tests whether at least one element in the array passes the test implemented by the provided function.
```
 const array = [1, 2, 3];
 const someEven = array.some(value => value % 2 === 0);
```
Array.prototype.find Returns the value of the first element in the array that satisfies the provided testing function.
```
 const array = [1, 2, 3];
 const found = array.find(value => value > 1);
```
Array.prototype.findIndex Returns the index of the first element in the array that satisfies the provided testing function.
```
 const array = [1, 2, 3];
 const index = array.findIndex(value => value > 1);
```
Array.prototype.flatMap First maps each element using a mapping function, then flattens the result into a new array.
```
const array = [1, 2, 3];
const flatMapped = array.flatMap(value => [value, value * 2]);
```
Array.prototype.sort Sorts the elements of an array in place and returns the array.
```
const array = [3, 1, 2];
array.sort((a, b) => a - b);
```
Array.prototype.flat Creates a new array with all sub-array elements concatenated into it recursively up to the specified depth.
```
const array = [1, [2, [3]]];
const flattened = array.flat(2);
```

Array.prototype.concat Merges two or more arrays into a new array.

const array1 = [1, 2];
const array2 = [3, 4];
const merged = array1.concat(array2);

Function Higher-Order Functions

Function.prototype.bind Creates a new function that, when called, has its this keyword set to the provided value, with a given sequence of arguments preceding any provided when the new function is called.

 const module = {
     x: 42,
     getX: function() {
         return this.x;
     }
 };

 const unboundGetX = module.getX;
 const boundGetX = unboundGetX.bind(module);
 console.log(boundGetX()); // 42

Function.prototype.call Calls a function with a given this value and arguments provided individually.

 function greet() {
     console.log(`Hello, ${this.name}`);
 }

 const person = { name: 'John' };
 greet.call(person); // Hello, John

Function.prototype.apply Calls a function with a given this value, and arguments provided as an array (or an array-like object).

 function greet(greeting) {
     console.log(`${greeting}, ${this.name}`);
 }

 const person = { name: 'John' };
 greet.apply(person, ['Hello']); // Hello, John

Summary

In total, the primary higher-order functions in JavaScript can be categorized under array methods and function methods. These are:

Array Methods:

forEach
map
filter
reduce
reduceRight
every
some
find
findIndex
flatMap
sort
flat
concat

Function Methods:

bind
call
apply

These higher-order functions are fundamental tools in JavaScript, enabling powerful and expressive functional programming techniques.

Certainly! Besides higher-order functions and loops, there are several other important concepts and features in JavaScript that you should be familiar with. These include, but are not limited to, the following:

Mastering JavaScript: Essential Concepts and Features

1. Promises and Asynchronous Programming

Promises: Objects representing the eventual completion or failure of an asynchronous operation.

  const promise = new Promise((resolve, reject) => {
      setTimeout(() => {
          resolve('Success!');
      }, 1000);
  });

  promise.then(result => {
      console.log(result); // 'Success!'
  }).catch(error => {
      console.error(error);
  });

Async/Await: Syntactic sugar over promises, making asynchronous code look synchronous.

  async function fetchData() {
      try {
          const response = await fetch('https://api.example.com/data');
          const data = await response.json();
          console.log(data);
      } catch (error) {
          console.error(error);
      }
  }

  fetchData();

2. Modules

ES6 Modules: Using import and export to manage dependencies and organize code.

  // math.js
  export function add(a, b) {
      return a + b;
  }

  // main.js
  import { add } from './math.js';
  console.log(add(2, 3)); // 5

3. Closures

Functions that have access to the outer (enclosing) function’s variables even after the outer function has returned.

  function makeCounter() {
      let count = 0;
      return function() {
          count++;
          return count;
      };
  }

  const counter = makeCounter();
  console.log(counter()); // 1
  console.log(counter()); // 2

4. Event Handling

Event Listeners: Responding to user interactions and other events in the DOM.

  document.getElementById('myButton').addEventListener('click', () => {
      console.log('Button clicked!');
  });

5. Error Handling

Try/Catch: Handling exceptions and errors gracefully.

  try {
      throw new Error('Something went wrong');
  } catch (error) {
      console.error(error.message);
  }

6. Destructuring

Extracting values from arrays or properties from objects into distinct variables.

  const person = { name: 'John', age: 30 };
  const { name, age } = person;
  console.log(name, age); // 'John', 30

7. Template Literals

Template strings with embedded expressions.

  const name = 'John';
  const message = `Hello, ${name}!`;
  console.log(message); // 'Hello, John!'

8. Spread and Rest Operators

Spread: Expanding elements of an iterable (like an array) or properties of an object.

  const array = [1, 2, 3];
  const newArray = [...array, 4, 5];
  console.log(newArray); // [1, 2, 3, 4, 5]

Rest: Collecting arguments into an array.

  function sum(...numbers) {
      return numbers.reduce((acc, curr) => acc + curr, 0);
  }

  console.log(sum(1, 2, 3, 4)); // 10

9. Classes and Inheritance

ES6 Classes: Creating objects and inheritance in a more familiar syntax compared to traditional prototypes.

  class Person {
      constructor(name, age) {
          this.name = name;
          this.age = age;
      }

      greet() {
          console.log(`Hello, my name is ${this.name}`);
      }
  }

  class Student extends Person {
      constructor(name, age, grade) {
          super(name, age);
          this.grade = grade;
      }

      study() {
          console.log(`${this.name} is studying`);
      }
  }

  const student = new Student('John', 20, 'A');
  student.greet(); // 'Hello, my name is John'
  student.study(); // 'John is studying'

10. Prototypes and Prototype Chain

Understanding how inheritance works in JavaScript using prototypes.

  function Person(name, age) {
      this.name = name;
      this.age = age;
  }

  Person.prototype.greet = function() {
      console.log(`Hello, my name is ${this.name}`);
  };

  const person = new Person('John', 30);
  person.greet(); // 'Hello, my name is John'

Types of For Loop in JavaScript

In JavaScript, there are several types of loops that you can use to iterate over arrays, objects, and other iterable structures. Here are the main ones:

1. `for` Loop

The traditional for loop is used for general-purpose iteration with a counter.

for (let i = 0; i < array.length; i++) {
    console.log(array[i]);
}

2. `for...in` Loop

The for...in loop is used to iterate over the enumerable properties of an object.

const obj = {a: 1, b: 2, c: 3};
for (const key in obj) {
    if (obj.hasOwnProperty(key)) {
        console.log(key, obj[key]);
    }
}

3. `for...of` Loop

The for...of loop is used to iterate over the values of an iterable (like an array, string, map, set, etc.).

const array = [1, 2, 3];
for (const value of array) {
    console.log(value);
}

4. `Array.prototype.forEach` Method

The forEach method is used to execute a provided function once for each array element.

const array = [1, 2, 3];
array.forEach(value => {
    console.log(value);
});

5. `while` Loop

The while loop is used to execute a block of code as long as a specified condition is true.

let i = 0;
while (i < array.length) {
    console.log(array[i]);
    i++;
}

6. `do...while` Loop

The do...while loop is similar to the while loop, but it executes the block of code once before checking the condition.

let i = 0;
do {
    console.log(array[i]);
    i++;
} while (i < array.length);

Summary

In summary, the main types of loops in JavaScript are:

for loop
for...in loop
for...of loop
Array.prototype.forEach method
while loop
do...while loop

Each loop type serves different purposes and can be chosen based on the specific requirements of your iteration task.

Mutable and Immutable in JS

In JavaScript, mutability refers to whether an object or value can be changed after it's created. Let's break down mutable and immutable elements in JS:

Mutable (can be changed):

Objects
Arrays
Functions
Sets
Maps

Immutable (cannot be changed):

Primitive values:
- Numbers
- Strings
- Booleans
- null
- undefined
- Symbol
frozen objects (using Object.freeze())

Key points:

When you assign a new value to a primitive, you're creating a new instance.
Modifying an object or array changes the original, not creates a new one.
const doesn't make objects immutable, it just prevents reassignment.

Mutable

A mutable object is one that can be changed after it is created. Most objects and arrays in JavaScript are mutable.

Examples of Mutable Types:

Objects:
- You can add, delete, or modify properties of an object.

    javascriptCopy codeconst obj = { name: "Alice", age: 25 };
    obj.age = 26;  // Modify
    obj.city = "New York";  // Add
    delete obj.name;  // Delete
    console.log(obj);  // Output: { age: 26, city: 'New York' }

Arrays:
- You can change elements, add new elements, or remove elements.

    javascriptCopy codeconst arr = [1, 2, 3];
    arr[0] = 10;  // Modify
    arr.push(4);  // Add
    arr.pop();  // Remove
    console.log(arr);  // Output: [10, 2, 3]

Immutable

An immutable object is one that, once created, cannot be changed. Primitive values (strings, numbers, booleans, null, undefined, and symbols) are immutable in JavaScript.

Examples of Immutable Types:

Strings:
- Strings cannot be changed after they are created. Any operation that appears to modify a string actually creates a new string.

    javascriptCopy codelet str = "hello";
    str[0] = 'H';  // This has no effect
    str = "Hello";  // This creates a new string
    console.log(str);  // Output: "Hello"

Numbers, Booleans, Null, Undefined, Symbols:
- These types are immutable. Any operation on them that seems to change their value actually results in a new value.

    javascriptCopy codelet num = 42;
    num += 1;  // This creates a new number 43
    console.log(num);  // Output: 43

Immutability in Practice

Although objects and arrays are mutable by default, there are techniques to create immutable versions of them:

Object.freeze:
- Freezes an object, making it immutable (no properties can be added, removed, or modified).

    javascriptCopy codeconst obj = { name: "Alice", age: 25 };
    Object.freeze(obj);
    obj.age = 26;  // This will have no effect
    console.log(obj);  // Output: { name: 'Alice', age: 25 }

Immutable Data Structures:
- Libraries like Immutable.js provide immutable data structures for JavaScript.

    javascriptCopy codeconst { Map } = require('immutable');
    let map1 = Map({ a: 1, b: 2, c: 3 });
    let map2 = map1.set('b', 50);  // map2 is a new Map, map1 remains unchanged
    console.log(map1.get('b'));  // Output: 2
    console.log(map2.get('b'));  // Output: 50

Copying and Updating:
- Instead of modifying an object or array directly, you can create a copy with the updated values.

    javascriptCopy codeconst arr = [1, 2, 3];
    const newArr = [...arr, 4];  // Create a new array by copying the old one and adding a new element
    console.log(arr);  // Output: [1, 2, 3]
    console.log(newArr);  // Output: [1, 2, 3, 4]

Understanding mutability and immutability is crucial for managing state in JavaScript applications, especially in frameworks like React where immutability helps in optimizing re-rendering and maintaining predictable state updates.

How to setup and configure MYSQL in Docker on Linux.

Kumar Chaudhary — Sun, 16 Jun 2024 05:39:05 GMT

To set up and configure MySQL in Docker, you can follow these steps:

Pull the MySQL Docker Image

Run the following command to pull the latest MySQL Docker image from Docker Hub:

docker pull mysql:latest

To list Docker images that have been downloaded to your system, you can use the docker images command. Here’s how you can do it:
```
 docker images
```
This command will display a list of all Docker images that have been downloaded to your local Docker host. The output typically includes columns for the repository, tag, image ID, creation date, and size.

If you want to see more details about the images, you can add the -a flag to include intermediate image layers:
```
 docker images -a
```
This will show all images, including intermediate layers that are not tagged and are usually created during the build process of other images.

Here’s a breakdown of what each column in the output generally represents:
- REPOSITORY: The repository name of the image.
- TAG: The tag of the image.
- IMAGE ID: The unique ID of the image.
- CREATED: When the image was created.
- SIZE: The disk space used by the image.

If you have Docker running with appropriate permissions (usually as root or with sudo), these commands will give you a comprehensive list of all Docker images available locally on your system.

The commands sudo docker ps and sudo docker ps -a are both used in Docker to list containers, but they have different behaviors:

sudo docker ps: This command lists only running containers. It won't show now cause we haven't run that mysql-container so don't worry even if it won't show up.
- Specifically, sudo docker ps displays containers that are currently in the "Up" state, meaning they are actively running.
- In your example:
```
  CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                 NAMES
  a7faf2672838   mysql     "docker-entrypoint.s…"   3 minutes ago   Up 3 minutes   3306/tcp, 33060/tcp   mysql-container
```
  This output shows that there is one container (a7faf2672838) running with the MySQL image.

sudo docker ps -a: This command lists all containers, including those that are not currently running.

sudo docker ps -a displays a list of all containers, regardless of their current state (running or stopped).

In your example:

  CONTAINER ID   IMAGE                      COMMAND                  CREATED         STATUS                    PORTS                 NAMES
  a7faf2672838   mysql                      "docker-entrypoint.s…"   3 minutes ago   Up 3 minutes              3306/tcp, 33060/tcp   mysql-container
  f952f7b80cfd   redis/redis-stack:latest   "/entrypoint.sh"         4 days ago      Exited (143) 3 days ago                         redis-stack

This output shows two containers:

One (a7faf2672838) is running (Up 3 minutes ago), using the MySQL image.
Another (f952f7b80cfd) is stopped (Exited (143) 3 days ago), using the Redis Stack image.

sudo docker ps: Lists only running containers.

sudo docker ps -a: Lists all containers (both running and stopped).

Create a Directory for Persistent Data

Create a directory on your host machine to store the persistent data for MySQL. This will ensure that your data is not lost when the container is stopped or removed.

mkdir ~/mysql-data

Run the MySQL Container

Run the following command to create and start a new MySQL container:

docker run --name mysql-container -e MYSQL_ROOT_PASSWORD=your_password -v ~/mysql-data:/var/lib/mysql -d mysql

--name mysql-container: Assigns a name to the container for easy reference.
-e MYSQL_ROOT_PASSWORD=your_password: Sets the root password for the MySQL server (replace your_password with your desired password).
-v ~/mysql-data:/var/lib/mysql: Mounts the ~/mysql-data directory on the host to /var/lib/mysql in the container, which is the location where MySQL stores its data files.
-d mysql: Runs the mysql image in detached mode (in the background).

sudo docker ps:Now this command lists all running containers.
- Specifically, sudo docker ps displays containers that are currently in the "Up" state, meaning they are actively running.
- In your example:
```
  CONTAINER ID   IMAGE     COMMAND                  CREATED         STATUS         PORTS                 NAMES
  a7faf2672838   mysql     "docker-entrypoint.s…"   3 minutes ago   Up 3 minutes   3306/tcp, 33060/tcp   mysql-container
```
  This output shows that there is one container (a7faf2672838) running with the MySQL image

If MySQL is running in a Docker container on your system, you can interact with it in several ways depending on what you want to do.

Accessing the MySQL Container

If MySQL is running inside a Docker container (mysql-container in your case), you might want to access it to manage databases, execute queries, or perform administrative tasks.

Accessing MySQL Shell in the Container

You can access the MySQL shell directly from the Docker host using the docker exec command:

docker exec -it mysql-container mysql -uroot -p

-it: Allows interactive terminal access.
mysql-container: Name or ID of your MySQL container.
mysql -uroot -p: Command to start the MySQL client as the root user (replace root with your MySQL username if different).

You will be prompted to enter the MySQL root password. Once authenticated, you can run SQL queries and manage your MySQL databases as usual.

Executing Commands in the Container

If you need to execute other commands inside the MySQL container, you can use docker exec:

docker exec -it mysql-container bash

This command opens a bash shell inside the MySQL container. From there, you can navigate around and execute any commands available in the container environment.

Here's how you can list the databases:

Access MySQL Shell: You're already inside the MySQL shell. If you haven't executed any commands yet, you should see a prompt like mysql>.
List Databases: To list all databases in MySQL, you can use the following command:

So, in your MySQL shell prompt, type:
```
 SHOW DATABASES;
```
This command will display a list of databases available in your MySQL server. It typically includes system databases like information_schema, mysql, and potentially others depending on your configuration and any databases you may have created.
Example Output: After running SHOW DATABASES;, you might see output similar to this:
```
 +--------------------+
 | Database           |
 +--------------------+
 | information_schema |
 | mysql              |
 | performance_schema |
 | sys                |
 +--------------------+
```
This output shows the default databases that MySQL typically creates. Your list may vary depending on your MySQL setup and any databases you've added.
Configure MySQL

Once you're connected to the MySQL server, you can execute SQL commands to create databases, users, and perform other configuration tasks as needed.

For example, to create a new database named mydatabase:
```
 CREATE DATABASE myfockerdatabase;
```
To list the databases in your MySQL server running inside the Docker container, you can use MySQL commands from within the MySQL shell you accessed using docker exec.
Switch tomyfockerdatabase: Inside the MySQL shell, use the USE command to switch to the myfockerdatabase:
```
 USE myfockerdatabase;
```
After executing this command, the MySQL shell will switch to using the myfockerdatabase for subsequent queries.
Verify Current Database: To verify that you are now working in myfockerdatabase, you can use the SELECT DATABASE(); command:
```
 SELECT DATABASE();
```
This will output the name of the current database, which should now be myfockerdatabase.

Perform Operations inmyfockerdatabase: Now that you are in the myfockerdatabase, you can create tables, insert data, and perform other SQL operations specific to that database.

Example:

Here's an example of how it would look in your MySQL shell session:

 mysql> USE myfockerdatabase;
 Database changed
 mysql> SELECT DATABASE();
 +------------------+
 | DATABASE()       |
 +------------------+
 | myfockerdatabase |
 +------------------+
 1 row in set (0.00 sec)

 mysql> -- Perform operations in myfockerdatabase
 mysql> CREATE TABLE mytable (
     -> id INT AUTO_INCREMENT PRIMARY KEY,
     -> name VARCHAR(50)
     -> );
 Query OK, 0 rows affected (0.06 sec)

 mysql> INSERT INTO mytable (name) VALUES ('John'), ('Alice'), ('Bob');
 Query OK, 3 rows affected (0.03 sec)
 Records: 3  Duplicates: 0  Warnings: 0

 mysql> SELECT * FROM mytable;
 +----+-------+
 | id | name  |
 +----+-------+
 |  1 | John  |
 |  2 | Alice |
 |  3 | Bob   |
 +----+-------+
 3 rows in set (0.00 sec)

 mysql> -- Continue working in myfockerdatabase or perform other operations as needed

Exiting MySQL Shell:

To exit the MySQL shell and return to your Docker container’s command prompt, type:

 exit;

This will close the MySQL client session and bring you back to the Docker container's command line.

Summary:

You can switch to a specific database (myfockerdatabase in this case) within the MySQL shell using the USE command.
Once inside the desired database, you can perform SQL operations specific to that database, such as creating tables, inserting data, querying data, etc.
Use exit; to exit the MySQL shell and return to the Docker container's command line when you're done working with the database.

Now Lets talk about how you can connect the mysql running on dokcer to any mysql client

Yes, you can connect to a MySQL server running in a Docker container using Beekeeper Studio (or any other MySQL client) on your laptop. To do this, you'll need to ensure that the MySQL container's ports are exposed and accessible from your host machine.

Here are the steps to connect Beekeeper Studio to your MySQL container:

1. Ensure MySQL Container Ports are Exposed

When you start your MySQL container, you should map the container ports to your host machine ports. If you haven't already done this, you can restart your container with the necessary port mappings.

For example, you can start the container with the following command to map the MySQL port (3306) to your host machine:

sudo docker run --name mysql-container -e MYSQL_ROOT_PASSWORD=my-secret-pw -d -p 3306:3306 mysql

This command does the following:

-e MYSQL_ROOT_PASSWORD=my-secret-pw: Sets the root password for MySQL.
-d: Runs the container in detached mode.
-p 3306:3306: Maps port 3306 of the container to port 3306 of the host.

If your container is already running, you can use the docker run command above or stop the container and restart it with the correct port mappings:

sudo docker stop mysql-container
sudo docker rm mysql-container
sudo docker run --name mysql-container -e MYSQL_ROOT_PASSWORD=my-secret-pw -d -p 3306:3306 mysql

2. Find the Host IP Address

If you are running Docker on Linux, you can connect to localhost (or 127.0.0.1). For Docker Toolbox or Docker Desktop on Windows and Mac, you might need to find the Docker host IP.

3. Connect Using Beekeeper Studio

Open Beekeeper Studio.
Create a New Connection:
- Click on the "New Connection" button.
Enter Connection Details:
- Connection Name: Give your connection a name.
- Host: Use localhost (or the IP address of your Docker host if you're not on Linux).
- Port: 3306
- Username: root (or any other MySQL user you've set up)
- Password: Enter the root password you specified (e.g., my-secret-pw).
- Database: (Optional) Specify a database if you want to connect to a specific one. You can leave this blank to connect to the default database.
Test the Connection:
- Click the "Test Connection" button to ensure that Beekeeper Studio can connect to your MySQL server.
Save and Connect:
- Once the connection is successful, save the connection and click "Connect".

Example

Here’s a visual example of what the connection details might look like:

Host: localhost
Port: 3306
Username: root
Password: my-secret-pw
Database: (leave it blank or specify the database you want to connect to)

By following these steps, you should be able to connect to your MySQL server running in a Docker container using Beekeeper Studio on your laptop.

The Fundamental Concept of Cloud Computing

Kumar Chaudhary — Tue, 23 Apr 2024 20:10:32 GMT

Cloud computing refers to the delivery of computing services over the internet, including servers, storage, databases, networking, software, analytics, and more. Instead of owning and maintaining physical data centers and resources, cloud computing allows users to access and pay for these resources on an as-needed basis from a cloud provider's virtual data center. The key components of cloud computing include:

Cloud Infrastructure: This refers to the physical hardware resources, such as servers, storage devices, and networking components, that are housed in the cloud provider's data centers. Cloud providers maintain and manage this infrastructure, ensuring high availability, scalability, and security.
Virtualization: Cloud computing heavily relies on virtualization technology, which allows multiple virtual machines or environments to run on a single physical server. This maximizes resource utilization and enables scalability by easily creating or decommissioning virtual instances as needed.
Cloud Services: Cloud providers offer a range of services that can be categorized as follows:
- Infrastructure as a Service (IaaS): Provides virtualized computing resources, such as virtual machines, storage, and networking, allowing users to deploy and manage their own operating systems and applications.
- Platform as a Service (PaaS): Offers a platform for developing, testing, and deploying applications, including programming languages, libraries, tools, and services.
- Software as a Service (SaaS): Delivers software applications over the internet, where the provider manages the application, data, and underlying infrastructure.
Cloud Deployment Models:
- Public Cloud: Cloud resources are owned and operated by third-party cloud service providers and delivered over the internet.
- Private Cloud: Cloud infrastructure is dedicated to a single organization and can be hosted on-premises or by a third-party provider.
- Hybrid Cloud: A combination of public and private clouds, allowing applications and data to move between them as needed.
Cloud Storage: Cloud providers offer scalable and durable storage solutions, such as object storage, block storage, and file storage, enabling users to store and retrieve data from anywhere with internet access.
Cloud Networking: Cloud computing relies on robust networking infrastructure to connect users to cloud resources and facilitate communication between different components within the cloud.
Cloud Security: Cloud providers implement various security measures, such as encryption, access controls, and compliance standards, to protect user data and applications hosted in the cloud.
Cloud Management and Monitoring: Cloud platforms provide tools and interfaces for managing and monitoring cloud resources, including resource provisioning, scaling, performance monitoring, and cost management.

The combination of these components enables organizations to leverage cloud computing for various benefits, such as scalability, cost-efficiency, flexibility, and access to advanced technologies and services.

Cloud Based Services and it's Challenging aspects

Cloud-based services refer to the delivery of various computing resources and software applications over the internet, leveraging the cloud computing model. These services are typically provided by cloud service providers (CSPs) and can be classified into three main categories:

Infrastructure as a Service (IaaS): IaaS providers offer virtualized computing resources, such as virtual machines, storage, networks, and other fundamental computing resources. Examples include Amazon Web Services (AWS) EC2, Microsoft Azure Virtual Machines, and Google Compute Engine.
Platform as a Service (PaaS): PaaS providers offer a platform and environment for developing, testing, deploying, and managing applications. They provide pre-configured runtime environments, development tools, databases, and other services necessary for application development. Examples include AWS Elastic Beanstalk, Google App Engine, and Microsoft Azure App Service.
Software as a Service (SaaS): SaaS providers deliver software applications over the internet, where the applications are hosted and managed by the provider. Users access these applications through web browsers or client applications. Examples include Microsoft Office 365, Salesforce, Google Workspace (formerly G Suite), and Dropbox.

While cloud-based services offer numerous benefits, such as scalability, cost-efficiency, and access to advanced technologies, there are several challenges associated with cloud computing:

Security and Compliance: Ensuring data security, privacy, and compliance with regulatory requirements is a significant challenge when using cloud services, as data and applications are hosted and managed by third-party providers.
Data Portability and Vendor Lock-in: Moving data and applications between different cloud providers or back to on-premises infrastructure can be challenging due to potential vendor lock-in and the lack of standardized data formats and APIs.
Connectivity and Performance: Cloud services rely heavily on internet connectivity, and poor network performance or outages can impact the availability and performance of cloud-based applications and services.
Cost Management: While cloud services can be cost-effective, managing and optimizing cloud costs can be challenging, particularly as usage and consumption patterns change over time.
Governance and Control: Organizations may face challenges in maintaining governance, control, and visibility over their cloud resources, especially in multi-cloud or hybrid cloud environments.
Scalability and Capacity Planning: Predicting and planning for scalability and capacity requirements can be difficult, as demand for cloud resources can fluctuate rapidly.
Skill Gap and Cultural Shift: Adopting cloud computing often requires organizations to develop new skills and undergo a cultural shift, which can be challenging for some organizations.

To address these challenges, organizations need to implement robust security measures, carefully plan their cloud strategy, manage costs effectively, ensure proper governance and compliance, and invest in employee training and skill development for cloud technologies.

Cloud computing deployments models

Cloud computing deployments can be categorized into four main models: public cloud, private cloud, hybrid cloud, and multi-cloud. Each model offers different levels of control, security, and flexibility, catering to various organizational requirements and use cases. Here's an overview of these deployment models:

Public Cloud: In a public cloud model, computing resources (such as servers, storage, and applications) are owned and operated by third-party cloud service providers (CSPs) and delivered over the internet. These resources are shared among multiple organizations or users, and the infrastructure is managed and maintained by the CSP. Examples of public cloud providers include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
Private Cloud: A private cloud is a cloud computing environment dedicated to a single organization, providing more control and privacy. The infrastructure can be hosted on-premises (within the organization's data center) or by a third-party service provider. Private clouds offer increased security, customization, and control over the computing resources, but they require significant investment and management efforts from the organization.
Hybrid Cloud: A hybrid cloud is a combination of public and private cloud environments, where applications and data can move between the two environments as needed. This model allows organizations to leverage the scalability and cost-effectiveness of public clouds while keeping sensitive or mission-critical workloads in their private cloud environment. Organizations can take advantage of the best features of both deployment models, optimizing their resources and workloads based on specific requirements.
Multi-Cloud: A multi-cloud strategy involves using multiple public cloud services from different providers within a single heterogeneous architecture. This approach helps organizations avoid vendor lock-in, distribute workloads across multiple clouds for better performance and redundancy, and access specialized services from different providers. However, managing and integrating multiple cloud environments can be complex and requires robust governance and management tools.

The choice of deployment model depends on various factors, such as organization size, security and compliance requirements, workload characteristics, cost considerations, and the desired level of control and flexibility. Some organizations may adopt a single deployment model, while others may choose a combination of models to meet their specific needs.

It's important to note that cloud deployment models are not mutually exclusive, and organizations can adopt a hybrid or multi-cloud approach to leverage the benefits of different models while mitigating potential risks and limitations.

Difference between cloud computing and distributed computing

Aspect	Distributed Computing	Cloud Computing
Resource Ownership	Resources are owned and managed by the organization	Resources are owned and managed by cloud service providers
Resource Location	Resources are distributed across multiple locations/systems within the organization	Resources are centralized in the cloud provider's data centers
Access	Resources are accessed within the organization's network	Resources are accessed over the internet
Scalability	Scalability is limited by the organization's own resources	Scalability is virtually unlimited and on-demand
Cost Model	High upfront costs for hardware and maintenance	Pay-as-you-go or subscription-based pricing model
Management	Organization is responsible for managing and maintaining all resources	Cloud provider manages and maintains the resources
Use Case	Typically used for computationally intensive tasks or parallel processing	Used for a wide range of applications, services, and workloads
Examples	Grid computing, cluster computing	Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP)

This tabular format provides a simple and easy-to-remember comparison between distributed computing and cloud computing, focusing on key aspects such as resource ownership, location, access, scalability, cost model, management, and typical use cases.

Cloud reference model with example

The cloud reference model is a conceptual framework that defines the essential components and layers of cloud computing. It provides a standardized way of understanding and discussing cloud services. The National Institute of Standards and Technology (NIST) has developed a widely accepted cloud reference model, which consists of the following components:

Cloud Essential Characteristics:
- On-demand self-service
- Broad network access
- Resource pooling
- Rapid elasticity
- Measured service
Cloud Service Models:
- Software as a Service (SaaS): Applications running on the cloud infrastructure and accessed via web browsers or client applications (e.g., Google Workspace, Salesforce, Dropbox).
- Platform as a Service (PaaS): Provides a platform for developing, testing, deploying, and managing applications (e.g., Google App Engine, AWS Elastic Beanstalk, Microsoft Azure App Service).
- Infrastructure as a Service (IaaS): Provides virtualized computing resources such as servers, storage, and networking (e.g., Amazon EC2, Microsoft Azure Virtual Machines, Google Compute Engine).
Cloud Deployment Models:
- Public Cloud: Cloud infrastructure owned and operated by cloud service providers and shared among multiple customers (e.g., AWS, Microsoft Azure, Google Cloud Platform).
- Private Cloud: Cloud infrastructure provisioned for exclusive use by a single organization, either on-premises or hosted by a third-party.
- Hybrid Cloud: A composition of two or more distinct cloud infrastructures (public and private) that remain unique entities but are bound together by standardized technology (e.g., an organization using a combination of public cloud for non-sensitive workloads and private cloud for sensitive data).
- Community Cloud: Cloud infrastructure provisioned for exclusive use by a specific community of consumers from organizations with shared concerns (e.g., government agencies, financial institutions).

Example: Let's consider a typical scenario where an organization uses a hybrid cloud deployment model.

The organization uses a private cloud infrastructure hosted on-premises for sensitive data and mission-critical applications that require strict security and control.
They leverage a public cloud service provider, such as Amazon Web Services (AWS), for their customer-facing web applications, utilizing the Elastic Compute Cloud (EC2) for virtual servers and the Simple Storage Service (S3) for object storage (IaaS).
The organization also uses a Platform as a Service (PaaS) offering from AWS, such as Elastic Beanstalk, to develop, deploy, and manage their web applications.
Additionally, they subscribe to a Software as a Service (SaaS) solution like Salesforce for their customer relationship management (CRM) needs.

In this example, the organization leverages the benefits of both private and public cloud models, utilizing different cloud service models (IaaS, PaaS, and SaaS) to meet their diverse computing needs while adhering to security and compliance requirements.

Cloud Cube Models

The cloud cube model, proposed by Jericho Forum, is a conceptual framework that helps organizations understand and analyze the various aspects of cloud computing. It consists of four dimensions: Physical, Resource, Service, and Stakeholder. These dimensions form a cube structure, allowing for a comprehensive examination of cloud computing services and their associated risks, benefits, and considerations.

Here are the four dimensions of the cloud cube model:

Physical Dimension:
- This dimension represents the physical location of the cloud infrastructure and data.
- It addresses concerns related to data sovereignty, legal jurisdiction, and compliance with regulations based on geographical location.
- Examples: On-premise, Off-shore, Within Country, Within Region.
Resource Dimension:
- This dimension focuses on the type of resources provided by the cloud service, such as storage, processing power, and applications.
- It helps organizations understand the level of control and responsibility they have over these resources.
- Examples: Storage, Processing, Network, Applications, Data, Virtual Machine.
Service Dimension:
- This dimension represents the different service models offered by cloud providers, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
- It helps organizations determine the level of abstraction and control they require over the underlying infrastructure.
- Examples: IaaS, PaaS, SaaS, BPaaS (Business Process as a Service), XaaS (Anything as a Service).
Stakeholder Dimension:
- This dimension considers the various stakeholders involved in cloud computing, including cloud providers, customers, partners, and regulatory bodies.
- It helps organizations identify and understand the roles, responsibilities, and concerns of each stakeholder.
- Examples: Cloud Provider, Customer, Partner, Regulator, User.

By examining these four dimensions together, organizations can better understand the potential risks, benefits, and implications associated with adopting cloud computing services. The cloud cube model provides a systematic approach to evaluate and select the appropriate cloud services that align with an organization's specific requirements, security concerns, regulatory compliance needs, and business objectives.

For example, an organization may choose to use a private cloud (Physical Dimension) for sensitive data and mission-critical applications, leveraging IaaS (Service Dimension) for virtual machines and storage (Resource Dimension), while ensuring compliance with local regulations (Stakeholder Dimension).

The cloud cube model promotes a comprehensive analysis of cloud computing services, enabling organizations to make informed decisions and mitigate potential risks associated with the adoption and management of cloud solutions.

How to Implement Real-Time Live Visitors Count Using Socket.io in Nest.js

Kumar Chaudhary — Mon, 08 Apr 2024 06:30:56 GMT

Last time we implement a secure socket.io connection in nest js using jwt and password strategy authentication process this time we will dive into implementing how we can implement a real time live visitors in any web pages when user visit the web pages. These type of use cases is widly applicable in application like news portal site, blog portal sites or any other kinds of e-commerce 😅😅 such that you can use where you like. Okey lets dive in shall we!

For this you must need to have a basic understanfing of MAP in js no worries if you don't know i'll give a simple example where you can have a basic understanding of how MAP works and how does it store the data.

const map = new Map();
map.set('key1', 'value1');
map.set('key2', 'value2');

console.log(map.has('key1')); // Output: true
console.log(map.has('key3')); // Output: false

Since we are using TS we need to declare and initialize two private memebers variable with it's type.

  private connectedClients = new Map>();
  private blogClients = new Map();

After successfully declaring and initializing the private instance variable the mail logics cames here. First review the code and i'll have you a basic understanding of how work flows.

 @SubscribeMessage('blogLiveCounts')
  handleBlogLiveCounts(
    @ConnectedSocket() client: Socket,
    @MessageBody() message: LiveBlog,
  ) {
    const parsedMessage: LiveBlog = JSON.parse(`${message}`);
    console.log('🚀 ~ SocketGateway ~ jsonStringify:', parsedMessage.blog_id); //🚀 ~ SocketGateway ~ jsonStringify: 2

    if (!this.blogClients.has(client.id)) {
      console.log('🚀 ~ SocketGateway ~ client.id, :', client.id); //🚀 ~ SocketGateway ~ client.id, : 7Fu4_qBToYPCBrlkAAAB
      this.blogClients.set(client.id, parsedMessage.blog_id);
    }
    console.log('🚀 ~ SocketGateway ~ this.blogClients:', this.blogClients); // example 🚀 ~ SocketGateway ~ this.blogClients: Map(1) { '7Fu4_qBToYPCBrlkAAAB' => 2 }

    // //getting all the values stored in blogClients
    const allBlogClientsValues = Array.from(this.blogClients.values());
    console.log(
      '🚀 ~ SocketGateway ~ allBlogClientsValues:',
      allBlogClientsValues,
    ); ///example :- 🚀 ~ SocketGateway ~ allBlogClientsValues: [ 2 ]

    const filteredValues = allBlogClientsValues.filter((blog_id) => {
      return blog_id === parsedMessage.blog_id;
    });
    console.log(
      '🚀 ~ SocketGateway ~ filteredValues ~ filteredValues:',
      filteredValues,
      filteredValues.length,
    ); //🚀 ~ SocketGateway ~ filteredValues ~ filteredValues: [ 2 ] 1

    this.server.emit('liveCountsSingleBlog', filteredValues.length);
  }

So, in this piece of code, I've implemented a method called handleBlogLiveCounts within my SocketGateway class. This method is triggered whenever an event named 'blogLiveCounts' is received.

First, I extract the message body, which presumably contains information about a live blog, such as its ID, title, and content. I parse this message into a LiveBlog object.

Then, I extract the blog_id from the parsed message and log it to the console. This helps me understand which blog the message is referring to.

Next, I check if the blogClients map doesn't already have the client's ID stored. This check ensures that I'm not duplicating entries for the same client. If the client's ID isn't already in the map, I add it along with the blog_id to the blogClients map.

After adding the client's ID and blog_id to the map, I log the entire blogClients map to the console. This helps me keep track of which clients are currently connected and which blogs they're viewing.

Then, I retrieve all the blog_id values stored in the blogClients map. This step is crucial because it allows me to determine how many clients are currently viewing each blog.

Once I have all the blog_id values, I filter them to find those that match the blog_id from the parsed message. This filtering process helps me identify the clients that are viewing the same blog as the one mentioned in the message.

Finally, I emit an event named 'liveCountsSingleBlog' to the server. I pass the count of filtered values (i.e., the number of clients viewing the same blog) as the payload of this event. This allows other parts of the application to receive and act upon this information in real-time.

Below is the entire work of how we can implement the Live visitors count in any web pages using socket and Nest.js

import { UseGuards } from '@nestjs/common';
import {
  ConnectedSocket,
  MessageBody,
  SubscribeMessage,
  WebSocketGateway,
  WebSocketServer,
} from '@nestjs/websockets';
import { Server, Socket } from 'socket.io';
import { JwtSocketGuard } from 'src/auth/guard/socket.guard';

interface LiveBlog {
  blog_id: number;
  user_id: number;
}

@UseGuards(JwtSocketGuard)
@WebSocketGateway(5000)
export class SocketGateway {
  @WebSocketServer() server: Server;

  private connectedClients = new Map>();
  private blogClients = new Map();

  handleConnection(@ConnectedSocket() client: Socket) {
    // Initialize the client's private room
    console.log(
      `🚀 ~ SocketGateway ~ handleConnection ~ client.id: ${client.id} is connected`,
    );
    this.connectedClients.set(client.id, new Set());
  }

  @SubscribeMessage('blogLiveCounts')
  handleBlogLiveCounts(
    @ConnectedSocket() client: Socket,
    @MessageBody() message: LiveBlog,
  ) {
    const parsedMessage: LiveBlog = JSON.parse(`${message}`);
    console.log('🚀 ~ SocketGateway ~ jsonStringify:', parsedMessage.blog_id); //🚀 ~ SocketGateway ~ jsonStringify: 2

    if (!this.blogClients.has(client.id)) {
      console.log('🚀 ~ SocketGateway ~ client.id, :', client.id); //🚀 ~ SocketGateway ~ client.id, : 7Fu4_qBToYPCBrlkAAAB
      this.blogClients.set(client.id, parsedMessage.blog_id);
    }
    console.log('🚀 ~ SocketGateway ~ this.blogClients:', this.blogClients); // example 🚀 ~ SocketGateway ~ this.blogClients: Map(1) { '7Fu4_qBToYPCBrlkAAAB' => 2 }

    // //getting all the values stored in blogClients
    const allBlogClientsValues = Array.from(this.blogClients.values());
    console.log(
      '🚀 ~ SocketGateway ~ allBlogClientsValues:',
      allBlogClientsValues,
    ); ///example :- 🚀 ~ SocketGateway ~ allBlogClientsValues: [ 2 ]

    const filteredValues = allBlogClientsValues.filter((blog_id) => {
      return blog_id === parsedMessage.blog_id;
    });
    console.log(
      '🚀 ~ SocketGateway ~ filteredValues ~ filteredValues:',
      filteredValues,
      filteredValues.length,
    ); //🚀 ~ SocketGateway ~ filteredValues ~ filteredValues: [ 2 ] 1

    this.server.emit('liveCountsSingleBlog', filteredValues.length);
  }


  handleDisconnect(@ConnectedSocket() client: Socket) {
    this.connectedClients.delete(client.id);
    this.blogClients.delete(client.id);
    const countConnectedClient = Array.from(
      this.connectedClients.values(),
    ).length;

    const countConnectedBlogClient = Array.from(
      this.blogClients.values(),
    ).length;

  }
}

Remember to delete the client.id as we used client.id which implies the id generated by socket for a client when user is connected to socket. Since we are setting up that id as a key in Map when delete client.id the live visitors count also decreased.

In my WebSocketGateway implementation using NestJS, I've ensured that when a client disconnects from the WebSocket, I clean up their associated resources by removing their client.id from both the connectedClients and blogClients maps in the handleDisconnect method. This step is crucial to maintain the integrity of our system and prevent any resource leaks.

Regarding the live visitor count, I've designed it to be based on the number of clients connected to a specific blog. To achieve this, I store the blog_id associated with each client's client.id in the blogClients map. Consequently, when a client disconnects, I remove their entry from the blogClients map to accurately reflect the updated live visitor count for each blog.

While the connectedClients map exists to track client connections, I've opted to use the blogClients map directly for live visitor count tracking. This decision simplifies the logic and ensures that the live visitor count remains accurate and up to date for each blog.