Rails Security

June 6, 2018


Here are two quick wins for security that will help you sleep better at night: If you are running Rails 5.2 or higher, chances are you are already using the new Content-Security-Policy feature for Cross-Site-Scripting (XSS) protection, it just needs configuring. The Rack-attack gem for throttling spammy clients, and preventing brute-force login attacks. Both of these are quick to get started with, but will benefit from monitoring and fine tuning. ... Read more

Minimal Email Receiving

May 1, 2018


How we receive email for our domain using email forwarding on Amazon SES, with minimum effort. Our web-app sends emails no problem, but we also want to receive emails into the same accounts. For example our web-app sends an automatic email from info@mySite.com, but if it receives an email sent to info@mySite.com, we want to handle that too. The simplest way is to implement email forwarding. (The hard way would be to build an email client inside our web-app, then decide how and when to notify whoever needs to handle it). ... Read more

Simple GDPR Compliance

April 4, 2018


How we aim to meet the requirements for GDPR compliance on a website with minimal use of personal data, using minimum effort. *Disclaimer - we are not lawyers, so don’t take any of this as legal advice! What is GDPR?: GDPR is the EU “General Data Protection Regulation”. It is more detailed and specific than the UK Data Protection Act 1998. It will be enforced from 25 May 2018. ... Read more

Rails 5.2: encrypted secrets

March 22, 2018


How we started to use Rails 5.2 Encrypted Secrets for securing Amazon S3 key pairs for use with Active Storage. Here is a useful starting point: Rails Encrypted Credentials on Rails 5.2 Our development and production envionment is Linux, and we precompile our assets before deployment. Part 1: Encrypt your secrets With Rails 5.2 a sort of ‘password safe’ is introduced, whereby you commit your encrypted secret credentials to source control, but not your master password. ... Read more

Rails Active Storage: Uploading files to Amazon S3

March 20, 2018


How we used Rails Active Storage and got it working with Amazon S3. If you are new to Active Storage, here are a couple of useful links: A great video introduction to Active Storage: File uploading with ActiveStorage in Rails 5.2 A useful overview on creating your bucket on Amazon S3: Tutorial: How to use Amazon S3 and CloudFront CDN to serve images fast and cheap For our use case we are uploading PDF documents direct to the cloud. ... Read more

Sending Emails

January 7, 2018


When action mailer fails to deliver to Hotmail/Outlook email accounts… A short note on sending mail from a Rails application ( action_mailer ) to a Microsoft Hotmail account, but the email never arrives in Hotmail/Outlook. After investigation, it looks like Hotmail probably only likes one email address per origin / server IP address. If you send an email from the same server but change the email address, then hotmail will silently block it. ... Read more

Let’s Encrypt automatic SSL certificate renewal on a single AWS instance

August 14, 2017


How we configured Elastic Beanstalk to play nicely with automatic certificate renewal by Let’s Encrypt. Everyone it seems is going with Let’s Encrypt to generate their free SSL/TLS ceritficate. Running it once is easy, but getting it configured to work with Elastic Beanstalk and EC2’s lifecycle can send you round in circles. This post is an update of the original January 2017 post with our improved configuration. The configuration needs to cater for ALL of these scenarios: ... Read more

Hugo website SEO

August 9, 2017


You want to be found on the web. Search Engines want to help… Hugo or your Hugo theme might provide some SEO components out of the box, but consider adding what it doesn’t, then tell google; bing and other search engines about your site. Part 1: Add SEO elements to your website See also about SEO elements -> https://developers.google.com/search/docs/guides 1. Configuration: By default Hugo or your Hugo theme will give you: ... Read more

Hugo website on GitLab Pages

August 6, 2017


How we created a static website with Hugo and hosted it on GitLab Pages with our custom domain secured with a SSL/TLS certificate, for free. With Hugo + GitLab Pages + Let’s Encrypt you get: Static website generator. Auto-deploy on checkin. Free hosting. Custom domain AND secured with SSL/TLS encryption. Free Let’s Encrypt certificate. Previously we had setup our website on GitHub but with one major drawback: Github Pages doesn’t currently support SSL/TLS certificates with a custom domain. ... Read more

Wordpress to Hugo

August 2, 2017


How we migrated a Wordpress blog to a Hugo generated website (and hosted it on GitHub Pages for free), without too much fuss. Part 1: Export from Wordpress to Hugo format: Being on the free tier of Wordpress, it was not possible to run any of the excellent looking tools that hugo recommends. So instead we opted to use the wp2hugo.go tool to process the downloaded export file from Wordpress into markdown files, as explained here. ... Read more

© 2018 Keith P | Follow on Twitter | Git