On Jun 29 Nate Berkopec (@nateberkopec) tweeted this: “Observation: when scaling on AWS/AWS-based VPS services, newer, lower-volume Rails applications tend to be memory-bottlenecked, older, high-volume Rails applications tend to be cpu-bottlenecked.” This is really useful to know. We recently saw our tiny new Rails app running on an AWS t2.micro server getting into a “WARN” state after running a sucker punch job. It was using over 90% of its RAM, and stayed that way until we restarted the server. ... Read more

Here are two quick wins for security that will help you sleep better at night: If you are running Rails 5.2 or higher, chances are you are already using the new Content-Security-Policy feature for Cross-Site-Scripting (XSS) protection, it just needs configuring. The Rack-attack gem for throttling spammy clients, and preventing brute-force login attacks. Both of these are quick to get started with, but will benefit from monitoring and fine tuning. ... Read more

How we started to use Rails 5.2 Encrypted Secrets for securing Amazon S3 key pairs for use with Active Storage. Here is a useful starting point: Rails Encrypted Credentials on Rails 5.2 Our development and production envionment is Linux, and we precompile our assets before deployment. Part 1: Encrypt your secrets With Rails 5.2 a sort of ‘password safe’ is introduced, whereby you commit your encrypted secret credentials to source control, but not your master password. ... Read more

How we used Rails Active Storage and got it working with Amazon S3. If you are new to Active Storage, here are a couple of useful links: A great video introduction to Active Storage: File uploading with ActiveStorage in Rails 5.2 A useful overview on creating your bucket on Amazon S3: Tutorial: How to use Amazon S3 and CloudFront CDN to serve images fast and cheap ... Read more