Group items tagged

Encrypted cookies are an important security feature in Laravel.

All of this encryption and decryption is handled in Laravel by the Encrypter using PHP's built-in security tools, including OpenSSL.

Passwords are not encrypted, they are hashed.

Crypt (symmetric encryption) and Hash (one-way cryptographic hashing).

Laravel uses this same method for cookies, both the sender and receiver, using APP_KEY as the encryption key.

something like user passwords, you should never have a way to decrypt them. Ever.

Unique: The collision rate (different inputs hashing to the same output) should be very small

Laravel hashing implements the native PHP password_hash() function, defaulting to a hashing algorithm called bcrypt.

a one-way hash, we cannot decrypt it. All that we can do is test against it.

User password storage should never be reversible, and therefore doesn’t need APP_KEY at all.

Any good credential management strategy should include rotation: changing keys and passwords on a regular basis

update the key on each server.

their sessions invalidated as soon as you change your APP_KEY.

make and test a plan to decrypt that data with your old key and re-encrypt it with the new key.

All jobs will share the same environment, if many of them run simultaneously they might get into conflicts.

storage management (accumulating images)

all containers would share the same Docker daemon.

Add privileged = true in the [runners.docker] section, the privileged mode is mandatory to use DinD.

To avoid that the runner only run one job at a time, change the concurrent value on the first line.

functional tests depending on a database.

Docker Compose allows you to easily start multiple containers, but it has no more feature than Docker itself

kubeadm uses the network interface associated with the default gateway to set the advertise address for this particular control-plane node's API server. To use a different network interface, specify the --apiserver-advertise-address=<ip-address> argument to kubeadm init

Do not share the admin.conf file with anyone and instead grant users custom permissions by generating them a kubeconfig file using the kubeadm kubeconfig user command.

The token is used for mutual authentication between the control-plane node and the joining nodes. The token included here is secret. Keep it safe, because anyone with this token can add authenticated nodes to your cluster.

You must deploy a Container Network Interface (CNI) based Pod network add-on so that your Pods can communicate with each other. Cluster DNS (CoreDNS) will not start up before a network is installed.

Make sure that your Pod network plugin supports RBAC, and so do any manifests that you use to deploy it.

The cluster created here has a single control-plane node, with a single etcd database running on it.

The node-role.kubernetes.io/control-plane label is such a restricted label and kubeadm manually applies it using a privileged client after a node has been created.

kubectl taint nodes --all node-role.kubernetes.io/control-plane-

remove the node-role.kubernetes.io/control-plane:NoSchedule taint from any nodes that have it, including the control plane nodes, meaning that the scheduler will then be able to schedule Pods everywhere.

by default they react to !commands in your chatroom. Commands can also trigger on regular expression matches, with or without a bot prefix.

Errbot also supports Markdown responses with Jinja2 templating.

Errbot supports webhooks; It has a small web server that can translate endpoints to your custom plugins.

It’s recommended that you configure this behind a web server such as nginx or Apache.

It works with the If This Then That (IFTTT) principle, meaning that you define a set of rules that the system then uses to take action.

Lita is a chat bot written in Ruby. Like the other bots I’ve mentioned, it is also open source and supports different chat platforms via plugins.

Gort is a newer entrant to the ChatOps space. As the name suggests it has been written in Go, and it is still under active development.

can persist information in databases, supports advanced parsers, and is extendable with custom skills.

Microservices also bring a set of additional benefits, such as easier scaling, the possibility to use multiple programming languages and technologies, and others.

Java is a frequent choice for building a microservices architecture as it is a mature language tested over decades and has a multitude of microservices-favorable frameworks, such as legendary Spring, Jersey, Play, and others.

A monolithic architecture keeps it all simple. An app has just one server and one database.

All the connections between units are inside-code calls.

split our application into microservices and got a set of units completely independent for deployment and maintenance.

Each of microservices responsible for a certain business function communicates either via sync HTTP/REST or async AMQP protocols.

ensure seamless communication between newly created distributed components.

The gateway became an entry point for all clients’ requests.

We also set the Zuul 2 framework for our gateway service so that the application could leverage the benefits of non-blocking HTTP calls.

we've implemented the Eureka server as our server discovery that keeps a list of utilized user profile and order servers to help them discover each other.

We also have a message broker (RabbitMQ) as an intermediary between the notification server and the rest of the servers to allow async messaging in-between.

microservices can definitely help when it comes to creating complex applications that deal with huge loads and need continuous improvement and scaling.