Deployment on Heroku

Recently I used a Heroku (PaaS) to deploy a remote web POC. I was surprised by how quickly I did:

Create a Heroku remote

  1. Install the Heroku command-line interface sudo snap install --classic heroku (Ubuntu)
  2. Run Heroku login heroku login
  3. Link Heroku to your application heroku git:remote -a "project_name"

Deploying with Git

Push your code to Heroku:

git add .
git commit -m "First commit on Heroku"
git push heroku master

Now you can see the application deployed automatically on https://”project_name”.herokuapp.com/

Running Docker command without sudo

The docker daemon runs on your operating system as the root user making third-party Docker tools difficult to use.

Docker manages permissions around the Unix domain thought a user group. The problem is you are not part of this group by default.

The solution is to add yourself to the docker group:

sudo addgroup -a "your_username" docker  

Now reboot the machine and will be able to run Docker command without typing sudo.

Identity Server in WSO2

Being WSO2 a piece of our architecture, I proposed to test its identity and access management.

IAM Essentials:

  • Handing of new accounts. Create multiple user accounts and give them access to the application.
  • Roles and permissions. Set different levels of permissions for each user.
  • APIs Security. Manage the organization’s data, including users exchanging their username and password or reminding them which IdP they chose.
  • Integration. With a third-party authentication provider if necessary.
  • Scalability. Different actions, resources, conditions… etc.

Install the IS:

The first step is to install and configure properly WSO2 Identity Server.

Doing a recap:

  1. Download and install Oracle JDK 8.
  2. Download and install WSO2 Identity Server (Linux).
  3. Run the wso2server.sh script on Linux located inside /bin subdirectory.

Create the app:

We will create the application to integrate OAuth 2.0 standard protocol for authorization. I used Spring Security and the ClientRegistration object for that.

Here the client:

@Configuration
public class OAuth2Config {

    @Autowired
    private SoyouRegistrationProperties soyou;    

    @Bean
    public ClientRegistrationRepository clientRegistrationRepository() {
        return new InMemoryClientRegistrationRepository(getRegistration());
    }

    private ClientRegistration getRegistration() {

        return ClientRegistration
              .authorizationUri(soyou.getAuthorizationUri())
              .clientSecret(soyou.getClientSecret())
              .tokenUri("http://localhost:9763/oauth2/token")
              .redirectUri(soyou.getRedirectUri())
              .scope(soyou.getScopes().split(","))
              .clientName(soyou.getClientName())
              .clientAlias(soyou.getClientAlias())
              .jwkSetUri("http://localhost:9763/oauth2/jwks")
              .authorizationGrantType("http://localhost:9763/oauth2/authorize")
              .userInfoUri(soyou.getUserInfoUri())
              .clientAuthenticationMethod(ClientAuthenticationMethod.POST)
              .build();
    }
}

Now let’s deploy the application.

Load Balancer approach

Many companies use Round Robbin as a Load Balancer even thought this can get some problems over time:

  • A server can be already busy to get the next request.
  • We need to sent that request to the same server next time.

The strategy is to let load balancer know how busy each server is. Thereby, will send the next request to the least busy server.

Important: If you decide to use a session ID that the load balancer knows ensure that is not the IP address. Preventing our servers to be exposed to the exterior world.

Hiding the .html extension in Apache Server

The only steep here is to add the pattern in the .htaccess Apache file.

RewriteEngine On  
RewriteCond %{REQUEST_FILENAME} !-f  
RewriteRule ^([^\.]+)$ $1.html [NC,L]  

Don’t forget change all the href references /index.html to href=”/index before restarting.