RTC
en nl
🌟Developing a simple public ToDo web application
[ Not yet finished ]
First app

Objective

In my previous post, I implemented several logical servers on my Proxmox home server machine:
“templ-ubuntu”, “home-devdepserver”, and “home-utilityserver”.
See Architecture of my home server .

I now want to develop an initial demonstration web application in Golang with a MariaDB database,
using the central repository for source code storage.
The application then needs to be delivered as OCI container and stored in the central binary registry.

Next, an application execution server environment needs to be created on my home server.
The created containerized application and database needs to be deployed to this server environment.
For this, I’ll install “home-testappserver”, and “home-prodappserver” as logical servers.

Finally, I want to make this deployed web application publicly accessible via tunneling.
The application should be accessible via a link in the “Demo” page of my Cloudflare website.
In this post, I want to complete my “virtual data center” with communication middleware for this.
Cleaning up existing “home-pve” and “home-backupserver” will follow later.
After this post, we’ll have the following situation:

Servers

With this project, I’m fully implementing all my ideas for the public website and a small virtual datacenter.
In the next project, I want to start further developing my ideas regarding a modern software factory:
application development tools, testing, security, CI/CD, OCI & Kubernetes, and app/infrastructure monitoring.

Result

1 - Purchase and installation of laptop

Laptop

I bought my first laptop and installed Linux Mint as the OS on it.
I chose a refurbished business laptop, suitable for web development, at a budget price.
See Architecture of my laptop .
I used this Linux Laptop to test and learn all the new software.
In the future, I will switch completely from Windows desktops to only Linux desktops.

2 - Security of home network, servers, workstations and software

Laptop

Because I want to make applications on my home network accessible from the internet,
I need to better secure access to local resources.
I also grant visitors at my home access to my Wi-Fi network,
and I also want to prevent them from accessing local resources other than the internet.
I therefore expanded my access security, and this was done at various levels.

At the network level, I tried using firewalls on routers and VLANs (virtual LANs).
By providing separate virtual networks on 1 physical network,
I can keep internet visitors and Wi-Fi visitors at home separate from internal users.
However, I am using a router provided by my ISP that does not support VLANs,
and therefore have to wait for an upgrade from my ISP.
The firewall rules on my router currently allow all outgoing traffic to the internet,
but block all incoming traffic (I will need to make very minor changes to this later in this post).

At the machine/OS level, I have installed and configured firewalls for all machines.
On my Windows desktop, this is the built-in Windows firewall,
and on my Linux Mint laptop, this is the UFW firewall software.
These workstations allow all outgoing traffic but block all incoming traffic by default.
Proxmox was installed as the hypervisor OS on my NAS/home server, and it provides a hierarchy of firewalls.
Proxmox software-implements its own internal network on the machine with a virtual switch,
which connects all LXCs and VMs to the home network.
At the node level and each LXC/VM level, Proxmox provides a separate firewall that needs to be configured.

See “Network and Firewall organization” section in Architecture of my home server .

Security must also be provided for every accessible service/application.
Security via SSH keys has already been implemented for the SSH service and Gitea server software.
The desktop and laptop workstation therefore have my personal private SSH key,
and all servers have my personal public SSH key to grant easy access.
For self-developed applications that are publicly accessible,
I only provide secure HTTPS or VPN access after (password) authentication by the user.
More explanation regarding the chosen authentication software will follow later in this post.

3 - Developing minimal demo web applications in Go

Develop app

3.1 - Develop demo_hello application

First, I created a HelloWorld application “demo_hello” (with prefix “example-” in Gitea) in Golang.
For the implementation, the standard net/http en html/template library in Go were used.
I chose Golang as the programming language because it’s an easy high-performance language,
and ideally suited for running in containers/cloud environments.
This HelloWorld project will later to used to easily initiate development for all new Golang projects.
The repo contains the GitHub/Gite configurations, local Git configurations, and the Golang setup.
It also includes a simple makefile to simplify the compile, linting, and testing workflow through automation.
Other pipeline logic will be added later.
This way, a smooth development workflow was enforced right from the start.
See Cheatsheet for golang beginners for more information.

This and all subsequent application development repositories are publicly accessible in my GitHub / RobertTC32 account.

3.2 - Develop demo_todo application

Next, the “demo_todo” repo (with prefix “app-” in Gitea) was created with demo_hello repo as starter.
The repo structure was designed to contain not only Golang source code,
but also Golang test code, SQL script files, pipeline specifications, etc.

Next, I created a MariaDB database with SQL scripts for creating DB objects and test data.
MariaDB is a lightning-fast, open-source, and very popular relational database management system (RDBMS).
It is a direct ‘fork’ of MySQL, set up by the original developers.
In later projects, I will also use a MariaDB database in Kubernetes (with horizontal scaling and backup), and then run performance tests on it.

After creating the database, an initial version of the demo_todo web application was developed.
This only displayed the database contents as todo rows in a table on the screen.

3.3 - Deploy containerized web applications on application server

For both web applications, I created the smallest possible OCI image,
and then installed these on my test and production application servers.
Due to a Windows upgrade, “Docker” and “Docker Desktop” suddenly stopped working.
I then installed “Podman Desktop” on my Windows desktop and tested it.
After a lot of testing, I was able to solve the problem with Docker as well.

Containerization and deployment were done manually,
but in subsequent posts we will automate this (ansible).
After booting up on the application servers, the web applications were tested within the home network.

4 - Making web application publicly accessible via tunneling

5 - Make web applications publicly accessible without tunneling

6 - Add access security to web application

Under construction