The Backend Engineering Show with Hussein Nasser

PostgresSQL version 12 has been released, let's go through the features that I think are most interesting and cool. #softwarenews   Feature Matrix https://www.postgresql.org/about/featurematrix/   - Allow adding columns to Index (GIST) https://www.postgresql.org/about/featurematrix/detail/314/  - COPY FROM WHERE COPY FROM ... WHERE  - More native support of JSON objects https://www.postgresql.org/docs/12/functions-json.html#FUNCTIONS-SQLJSON-PATH  - Reindex concurrently (slow but allows writes) https://www.postgresql.org/docs/12/sql-reindex.html#SQL-REINDEX-CONCURRENTLY - Performance on large partitioned tables - Stored Generated Columns

Google just released the latest version of Chrome (80) and one of the interesting features making a big change to the default cookies that might actually prevent CSRF forever. Let’s discuss this.   #softwarenews  *  Same Site Attribute * Break some apps * Devs must explicitly set None;secure * Will this end CSRF    Resources  https://youtu.be/GPz7onXjP_4  https://www.chromestatus.com/feature/5088147346030592    News Theme 2 by Audionautix is licensed under a Creative Commons Attribution license (https://creativecommons.org/licenses/by/4.0/) Artist: http://audionautix.com/

Load balancing is process of balancing incoming requests to multiple machines, processes or services. In this video we will explain two types of load balancers, layer 4 and layer 7. Layer 4 - haproxy, NLB  Pros  - great for simple packet-level load balancing  - Fast and efficient doesn’t look at the data  - More secure as it cant really look at your packets. So if it was compromised no one can look  - Uses NAT  - One connection between client and server NATed  Cons  - Can't do smart load balancing based on the content, such as switch request based on the requested media type  - Cant do microservices with this type  - Has to be sticky as it is a stateful protocol (all segments) Layer 7 (Nginx , haproxy) This type of proxy actually looks at the content and have more context, it knows you are visiting the /users resources so it may forward it to a different server. Essential and Great for microservices , it knows the content is video:image etc..

NginX is an open source web server written in C and can also be used as a reverse proxy and a load balancer. In this video, I want to go through the following topics in NginX What is NginX? 2:25 Current & Desired Architecture 4:58 Layer 4 and Layer 7 Proxying in Nginx 8:40 Example 10:25 Install Nginx (mac) 13:30 Nginx as a Web Server 15:00 (webserver.conf) Static context location root 20:00 regular expression 27:00 proxy pass 30:30 Nginx as a Layer 7 Proxy 33:30 Proxy to 4 backend NodeJS services (docker) 37:00 IP_Hash load balaning 43:00 Split load to multiple backends (app1/app2) 46:00 Block certain requests (/admin) 49:00 NGINX as a Layer 4 Proxy 51:30 Create DNS record 1:01:08 Enable HTTPS on Nginx (lets encrypt) 1:05:08 Enable TLS 1.3 on Nginx 1:14:00 Enable HTTP/2 on NGINX 1:17:10 Summary 1:20:10 Cards 3:40 proxy vs reverse proxy https://www.youtube.com/watch?v=ozhe__GdWC8&t=1s 8:50 OSI Model https://www.youtube.com/watch?v=7IS7gigunyI 10:00 L4 vs l7 load balancer https://www.youtube.com/watch?v=aKMLgFVxZYk 34:00 spin up docker app https://www.youtube.com/watch?v=vmSMrQ8Ev9w&t=14s 44:26 stateless vs stateful https://www.youtube.com/watch?v=nFPzI_Qg3FU 1:16:30 TLS video https://www.youtube.com/watch?v=AlE5X1NlHgg&t=8s

In this podcast I explain what database partitioning is and illustrate the difference between Horizontal vs Vertical Partitioning, benefits and much more.   Why Partitioning?

ARP Address Resolution Protocol is a protocol that maps IP address to a mac address so hosts can be addressed. I want to make a video explaining ARP because it is starting to surface a lot in different videos that I’m making such as man in the middle, load balancing, and security.  

In this video I want to go through what really happens under the hood when you type google.com and you hit enter in a browser. This is inspired by alex’s github page below, it is a great detailed description of what happens. I did however add more details to certain areas and I removed some stuff like keyboard events and low level operating system like that. So if you are interested stay tuned! https://github.com/alex/what-happens-when 5:30 HSTS https://youtu.be/kYhMnw4aJTw 19:30 tcp vs udp https://youtu.be/qqRYkcta6IE 24:42 tls https://youtu.be/AlE5X1NlHgg 40:56 mimesniffing https://youtu.be/eq6R6dxRuiU Initial typing - lookup for most visited sites or an actual search Google.com Enter - parse is it a url or search term? If search do a search if url visit website Which protocol? which port ? HSTS? HTTPS or HTTP? DNS cached? Hosts? DoH? Lookup ? TCP ip / port ? arp? NAT? proxy? HTTP 1.1 ? More than one connection TLS version? ciphers? Alpn? SNI ? H2 ? H3? Quic? GET / - ? Headers compress cookies? binary stream? HTML? H2 push? HTML Parse? Make multiple requests css? JS? Multiple streams? If H1 then pipeline?

Failover is the technique of switching to a redundant backup machine when a certain node goes down. This is a very common implementation for achieving high availability and it is often mixed with different load balancing techniques such as layer 4 and layer 7 balancing.  In this video i want to go through following  * What is Failover? 1:47
 * ARP - Address Resolution Protocol 3:00
 * VIP & VRRP 5:40
 * High-availability Example 12:12
  Cards 4:00 ARP 12:50 docker javascript 18:00 OSI Model

HAProxy is free, open source software written in C that provides a high availability  layer 4 and layer 7 load balancing and proxying . It has a reputation for being fast and efficient (in terms of processor and memory usage). In this video I want discuss the following Current & Desired Architecture 2:30 HAProxy Architecture  5:50 HAProxy as TCP Proxy & HTTP Proxy (Layer 4 vs Layer 7) 17:00 ACL (Access Control Lists) 19:20 TLS Termination vs TLS Pass Through 20:40 Example 24:23 Spin up the services 25:51 Install HAProxy - 28:00 HAProxy configuration 29:11 ACL Conditional 39:00 ACL Reject URL 48:00 Enable HTTPS HAProxy 53:00 Enable HTTP/2 on HAProxy 1:05:30 Summary Cards Docker Javascript node 4:00 Varnish 15:46 NAT 23:30 Docker Javascript node 26:00 Encryption 56:00 TLS 56:10 HTTP2 1:08:40 Source Code for Application HAProxy config https://github.com/hnasr/javascript_playground/tree/master/proxy Docker application https://github.com/hnasr/javascript_playground/tree/master/docker resources https://www.haproxy.com/blog/the-four-essential-sections-of-an-haproxy-configuration/ https://www.haproxy.com/documentation/aloha/10-0/traffic-management/lb-layer7/acls/#predefined-acls https://certbot.eff.org/lets-encrypt/osx-nginx

HSTS or HTTP Strict Transport Security is a mechanism to force clients to communicate in HTTPS with a web server if both support this protocol.   In this podcast, I talk through this tech.