Security Best Practices for Deploying Rails 8 on Linux with Kamal
The best advice I can give as an IT security professional on running your own server: just don’t. - How To Protect Your Linux Server From Hackers!, LiveOverflow
Kamal is an excellent way to deploy web applications, yet it can be intimidating if you do not have any background securing Linux servers professionally. This post will examine the most relevant risks when deploying an internet facing web application via Docker with Kamal, how to avoid those risks, and provide commentary on how to think about security.
This seems like a short list. Where is encryption? Or keeping your software up to date? These topics will be covered, and they are important. My issue with most security advice is that for a list of top 10 risks, they are all treated with the same severity, when there should be bright red text on an entry midway down that says DOUBLE CHECK THIS ONE, YOU WILL GET HACKED IF THIS IS WRONG. The top three risks above all fit that description.
This article is going to exclude vulnerabilities in your Ruby on Rails (or Phoenix, Django, etc) code, for example if you write a controller that takes user input and passes it to the eval function, an attacker can use that vulnerability to hack into the server.
