\n<\/a>II) Caching
\n<\/a>III) Security
\n<\/a>IV) Continuous Integration
\n<\/a>V) Lessons Learned<\/a><\/p>\n
Security<\/h1>\nIntroduction<\/h2>\n
Today we want to give you a better understanding of the security part of our application. Therefore, we will talk about topics like security certificates and enable you to gain a deeper insight into our auth service.<\/p>\n
<\/p>\n
TLS Certificates with Let\u2019s Encrypt<\/h2>\n
Let\u2019s start with certifications. We use TLS encryption with Let\u2019s Encrypt <\/a>certificates. What is TLS? Well, TLS (Transport Layer Security) is the successor of SSL and is used to enable a secure data transfer on the internet. There are a lot of different certificates available, but we have chosen the Let’s Encrypt\u00a0certificates because of following reasons<\/p>\n Another plus: Software clients can be used for the installation process and for all other mentioned steps above which reduces the work and complexity considerably. Although Let’s Encrypt is a quite young certificate authority (launched in April 2016), at the time of writing this blog entry there are more than 30 clients.<\/p>\n For example, let\u2019s take a quick look at the most widespread Let\u2019s Encrypt client called Certbot<\/i>.<\/p>\n Installation on an Ubuntu 16.04 server is as easy as typing:<\/p>\n For obtaining standalone certificates you would simply type:<\/p>\n And for automatically renew your certificates:<\/p>\n Of course, there are far more advanced commands as well. But as you can see, it is neither difficult nor expensive anymore to enable TLS encryption for your web application.<\/p>\n We wrote\u00a0in our first blog post about authentication of services and a short explanation of the auth service. Basically authentication takes place in three major parts: login, communication and logout. Now it\u2019s time to gain a deeper insight according to the following graphics.<\/p>\n Let\u2019s start with our first use case – login. As you can see we use the key-value store Redis<\/a> to save our session IDs together with our user data in-memory. Firstly, user logs in by sending a post request to auth service with username and password as body parameters. Then auth service sends a request to User service with these credentials in order to verify if user exists and gets user data as successful response. After that, a new express-session key will be generated and saved with user data as value along\u00a0with an expiration date into Redis database. Last step is to send a response to the requesting client with the session ID in header.<\/p>\n After a successful login all following interaction between client and service X will be carried out like displayed in the figure above. Each request from client to a service X needs to be verified by\u00a0auth service in order to get back a valid response – consequently there is a great number of requests which has to be answered by one service, the auth service. Therefore, we use HTTP caching to optimize the\u00a0great number of requests. You can read all about our implemented caching strategy in blog post two<\/a>. Once a key is expired, auth service will contact all services to delete their cache which brings us to our third use case – the logout.<\/p>\n So far, so good. But what if a user logged out before session expiration date? In such case, the implemented caching strategy would lead the services to assume\u00a0that the session was still valid, respectively would keep them from rechecking the session\u2019s validity. To cover this use case, we designed and implemented our logout strategy as follows: To log out, a user\u2019s client must send a request to auth service. Then auth service deletes the key and the value in Redis database if the key exists and notifies all registered services to clean\u00a0their caches. In doing so we can assure, that our caching strategy will not have any negative effects on security. Currently we are using a configuration file with all registered services. In the future, this approach will be replaced with a service registry like Consul to reduce maintenance on server side.<\/p>\n An automated development environment will save you. In the next blog post we explain how we set up Jenkins, Docker and Git to work seamlessly together. Kost, Christof [ck154@hdm-stuttgart.de<\/a>] Security is a topic that always occurs with microservices. We\u2019ll present our solution for managing both, authentication and authorization at one single point.<\/p>\n","protected":false},"author":192,"featured_media":1968,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1,651,2],"tags":[96,91,27],"ppma_author":[719],"class_list":["post-1967","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-allgemein","category-system-designs","category-system-engineering","tag-certificates","tag-microservices","tag-security"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/auth_login_gesamt03.png","jetpack-related-posts":[{"id":23067,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2022\/03\/15\/security-strategies-and-best-practices-for-microservices-architecture\/","url_meta":{"origin":1967,"position":0},"title":"Security Strategies and Best Practices for Microservices Architecture","author":"Larissa Schmauss","date":"15. March 2022","format":false,"excerpt":"Microservices architectures seem to be the new trend in the approach to application development. However, one should always keep in mind that microservices architectures are always closely associated with a specific environment:\u00a0Companies want to develop faster and faster, but resources are also becoming more limited, so they now want to\u2026","rel":"","context":"In "Scalable Systems"","block_context":{"text":"Scalable Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/scalable-systems\/"},"img":{"alt_text":"","src":"https:\/\/lh6.googleusercontent.com\/LbFspPRY1BxRBdAVjQwWXeJ6UOoxl6JWsRYrxboF5ObXlNNgy3uZikcGkc3cgzI0mr_ZlbWPxvdp0FoJC1k-odh7mRc2lCPXaMSq8TudjfoZ7e5HKstaMHmLpH319jCym6vQRo1a","width":350,"height":200,"srcset":"https:\/\/lh6.googleusercontent.com\/LbFspPRY1BxRBdAVjQwWXeJ6UOoxl6JWsRYrxboF5ObXlNNgy3uZikcGkc3cgzI0mr_ZlbWPxvdp0FoJC1k-odh7mRc2lCPXaMSq8TudjfoZ7e5HKstaMHmLpH319jCym6vQRo1a 1x, https:\/\/lh6.googleusercontent.com\/LbFspPRY1BxRBdAVjQwWXeJ6UOoxl6JWsRYrxboF5ObXlNNgy3uZikcGkc3cgzI0mr_ZlbWPxvdp0FoJC1k-odh7mRc2lCPXaMSq8TudjfoZ7e5HKstaMHmLpH319jCym6vQRo1a 1.5x"},"classes":[]},{"id":1915,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/02\/28\/microservices-legolizing-software-development-5\/","url_meta":{"origin":1967,"position":1},"title":"Microservices – Legolizing Software Development V","author":"Korbinian Kuhn, Steffen Mauser","date":"28. February 2017","format":false,"excerpt":"We finish with a concluding review about the use of microservices in small projects and give an overview about our top stumbling blocks.","rel":"","context":"In "System Designs"","block_context":{"text":"System Designs","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1912,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/02\/28\/microservices-legolizing-software-development-2\/","url_meta":{"origin":1967,"position":2},"title":"Microservices – Legolizing Software Development II","author":"Korbinian Kuhn, Steffen Mauser","date":"28. February 2017","format":false,"excerpt":"Part two will take a closer look on how caching improves the heavy and frequent communication within our setup.","rel":"","context":"In "System Designs"","block_context":{"text":"System Designs","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/Caching-01.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/Caching-01.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/Caching-01.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/Caching-01.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/Caching-01.png?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":23961,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2023\/02\/10\/microservices-any-good\/","url_meta":{"origin":1967,"position":3},"title":"Microservices – any good?","author":"Kim Bastiaanse","date":"10. February 2023","format":false,"excerpt":"As software solutions continue to evolve and grow in size and complexity, the effort required to manage, maintain and update them increases. To address this issue, a modular and manageable approach to software development is required.\u00a0Microservices architecture provides a solution by breaking down applications into smaller, independent services that can\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/02\/Microservice.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/02\/Microservice.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/02\/Microservice.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/02\/Microservice.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/02\/Microservice.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/02\/Microservice.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":1907,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2017\/02\/28\/microservices-legolizing-software-development-1\/","url_meta":{"origin":1967,"position":4},"title":"Microservices – Legolizing Software Development I","author":"Korbinian Kuhn, Steffen Mauser","date":"28. February 2017","format":false,"excerpt":"In the first part, we present an example microservice structure, with multiple services, a foreign API interface and a reverse proxy that also allows load balancing.","rel":"","context":"In "System Designs"","block_context":{"text":"System Designs","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/Architecture-01.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/Architecture-01.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/Architecture-01.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":27660,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2025\/03\/20\/monolith-vs-micro-services\/","url_meta":{"origin":1967,"position":5},"title":"Monolith vs Micro Services – “Back to the future with modular monoliths”","author":"Luca-Max Baur","date":"20. March 2025","format":false,"excerpt":"In der Softwareentwicklung stehen Software- und Systemarchitekten heutzutage oft vor der Entscheidung zwischen einem monolithischen Aufbau oder Microservices. In diesem Blogpost wird erl\u00e4utert, was ein Monolith und Microservice sind und welche Vor- und Nachteilen diese mit sich bringen. Zudem wird ein Blick in die Wirtschaft gewagt, um den aktuellen Trend\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"authors":[{"term_id":719,"user_id":192,"is_guest":0,"slug":"sm182","display_name":"Calieston Varatharajah, Christof Kost, Korbinian Kuhn, Marc Schelling, Steffen Mauser","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/a66e03af75a6f3435a95485a0dff1f52d3dac9a448797b8354b4d2218852bd37?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/1967","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/users\/192"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/comments?post=1967"}],"version-history":[{"count":26,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/1967\/revisions"}],"predecessor-version":[{"id":2252,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/1967\/revisions\/2252"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/media\/1968"}],"wp:attachment":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/media?parent=1967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/categories?post=1967"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/tags?post=1967"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/ppma_author?post=1967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
sudo apt-get install letsencrypt<\/pre>\n
letsencrypt certonly --standalone -d example.com -d www.example.com<\/pre>\n
letsencrypt renew<\/pre>\n
Auth Service<\/h2>\n
![\"\"](\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/auth_login_gesamt03-1024x845.png\")
<\/a>![\"\"](\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/auth_communication-1024x841.png\")
<\/a>![\"\"](\"https:\/\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2017\/02\/logout03-1024x739.png\")
<\/a>
\nContinue with Part IV – Continuous Integration<\/a><\/p>\n
\n
\nKuhn, Korbinian [kk129@hdm-stuttgart.de<\/a>]
\nSchelling, Marc [ms467@hdm-stuttgart.de<\/a>]
\nMauser, Steffen [sm182@hdm-stuttgart.de<\/a>]
\nVaratharajah, Calieston\u00a0[cv015@hdm-stuttgart.de<\/a>]<\/p>\n","protected":false},"excerpt":{"rendered":"