That’s an interesting perspective. I am pretty paranoid and I run the backend API in docker from a non-root user. I am pretty paranoid but kinda clueless doing all of this myself, I did use an ssh key that requires a yubikey to login to the VPS and I don’t store any secrets on the VPS it‘s all managed via GitLab.

I’m just getting started, so there’s not even a DB currently, not yet needed. I would want to run everything over k8s eventually, and was considering hosting gitlab myself for the experience and because I can’t afford paying for the CI/CD stuff.

Does it make sense to run everything on a separate instance from a security perspective? I’m already having nightmares from thinking about the networking between all of that :D

Thanks, this is reassuring. Yeah I don’t really know what I’m doing with the headers but trying my best to be as restrictive as possible. I think I’m still doing something wrong with the headers because I can’t seem to connect to the backend when the fronting is deployed.

Yeah I’m super paranoid about what I’m exposing, I made sure that there are no environment variables or secrets exposed.

Thanks! This is something I had no idea could be an issue. I just started standing up all the dummy functions for the different layers so I’ll take a step back now and review the resources you pointed me at. Also, in the Poem docs I don’t see them using async functions either. I’m very glad I asked.

Thanks a lot! Yeah I’ve been doing that and the compile messages are honestly awesome, sometimes I’m not sure if I should react to every warning because it’s a lot of extra work during development, but it helps me understand what’s going on. I’m still puzzled about some of the details of the language but the community seems very nice and there seem to be a lot of resources. Thanks for the encouragement!

Honestly I have no idea wtf that is and luckily I don’t see that when I open the page! Seriously wtf

Thanks! One of the reasons for choosing Rust was actually concurrency. So I’m building a bunch of endpoints that connect with some microservices and I expect to have many simultaneous requests. I’m honestly not like super senior but for the Python backends we’ve been building we always made everything asynchronous so I kinda got the impression that that would be necessary for my use cases. Should I also be careful with async functions when using Poem?

Thanks! This seems exactly what I'm looking for

I would love to! But with the time I have at hand I won't be starting a project in the next 2 years if I try to finish the book first. I started coding with Java, then did a lot of Python & TypeScript and now I'm here. I'm mostly building CRUD apps nothing fancy, any idea which chapters of the book I could prioritize to make sure I'm not missing anything that would lead me to making really bad, hard to refactor decisions?