Rails Performance Tuning, Security and Reliability Audit

Let's stop new features development for the next two sprints and focus on performance, security, and reliability instead.

Said no startup ever

Don't wait for an actual incident to improve your app's security. Frustrated clients will not tell you that your website is slow but click away to the competition.

I'm available to conduct a performance tuning and security audit of your Rails app. You can now improve the fundamentals of your project, without compromising on your roadmap and features development speed.

The offer will be tailored to the needs of your application. To proceed, I will ask you to fill out a survey. It will help me get a better overview of your app's current state and determine if my offer is suitable for it.

Based on your survey and the scope that we agree on, I'll quote you a fixed price for an audit.

I offer a condensed set of security and performance-related best practices that I've already applied in numerous client projects. Sometimes it took our team months of work or an actual security incident to realize that we needed this particular solution in place.

The final outcome of my audit is not only the report of what you should fix in your app. I can submit the PRs with improvements to your Rails app repo and apply fixes in the AWS/Heroku console.

Contact me

Paweł Urbanek Rails Performance Consultant

Pawel Urbanek Full Stack Ruby on Rails developer avatar

Full Stack web development consultant with over 8 years of experience. Specializing in Ruby on Rails, website performance and SEO. Experienced in building scalable APIs for startups and refactoring legacy codebases. Blogging about web development related topics. After hours I train rock climbing to rest my wrists from the keyboard.

Pawel Urbanek AWS Architect badge

Check out my LinkedIn profile for more info about my commercial experience.

My open source projects are available on GitHub.

You can also follow me on Twitter.


Migrate Heroku Postgres Database to AWS RDS - the Complete Guide

Blog posts

Why You Should Migrate your Heroku Postgres Database to AWS RDS

Heroku PostgreSQL addon is excellent for a quick start setup of a new project. Once your web app matures, then migrating to an alternative database engine like Amazon RDS should be considered. In this blog post, I’ll describe the benefits and drawbacks of using AWS RDS instead of the default Heroku addon. I’ll also compare the pricing and explain why projects that care about EU GDRP compliance should avoid using the Heroku database.

How to Fix PostgreSQL Performance Issues with PG Extras

PostgreSQL database queries are a common performance bottleneck for web apps. Before you resort to more complex optimization techniques like caching or read replicas, you should double-check if your database engine is correctly tuned and queries are not underperforming. In this blog post, I present a step by step guide on using PG Extras library to spot and resolve common PostgreSQL database performance issues.

How to Improve ActiveRecord Query Performance with Subquery Caching

Slow database queries are a common performance bottleneck for Ruby on Rails apps. Simplifying a complex query is often not possible due to the underlying business logic. Instead, you can extract parts of a query, cache and reuse them to improve performance. In this tutorial, I'll describe a range of techniques on how to do it.

Postgres Indexes for ActiveRecord Join Tables in Rails Apps

Join tables are a common citizen in Ruby on Rails apps. Their use case is to provide many to many relation between database models. Adding correct Postgres indexes on join tables is not obvious. I've noticed that some tutorials, Stack Overflow posts, and even Rails itself provide incorrect advice on how to do it. In this tutorial, we'll look into how compound Postgresql indexes work and how to correctly use them with join tables.

Brotli and Gzip Compression for Assets and JSON API in Rails

HTTP content compression has a significant impact on the client-side performance of a web app. In this blog post, I'll describe different methods for compressing dynamic and static content in Ruby on Rails apps using Gzip and Brotli algorithms.

Secure EC2 SSH Access for Dynamic IP with Ephemeral Security Groups

Leaving inbound EC2 SSH ports open greatly increases the risk of unauthorized entities running commands on the server. In the perfect world, each developer with access rights would use only a single static IP address. You could whitelist it in an AWS security group in addition to using standard SSH keys based authentication.

How I Fight my Internet and Mobile Addiction

Mindlessly checking social networks, watching YouTube, and permanently distracted by push notifications. Have you been there? In my least technical post so far, I'm going to share a couple of tips on tackling the internet and smartphone addiction.

4 Ruby on Rails Mistakes that could Kill Your Production Servers

In this tutorial, I’ll describe a couple of non-obvious Ruby on Rails mistakes that could bring down your production system. They are so sneaky that they could get past the review process of even more experienced developers. Please don't ask me how I know them.

Concurrency for HTTP Requests in Ruby and Rails

Ruby MRI does not support parallel CPU bound operations due to the dependency on non-thread safe C extensions. Input/Output operations like HTTP requests, are still a perfectly valid use case for spinning up multiple threads. Read on to learn what tools are available for requests concurrency in Ruby with all their cons and pros.

Inheritance and Abstract Class Pattern for Ruby on Rails Controllers

Inheritance is often frowned upon, because of the banana and jungle metaphor. In some scenarios, it can be a viable alternative to modules composition for sharing behavior. In this tutorial, I will describe a practical use case where using abstract base class pattern plays well with Ruby on Rails controllers layer.

UUID Primary Key in Rails 6 with PostgreSQL and Active Record

UUID also known as GUID is an alternative primary key type for SQL databases. It offers some non-obvious advantages compared to standard integer-based keys. Rails 6 release fresh out of beta introduces a new feature in ActiveRecord that makes working with UUID primary keys more straightforward. In this tutorial, we will dive deep into UUIDs with all their cons and pros.

Getting Started with AWS S3 IAM Policies Security Config for Rails Apps

Storing files on S3 is for many developers, the first contact with AWS cloud. Unfortunately, the quick and easy configuration can be insecure. If you are uploading files to an S3 bucket but never configured a custom AWS IAM policy it's possible that there's a security issue in your app. In this tutorial, I will describe what IAM policies are and how to securely configure them when working with S3 in the Rails apps.

The Road to $10,000 Profit from my Side Project Slack Bot

My side project Slack app Abot has recently reached a milestone of $10,000 total profit. In this blog post, I describe how the project has changed during the last year and what I am doing to grow and promote it. I also share some details about the usage stats and revenue.

A Simple Way to Encrypt Data in Rails without Gem

Storing sensitive data in plaintext can seriously harm your internet business if an attacker gets hold of the database. Encrypting data is also a GDPR friendly best practice. In this blog post I describe a simple way to securely encrypt, store and decrypt data using built in Ruby on Rails helpers instead of external dependencies.

How to Backup Heroku Postgres Database to an Encrypted AWS S3 Bucket

Heroku offers a robust backups system for it's Postgres database plugin. Unfortunately, you can irreversibly lose all your data and backups just by typing a single command. It might seem improbable, but still, I would rather not bet my startup's existence on a single faulty bash line. In this tutorial, I will describe how to set up a proprietary redundant Heroku PostgreSQL backups system to a secure AWS S3 bucket.

Best SEO Tips & Tools for Blogging Programmers in 2020

I've noticed that many programming blogs I read don't implement certain simple SEO techniques, and bloggers could be missing valuable traffic opportunities. I will describe a couple of search engine optimization tips which can improve your technical blog's SEO ranking and search results position in 2020. I will cover topics like Google's Featured Snippets, best rendering speed tips and social media meta tags.

Continuous Integration and Deployment for Rails using CircleCI

Continuous integration and delivery pipeline can have a significant impact on the dev team's productivity and stability of production releases. In this tutorial, I describe how to automate testing, security checks, and deployments for Ruby on Rails apps using CircleCI. I cover a basic CI setup as well as more advanced features like concurrent specs, dependencies caching, NodeJS/Webpack setup, Heroku deployments, and GitHub integration.

Rails ActiveRecord PostgreSQL Foreign Keys and Data Integrity

Most Ruby developers work with Rails and Active Record for PostgreSQL database interactions. It provides a ton of magic and is simple to start with. Data integrity problems start creeping up once the code base and database structure gets older. In this blog post, I will describe a couple of techniques for ensuring data integrity and validation in Ruby on Rails web apps. We'll cover adding foreign keys, database level validations and more.

Screencast - Sublime Text Mouse-Free Development Advanced Productivity Tips

Sublime Text is my editor of choice for developing Ruby on Rails and JavaScript web apps. In this screencast, I present a couple of more advanced productivity tips and configs that let you minimize the usage of mouse during development.

Active Admin Gem Tips and Performance Tuning for Rails Apps

Active Admin gem is a popular tool for building admin interfaces in Ruby on Rails apps. In this tutorial, I will describe a couple of less obvious tips and performance tuning techniques.

Optimize Dokku Deployment Speed for Ruby on Rails with Dockerfile

Dokku lets you setup Rails hosting infrastructure on a simple VPS without much dev ops experience. Although it is easy to get started, a default config might result in very slow and unreliable deployments. In this blog post, I will describe how I've improved my Dokku based Ruby on Rails (NodeJS with Yarn and Webpack) application deployment speed by over 400% using a Docker image Dockerfile.

Screencast - Showcase of Focus Board, Visual Web Scraper Prototype

In this screencast, I present a prototype of my new side project. It is a simple tool that allows you to visually scrape interesting parts of different websites to create your personal internet dashboard. I want to probe the interest before releasing a public MVP version.

Remove AMP and don’t Affect SEO Rating, Organic Traffic, Performance

I've used to recommend supporting Google AMP pages as a reliable way to increase site SEO rating, organic traffic and performance. Recently I've removed AMP from my website. In this blog post, I will describe how it affected my blog and a couple of more advanced web performance optimization techniques I am using instead of a proprietary standard like Accelerated Mobile Pages.

Setup ELK for NGINX logs with Elasticsearch, Logstash, and Kibana

ELK Elastic stack is a popular open-source solution for analyzing weblogs. In this tutorial, I describe how to setup Elasticsearch, Logstash and Kibana on a barebones VPS to analyze NGINX access logs. I don't dwell on details but instead focus on things you need to get up and running with ELK-powered log analysis quickly.

Screencast - How to Write and Promote a Programming Blog Post

In this screencast, I explain how to write, release and promote a programming blog post on various social platforms even if you don't have an audience yet. I present my typical routine and tools I use when submitting a new post.

Hosting Static Site on Dokku with Free Cloudflare CDN and SSL

Dokku is dev ops for dummies and a simple way to deploy websites on a barebones VPS. In this tutorial I will describe how to use it to host a static site, and setup global assets caching with free Cloudflare CDN and SSL certificate.

Adding GDPR Compliance to My Rails App and Technical Blog

New data privacy GDPR EU regulations are going live in less than two weeks. In this blog post, I will describe actions I took to add GDPR compliance to my Ruby on Rails SAAS app and this blog itself.

Screencast - My Ruby on Rails IDE editor Workflow, Productivity Tips and Tools

In this screencast, I implement an improvement to subscription payments handling in my side project Abot. I show my typical Ruby on Rails IDE workflow, productivity tools, and techniques.

Quick Tip - Boost Your Productivity with Ruby on Rails Console Aliases

Recently I've started using a productivity technique which saves me a lot of unnecessary typing when working with Rails apps. In might seem trivial but I still wanted to share it because it makes my everyday work easier.

Direct, Secure Rails Client-side File Uploads to AWS S3 Buckets

Many Ruby on Rails apps use Amazon AWS S3 buckets for storing assets. When dealing with files uploaded by front-end web or mobile clients there are many factors you should consider to make the whole process secure and performant. In this blog post, I will describe common pitfalls and an optimal solution when it comes to handling client-side file uploads.

How to Migrate a Ruby on Rails App from Heroku to Dokku

Dokku is dev ops for dummies and a cheaper alternative to Heroku. Recently I've migrated a couple of my projects to it. In this blog post, I will describe how to setup and migrate a Rails app to Dokku with PostgreSQL, Sidekiq, Redis and Let's Encrypt or Cloudflare for free SSL.

How Getting Featured by Hacker News Affected my Passive Income

Two weeks ago my blog post made it to the top of Hacker News. Around 30k people read about my side project Slack bot that day. In this blog post I will describe how it affected the project and my other passive monetization and marketing strategies.

How I've Built a Profitable Slack App as a Side Project in Rails

I've built a Slack anonymous messaging bot in Ruby on Rails and it is profitable. In this blog post I will describe what I did and tools I used to create, promote and monetize a simple SAAS product.

Track Down and Fix Slow ActiveRecord SQL Query Performance in Rails

Scaling issues are great because it means that you have traffic on your website. Before you decide that 'Rails doesn't scale!' and start a rewrite to a tech stack with potentially more performance, maybe you should double check queries that your PostgreSQL database executes. Below I describe some tools and techniques you can use to track down, diagnose and optimize slow Active Record SQL query execution.

Practical Differences between Working in Ruby and iOS

Developing iOS mobile apps and server-based Ruby applications is different on many levels. In this blog post, I will present a high-level overview of different aspects of day-to-day working in these technologies.

Serious SEO Mistake of Many Startups and Software Houses

Many software houses and startups are blogging regularly. A simple blog implementation detail can seriously hurt company's SEO rating and in consequence business. Read on if you are interested what’s the problem and how it can be fixed.

Stop Blogging on Medium if You Care about SEO

Medium is an extremely popular blogging platform for both newcomers and expert tech-savvy bloggers. I've noticed the serious SEO related issue with using it as your main blogging tool. Read on if you are curious how Medium hurts your internet brand and what's the alternative. We'll discuss how nofollow and dofollow links work and what kind of links Medium uses.

Ruby on Rails Simple Service Objects and Testing in Isolation

Service Objects are not a silver bullet but they can take you a long way in modeling your Ruby on Rails app's domain logic. In this blog post, I will describe how I usually work with service object pattern in a structured way. I will also cover a simple testing in isolation with mocked services layer.

Optimize Rails Performance with Redis Caching and Rack Middleware

According to (a bit exaggerated) Pareto principle, 5% of your Rails app endpoints could account for 95% of performance issues. In this blog post I will describe how I improved a performance of my Rails application’s bottleneck endpoint by over 500% using a simple Redis caching technique and a custom Rack middleware.

Simple SSL Proxy for Insecure Browser Content with Ruby or NGINX

SSL protection is becoming de facto standard in web and mobile development. One potential problem is that website could be served via a secure SSL connection and still displayed as insecure by most of the modern browsers. It's enough that at least one of its resources is served without SSL. In this blog post, I will explain how to setup a simple Ruby and NGINX server to work as an SSL proxy for insecure content and describe some basic streaming techniques.

Multiple Domains with Free Wildcard SSL from Cloudflare

Domain names you own could be your most expensive to do list. What’s more a domain without a valid SSL will show up in all modern browsers as an insecure content. In this tutorial, I will explain how to minimize the cost of owning multiple wildcard SSL-protected domains using Cloudflare and set them up with Github Pages, Heroku or NGINX.

Reduce Rails Memory Usage, Fix Leaks, R14 and Save Money on Heroku

In theory, you can run both Rails web server and Sidekiq process on one 512mb Heroku dyno. For side projects with small traffic, saving $7/month always comes in handy. Unfortunately when trying to fit two Ruby processes on one dyno you can run into memory issues, leaks and R14 quota exceeded errors. In this post, I will explain how you can limit memory usage in Rails apps.

Productive Laziness - Optimize your Shell Workflow

I would like to share a simple productivity tip that probably helped me save thousands of keystrokes so far. I’ve been using this technique for a while now to maximize my laziness (productivity) during work and so, recently I wrapped it up in an easy to use Ruby Gem.