惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Know Your Adversary
Know Your Adversary
S
Securelist
I
Intezer
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
P
Privacy International News Feed
Recent Announcements
Recent Announcements
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Attack and Defense Labs
Attack and Defense Labs
N
News and Events Feed by Topic
The GitHub Blog
The GitHub Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Schneier on Security
Schneier on Security
N
Netflix TechBlog - Medium
爱范儿
爱范儿
B
Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
Hacker News: Ask HN
Hacker News: Ask HN
Google DeepMind News
Google DeepMind News
Engineering at Meta
Engineering at Meta
Blog — PlanetScale
Blog — PlanetScale
WordPress大学
WordPress大学
S
Secure Thoughts
K
Kaspersky official blog
N
News | PayPal Newsroom
O
OpenAI News
Last Week in AI
Last Week in AI
C
Check Point Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cyberwarzone
Cyberwarzone
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tor Project blog
大猫的无限游戏
大猫的无限游戏
Vercel News
Vercel News
D
Docker
Hugging Face - Blog
Hugging Face - Blog
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
博客园 - 司徒正美
Martin Fowler
Martin Fowler
人人都是产品经理
人人都是产品经理
P
Palo Alto Networks Blog

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Building TheEpicBook: A Deep Dive into a Node.js Monolithic Web Application
Hezekiah Umo · 2026-05-26 · via DEV Community

Building TheEpicBook: A Deep Dive into a Node.js Monolithic Web Application

By a Full-Stack Developer | May 2026


Introduction

In an era where microservices and serverless architectures dominate tech conversations, there is still a strong case to be made for the classic monolithic application. TheEpicBook is a full-stack bookstore web application built as a monolith — a single, unified codebase that handles everything from serving HTML pages to managing a relational database. This post walks through the architecture, the tech stack, the challenges faced during deployment, and the lessons learned along the way.


What Is TheEpicBook?

TheEpicBook is an online bookstore application that allows users to browse a curated collection of books, view book details, add items to a shopping cart, and proceed through a checkout flow. The app greets visitors with the tagline "Discover Your Next Great Read" and delivers a clean, responsive UI backed by a real relational database.

At its core, TheEpicBook is a traditional server-rendered web application — no separate frontend framework calling a REST API, no independent microservices. Everything lives in one place, and the server does it all.


The Tech Stack

TheEpicBook is built on a straightforward but powerful stack:

  • Node.js + Express — the backbone of the application, handling routing, middleware, and HTTP request/response logic
  • Express-Handlebars — a server-side templating engine that renders dynamic HTML views on the server before sending them to the browser
  • Sequelize ORM — an abstraction layer over the MySQL database that lets the app interact with data using JavaScript models rather than raw SQL
  • MySQL — the relational database storing Authors, Books, Carts, Checkouts, and their relationships
  • Nginx — a reverse proxy sitting in front of the Node.js server, handling incoming traffic on port 80 and forwarding it to the app on port 8080
  • AWS EC2 — the cloud infrastructure running the entire application on an Ubuntu server

Application Architecture

The monolithic architecture means every concern — routing, templating, business logic, and database access — lives within a single deployable unit. Here is how the key layers fit together:

Models

Sequelize models define the database schema and relationships in JavaScript. TheEpicBook has five core models:

  • Author — stores author first and last names
  • Book — stores title, genre, publication year, price, inventory count, and description, with a foreign key linking to Author
  • Cart — tracks quantity and price for a shopping session
  • Checkout — stores shipping address and subtotal, linked to a Cart
  • Cartbook — a junction table managing the many-to-many relationship between Books and Carts

On startup, Sequelize syncs these models with the database, automatically creating tables if they do not exist.

Routes

Express routes define the URL structure of the application. Each route handler fetches data from the database via Sequelize and passes it to a Handlebars template for rendering.

Views

Handlebars templates receive data from route handlers and produce the final HTML sent to the browser. This server-side rendering approach means the browser receives fully-formed pages — no client-side data fetching required.

Static Assets

CSS, images, and client-side JavaScript are served as static files from the public directory via Express's built-in static middleware.


Deployment on AWS EC2

Deploying TheEpicBook to a live Ubuntu server on AWS involved several real-world challenges worth documenting.

Permissions Issues

After removing node_modules to resolve an npm rename conflict, the directory ended up owned by root due to a prior sudo npm install. Running sudo chown -R ubuntu:ubuntu /home/ubuntu/theepicbook restored correct ownership and allowed npm to install cleanly. The lesson: never run npm install with sudo inside a project directory.

Nginx as a Reverse Proxy

The server ships with Nginx pre-installed, which intercepts traffic on port 80. Rather than expose the Node.js process directly to the internet, Nginx is configured as a reverse proxy — forwarding requests from port 80 to the app running on port 8080. This is best practice for production Node.js apps, providing a clean entry point and making it easy to add SSL termination later.

Security Groups

On AWS, inbound traffic is controlled by Security Groups at the network level. Port 8080 must be explicitly opened in the EC2 inbound rules for direct access, and port 80 for Nginx proxied access. Missing this step is a common gotcha — the app runs fine on the server, but the browser simply times out.

Database Seeding

Sequelize creates the schema automatically on app startup, but an empty database shows no books. TheEpicBook ships with SQL seed files — author_seed.sql and books_seed.sql — that populate the database with initial data using a simple mysql import command.


The Case for Monoliths

TheEpicBook is a great example of why monolithic applications remain relevant and valuable, especially for smaller projects and early-stage products:

  • Simplicity — one codebase, one deployment, one process to manage
  • Easier debugging — the entire request lifecycle is traceable within a single application
  • Faster development — no API contracts to maintain between services, no network calls between components
  • Lower operational overhead — no service mesh, no inter-service authentication, no distributed tracing needed

The trade-offs come at scale — a monolith becomes harder to scale independently, and a bug in one module can affect the whole app. But for a bookstore with a well-defined domain and a small team, the monolith is the right tool for the job.


What's Next for TheEpicBook

There are several natural next steps to evolve the application:

  1. Process management with PM2 — keep the Node.js process alive across server restarts and crashes
  2. SSL with Let's Encrypt — add HTTPS via Certbot and Nginx for secure connections
  3. User authentication — session-based login so users can track their own carts and order history
  4. Admin dashboard — a protected route for adding, editing, and removing books without touching the database directly
  5. Extracting an API layer — a first step toward a more modular architecture, serving JSON alongside the server-rendered views

Conclusion

TheEpicBook demonstrates that a well-structured monolithic application can be a robust, maintainable, and deployable product. Built with Node.js, Express, Sequelize, and MySQL, and deployed on AWS EC2 behind Nginx, it covers the full stack from database to browser in a single cohesive codebase. The deployment journey — from permissions errors to Security Group configurations — reflects the real-world experience of shipping a web application to a live server.

Sometimes the right architecture is the simple one. TheEpicBook is proof of that.

---You want to follow and implement the this project:https://github.com/ntonous/theepicbook.git

Have questions about the stack or the deployment process? Drop a comment below.