Skip to content

A secure, containerized microservices architecture managed via Infrastructure as Code (IaC). Features automated CI/CD, Nginx, and an air-gapped Prometheus/Grafana observability stack.

License

Notifications You must be signed in to change notification settings

Septic-H/devops-portfolio

Repository files navigation

Build Status Docker Monitoring

DevOps Portfolio: Microservices & IaC

A production-grade, distributed web application built with a Microservices Architecture. The application is decoupled into independent frontend and backend services, orchestrated via Docker, and deployed securely on a hardened Linux server.

Live URL: https://huzaifaj.tech/

Live Monitoring Dashboard

(Air-gapped Grafana dashboard accessing real-time server metrics via SSH Tunnel)

Grafana Dashboard

Architecture Overview

This project implements the Reverse Proxy Pattern to route traffic between isolated containers:

graph LR
    User((User)) --> NginxHost[Host Nginx Gateway]
    
    subgraph "Docker Network"
        NginxHost -->|/| Frontend[Frontend Service :8080]
        NginxHost -->|/api/| Backend[Backend Service :3000]
        
        Prometheus[Prometheus] -->|Scrape| Backend
        Prometheus -->|Scrape| NodeExporter[Node Exporter]
    end
Loading
  • Service A (Frontend): Lightweight Nginx container serving static assets (HTML/CSS/JS).

  • Service B (Backend): Node.js/Express API handling business logic and health checks.

  • Gateway: Host-level Nginx acting as a Layer 7 Reverse Proxy to terminate SSL and route traffic.

Tech Stack

  • Runtime: Node.js & Express
  • Orchestration: Docker Compose (v2)
  • Proxy: Nginx (SSL/TLS via Let's Encrypt)
  • CI/CD: Travis CI (GitOps workflow)
  • Observability: Prometheus (Metrics) & Grafana (Visualization)
  • Security: Fail2Ban (IPS), UFW Firewall, SSH Hardening
  • Automation: Cron, Logrotate, Certbot (SSL)
  • Infrastructure: DigitalOcean Droplet (Ubuntu 24.04 LTS)

Infrastructure as Code (IaC) & Automation

Host configuration is version-controlled in the infrastructure/ directory and applied via symlinks to ensure a consistent environment.

  • Automated Security: Configured via fail2ban-jail.local to ban IPs after 3 failed SSH attempts and block bots scanning for vulnerabilities.
  • Maintenance Lifecycle: Automated SSL certificate renewals and weekly Docker garbage collection managed via crontab.cron.
  • Resource Management: Custom log rotation policies enforce strict 10MB limits on Nginx and Fail2Ban logs.
  • Air-Gapped Monitoring: Grafana dashboard is hidden from the public internet (localhost only) and accessed via SSH Tunneling.
  • Zero-Downtime: Rolling updates via Docker Compose.

The Pipeline

  1. Push: Commit code to main.
  2. Build: Travis CI builds independent images for services/frontend and services/backend.
  3. Test: Unit tests run specifically against the Backend API logic.
  4. Deploy: Pipeline SSHs into the server, fetches changes, and rebuilds containers using --remove-orphans to clean up old microservices.

Quick Start

Run Locally (Full Stack)

# Clone and run everything (App + Prometheus + Grafana)
git clone https://github.com/Septic-H/devops-portfolio.git
docker compose up -d --build

# API: http://localhost:3000
# Grafana: http://localhost:3001 (Default: admin/admin)

Directory Structure

├── infrastructure/    # Server Configs (IaC)
│   ├── nginx-gateway.conf
│   ├── fail2ban-jail.local
│   ├── crontab.cron
│   └── logrotate/
├── services/
│   ├── frontend/      # Nginx Container (Static Site)
│   └── backend/       # Node.js Container (API)
├── docker-compose.yml
└── .travis.yml

About

A secure, containerized microservices architecture managed via Infrastructure as Code (IaC). Features automated CI/CD, Nginx, and an air-gapped Prometheus/Grafana observability stack.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published