Coder Social home page Coder Social logo

devops-sre-challenge's Introduction

Provision Vagrant with Ansible

Requirements

You'll need Vagrant, version 2.0+ and Ansible for this exercise.

The task(s)

Generally, your submission should demonstrate good security practices. Show us your understanding of security best-practices: TLS/SSL settings in your nginx configuration, how you manage third-party dependencies, and restrict access to sensitive files.

Part one

Complete the config/nginx.conf by writing a server directive(s) that proxies to the upstream application.

Requirements:

  • Nginx should accept requests on ports 80 and 443
  • All http requests should permanently redirect to their https equivalent
  • Use the provided files/self-signed.crt and files/self-signed.key for your SSL configuration
  • Your SSL configuration should use modern, secure protocols and ciphers
  • Nginx should proxy requests to the application using an upstream directive
  • Pass headers X-Forwarded-For and X-Real-IP to the upstream application with appropriate values

Part two

Complete playbook.yml such that it:

  • Installs nginx and runit
  • Copies config/nginx.conf, files/self-signed.key and files/self-signed.crt to appropriate locations on the destination box
  • Ensure appropriate file permissions are set for each of the three files mentioned above
  • Copies and unzips/untars the contents of application.zip to /opt/application/ on the destination box
  • Installs and configures the application's run script as a runit service
  • Starts nginx using the configuration you completed and copied to the box

Checking your work

You can test that your playbook works by running ./provision.sh.

Be aware that provision.sh destroys and recreates the Vagrant box each time it is run.

A working configuration will render:

Pass: status code is 200
Pass: X-Forwarded-For is present and not 'None'
Pass: X-Real-IP is present and not 'None'
Pass: found "It's easier to ask forgiveness than it is to get permission." in response

Tips & Guidance:

  • You can find a suitable runit package at https://packagecloud.io/imeyer/runit
  • Do not alter the Vagrantfile.
  • Do not include .vagrant/, .retry files, or other detritus.
  • Do add notes on running your solution, or why you choose a particular solution, in a COMMENTS.md file.
  • Avoid chaining commands using | and && in your playbook.yml

devops-sre-challenge's People

Watchers

avatar avatar avatar avatar avatar

Forkers

rmontgomery2018 itsrufus

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.