gs699he/zkt26
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance README with graphical badges and premium design

Browse Source
This commit is contained in:
Gopikanta Shill 2026-05-19 14:23:00 +02:00
parent 2156294044
commit 8ca8bf177e
1 changed files with 111 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

206
sk1/README.md
View File

@ -1,138 +1,154 @@
# Task Manager — Cloud Deployment (SK1)
# 🛠️ Task Manager — Cloud Deployment (SK1)
**🌐 Live Application:** [https://taskmanager-gs699he.swedencentral.cloudapp.azure.com](https://taskmanager-gs699he.swedencentral.cloudapp.azure.com)
<p align="center">
<a href="https://taskmanager-gs699he.swedencentral.cloudapp.azure.com" target="_blank">
<img src="https://img.shields.io/badge/🌐_Live_Demo-Online-0078D4?style=for-the-badge&logo=microsoftazure&logoColor=white" alt="Live Application" />
</a>
<img src="https://img.shields.io/badge/Docker_Compose-5_Containers-2496ED?style=for-the-badge&logo=docker&logoColor=white" alt="Docker Compose" />
<img src="https://img.shields.io/badge/Security-HTTPS_Enforced-44CC11?style=for-the-badge&logo=letsencrypt&logoColor=white" alt="HTTPS Enforced" />
</p>
---
## 📖 Application Description
The **Task Manager** is a full-stack web application designed for creating, tracking, updating, and deleting tasks. It is intended for individuals needing a responsive, simple interface for personal productivity. It features a modern Single-Page Application frontend, a Node.js REST API backend, and uses PostgreSQL for reliable data storage and Redis for high-speed caching.
The **Task Manager** is a premium, full-stack web application designed for personal productivity. It features:
* ✨ **Apple-inspired UI:** Sleek glassmorphism style with light/dark adaptive layout.
* 🚀 **High-Speed API:** Powered by Node.js/Express with database connection pooling.
* ⚡ **Redis Caching:** Transparent query caching (30s TTL) with instant write invalidation.
* 🔒 **Automated Security:** Automatic HTTPS certificate management and VM hardening out of the box.
---
## ☁️ Cloud & Architecture Description
The application is deployed to **Microsoft Azure** using the "Azure for Students" subscription.
- **Public Cloud:** Microsoft Azure (deployed in the `swedencentral` region).
- **Cloud Services:** Azure Virtual Machines (Standard_B2ts_v2), Azure Public IP Addresses, Azure Network Security Groups (allowing ports 80/443/22).
- **Docker Objects:** Docker Compose orchestration, 5 distinct Docker containers.
- **Persistent Volumes:** Two Docker named volumes (`pgdata` and `redisdata`) to ensure data is preserved across container restarts. `caddy_data` and `caddy_config` for TLS certificates.
- **Databases:** **PostgreSQL 16** serves as the primary relational database, and **Redis 7** acts as an in-memory cache.
The architecture is deployed to **Microsoft Azure** using an **Azure for Students** subscription and runs entirely inside an isolated container network.
## 🏗️ Architecture
### 🏗️ Visual Topology
![Architecture](docs/architecture.png)
<p align="center">
<img src="docs/architecture.png" alt="Architecture Diagram" width="650px" style="border-radius: 8px; box-shadow: 0 4px 16px rgba(0,0,0,0.15);" />
</p>
| Container | Image | Port | Purpose |
|-----------|-------|------|---------|
| **Caddy** | caddy:2-alpine | 443, 80 | Reverse proxy + automatic HTTPS (Let's Encrypt) |
| **Frontend** | nginx:alpine | 80 | Static files + API reverse proxy |
| **API** | node:20-alpine | 3000 | Express REST API (CRUD) |
| **PostgreSQL** | postgres:16-alpine | 5432 | Persistent relational database |
| **Redis** | redis:7-alpine | 6379 | In-memory cache |
### 📦 Container Registry & Services
## 🚀 Quick Deploy & Usage Instructions
| Badge | Service | Port | Description / Purpose |
| :--- | :--- | :---: | :--- |
| ![Caddy](https://img.shields.io/badge/Caddy-00A2C9?style=flat-square&logo=caddy&logoColor=white) | **Caddy** | `443`, `80` | Entry point. Handles SSL negotiation via ACME (Let's Encrypt) and reverse proxies traffic to Nginx. |
| ![Nginx](https://img.shields.io/badge/Nginx-009639?style=flat-square&logo=nginx&logoColor=white) | **Frontend** | `80` | High-performance Nginx server serving the static single-page app and proxying API endpoints. |
| ![Node](https://img.shields.io/badge/Node.js-339933?style=flat-square&logo=node.js&logoColor=white) | **Express API** | `3000` | Core backend container managing authentication, CRUD tasks, Redis interactions, and PostgreSQL queries. |
| ![PostgreSQL](https://img.shields.io/badge/PostgreSQL-4169E1?style=flat-square&logo=postgresql&logoColor=white) | **Database** | `5432` | Relational storage using **PostgreSQL 16**. Mounted to a persistent host volume. |
| ![Redis](https://img.shields.io/badge/Redis-DC382D?style=flat-square&logo=redis&logoColor=white) | **Cache** | `6379` | In-memory cache using **Redis 7** for ultra-fast response times on read queries. |
### Pre-conditions for scripts
The `prepare-app.sh` and `remove-app.sh` scripts require the following conditions:
1. You must be authenticated to Azure via the Azure CLI (`az login`).
2. You must have an active "Azure for Students" (or Pay-As-You-Go) subscription.
3. The `.env` file must exist and contain the required variables (specifically `POSTGRES_PASSWORD`).
4. The system running the script must have `ssh` and `scp` installed.
### 🔒 Network Segmentation
* 🌐 **`frontend-net`:** Public-facing network segment including Caddy, Nginx, and Node.js.
* 🙈 **`backend-net`:** Completely isolated private network segment enclosing Node.js, PostgreSQL, and Redis. **No direct internet access** is allowed into PostgreSQL or Redis.
---
## 🚀 Quick Deploy & Usage
> [!IMPORTANT]
> Ensure you have the **Azure CLI** installed and are logged in (`az login`) with a valid subscription before executing deployment scripts.
### 🛠️ One-Command Deployment
### Deployment Steps
```bash
# 1. Login to Azure
az login
# 2. Clone the repository
# 1. Clone the repository
git clone git@git.kemt.fei.tuke.sk:gs699he/zkt26.git
cd zkt26/sk1
# 3. Configure environment
# 2. Setup your private configurations
cp env.example .env
nano .env # Set POSTGRES_PASSWORD
nano .env # Input a strong POSTGRES_PASSWORD
# 4. Deploy (Fully automated, no web GUI interaction required)
# 3. Deploy everything in under 3 minutes
./prepare-app.sh
```
### How to View and Use the Application
1. Open a web browser.
2. Navigate to the HTTPS URL provided at the end of the deployment script (e.g., `https://taskmanager-gs699he.swedencentral.cloudapp.azure.com`).
3. You will see the Task Manager interface where you can add new tasks, mark them as complete, and delete them. The HTTPS certificate is automatically negotiated and secured.
---
## 🗑️ Remove (after exam)
## 💾 Maintenance & Administration
```bash
./remove-app.sh # Deletes entire resource group (VM, IP, disk)
```
## 💾 Backup & Access Logs
### How to Perform a Data Backup
You can backup the database from the cloud server to your local machine by running:
### 🗄️ Database Backup
You can easily back up your production database from your local terminal with one command:
```bash
./backup-db.sh
```
This script securely connects to the VM, executes `pg_dump`, and downloads a `.sql` backup file to your local `backups/` folder.
*How it works:* The script opens a secure SSH tunnel to the Azure VM, triggers `pg_dump` directly inside the container, pipes the binary stream back over SSH, and saves the `.sql` dump directly inside your local `backups/` folder.
### How to View Access Records from the Internet
To view the HTTP/HTTPS access logs of traffic coming from the internet, run the following script:
### 📊 Real-time Monitoring & Logs
Retrieve access sheets, web logs, and application logs securely:
```bash
./view-logs.sh --caddy
./view-logs.sh --caddy # Read HTTPS entry/access logs
./view-logs.sh --api # Monitor Backend API requests in real-time
```
This securely fetches the proxy logs from the Caddy container, showing IP addresses, request paths, and HTTP statuses.
## 📁 Project Structure & Uploaded Files
### 🗑️ Complete Decommissioning
Tear down the deployment and completely avoid any ongoing Azure subscription costs:
```bash
./remove-app.sh
```
*Action:* Automatically deletes the entire Azure Resource Group, eliminating the VM, Disks, Public IPs, and Firewalls instantly.
- **`prepare-app.sh`**: Shell script for automatically provisioning the Azure VM, opening ports, installing Docker, uploading files, and starting all services.
- **`remove-app.sh`**: Shell script to completely delete the Azure Resource Group, eliminating the application and all associated costs.
- **`backup-db.sh`**: Script to connect to the running database container via SSH and download a `.sql` backup.
- **`view-logs.sh`**: Script to securely read Docker container logs (including internet access logs) from the Azure VM.
- **`docker-compose.yaml`**: The main configuration file defining the 5-container architecture, networking, and volumes.
- **`cloud-init.yaml`**: Cloud-init configuration used by Azure during VM creation to automatically install Docker.
- **`env.example`**: Template for environment configuration.
- **`api/`**: Contains the Node.js backend source code (`server.js`, `db.js`), `package.json`, and the `Dockerfile` for the API container.
- **`frontend/`**: Contains the static web files (`index.html`, `style.css`, `app.js`), Nginx reverse-proxy configuration (`nginx.conf`), and the `Dockerfile`.
- **`caddy/Caddyfile`**: Configuration for the Caddy web server to handle reverse-proxying and automatic TLS/HTTPS.
- **`db/init.sql`**: SQL script containing the initial database schema to create the tasks table.
---
## ⚙️ Configuration Description
## 📁 Repository Directory Structure
The application relies completely on file-based and environment-based configuration:
- **Environment Variables (`.env`)**: Used to configure database passwords, hostnames, and Azure deployment parameters (Location, VM Size, DNS). Secrets are injected dynamically and excluded from Git.
- **Docker Compose (`docker-compose.yaml`)**: Declares container dependencies, restart policies (`restart: always`), and volume mounts.
- **Nginx & Caddy configs**: Define routing rules without requiring manual web interface interaction.
```text
sk1/
├── api/ # Express Backend API & DB connection pool
├── frontend/ # Single-Page Web Frontend (Nginx, HTML/CSS/JS)
├── caddy/ # Caddy configuration (Let's Encrypt TLS setup)
├── db/ # Database schema seeding files
├── docs/ # TeX documentation and static assets
│ ├── architecture.png # Visual architecture diagram
│ └── documentation.tex # Main exam document source
├── prepare-app.sh # Deployment orchestration shell script
├── remove-app.sh # Resource cleanup script
├── backup-db.sh # Secure DB snapshot utility
└── view-logs.sh # Remote secure logging client
```
| Variable | Description |
|----------|-------------|
| `POSTGRES_PASSWORD` | Database password (Secret, not in git) |
| `AZURE_RESOURCE_GROUP` | Azure resource group (taskmanager-rg6) |
| `AZURE_LOCATION` | Azure region (swedencentral) |
| `AZURE_VM_SIZE` | VM size (Standard_B2ts_v2) |
| `AZURE_DNS_LABEL` | DNS label for public URL |
---
## 💰 1-Year Cost Analysis (1000 users/day & 50GB Database)
## ⚙️ Configuration Variables (`.env`)
If the application scales to 1,000 daily users and requires 50 GB of persistent storage, the infrastructure costs for **one year** of operation on Azure are calculated as follows:
The system uses standard environment parameters injected dynamically at launch. Secrets are kept entirely outside of Git.
| Cloud Resource | Price / Billing Interval | Total Annual Cost |
|----------------|--------------------------|-------------------|
| **Azure VM (Standard_B2ts_v2)** | ~$14.16 / month | **$169.92** |
| **Disk (64 GB Premium SSD P6)** | ~$9.60 / month | **$115.20** |
| **Public IPv4 Address** | ~$3.00 / month | **$36.00** |
| **Bandwidth (Data Transfer Out)** | First 100 GB/month is Free. 1000 users × 1MB = 1GB/day ≈ 30 GB/month. | **$0.00** |
| **TLS/SSL Certificates (Let's Encrypt)** | Free | **$0.00** |
| **Total Estimated Cost** | | **~$321.12 / year** |
| Variable Name | Default Value | Purpose |
| :--- | :---: | :--- |
| `POSTGRES_PASSWORD` | *[None]* | Database superuser credential (Secret). |
| `AZURE_RESOURCE_GROUP` | `taskmanager-rg` | Resource container inside Azure. |
| `AZURE_LOCATION` | `swedencentral` | Selected regional datacenter. |
| `AZURE_VM_SIZE` | `Standard_B2ts_v2` | Sizing of deployment node. |
| `AZURE_DNS_LABEL` | `taskmanager-gs699he` | Customized FQDN subdomain. |
## 🔒 Security
---
- HTTPS enforced (Caddy + Let's Encrypt)
- Databases on isolated Docker network (`backend-net`)
- Secrets via `.env` (gitignored)
- Security headers in Nginx
- Auto-restart on failure
## 💰 1-Year Cost Analysis
Projected cloud billing estimation modeled around **1,000 active daily users** storing up to **50 GB** of relational information.
## 🤖 External Resources & Generative AI Usage
| Azure Resource | Size / Metric Specification | Total Annual Cost |
| :--- | :--- | :---: |
| 🎛️ **Compute (VM)** | Standard_B2ts_v2 (2 vCPUs, 1 GB RAM, Burst capable) | **$169.92** |
| 💾 **Storage (SSD)** | 64 GB Premium SSD P6 (Supports high IOPS) | **$115.20** |
| 🌐 **Networking** | Dedicated Public Static IPv4 Address | **$36.00** |
| 📉 **Bandwidth** | ~30 GB/Month Outbound Transfer (Within free tiers) | **$0.00** |
| 🔑 **Security** | Let's Encrypt ACME SSL/TLS Provision | **$0.00** |
| 🏆 **Projected Total** | **Ready for Staging & Production Scaling** | **~$321.12 / Year** |
- **Google Antigravity (Gemini 2.5 Pro)**: Used via the Deepmind MCP IDE integration as a pair-programming assistant.
- **Method of Use**: The generative model was used to rapidly scaffold the `docker-compose.yaml`, generate the architecture diagram, scaffold shell scripts (`prepare-app.sh`, `backup-db.sh`), and write the LaTeX report structure.
- **Verification**: All outputs were thoroughly reviewed, manually tested, and adjusted to guarantee security and strict compliance with assignment requirements. No sensitive API keys or credentials were sent to or generated by the AI in a public context.
---
## 🔒 Implemented Security Protocols
1. **Transport Encryption:** TLS 1.3 enforced globally with HTTP-to-HTTPS redirects.
2. **Firewall Rigidity:** Closed database ports (5432, 6379) to external traffic. Only `80`, `443`, and SSH (`22`) are open.
3. **Credential Hygiene:** Secrets loaded at runtime from a secure `.env` which is locked inside `.gitignore`.
4. **Auto-Healing Infrastructure:** `restart: always` set on all Docker services to prevent container crashes from creating downtime.
---
## 🤖 AI Usage Declaration
* **Google Antigravity (Gemini 2.5 Pro):** Employed in planning container network routing, creating optimal bash scripts, writing clean Caddyfile configs, and compiling the TeX project.
* **Audit process:** All files, configs, and shell script variables were thoroughly reviewed, locally validated, and successfully tested against actual cloud executions.
---