| .. | ||
| api | ||
| caddy | ||
| db | ||
| docs | ||
| frontend | ||
| .gitignore | ||
| backup-db.sh | ||
| cloud-init.yaml | ||
| docker-compose.yaml | ||
| env.example | ||
| prepare-app.sh | ||
| README.md | ||
| remove-app.sh | ||
| view-logs.sh | ||
🛠️ Task Manager — Cloud Deployment (SK1)
📖 Application Description
The Task Manager is a premium, full-stack web application designed for personal productivity. It features:
- ✨ Apple-inspired UI: Sleek glassmorphism style with light/dark adaptive layout.
- 🚀 High-Speed API: Powered by Node.js/Express with database connection pooling.
- ⚡ Redis Caching: Transparent query caching (30s TTL) with instant write invalidation.
- 🔒 Automated Security: Automatic HTTPS certificate management and VM hardening out of the box.
☁️ Cloud & Architecture Description
The architecture is deployed to Microsoft Azure using an Azure for Students subscription and runs entirely inside an isolated container network.
🏗️ Visual Topology
📦 Container Registry & Services
| Badge | Service | Port | Description / Purpose |
|---|---|---|---|
 |
Caddy | 443, 80 |
Entry point. Handles SSL negotiation via ACME (Let's Encrypt) and reverse proxies traffic to Nginx. |
 |
Frontend | 80 |
High-performance Nginx server serving the static single-page app and proxying API endpoints. |
 |
Express API | 3000 |
Core backend container managing authentication, CRUD tasks, Redis interactions, and PostgreSQL queries. |
 |
Database | 5432 |
Relational storage using PostgreSQL 16. Mounted to a persistent host volume. |
 |
Cache | 6379 |
In-memory cache using Redis 7 for ultra-fast response times on read queries. |
🔒 Network Segmentation
- 🌐
frontend-net: Public-facing network segment including Caddy, Nginx, and Node.js. - 🙈
backend-net: Completely isolated private network segment enclosing Node.js, PostgreSQL, and Redis. No direct internet access is allowed into PostgreSQL or Redis.
🚀 Quick Deploy & Usage
Important
Ensure you have the Azure CLI installed and are logged in (
az login) with a valid subscription before executing deployment scripts.
🛠️ One-Command Deployment
# 1. Clone the repository
git clone git@git.kemt.fei.tuke.sk:gs699he/zkt26.git
cd zkt26/sk1
# 2. Setup your private configurations
cp env.example .env
nano .env # Input a strong POSTGRES_PASSWORD
# 3. Deploy everything in under 3 minutes
./prepare-app.sh
💾 Maintenance & Administration
🗄️ Database Backup
You can easily back up your production database from your local terminal with one command:
./backup-db.sh
How it works: The script opens a secure SSH tunnel to the Azure VM, triggers pg_dump directly inside the container, pipes the binary stream back over SSH, and saves the .sql dump directly inside your local backups/ folder.
📊 Real-time Monitoring & Logs
Retrieve access sheets, web logs, and application logs securely:
./view-logs.sh --caddy # Read HTTPS entry/access logs
./view-logs.sh --api # Monitor Backend API requests in real-time
🗑️ Complete Decommissioning
Tear down the deployment and completely avoid any ongoing Azure subscription costs:
./remove-app.sh
Action: Automatically deletes the entire Azure Resource Group, eliminating the VM, Disks, Public IPs, and Firewalls instantly.
📁 Repository Directory Structure
sk1/
├── api/ # Express Backend API & DB connection pool
├── frontend/ # Single-Page Web Frontend (Nginx, HTML/CSS/JS)
├── caddy/ # Caddy configuration (Let's Encrypt TLS setup)
├── db/ # Database schema seeding files
├── docs/ # TeX documentation and static assets
│ ├── architecture.png # Visual architecture diagram
│ └── documentation.tex # Main exam document source
├── prepare-app.sh # Deployment orchestration shell script
├── remove-app.sh # Resource cleanup script
├── backup-db.sh # Secure DB snapshot utility
└── view-logs.sh # Remote secure logging client
⚙️ Configuration Variables (.env)
The system uses standard environment parameters injected dynamically at launch. Secrets are kept entirely outside of Git.
| Variable Name | Default Value | Purpose |
|---|---|---|
POSTGRES_PASSWORD |
[None] | Database superuser credential (Secret). |
AZURE_RESOURCE_GROUP |
taskmanager-rg |
Resource container inside Azure. |
AZURE_LOCATION |
swedencentral |
Selected regional datacenter. |
AZURE_VM_SIZE |
Standard_B2ts_v2 |
Sizing of deployment node. |
AZURE_DNS_LABEL |
taskmanager-gs699he |
Customized FQDN subdomain. |
💰 1-Year Cost Analysis
Projected cloud billing estimation modeled around 1,000 active daily users storing up to 50 GB of relational information.
| Azure Resource | Size / Metric Specification | Total Annual Cost |
|---|---|---|
| 🎛️ Compute (VM) | Standard_B2ts_v2 (2 vCPUs, 1 GB RAM, Burst capable) | $169.92 |
| 💾 Storage (SSD) | 64 GB Premium SSD P6 (Supports high IOPS) | $115.20 |
| 🌐 Networking | Dedicated Public Static IPv4 Address | $36.00 |
| 📉 Bandwidth | ~30 GB/Month Outbound Transfer (Within free tiers) | $0.00 |
| 🔑 Security | Let's Encrypt ACME SSL/TLS Provision | $0.00 |
| 🏆 Projected Total | Ready for Staging & Production Scaling | ~$321.12 / Year |
🔒 Implemented Security Protocols
- Transport Encryption: TLS 1.3 enforced globally with HTTP-to-HTTPS redirects.
- Firewall Rigidity: Closed database ports (5432, 6379) to external traffic. Only
80,443, and SSH (22) are open. - Credential Hygiene: Secrets loaded at runtime from a secure
.envwhich is locked inside.gitignore. - Auto-Healing Infrastructure:
restart: alwaysset on all Docker services to prevent container crashes from creating downtime.
🤖 AI Usage Declaration
- Google Antigravity (Gemini 2.5 Pro): Employed in planning container network routing, creating optimal bash scripts, writing clean Caddyfile configs, and compiling the TeX project.
- Audit process: All files, configs, and shell script variables were thoroughly reviewed, locally validated, and successfully tested against actual cloud executions.
Technical University of Košice — KEMT FEI — Cloud Technologies — 2026