gs699he/zkt26
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8ca8bf177e
zkt26/sk1/README.md

156 lines
7.5 KiB
Markdown
Raw Blame History

# 🛠️ Task Manager — Cloud Deployment (SK1)
<p align="center">
<a href="https://taskmanager-gs699he.swedencentral.cloudapp.azure.com" target="_blank">
<img src="https://img.shields.io/badge/🌐_Live_Demo-Online-0078D4?style=for-the-badge&logo=microsoftazure&logoColor=white" alt="Live Application" />
</a>
<img src="https://img.shields.io/badge/Docker_Compose-5_Containers-2496ED?style=for-the-badge&logo=docker&logoColor=white" alt="Docker Compose" />
<img src="https://img.shields.io/badge/Security-HTTPS_Enforced-44CC11?style=for-the-badge&logo=letsencrypt&logoColor=white" alt="HTTPS Enforced" />
</p>
---
## 📖 Application Description
The **Task Manager** is a premium, full-stack web application designed for personal productivity. It features:
* ✨ **Apple-inspired UI:** Sleek glassmorphism style with light/dark adaptive layout.
* 🚀 **High-Speed API:** Powered by Node.js/Express with database connection pooling.
* ⚡ **Redis Caching:** Transparent query caching (30s TTL) with instant write invalidation.
* 🔒 **Automated Security:** Automatic HTTPS certificate management and VM hardening out of the box.
---
## ☁️ Cloud & Architecture Description
The architecture is deployed to **Microsoft Azure** using an **Azure for Students** subscription and runs entirely inside an isolated container network.
### 🏗️ Visual Topology
<p align="center">
<img src="docs/architecture.png" alt="Architecture Diagram" width="650px" style="border-radius: 8px; box-shadow: 0 4px 16px rgba(0,0,0,0.15);" />
</p>
### 📦 Container Registry & Services
| Badge | Service | Port | Description / Purpose |
| :--- | :--- | :---: | :--- |
| ![Caddy](https://img.shields.io/badge/Caddy-00A2C9?style=flat-square&logo=caddy&logoColor=white) | **Caddy** | `443`, `80` | Entry point. Handles SSL negotiation via ACME (Let's Encrypt) and reverse proxies traffic to Nginx. |
| ![Nginx](https://img.shields.io/badge/Nginx-009639?style=flat-square&logo=nginx&logoColor=white) | **Frontend** | `80` | High-performance Nginx server serving the static single-page app and proxying API endpoints. |
| ![Node](https://img.shields.io/badge/Node.js-339933?style=flat-square&logo=node.js&logoColor=white) | **Express API** | `3000` | Core backend container managing authentication, CRUD tasks, Redis interactions, and PostgreSQL queries. |
| ![PostgreSQL](https://img.shields.io/badge/PostgreSQL-4169E1?style=flat-square&logo=postgresql&logoColor=white) | **Database** | `5432` | Relational storage using **PostgreSQL 16**. Mounted to a persistent host volume. |
| ![Redis](https://img.shields.io/badge/Redis-DC382D?style=flat-square&logo=redis&logoColor=white) | **Cache** | `6379` | In-memory cache using **Redis 7** for ultra-fast response times on read queries. |
### 🔒 Network Segmentation
* 🌐 **`frontend-net`:** Public-facing network segment including Caddy, Nginx, and Node.js.
* 🙈 **`backend-net`:** Completely isolated private network segment enclosing Node.js, PostgreSQL, and Redis. **No direct internet access** is allowed into PostgreSQL or Redis.
---
## 🚀 Quick Deploy & Usage
> [!IMPORTANT]
> Ensure you have the **Azure CLI** installed and are logged in (`az login`) with a valid subscription before executing deployment scripts.
### 🛠️ One-Command Deployment
```bash
# 1. Clone the repository
git clone git@git.kemt.fei.tuke.sk:gs699he/zkt26.git
cd zkt26/sk1
# 2. Setup your private configurations
cp env.example .env
nano .env # Input a strong POSTGRES_PASSWORD
# 3. Deploy everything in under 3 minutes
./prepare-app.sh
```
---
## 💾 Maintenance & Administration
### 🗄️ Database Backup
You can easily back up your production database from your local terminal with one command:
```bash
./backup-db.sh
```
*How it works:* The script opens a secure SSH tunnel to the Azure VM, triggers `pg_dump` directly inside the container, pipes the binary stream back over SSH, and saves the `.sql` dump directly inside your local `backups/` folder.
### 📊 Real-time Monitoring & Logs
Retrieve access sheets, web logs, and application logs securely:
```bash
./view-logs.sh --caddy # Read HTTPS entry/access logs
./view-logs.sh --api # Monitor Backend API requests in real-time
```
### 🗑️ Complete Decommissioning
Tear down the deployment and completely avoid any ongoing Azure subscription costs:
```bash
./remove-app.sh
```
*Action:* Automatically deletes the entire Azure Resource Group, eliminating the VM, Disks, Public IPs, and Firewalls instantly.
---
## 📁 Repository Directory Structure
```text
sk1/
├── api/ # Express Backend API & DB connection pool
├── frontend/ # Single-Page Web Frontend (Nginx, HTML/CSS/JS)
├── caddy/ # Caddy configuration (Let's Encrypt TLS setup)
├── db/ # Database schema seeding files
├── docs/ # TeX documentation and static assets
│ ├── architecture.png # Visual architecture diagram
│ └── documentation.tex # Main exam document source
├── prepare-app.sh # Deployment orchestration shell script
├── remove-app.sh # Resource cleanup script
├── backup-db.sh # Secure DB snapshot utility
└── view-logs.sh # Remote secure logging client
```
---
## ⚙️ Configuration Variables (`.env`)
The system uses standard environment parameters injected dynamically at launch. Secrets are kept entirely outside of Git.
| Variable Name | Default Value | Purpose |
| :--- | :---: | :--- |
| `POSTGRES_PASSWORD` | *[None]* | Database superuser credential (Secret). |
| `AZURE_RESOURCE_GROUP` | `taskmanager-rg` | Resource container inside Azure. |
| `AZURE_LOCATION` | `swedencentral` | Selected regional datacenter. |
| `AZURE_VM_SIZE` | `Standard_B2ts_v2` | Sizing of deployment node. |
| `AZURE_DNS_LABEL` | `taskmanager-gs699he` | Customized FQDN subdomain. |
---
## 💰 1-Year Cost Analysis
Projected cloud billing estimation modeled around **1,000 active daily users** storing up to **50 GB** of relational information.
| Azure Resource | Size / Metric Specification | Total Annual Cost |
| :--- | :--- | :---: |
| 🎛️ **Compute (VM)** | Standard_B2ts_v2 (2 vCPUs, 1 GB RAM, Burst capable) | **$169.92** |
| 💾 **Storage (SSD)** | 64 GB Premium SSD P6 (Supports high IOPS) | **$115.20** |
| 🌐 **Networking** | Dedicated Public Static IPv4 Address | **$36.00** |
| 📉 **Bandwidth** | ~30 GB/Month Outbound Transfer (Within free tiers) | **$0.00** |
| 🔑 **Security** | Let's Encrypt ACME SSL/TLS Provision | **$0.00** |
| 🏆 **Projected Total** | **Ready for Staging & Production Scaling** | **~$321.12 / Year** |
---
## 🔒 Implemented Security Protocols
1. **Transport Encryption:** TLS 1.3 enforced globally with HTTP-to-HTTPS redirects.
2. **Firewall Rigidity:** Closed database ports (5432, 6379) to external traffic. Only `80`, `443`, and SSH (`22`) are open.
3. **Credential Hygiene:** Secrets loaded at runtime from a secure `.env` which is locked inside `.gitignore`.
4. **Auto-Healing Infrastructure:** `restart: always` set on all Docker services to prevent container crashes from creating downtime.
---
## 🤖 AI Usage Declaration
* **Google Antigravity (Gemini 2.5 Pro):** Employed in planning container network routing, creating optimal bash scripts, writing clean Caddyfile configs, and compiling the TeX project.
* **Audit process:** All files, configs, and shell script variables were thoroughly reviewed, locally validated, and successfully tested against actual cloud executions.
---
*Technical University of Košice — KEMT FEI — Cloud Technologies — 2026*
Reference in New Issue View Git Blame Copy Permalink