On some operating systems, such as Windows 10 Home or MacOS, you probably will need to install VirtualBox for Vagrant to function. We've tested this assignment only on 64-bit x86 architectures, and it may not work correctly on other hardware platforms.
Generally, your submission should demonstrate good security practices. Show us your understanding of security best-practices: TLS/SSL settings in your nginx configuration, how you manage third-party dependencies, and restrict access to sensitive files.
config/nginx.conf by writing a
server directive(s) that proxies to the upstream
- Nginx should accept requests on ports 80 and 443
httprequests should permanently redirect to their
- Use the provided
files/self-signed.keyfor your SSL configuration
- Your SSL configuration should use modern, secure protocols and ciphers
- Nginx should proxy requests to the application using an
- Pass headers
X-Real-IPto the upstream application with appropriate values
playbook.yml such that it:
- Installs nginx
files/self-signed.crtto appropriate locations on the destination box
- Ensures appropriate file permissions are set for each of the three files mentioned above
- Copies and unzips/untars the contents of application.zip to
/opt/application/on the destination box
- Installs and configures the application's
runscript as a systemd service
- Starts nginx using the configuration you completed and copied to the box
You can test that your playbook works by running
./provision.sh. Be aware that
provision.sh destroys and recreates the Vagrant box each time it is run.
A working configuration will render:
Pass: status code is 200 Pass: X-Forwarded-For is present and not 'None' Pass: X-Real-IP is present and not 'None' Pass: found "It's easier to ask forgiveness than it is to get permission." in response
- Do add notes on running your solution, or why you choose a particular solution, in a COMMENTS.md file.
- Don't alter the
- Don't include
.retryfiles, or other detritus.
- Avoid chaining commands using