Generally, your submission should demonstrate good security practices. Show us your understanding of security best-practices: TLS/SSL settings in your nginx configuration, how you manage third-party dependencies, and restrict access to sensitive files.
config/nginx.conf by writing a
server directive(s) that proxies to the upstream
- Nginx should accept requests on ports 80 and 443
httprequests should permanently redirect to their
- Use the provided
files/self-signed.keyfor your SSL configuration
- Your SSL configuration should use modern, secure protocols and ciphers
- Nginx should proxy requests to the application using an
- Pass headers
X-Real-IPto the upstream application with appropriate values
playbook.yml such that it:
- Installs nginx and runit
files/self-signed.crtto appropriate locations on the destination box
- Ensure appropriate file permissions are set for each of the three files mentioned above
- Copies and unzips/untars the contents of application.zip to
/opt/application/on the destination box
- Installs and configures the application's
runscript as a runit service
- Starts nginx using the configuration you completed and copied to the box
You can test that your playbook works by running
Be aware that
provision.sh destroys and recreates the Vagrant box each time it is run.
A working configuration will render:
Pass: status code is 200 Pass: X-Forwarded-For is present and not 'None' Pass: X-Real-IP is present and not 'None' Pass: found "It's easier to ask forgiveness than it is to get permission." in response
- You can find a suitable runit package at https://packagecloud.io/imeyer/runit
- Do not alter the
- Do not include
.retryfiles, or other detritus.
- Do add notes on running your solution, or why you choose a particular solution, in a COMMENTS.md file.
- Avoid chaining commands using