End-to-end DevOps implementation showcasing real-world production practices including CI/CD pipelines, containerization, cloud deployment, reverse proxy, HTTPS, monitoring, and infrastructure automation.
This project demonstrates an end-to-end DevOps implementation including:
- CI/CD Pipeline - Automated build, test, and deploy with GitHub Actions
- Dockerized Application - Multi-stage Docker builds for frontend and backend
- Cloud Deployment - AWS EC2 with Terraform infrastructure as code
- Reverse Proxy Setup - Nginx with load balancing and rate limiting
- HTTPS Configuration - Let's Encrypt SSL/TLS certificates
- Infrastructure Automation - Terraform for reproducible infrastructure
- Monitoring - Prometheus metrics collection + Grafana dashboards
ββββββββββββββββ
β Developer β
ββββββββ¬ββββββββ
β git push
ββββββββΌββββββββ
β GitHub β
β Repository β
ββββββββ¬ββββββββ
β triggers
ββββββββΌββββββββ
βGitHub Actionsβ
β CI/CD β
ββββ¬ββββββββ¬ββββ
β β
ββββββββββΌβββ ββββΌβββββββββ
β Docker β β Container β
β Build β β Registry β
ββββββββββ¬βββ ββββ¬βββββββββ
β β
ββββΌββββββββΌβββ
β AWS EC2 β
β Instance β
ββββββββ¬βββββββ
β
ββββββββΌβββββββ
β Nginx β
β + SSL/HTTPS β
ββββ¬ββββββββ¬βββ
β β
ββββββββββΌβββ ββββΌβββββββββ
β React β β Express β
β Frontend β β Backend β
βββββββββββββ βββββββ¬ββββββ
β
βββββββββββββββΌββββββββββββββ
β Prometheus β Grafana β
β (Metrics) (Dashboards) β
βββββββββββββββββββββββββββββ
| Component | Technology |
|---|---|
| Frontend | React.js |
| Backend | Node.js / Express |
| Containerization | Docker |
| CI/CD | GitHub Actions |
| Cloud Provider | AWS EC2 |
| Web Server | Nginx |
| SSL | Let's Encrypt |
| Infrastructure | Terraform |
| Metrics | Prometheus |
| Dashboards | Grafana |
βββ frontend/ # React.js frontend application
β βββ public/ # Static assets
β βββ src/ # React source code
β β βββ components/ # Reusable components
β β βββ App.js # Main application component
β β βββ index.js # Entry point
β βββ Dockerfile # Multi-stage frontend build
β βββ nginx.conf # Frontend Nginx config (SPA routing)
β βββ package.json
β
βββ backend/ # Node.js / Express backend API
β βββ src/
β β βββ routes/ # API route handlers
β β βββ __tests__/ # Unit tests
β β βββ app.js # Express application setup
β β βββ server.js # Server entry point
β βββ Dockerfile # Backend container build
β βββ package.json
β
βββ nginx/ # Nginx reverse proxy configuration
β βββ nginx.conf # Main Nginx config
β βββ conf.d/
β βββ default.conf # Server blocks (HTTP/HTTPS)
β
βββ terraform/ # Infrastructure as Code
β βββ main.tf # AWS resources (EC2, SG, IAM)
β βββ variables.tf # Input variables
β βββ outputs.tf # Output values
β βββ user_data.sh # EC2 bootstrap script
β βββ terraform.tfvars.example # Example variable values
β
βββ monitoring/ # Monitoring stack
β βββ prometheus/
β β βββ prometheus.yml # Prometheus scrape config
β βββ grafana/
β βββ provisioning/ # Auto-provisioned dashboards
β
βββ .github/workflows/ # CI/CD pipelines
β βββ ci.yml # Continuous Integration
β βββ cd.yml # Continuous Deployment
β
βββ scripts/ # Utility scripts
β βββ setup.sh # Local development setup
β βββ deploy.sh # Manual deployment script
β βββ ssl-setup.sh # SSL certificate setup
β
βββ docker-compose.yml # Production compose
βββ docker-compose.dev.yml # Development overrides
βββ .env.example # Environment variable template
1. Developer pushes code to GitHub
β
2. GitHub Actions pipeline triggers automatically
β
3. ββ Backend: Lint + Unit Tests
ββ Frontend: Lint + Build
β
4. Docker images build (multi-stage)
β
5. Images pushed to GitHub Container Registry (GHCR)
β
6. Application auto-deploys on EC2 via SSH
β
7. Nginx serves the app securely over HTTPS
- IAM Role-Based Access Control - EC2 instance uses IAM roles (no static keys)
- HTTPS with SSL - Let's Encrypt certificates with auto-renewal
- Firewall Rules - Security group allows only ports 22, 80, 443
- Security Headers - Nginx adds X-Frame-Options, CSP, XSS-Protection, etc.
- Rate Limiting - Nginx rate limits for API and general endpoints
- Non-Root Containers - Backend runs as non-root user inside Docker
- Container Health Checks - Automatic container health monitoring
- Environment Variables - Secrets managed via
.envfiles (never committed) - Helmet.js - HTTP security headers for Express backend
- Docker & Docker Compose
- Node.js 18+ (for local development)
- Terraform (for infrastructure provisioning)
git clone https://github.com/risecyber7-cyber/devmachine.git
cd devmachine# Copy example environment files
cp .env.example .env
cp backend/.env.example backend/.env
cp frontend/.env.example frontend/.env
# Edit .env files with your values# Production mode (all services)
docker-compose up --build -d
# Development mode (frontend + backend only)
docker-compose -f docker-compose.yml -f docker-compose.dev.yml up --build -d
# Or use the setup script
chmod +x scripts/setup.sh
./scripts/setup.sh| Service | URL |
|---|---|
| Frontend | http://localhost:3000 |
| Backend | http://localhost:5000 |
| API Health | http://localhost:5000/api/health |
| Prometheus | http://localhost:9090 |
| Grafana | http://localhost:3001 |
cd terraform
cp terraform.tfvars.example terraform.tfvars
# Edit terraform.tfvars with your AWS credentials and configurationterraform init
terraform plan
terraform apply# SSH into EC2 instance
ssh -i ~/.ssh/your-key.pem ec2-user@<EC2_PUBLIC_IP>
# Run SSL setup
chmod +x scripts/ssl-setup.sh
./scripts/ssl-setup.sh your-domain.com your-email@example.comConfigure these secrets in your GitHub repository settings (Settings > Secrets and variables > Actions):
| Secret | Description |
|---|---|
EC2_HOST |
EC2 instance public IP or domain |
EC2_SSH_KEY |
Private SSH key for EC2 access |
AWS_ACCESS_KEY_ID |
AWS access key (optional, for ECR) |
AWS_SECRET_ACCESS_KEY |
AWS secret key (optional, for ECR) |
| Method | Endpoint | Description |
|---|---|---|
| GET | /api/health |
Health check status |
| GET | /api/info |
Project information |
| GET | /api/data |
Sample data endpoint |
| GET | /metrics |
Prometheus metrics |
- Collects backend application metrics (request rates, response times, memory, CPU)
- Scrapes metrics every 15 seconds
- 15-day data retention
- Pre-configured dashboard for backend metrics
- Default login:
admin/admin(change in.env) - Auto-provisioned Prometheus datasource
- Kubernetes deployment (EKS)
- Blue-Green deployment strategy
- Auto-scaling setup with ASG
- Centralized logging with ELK stack
- Database integration (PostgreSQL/MongoDB)
- Redis caching layer
- API rate limiting with Redis
- Automated security scanning (Trivy, Snyk)
- Slack notifications for deployment status
Keshav Kumar - Cloud & DevOps Enthusiast
This project is open source and available under the MIT License.