This repo contains code to build a containerized static website using docker and Nginx. The static content is in index.html file, and Nginx is the web server. The Dockerfile is to build the docker image.
Run the following command to build a image:
cd devops_challenge_jianx
docker build -t webdemo .
docker images
To run the image in a Docker container, use the following command
docker run --rm -p 80:80 webdemo
Note: Use --rm
option to remove container automatically.
This will start the website on port 80. if you visit http://localhost and you will be able to see the static webpage.
Ctrl+C to stop the current container.
Please refer to README.md under terraform_aws_infra
for the creation of AWS resources, which are used to host this static website.
AS shown in the following architectural diagram, the dockerized web application is hosted on EC2, which is fronted by CloudFront to globalise content delivery. the domain name http://web.jiandevops.link is managed by Route53. A tls certificate was created and managed by ACM to enabled https connection.
Jenkins web server is manually hosted on a AWS EC2 instance, the Jenkinsfile
under cicd
folder is used to create a CICD pipeline to deploy this web application to AWS EC2.
Steps to be followed to set up Jenkins CICD pipeline are :
- Create pipeline in Jenkins
- Set the definition to Pipeline script from SCM within the pipeline configuration
- Add github repository URL
- Set Jenkinsfile path in the Script Path
- Set up webhooker on github application repository, in order to automatically trigger the pipeline when a change is pushed to main branch
The pipeline stages include:
- Build image based on the Dockerfile
- Authenticate Docker client to AWS ECR
- Push image to ECR
- Deploy to remote web host
The pipeline output looks like this when run successfully.
Security improvement:
- deploy an Application Load Balancer in the public subnet
- associate web host EC2 with private subnet
- set up EC2 security groups rules to allow incoming traffics only from ALB
- update the distribution in CloudFront with the origin of ALB endpoint
Scalabilty and performance improvement
- Set up an auto-scaling group (ASG) of EC2 instances to host the website instead of a single instance in private subnet
- deploy an Application Load Balancer in the public subnet, and targeting ASG
Others
- Set up a Jenkins pipeline to manage resources with Terraform
The Alternative solution would be to host a static website with AWS S3 bucket, which, in my opinion, is a better alternative in this case, as S3 is one of the AWS resources with highest availability.
The reason why i didn't use AWS S3 is that I would like to demonstrate my technical skills on docker and container management.
- Create dedicated VPC and subnets for the project to improve security
- Deploy the containerized application to AWS ECS Fargate or AWS EKS in private subnets with multi-AZ set-up, depending on the type of the app and the needs of the business
- Create API gateway, Lambda function or DynnamoDB resources if needed, especially when dynamic contents need to be delivered to the website.
- Set up a monitoring dashboard to monitor the performance of the website, especially Throughput, Error rate, Latency and Saturation.
- Set up terraform backend on AWS S3 and DynamoDB, to make teamwork easier
- Create multi-branch CICD pipeline on Jenkins instead of single branch to improve development efficiency