A small static website that uses Docker+nginx, EC2 and Afraid.org DNS
sudo docker container run -d --name test-nginx --mount type=bind,source=/home/ubuntu/,target=/var/www/html/ -p 80:80 nginx_site:0.1
- crontab (automation) for FreeDNS script - Semi-complete, considering doing this with Terraform ✅
- Logging - EFK Stack - Priority ⚡
- Grafana - Priority ⚡
- Actual Site Content(SoonTM) - Low priority ⬇️
- StartTree - Low priority ⬇️
- index.html and CSS to handle
font-family
tags instead of letting each tag use it individually. - Basic Implementation Done ✅ - Gitea - Low priority ⬇️
- Document the method to add emoji unicode to the <title> tag - Low priority ⬇️
- Rewrite the Dockerfile - Priority ⚡
▶️ In Progress
- Exposing EC2 Port 80 for testing to 0.0.0.0/0 ::0 allows brute-force GET/POST attacks looking for unpatched 0-Day exploits.
- If a suspected breach has occured on the EC2 instance, nuke .ssh/* on the compromised host, immediately close off ports on AWS Console from internet, invalidate the dirty SSH keys and terminate the instance ASAP.
- Recreating an EC2 testing instance takes long, requires doing a full-upgrade and apt-get upgrade, and then installing Docker. Look into cutting down time with Terraform and ArgoCD.
- 0.1 - Initial Commit. Created Dockerfile. Broke the html in vim when trying to test docker volume bind mounts.
- 0.2:
- Security hardening, nginx config rebuilt from the ground up to mitigate brute force attacks via HTTP/S.
- Enabled Snyk container image scanning and GitHub workflows.