COMEM+ Architecture & Deployment course

In this course you will learn:

• How to deploy applications on a Linux server on an IaaS platform (Amazon Web Services).
• How to deploy applications on a PaaS platform (Heroku).

In pursuit of this goal, you will learn:

• How to use the command line and version control.
• The basics of Unix system administration and cloud computing architectures.
• Good security practices related to system administration and web applications.

This course is a COMEM+ web development course taught at HEIG-VD.

• Plan
• What you will need
• Exercises
• Useful links
• How to improve our basic deployment
• References

Plan

• Introduction
  • Command line
  • Secure Shell (SSH)
    • Video
• Version control
  • Version control with Git
    • Video
  • Git branching
    • Video
  • Collaborating with Git
    • Video
• Security
  • Open Web Application Security Project
  • OWASP Top 10 - The Ten Most Critical Web Application Security Risks
    • Video: OWASP Top 10 & exercise
    • Video: PHP TodoList injection vulnerability
    • Video: PHP TodoList XSS vulnerability
• Basic deployment
  • Cloud computing
    • Video
  • Linux
    • Video
  • Unix basics & administration
    • Video: file system, users, permissions & administrative access
    • Video: user management & permission management
  • Unix processes
    • Video: process IDs & exit statuses
    • Video: streams, pipelines & signals
  • Unix networking
    • Video
  • APT
    • Video
• How to improve our basic deployment
  • Video 1
  • Video 2
• Advanced deployment
  • Twelve-factor app
    • Video
  • Unix environment variables
    • Video
  • Linux process management
    • Video
  • Domain Name System (DNS)
    • Video
  • Reverse proxying
    • Video
    • Video: symbolic links
  • TLS/SSL certificates
    • Video
• Automated deployment
  • Shell scripting
    • Video
  • Git hooks
    • Video
• Platform-as-a-Service (PaaS)
  • Heroku
• Software development (extra)
  • Continuous software development
  • Automated testing

What you will need

• A Unix CLI (Git Bash is included with Git on Windows)
• Git
• A free GitHub account
• Google Chrome (recommended, any browser with developer tools will do)
• A free Heroku account
• The Heroku CLI

Exercises

• Version control
  • Collaborative exercise (graded)
    • Video 1
    • Video 2
  • Clone a repository from a server
  • Push a repository to a server
• Unix
  • Permissions
    • Video: instructions
    • Solutions
  • Pipeline
    • Video, solutions)
• Basic deployment
  • Run your own virtual server on Amazon Web Services
    • Diagram
  • Deploy a PHP application with SFTP
    • Video: instructions
    • Video: architecture
    • Diagram
• Advanced deployment
  • Deploy a PHP application with Git
    • Video: instructions
    • Video: solution
    • Diagram
  • Configure a PHP application through environment variables
    • Video: instructions
    • Video: solution
    • Video: architecture
    • Diagram
  • Manage a PHP application with systemd as a Process Manager
    • Video: instructions
    • Video: solution
    • Diagram
  • Configure a domain name
    • Video: instructions
    • Video: solution
    • Video: architecture
  • Deploy a static site with nginx
    • Video: instructions
    • Video: solution
    • Diagram
  • Deploy a PHP application with nginx and the FastCGI process manager
    • Video: instructions
    • Video: solution
    • Diagram
  • Provision a Let's Encrypt TLS certificate with Certbot
    • Video: instructions
    • Video: solution
  • Set up an automated deployment with Git hooks
    • Video: instructions
    • Diagram
  • Deploy a Node.js & Svelte application with a PostgreSQL database (graded)
    • Video: instructions
• Platform-as-a-Service deployment
  • Deploy a PHP web page to Heroku
  • Deploy web applications with a database to Heroku
• Extra
  • Deploy the One Chat Room web application (Node.js & MongoDB)
    • Diagram
  • Deploy the Big Browser web application (Node.js & Redis)
  • Deploy the WOPR web application (Ruby & Redis)
  • Configure nginx as a load balancer

Useful links

• Command line cheatsheet
• System administration cheatsheet
• Git cheatsheet
• Final Test Matter

How to improve our basic deployment

The basic SFTP deployment of the PHP TodoList has several flaws which we will fix during the rest of the course:

• Transfering files manually through SFTP is slow and error-prone. We will use Git to reliably transfer files from our central codebase and easily keep our deployment up-to-date over time.
• Hardcoding configuration is a bad practice. We will use environment variables so that our application can be dynamically configured and deployed in any environment without changing its source code.
• Starting our application manually is not suitable for a production deployment. We will use a process manager to manage the lifecycle of our application: starting it automatically when the server boots, and restarting it automatically if it crashes.
• Accessing a web application through an IP address is not user-friendly. We will obtain a domain and configure its DNS zone file so that our application is accessible with a human-readable domain name.
• Using a non-standard port is not user-friendly either. We will run the application on port 80 or 443 so that the end user does not have to specify a port in the browser's address bar.
• Running our application server directly on port 80 or 443 will cause a problem: only one process can listen on a given port at the same time. We need another tool to support multiple production deployments on the same server. That will be the job of a reverse proxy like Apache or nginx.
• Our application is not secure as indicated by the browser, because it is served over HTTP and not HTTPS. We will obtain a TLS/SSL certificate signed by a trusted certificate authority so that our application can be served over HTTPS and recognized as secure by browsers.
• The PHP Development Server is not meant to deploy applications in production environments. We will use the FastCGI Process Manager to perform a production-grade deployment, making our application more resilient and able to serve more clients concurrently.

References

These are the main references used throughout this course. More detailed and additional links to various online articles and documentation can be found at the end of each subject.

• The Linux Documentation Project
  • Advanced Bash-Scripting Guide
• SSH, The Secure Shell: The Definitive Guide - Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
• The Git Book
  • Chapter 1 - Getting Started
  • Chapter 2 - Git Basics
  • Chapter 3 - Git Branching
  • Chapter 5 - Distributed Git
  • Chapter 8 - Customizing Git - Git Hooks
• Open Web Application Security Project
  • OWASP Top Ten
• Ops School Curriculum
  • Sysadmin 101
  • Unix Fundamentals 101
  • Unix Fundamentals 201
  • Networking 101
  • Networking 201
• The Internet Explained From First Principles
• The Twelve-Factor App
• Systemd Manual
  • Unit Configuration
  • Service Configuration
• nginx documentation
  • Beginner's Guide
  • Configuring HTTPS Servers
• Heroku Dev Center

Wikipedia is also often referenced, namely these and related articles:

• Secure Shell
• Cloud Computing
• Internet Protocol
  • IP Address
  • Port (Computer Networking))
• Domain Name System
• Environment Variable
• Reverse Proxy
• Public Key Certificate