NextGen Web Application
🌐

NextGen Web Application

Progress TrackerProgress Tracker

Overview

Problem statement

After a recent interview I realized some of my fundamentals were not up to snuff. While I know a lot regarding security practices and how to test web applications, I think I rely too much on tools and automations. So I have decided to build out a full web application in my home lab.

Proposed work

This project aims to develop a robust web application that demonstrates a fully functional, scalable, and secure platform. The application will feature user authentication, blog functionality, file upload capabilities, and will be built using a microservices architecture to ensure scalability and flexibility. The application will be containerized and orchestrated using Docker and Kubernetes, with comprehensive monitoring and security strategies in place. All work will be tracked in Asana using a Kanban board.

Success criteria

The criteria that must be met in order to consider this project a success.

  • Complete within 6 months.
  • Learn about different technologies in the stack
  • Improve Java coding skills
  • Perform secure code reviews and harden environment

Objectives

  • Learn and Implement Advanced Technologies: Gain hands-on experience with technologies like Spring Boot, React, Docker, Kubernetes, and more.
  • Demonstrate Full-Stack Development Capabilities: Build a complete application from the ground up, including both front-end and back-end components.
  • Ensure Scalability and Security: Use modern practices to ensure the application can scale effectively and remain secure against common vulnerabilities.
  • Prepare for Deployment: Set up a production-like environment using an old gaming PC to simulate real-world application deployments.

Features

  • User Authentication: Secure login and registration using Keycloak.
  • Blog Functionality: Ability for users to write and publish blog posts, managed through Ghost CMS.
  • File Upload: Users can upload files securely, stored in MinIO.
  • Responsive Frontend: A sleek, responsive UI using React and Bootstrap.
  • API Management: Efficient handling of API requests through Kong API Gateway.
  • Load Balancing: Distributing incoming traffic using Nginx to improve fault tolerance and response time.
  • Monitoring and Logging: Using Prometheus and the ELK stack for insights into application performance and logs.
  • Security: Application-level security with ModSecurity, SSL encryption via Let's Encrypt.

Tools and Technologies

  • Frontend: React, Bootstrap
  • Backend: Spring Boot
  • Database: PostgreSQL
  • Authentication: Keycloak
  • API Gateway: Kong
  • File Storage: MinIO
  • Blog CMS: Ghost
  • Server: Ubuntu Server (Headless)
  • Containerization: Docker
  • Orchestration: Kubernetes
  • Monitoring: Prometheus, ELK Stack
  • Security: ModSecurity, Let's Encrypt
  • Backup: Bacula

Timeline (good luck me)

  1. Phase 1 - Environment Setup: 1-2 weeks
  2. Phase 2 - Core Development: 5-6 weeks
  3. Phase 3 - Enhancements and Optimization: 3-4 weeks
  4. Phase 4 - Testing and Deployment: 2-3 weeks
  5. Phase 5 - Review and Documentation: 1 week