❗ Cybersecurity is a cornerstone of any development. Ensuring the integrity, availability, and security of services, as well as protecting customer and their data, is mandatory. While this repository provides guidelines to reduce the attack surface, it's impossible to guarantee 100% system security. Continuous learning and the implementation of a secure software development lifecycle are highly recommended.
Ubuntu Server Setup and Hardening
-
Clone repo
git clone https://github.com/glp-92/FullStack_CMS.git -
⚠️ .envand config files aregitignoredbut.example.envfiles are provided to see the configuration. These files must be renamed and configured as needed (ip, ports...)./.example.env=>./.env.production./frontend/clientapp/.example.env=>./frontend/clientapp/.env.production
-
Generate
initdbfile formysqlsetup which will create all users, databases and permissions needed- On local computer
export ENV_FILE=.env.production # change with custom env files mkdir ./backend/mysql/initdb bash ./backend/mysql/generate_initdb.sh
- If using
sshon a remote server, for security reasons (visit ssh hardening section) it's recommended to manually createinitdbfile with ownmysqldata that matchesenvfile
-
Generate
jarfile from Springboot Blog Servicesudo apt reinstall openjdk-17-jdk # If in a VM for deploy cd backend/blog-service ./mvnw clean install -DskipTests # with ls a mvnw file should be placed, will test with database so if it's not installed, skip it -
Generate
sslcertificates (currently self-signed)cd backend/auth-service/certs bash generate_certs.sh cd ../../.. cd frontend/reverse-proxy/certs bash generate_certs.sh
-
docker compose --env-file ./.env.production up --build -
Go to browser and check urls
https://localhosthttps://server-ip...