Skip to content

This project is centered around the design, development, and organization of a full-stack web application.

License

Notifications You must be signed in to change notification settings

kichkiro/ft_transcendence

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ft-transcendence

ft-transcendence

This project is about doing something you’ve never done before.

Remind yourself the beginning of your journey in computer science.

Look at you now. Time to shine!

subject v.15

📌 - Dependencies (for Ubuntu 24.04LTS)

  • docker
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
  • make
sudo apt install make

🛠️ - Usage

git clone https://github.com/kichkiro/ft_transcendence.git
cd ft_transcendence/project
  • make up:
    • create images
    • create volumes
    • create networks
    • start containers
  • make down:
    • stop containers
    • remove containers
    • remove networks
  • make stop:
    • stop containers
  • make start:
    • start containers
  • make clean:
    • remove all containers
    • remove specified images (can specify with "make [re|clean] IMAGES=<image_name> ...", otherwise removes all images)
    • remove all volums
  • make fclean:
    • make clean
    • remove all networks
    • remove all build cache
  • make re:
    • make clean
    • make up

🐋- Docker Infrastracture

topology

🛡️ Security

Below are the security measures that have been taken to protect the infrastructure:

  • Network Segmentation: All east-west traffic in the docker infrastructure was dropped by default through the OS firewall iptables.

  • Web Application Firewall: ModSecurity's WAF has been implemented as a module of Nginx, it serves to protect the web application from common attacks and vulnerabilities, such as SQL injection, cross-site scripting (XSS) and other known threats.

  • Non-Root Containers: VMware Bitnami images were used, renowned for its additional security over the official images, including non-root user by default.

  • Hashicorp Vault:

  • TLS Certs:

    • Create role for host webclient:
    docker exec -e VAULT_TOKEN=<ROOT_TOKEN> vault \
    vault write pki_int/roles/webclient \
    allow_any_name=true \
    max_ttl="24h"
    • Create certificate for host webclient:
    response=$(curl -k -X POST \
      -H "X-Vault-Token: <ROOT_TOKEN>" \
      -H "Content-Type: application/json" \
      -d '{
        "common_name": "webclient",
        "ttl": "24h"
      }' https://10.0.0.1:8200/v1/pki_int/issue/webclient)
    • Extract certificate, key and ca:
    echo "$response" | jq -r '.data.certificate' > webclient.crt
    echo "$response" | jq -r '.data.private_key' > webclient.key
    echo "$response" | jq -r '.data.ca_chain[0]' > webclient-ca.crt
    • Create a keystore, set a password and remember it:
    openssl pkcs12 -export \
    -in webclient.crt \
    -inkey webclient.key \
    -out keystore.p12 \
    -name ft-transcendence-webclient \
    -CAfile webcalient-ca.crt \
    -caname root
    • Import KeyStore to your browser, now you can access to containers via web ui.

    • Cleanup:

    rm -f keystore.p12 && rm -f webclient.crt && rm -f webclient.key && rm -f webclient-ca.crt

📚 - References

⚖️ - License

See LICENSE


Work in Progress ...

About

This project is centered around the design, development, and organization of a full-stack web application.

Topics

Resources

License

Stars

Watchers

Forks