π£οΈ SpeakX Java REST API Project
π Overview
This project demonstrates a complete end-to-end setup for deploying a 𧩠Spring Boot-based REST API using π Docker, π§βπ» GitHub Actions for CI/CD, and ποΈ Terraform for Infrastructure as Code (IaC). It follows industry best practices to ensure π security, π scalability, and π οΈ maintainability.
π§ Project Components
π Spring Boot Application
- π Description: A simple REST-based API built with Spring Boot in Java.
- π Port: The application runs on port
8080.
- π οΈ Build Process:
- Two-Stage π³ Docker Build:
- Build Stage:
- Uses β Amazon Corretto 21 Alpine and Maven to build the application and create a JAR file.
- Run Stage:
- Uses β OpenJDK 21 JDK Slim to run the application.
- Exposes port
8080 with the command: java -jar speakXDemo.jar.
π Docker
- π Dockerfile:
- ποΈ Multi-stage build to optimize the size of the final image.
- Ensures the build and runtime environments are cleanly separated.
- π§ Docker Compose:
- Maps port
8080 of the container to port 80 on the host (EC2 instance).
βοΈ CI/CD Pipeline (GitHub Actions)
- π
Triggers:
- π±οΈ Manual trigger.
- π Automatic trigger on changes made in the
speakXDemo directory.
- π Steps:
- ποΈ Build the Docker image.
- π€ Push the Docker image to Docker Hub.
- π Deploy the application to an EC2 instance.
- π Secrets Used:
DOCKER_USERNAME and DOCKER_PASSWORD for π³ Docker Hub login.EC2_SSH_KEY for π SSH access to the EC2 instance.EC2_HOST and EC2_USER for EC2 connection.
- π¦ Deployment:
- Copies the
docker-compose.yml file from the repository to the EC2 instance.
- Installs π³ Docker and π Docker Compose if not already present on the EC2 instance.
- Logs into Docker Hub and pulls the latest image.
- Runs
docker-compose up -d to start the SpeakX API.
- π¦ Modules:
- π VPC Module:
- Creates a π VPC, π§ subnets, π internet gateway, πΊοΈ route table, and associates the route table.
- π‘οΈ Security Group Module:
- Configures rules to allow:
- Port 22 for π SSH.
- Port 80 for π HTTP traffic.
- Port 443 for π HTTPS traffic.
- π» EC2 Module:
- Creates a
t2.micro instance in the us-east-1 region.
- Associates an existing
portfolio.pem π key pair.
- Allocates and attaches a pre-created π Elastic IP to the instance.
- Installs and configures π NGINX as a reverse proxy.
- Adds an SSL certificate using π Certbot (Letβs Encrypt) for secure communication.
- βοΈ Pipeline:
- Runs on π§βπ» GitHub Actions to provision the infrastructure securely.
- π Steps:
terraform initterraform validateterraform plan -out=tfplanterraform apply -auto-approve tfplan
- π Secrets Used:
AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY for π AWS authentication.TF_VAR_EC2_HOST for dynamic Terraform variables.
- π DNS Configuration:
- The domain is purchased from π·οΈ Namecheap.
- π©οΈ Cloudflare is used as the DNS provider for π CDN and π‘οΈ DDoS protection.
- Subdomain
devops is pointed to the π Elastic IP through Cloudflareβs π name servers.
π Step-by-Step Guide
π₯οΈ Running the Application Locally
- Clone the repository:
git clone https://github.com/rohan3004/DevOps-Showcase.git
- Go into speakXDemo Directory:
- ποΈ Build the Docker image:
docker build -t speakx-demo-app .
- π Run the Docker container:
docker run -p 8080:8080 speakx-demo-app
- π Access the API at
http://localhost:8080.
π οΈ Prerequisite
To ensure a smooth setup, please verify the following prerequisites:
- π³ Docker Hub Account
- Ensure you have a π³ Docker Hub account.
- Keep your π§βπ» username and π password ready for authentication.
- βοΈ AWS Key-Value Pair
- You should have already created a π key-value pair in βοΈ AWS.
- Provide the π key-value pair name in the π οΈ Terraform EC2 module configuration.
- π Elastic IP and π Domain Configuration
- Allocate an π Elastic IP in βοΈ AWS.
- Configure your π domain to point to the allocated π Elastic IP.
βοΈ Setting Up CI/CD Pipeline
- Add the following π secrets in your GitHub repository
app-deploy.yml:
DOCKER_USERNAME -> Your docker UsernameDOCKER_PASSWORD -> Your docker PasswordEC2_SSH_KEY -> Your ssh key that you created in the prerequisite part.EC2_HOST -> Your Elastic IP provided by AWS or a domain main pointing to that ipEC2_USER -> By Default, ubuntu
- Push changes to the
speakXDemo directory or trigger the workflow manually from π§βπ» GitHub Actions.
- β οΈ Also make changes to the π οΈ
docker-compose.yml according for the image name and tag in π³ docker hub.
- β οΈ Make necessary changes in the π οΈ
app-deploy.yml for the image name and tag.
- Add the following π secrets in your GitHub repository
IaC Pipeline.yml, for best practices create an IAM User for terraform:
AWS_ACCESS_KEY_ID -> Get its Access KeyAWS_SECRET_ACCESS_KEY-> Get its Secret Access Key
- β οΈ Make necessary changes in the
variables.tf present in ec2 module for the domain name and key-value pair name.
- Run (to validate everything before triggering the pipeline):
- Push changes to the
terraform directory or trigger the workflow manually from π§βπ» GitHub Actions.
- β
Verify that the EC2 instance, π VPC, and other resources are created successfully in π AWS.
π Accessing the Application
After deployment, the π API will be available exclusively via secure π HTTPS, using the π domain specified during the setup process. For example:
https://devops.rohandev.online (secured with π SSL through an π NGINX proxy).
β¨ Key Features
- π Security:
- Sensitive credentials stored in π§βπ» GitHub secrets.
- π SSL encryption for secure communication.
- π©οΈ Cloudflare for π CDN and π‘οΈ DDoS protection.
- π Scalability:
- Modular ποΈ Terraform setup for easy expansion.
- π Docker for consistent runtime environments.
- π€ Automation:
- π§βπ» GitHub Actions pipelines for βοΈ CI/CD and ποΈ IaC.
π Conclusion
This project provides a comprehensive example of modern π οΈ DevOps practices, combining π§βπ» application development, π containerization, βοΈ CI/CD pipelines, and ποΈ infrastructure automation. Whether youβre a beginner or an experienced developer, this repository serves as a solid foundation for building and deploying π cloud-native applications.