{"id":37186281,"url":"https://github.com/m1chach/deployment-controller","last_synced_at":"2026-01-14T21:36:12.960Z","repository":{"id":172411691,"uuid":"648947922","full_name":"M1chaCH/deployment-controller","owner":"M1chaCH","description":"controls the deployments on my server. manages authentication and authorisation to different project. provide server metrics and project observability.","archived":false,"fork":false,"pushed_at":"2025-06-01T07:59:19.000Z","size":870,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-06-12T11:25:57.054Z","etag":null,"topics":["docker","elastic","elastic-agent","fleet","gin","go","golang","kibana","logrus","nginx","routing","security","svelte","svelte-kit"],"latest_commit_sha":null,"homepage":"https://host.michu-tech.com","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/M1chaCH.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-06-03T09:46:23.000Z","updated_at":"2025-06-01T07:59:22.000Z","dependencies_parsed_at":"2024-09-07T02:27:16.270Z","dependency_job_id":"eb6dbf45-6d7b-4671-a530-07073da77764","html_url":"https://github.com/M1chaCH/deployment-controller","commit_stats":null,"previous_names":["m1chach/deployment-controller"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/M1chaCH/deployment-controller","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/M1chaCH%2Fdeployment-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/M1chaCH%2Fdeployment-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/M1chaCH%2Fdeployment-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/M1chaCH%2Fdeployment-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/M1chaCH","download_url":"https://codeload.github.com/M1chaCH/deployment-controller/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/M1chaCH%2Fdeployment-controller/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28435473,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T21:32:52.117Z","status":"ssl_error","status_checked_at":"2026-01-14T21:32:33.442Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","elastic","elastic-agent","fleet","gin","go","golang","kibana","logrus","nginx","routing","security","svelte","svelte-kit"],"created_at":"2026-01-14T21:36:12.364Z","updated_at":"2026-01-14T21:36:12.953Z","avatar_url":"https://github.com/M1chaCH.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# deployment-controller\nThis project is the top layer to my webserver. It features a reverse proxy that routes all the requests via an auth request to the expected projects, a backend that handles the auth requests and a small UI for a small overview and a login screen.\n\nAlso, there is a whole elastic stack behind it with multiple agents monitoring and observing the system.\nAt this point it can be tracked what every single client does on my servers. (A client is a set of devices, and a device is an ip address and an agent)\n\n## features\n- [x] `n` projects behind one domain, with subdomains or locations\n- [x] optionally require login to access the project\n- [x] actually secure login (? 🙃)\n  - [x] SQL injection protection\n  - [x] XSS protection\n  - [x] secure JWT\n  - [x] secure hash for password store\n  - [x] MFA\n  - [x] no session fixation\n  - [x] secure to CSRF\n  - [x] ABAC\n  - [ ] protection against brute force\n- [x] store who accessed the pages\n- [x] attempt to track a single user across multiple devices (when on my servers)\n- [x] visualize who accessed the pages (kibana)\n  - [ ] implement mini dashboard on the admin page on the host site\n- [x] logging, that makes performance and quality reviews easy (kibana)\n- [ ] send informative mails to the admin and the users\n- [x] (close to) completely stateless backend\n- [ ] oAuth solution to enable central user management accross all projects\n\n## tech stack\n- nginx\n- docker\n- postgres\n- go + gin + logrus\n- sveltekit\n- elastic, kibana, filebeat, fleet, agents, apm\n\n## dev\nWhen developing, it helps to have a reverse proxy setup so that everything can be tested. To make this process easy, I have created the dev-env dir.\n\n### proxy\n```bash\ndocker compose up -d -f ./dev-env/docker-compose.yml\n```\n**subdomains**  \nTo use subdomains in localhost *(on mac)* I had to modify the `/etc/hosts` file. I added lines like this:\n```\n127.0.0.1 michu-tech-dev.net\n127.0.0.1 host.michu-tech-dev.net\n127.0.0.1 host.backend.michu-tech-dev.net\n127.0.0.1 teachu.michu-tech-dev.net\n127.0.0.1 room-automation.michu-tech-dev.net\n127.0.0.1 kibana.michu-tech-dev.net\n```\n\n### k6\n[k6](https://k6.io/) is a test application that helps with testing truly parallel requests.  \nThis needs to be installed on the developers machine, otherwise the tests in `./backend-k6-test/script.js` won't run.\n\n### db\nThe file `./db/init.sql` creates the DB schema.  \nThe file `./dev-proxy/test-data.sql` inserts some test pages, so that you can test.  \n**A host page must exist. (even the host page has an auth request)**\n\n### elastic\nUsing Elasicsearch, Kibana, Fleet and so on to keep an overview of my system.\n\nHere is a list of things that are in use on my elastic stack.\n- [Nginx Metrics and Logs](https://www.elastic.co/docs/current/en/integrations/nginx)\n- [Postgres Metrics](https://www.elastic.co/docs/current/integrations/postgresql)\n- [Docker Metrics](https://www.elastic.co/docs/current/en/integrations/docker)\n- [Docker Container logs](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-container.html)\n  - since I have a lot of projects that just run in a docker container, it will be very usefull to see the all the logs without having to SSH onto the server.\n- [Backend with APM](https://www.elastic.co/guide/en/apm/agent/go/master/introduction.html)\n  - Requests should be logged\n  - Errors should be reported\n  - (maybe also log DB Queries, Postgres integration might be enough)\n- [Agent on Raspberry PI](https://www.elastic.co/guide/en/fleet/current/install-fleet-managed-elastic-agent.html)\n  - Get metrics and maybe logs from my raspberry pi\n- Helpful Kibana dashboards\n- Security or error alerts\n\n### backend\nThe backend can usually be started in the IDE or with `go run main.go`.  \nIn production the app will run in a docker container. To test the container run the following.  \n**The docker container uses the config-docker.yml config!**\n```bash\ndocker build --tag deployment_controller_dev_backend ./backend\n```\n```bash\ndocker run -p 8080:8080 --name dp_crtl_be deployment_controller_dev_backend\n```\n\n#### configuration\nThe backend can be configured in the config.yml file in its root directory.\nWhen running in production, this config can be overwritten by the environment variables.\nThe environment variables should be written in uppercase camel case.\n\n#### filebeat / elastic formatted logs\nCurrently, the backend writes its logs to a JSON file. The JSON structure matches elastic formatting. This makes further analysis in kibana rather easy.\nFilebeat is the tool that keeps track of the logfile from the backend and sends the new lines to elasticsearch.\n\n### frontend\nThe frontend can be started and built with the following command.  \nMake sure that a .env file exists with the `PUBLIC_BACKEND_URL` config. \n```bash\n# run the dev builds\nnpm run dev\n\n# compile for production\nnpm run build\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm1chach%2Fdeployment-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fm1chach%2Fdeployment-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm1chach%2Fdeployment-controller/lists"}