{"id":47819158,"url":"https://github.com/solomonkassa/nginx-automation","last_synced_at":"2026-04-03T19:01:44.980Z","repository":{"id":334454928,"uuid":"967043826","full_name":"Solomonkassa/nginx-automation","owner":"Solomonkassa","description":"🚀 NGINX Automation Framework   A comprehensive, enterprise-grade NGINX automation framework designed for high-availability, security-focused, and scalable web infrastructure deployment.","archived":false,"fork":false,"pushed_at":"2026-01-24T21:34:37.000Z","size":42,"stargazers_count":5,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-01-25T10:08:26.167Z","etag":null,"topics":["ansible","ci-cd","doker","kubernetes","nginx","nginx-docker","prometheus","script","security","shell-script"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Solomonkassa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security/harden-nginx.sh","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-04-15T20:56:48.000Z","updated_at":"2026-01-25T09:25:40.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Solomonkassa/nginx-automation","commit_stats":null,"previous_names":["solomonkassa/nginx"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/Solomonkassa/nginx-automation","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Solomonkassa%2Fnginx-automation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Solomonkassa%2Fnginx-automation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Solomonkassa%2Fnginx-automation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Solomonkassa%2Fnginx-automation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Solomonkassa","download_url":"https://codeload.github.com/Solomonkassa/nginx-automation/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Solomonkassa%2Fnginx-automation/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31371639,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-03T17:53:18.093Z","status":"ssl_error","status_checked_at":"2026-04-03T17:53:17.617Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ci-cd","doker","kubernetes","nginx","nginx-docker","prometheus","script","security","shell-script"],"created_at":"2026-04-03T19:01:38.165Z","updated_at":"2026-04-03T19:01:44.945Z","avatar_url":"https://github.com/Solomonkassa.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🚀 NGINX Automation Framework\n\nA comprehensive, enterprise-grade NGINX automation framework designed for high-availability, security-focused, and scalable web infrastructure deployment.\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)\n[![GitHub Release](https://img.shields.io/github/v/release/your-org/nginx-automation)](https://github.com/Solomonkassa/nginx-automation/releases)\n[![Build Status](https://img.shields.io/jenkins/build?jobUrl=https%3A%2F%2Fjenkins.example.com%2Fjob%2Fnginx-automation)](https://jenkins.example.com/job/nginx-automation)\n[![Security Scan](https://img.shields.io/badge/security-scan-brightgreen)](SECURITY.md)\n[![Documentation](https://img.shields.io/badge/docs-comprehensive-blue)](https://docs.example.com/nginx-automation)\n\n## 📋 Table of Contents\n\n- [Overview](#overview)\n- [Key Features](#key-features)\n- [Architecture](#architecture)\n- [Quick Start](#quick-start)\n- [Installation](#installation)\n- [Configuration](#configuration)\n- [Deployment](#deployment)\n- [Monitoring](#monitoring)\n- [Security](#security)\n- [CI/CD Integration](#cicd-integration)\n- [Disaster Recovery](#disaster-recovery)\n- [Contributing](#contributing)\n- [License](#license)\n- [Support](#support)\n\n## 🌟 Overview\n\nThis framework provides a complete, production-ready solution for automating NGINX deployment and management across various environments. It incorporates industry best practices for security, performance, and reliability.\n\n**Purpose**: Streamline NGINX infrastructure provisioning, configuration management, certificate automation, monitoring, and disaster recovery processes.\n\n**Target Environments**: Production, Staging, Development, and Disaster Recovery sites.\n\n## 🚀 Key Features\n\n### 🔒 **Security**\n- Automatic SSL/TLS certificate management (Let's Encrypt)\n- WAF (Web Application Firewall) integration with OWASP Core Rule Set\n- Security headers enforcement (CSP, HSTS, X-Frame-Options)\n- Rate limiting and DDoS protection\n- Regular security scanning and vulnerability assessment\n\n### ⚡ **Performance**\n- Optimized caching strategies\n- HTTP/2 and HTTP/3 support\n- Gzip/Brotli compression\n- Load balancing with health checks\n- Connection pooling and keep-alive optimization\n\n### 🔄 **Automation**\n- Infrastructure as Code (Terraform)\n- Configuration Management (Ansible)\n- Container Orchestration (Kubernetes/Docker)\n- Automated certificate renewal\n- Zero-downtime deployments\n\n### 📊 **Monitoring \u0026 Observability**\n- Real-time metrics with Prometheus\n- Comprehensive dashboards with Grafana\n- Structured JSON logging\n- Distributed tracing support\n- Alerting with multiple notification channels\n\n### 🔧 **High Availability**\n- Multi-zone/multi-region deployments\n- Automated failover and recovery\n- Blue-green deployment support\n- Rolling updates with health checks\n- Backup and restore automation\n\n## 🏗 Architecture\n\n### Infrastructure Diagram\n```mermaid\ngraph TB\n    A[Client Requests] --\u003e B[Cloud Load Balancer]\n    B --\u003e C[NGINX Layer 1\u003cbr/\u003eEdge Proxies]\n    C --\u003e D[NGINX Layer 2\u003cbr/\u003eApplication Proxies]\n    D --\u003e E[Backend Services]\n    \n    F[Monitoring] --\u003e C\n    F --\u003e D\n    F --\u003e E\n    \n    G[CI/CD Pipeline] --\u003e H[Configuration Repository]\n    H --\u003e I[Deployment Manager]\n    I --\u003e C\n    I --\u003e D\n    \n    J[Security Scanner] --\u003e H\n    K[Certificate Manager] --\u003e C\n    K --\u003e D\n```\n\n### Directory Structure\n```\nnginx-automation/\n├── terraform/              # Infrastructure as Code\n│   ├── main.tf\n│   ├── variables.tf\n│   ├── outputs.tf\n│   └── modules/\n│       ├── network/\n│       ├── compute/\n│       └── security/\n├── ansible/               # Configuration Management\n│   ├── playbooks/\n│   │   ├── deploy-nginx.yml\n│   │   ├── security-harden.yml\n│   │   └── cert-renew.yml\n│   ├── roles/\n│   │   ├── nginx/\n│   │   ├── monitoring/\n│   │   └── security/\n│   └── inventories/\n│       ├── production/\n│       ├── staging/\n│       └── development/\n├── docker/                # Containerization\n│   ├── Dockerfile\n│   ├── docker-compose.yml\n│   ├── docker-compose.prod.yml\n│   └── entrypoint.sh\n├── kubernetes/           # Kubernetes Manifests\n│   ├── namespaces/\n│   ├── deployments/\n│   ├── services/\n│   ├── configmaps/\n│   ├── secrets/\n│   └── helm/\n│       └── nginx/\n│           ├── Chart.yaml\n│           ├── values.yaml\n│           └── templates/\n├── configs/              # NGINX Configurations\n│   ├── nginx.conf\n│   ├── conf.d/\n│   │   ├── security.conf\n│   │   ├── caching.conf\n│   │   ├── compression.conf\n│   │   └── logging.conf\n│   ├── sites-available/\n│   │   ├── app1.example.com.conf\n│   │   └── app2.example.com.conf\n│   └── templates/\n│       ├── nginx.conf.j2\n│       └── site.conf.j2\n├── scripts/              # Automation Scripts\n│   ├── deploy.sh\n│   ├── health-check.sh\n│   ├── cert-automation.sh\n│   ├── backup.sh\n│   ├── restore.sh\n│   ├── security-scan.sh\n│   └── performance-test.sh\n├── monitoring/           # Monitoring Stack\n│   ├── prometheus/\n│   │   ├── prometheus.yml\n│   │   ├── alert.rules\n│   │   └── dashboard.yml\n│   ├── grafana/\n│   │   ├── dashboards/\n│   │   │   ├── nginx-overview.json\n│   │   │   ├── security.json\n│   │   │   └── performance.json\n│   │   └── datasources/\n│   ├── loki/            # Log aggregation\n│   └── tempo/           # Tracing\n├── security/            # Security Configurations\n│   ├── ssl/\n│   │   ├── generate-certs.sh\n│   │   └── renew-certs.sh\n│   ├── waf-rules/\n│   │   ├── modsecurity.conf\n│   │   └── crs-setup.conf\n│   └── policies/\n│       ├── csp.json\n│       └── rate-limiting.json\n├── tests/               # Testing Suite\n│   ├── unit/\n│   │   └── nginx-test.bats\n│   ├── integration/\n│   │   └── api-test.sh\n│   ├── load-test/\n│   │   ├── k6-script.js\n│   │   └── locustfile.py\n│   ├── security-scan/\n│   │   ├── zap-scan.yml\n│   │   └── nmap-scan.sh\n│   └── compliance/\n│       ├── pci-dss.yml\n│       └── gdpr.yml\n├── ci-cd/               # CI/CD Pipelines\n│   ├── Jenkinsfile\n│   ├── .gitlab-ci.yml\n│   ├── github-actions.yml\n│   └── argo-cd/\n│       ├── application.yaml\n│       └── project.yaml\n├── docs/                # Documentation\n│   ├── architecture.md\n│   ├── deployment-guide.md\n│   ├── security-guide.md\n│   ├── troubleshooting.md\n│   └── api-reference.md\n├── .github/             # GitHub Workflows\n│   ├── workflows/\n│   ├── ISSUE_TEMPLATE/\n│   └── PULL_REQUEST_TEMPLATE/\n└── environments/        # Environment Configs\n    ├── production/\n    ├── staging/\n    └── development/\n```\n\n## 🚀 Quick Start\n\n### Prerequisites\n\n- Linux/Unix environment (Ubuntu 20.04+ recommended)\n- Docker and Docker Compose\n- Terraform v1.0+\n- Ansible v2.10+\n- kubectl and Helm v3+\n- Git\n\n### Quick Installation\n\n```bash\n# Clone the repository\ngit clone https://github.com/Solomonkassa/nginx-automation.git\ncd nginx-automation\n\n# Setup environment\ncp .env.example .env\n# Edit .env with your configuration\n\n# Initialize infrastructure\nmake init\n\n# Deploy development environment\nmake deploy-dev\n\n# Verify deployment\nmake verify\n```\n\n### Docker Compose Quick Start\n\n```bash\n# Start the full stack with Docker Compose\ndocker-compose -f docker/docker-compose.full.yml up -d\n\n# Check services\ndocker-compose ps\n\n# View logs\ndocker-compose logs -f nginx\n```\n\n## 📦 Installation\n\n### Detailed Installation Steps\n\n1. **Clone and Setup**\n   ```bash\n   git clone --branch stable https://github.com/your-org/nginx-automation.git\n   cd nginx-automation\n   \n   # Install dependencies\n   ./scripts/setup.sh\n   ```\n\n2. **Configure Environment Variables**\n   ```bash\n   # Copy and edit environment configuration\n   cp environments/development/.env.example environments/development/.env\n   vi environments/development/.env\n   ```\n\n3. **Initialize Infrastructure**\n   ```bash\n   # Initialize Terraform\n   cd terraform\n   terraform init\n   terraform plan -var-file=\"../environments/development/terraform.tfvars\"\n   terraform apply -var-file=\"../environments/development/terraform.tfvars\"\n   ```\n\n4. **Configure Ansible**\n   ```bash\n   cd ../ansible\n   cp inventories/development/hosts.example inventories/development/hosts\n   vi inventories/development/hosts\n   \n   # Test connection\n   ansible -i inventories/development/hosts all -m ping\n   ```\n\n## ⚙️ Configuration\n\n### Core Configuration Files\n\n#### Main NGINX Configuration (`configs/nginx.conf`)\n```nginx\n# Optimized for production\nworker_processes auto;\nworker_rlimit_nofile 100000;\n\nevents {\n    worker_connections 4096;\n    multi_accept on;\n    use epoll;\n}\n\nhttp {\n    include       /etc/nginx/mime.types;\n    default_type  application/octet-stream;\n    \n    # Performance tuning\n    sendfile on;\n    tcp_nopush on;\n    tcp_nodelay on;\n    keepalive_timeout 65;\n    keepalive_requests 1000;\n    \n    # Security includes\n    include /etc/nginx/conf.d/security.conf;\n    include /etc/nginx/conf.d/rate-limiting.conf;\n    \n    # Site configurations\n    include /etc/nginx/sites-enabled/*;\n}\n```\n\n#### Environment-Specific Configuration\n\nCreate environment-specific configuration in `environments/\u003cenv\u003e/`:\n\n```bash\nenvironments/production/\n├── .env                    # Environment variables\n├── terraform.tfvars        # Terraform variables\n├── ansible_vars.yml        # Ansible variables\n├── kustomization.yaml      # Kubernetes customization\n└── monitoring/             # Monitoring configs\n```\n\n### SSL/TLS Configuration\n\n```bash\n# Generate SSL certificates\n./scripts/ssl/generate-certs.sh --domain example.com\n\n# Configure automatic renewal\ncrontab -e\n# Add: 0 3 * * * /opt/nginx-automation/scripts/ssl/renew-certs.sh\n```\n\n## 🚀 Deployment\n\n### Deployment Strategies\n\n#### 1. **Ansible Deployment**\n```bash\n# Deploy to production\nansible-playbook -i inventories/production/hosts \\\n    playbooks/deploy-nginx.yml \\\n    --extra-vars \"@environments/production/ansible_vars.yml\"\n```\n\n#### 2. **Kubernetes Deployment**\n```bash\n# Apply Kubernetes manifests\nkubectl apply -k kubernetes/overlays/production/\n\n# Verify deployment\nkubectl get pods -n nginx-production\nkubectl get svc -n nginx-production\n```\n\n#### 3. **Blue-Green Deployment**\n```bash\n# Deploy new version\n./scripts/deploy-blue-green.sh --version 2.0.0\n\n# Switch traffic\n./scripts/switch-traffic.sh --to green\n\n# Rollback if needed\n./scripts/rollback.sh --to blue\n```\n\n### CI/CD Pipeline\n\nThe framework includes pre-configured pipelines for:\n\n- **Jenkins**: `ci-cd/Jenkinsfile`\n- **GitLab CI**: `ci-cd/.gitlab-ci.yml`\n- **GitHub Actions**: `.github/workflows/deploy.yml`\n\nExample GitHub Actions workflow:\n```yaml\nname: Deploy NGINX\n\non:\n  push:\n    branches: [ main ]\n  pull_request:\n    branches: [ main ]\n\njobs:\n  deploy:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v2\n      - name: Deploy to Production\n        run: make deploy-prod\n        env:\n          KUBECONFIG: ${{ secrets.KUBECONFIG }}\n```\n\n## 📊 Monitoring\n\n### Metrics Collection\n\nThe framework includes comprehensive monitoring:\n\n1. **Prometheus Metrics**\n   - NGINX stub_status metrics\n   - Custom application metrics\n   - System metrics (CPU, memory, disk)\n\n2. **Grafana Dashboards**\n   - NGINX Overview Dashboard\n   - Security Dashboard\n   - Performance Dashboard\n   - Business Metrics Dashboard\n\n### Accessing Dashboards\n\n```bash\n# Port forward Grafana\nkubectl port-forward svc/grafana 3000:3000 -n monitoring\n\n# Access at http://localhost:3000\n# Default credentials: admin / admin\n```\n\n### Alerting Configuration\n\nAlerts are configured in `monitoring/prometheus/alerts.yml`:\n\n```yaml\ngroups:\n  - name: nginx_alerts\n    rules:\n      - alert: HighErrorRate\n        expr: rate(nginx_http_requests_total{status=~\"5..\"}[5m]) \u003e 0.05\n        for: 5m\n        labels:\n          severity: critical\n        annotations:\n          summary: \"High error rate on NGINX\"\n          description: \"Error rate is {{ $value }} per second\"\n```\n\n## 🔒 Security\n\n### Security Features\n\n1. **Automated Security Scanning**\n   ```bash\n   # Run security scan\n   ./scripts/security-scan.sh --full\n   \n   # Check for vulnerabilities\n   trivy image nginx:1.24.0\n   ```\n\n2. **Compliance Checks**\n   ```bash\n   # Run compliance checks\n   ./scripts/compliance-check.sh --standard pci-dss\n   ```\n\n3. **Secret Management**\n   ```bash\n   # Store secrets securely\n   ansible-vault encrypt environments/production/secrets.yml\n   ```\n\n### Security Headers\n\nAutomatically configured security headers:\n- Content-Security-Policy (CSP)\n- Strict-Transport-Security (HSTS)\n- X-Content-Type-Options\n- X-Frame-Options\n- Referrer-Policy\n- Permissions-Policy\n\n## 🚨 Disaster Recovery\n\n### Backup Strategy\n\n```bash\n# Create backup\n./scripts/backup.sh --full\n\n# Restore from backup\n./scripts/restore.sh --backup-file backup-20231201.tar.gz\n```\n\n### Recovery Procedures\n\n1. **Infrastructure Recovery**\n   ```bash\n   # Recreate infrastructure\n   terraform apply -var-file=\"environments/dr/terraform.tfvars\"\n   ```\n\n2. **Configuration Recovery**\n   ```bash\n   # Restore configurations\n   ansible-playbook playbooks/restore-config.yml\n   ```\n\n3. **Data Recovery**\n   ```bash\n   # Restore data from backup\n   ./scripts/restore-data.sh --from-s3\n   ```\n\n## 🧪 Testing\n\n### Test Suite\n\n```bash\n# Run all tests\nmake test-all\n\n# Specific test types\nmake test-unit          # Unit tests\nmake test-integration   # Integration tests\nmake test-load          # Load tests\nmake test-security      # Security tests\n```\n\n### Load Testing with k6\n\n```javascript\n// tests/load-test/script.js\nimport http from 'k6/http';\nimport { check, sleep } from 'k6';\n\nexport let options = {\n  stages: [\n    { duration: '30s', target: 100 },\n    { duration: '1m', target: 500 },\n    { duration: '30s', target: 0 },\n  ],\n  thresholds: {\n    http_req_duration: ['p(95)\u003c500'],\n    http_req_failed: ['rate\u003c0.01'],\n  },\n};\n\nexport default function () {\n  let res = http.get('https://example.com');\n  check(res, {\n    'status is 200': (r) =\u003e r.status === 200,\n    'response time \u003c 500ms': (r) =\u003e r.timings.duration \u003c 500,\n  });\n  sleep(1);\n}\n```\n\n## 🤝 Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\n\n### Development Workflow\n\n1. Fork the repository\n2. Create a feature branch\n3. Make your changes\n4. Run tests\n5. Submit a pull request\n\n### Code Standards\n\n- Follow existing code style\n- Write comprehensive tests\n- Update documentation\n- Keep commits atomic\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## 🆘 Support\n\n### Getting Help\n\n- 📚 [Documentation](https://docs.example.com/nginx-automation)\n- 🐛 [Issue Tracker](https://github.com/your-org/nginx-automation/issues)\n- 💬 [Slack Channel](https://slack.example.com/nginx-automation)\n- 📧 [Email Support](mailto:support@example.com)\n\n### Common Issues\n\nCheck our [Troubleshooting Guide](docs/troubleshooting.md) for common problems and solutions.\n\n### Commercial Support\n\nFor enterprise support, contact [enterprise@example.com](mailto:enterprise@example.com).\n\n## 🎯 Roadmap\n\n- [x] Initial release with core features\n- [ ] Multi-cloud support (AWS, GCP, Azure)\n- [ ] Service mesh integration (Istio, Linkerd)\n- [ ] AI-powered anomaly detection\n- [ ] GitOps workflow enhancement\n- [ ] Extended compliance frameworks (SOC2, ISO27001)\n\n## 📈 Performance Benchmarks\n\n| Metric | Value | Target |\n|--------|-------|--------|\n| Requests/sec | 15,000 | 10,000 |\n| Latency (p95) | 45ms | 100ms |\n| Availability | 99.99% | 99.95% |\n| Error Rate | 0.01% | 0.1% |\n\n---\n\n## 🏆 Acknowledgments\n\n- NGINX Inc. for the amazing web server\n- The open-source community for various tools and libraries\n- Our contributors and maintainers\n\n## 🔗 Related Projects\n\n- [nginx-prometheus-exporter](https://github.com/nginxinc/nginx-prometheus-exporter)\n- [cert-manager](https://cert-manager.io/)\n- [prometheus-nginx-exporter](https://github.com/discordianfish/nginx-exporter)\n\n---\n\n**Maintained by**: Solomon Kassa  \n**Last Updated**: January 2026\n**Version**: 1.0.0\n\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003cstrong\u003eNeed help?\u003c/strong\u003e Check our \u003ca href=\"docs/FAQ.md\"\u003eFAQ\u003c/a\u003e or \u003ca href=\"https://github.com/your-org/nginx-automation/issues\"\u003eopen an issue\u003c/a\u003e\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n  \u003csub\u003eBuilt with ❤️ by Solomon Kassa\u003c/sub\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsolomonkassa%2Fnginx-automation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsolomonkassa%2Fnginx-automation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsolomonkassa%2Fnginx-automation/lists"}