Security Tips for Docker Compose with Nginx as a Reverse Proxy
Hey everyone!
I have an application deployed via Docker Compose, distributed across multiple VPS, and my setup is as follows:
* I use containers for **Next.js (a variable number of clients), Bun (server), Gluetun (to isolate the server within a VPN, which is necessary for my application), and Certbot**, but none of them have exposed ports.
* The only container with open ports is **Nginx**, which listens on ports **80 and 443** and acts as a reverse proxy.
* SSH access is available on port **22** on some of the VPS.
I want to ensure my setup is as secure as possible. Some security practices I already follow:
* I use **Certbot** to manage SSL.
* No internal services are accessible externally.
* SSH access is **key-based only**, and root login is **disabled**.
* I install **CrowdSec** on all VPS.
My main concern is **Nginx**, as it is the only exposed service. In the logs, I see many **path traversal attempts and random access attempts**. I believe my `nginx.conf` is properly configured, but is there anything else I should check to further enhance security?
I would love to hear your insights:
* What additional security measures would you recommend for this setup?
* What would professionals do or avoid in this kind of environment?
* Are there any specific configurations to harden **Nginx** or **Docker Compose**?
* Do I need Kubernetes if everything is already running? I generate the yml files dynamically (for the Next.js containers) using a bash script, and sometimes it can get to 15-20 containers.
I am the front-end and back-end developer and infrastructure manager of my SaaS. All of this has been a huge opportunity for me to learn and grow in my career and any advice to make my setup more secure and with higher professional standards is appreciated. Thanks!
https://redd.it/1j8bq6m
@r_devops
Hey everyone!
I have an application deployed via Docker Compose, distributed across multiple VPS, and my setup is as follows:
* I use containers for **Next.js (a variable number of clients), Bun (server), Gluetun (to isolate the server within a VPN, which is necessary for my application), and Certbot**, but none of them have exposed ports.
* The only container with open ports is **Nginx**, which listens on ports **80 and 443** and acts as a reverse proxy.
* SSH access is available on port **22** on some of the VPS.
I want to ensure my setup is as secure as possible. Some security practices I already follow:
* I use **Certbot** to manage SSL.
* No internal services are accessible externally.
* SSH access is **key-based only**, and root login is **disabled**.
* I install **CrowdSec** on all VPS.
My main concern is **Nginx**, as it is the only exposed service. In the logs, I see many **path traversal attempts and random access attempts**. I believe my `nginx.conf` is properly configured, but is there anything else I should check to further enhance security?
I would love to hear your insights:
* What additional security measures would you recommend for this setup?
* What would professionals do or avoid in this kind of environment?
* Are there any specific configurations to harden **Nginx** or **Docker Compose**?
* Do I need Kubernetes if everything is already running? I generate the yml files dynamically (for the Next.js containers) using a bash script, and sometimes it can get to 15-20 containers.
I am the front-end and back-end developer and infrastructure manager of my SaaS. All of this has been a huge opportunity for me to learn and grow in my career and any advice to make my setup more secure and with higher professional standards is appreciated. Thanks!
https://redd.it/1j8bq6m
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
what are the better alternatives to sonarqube that you use currently?
Hey r/DevOps,
Most of our codebase is in JavaScript, TypeScript, and React, and we're currently looking for alternatives to SonarQube.
Does anyone have experience with AI tools that can help with static code analysis, code quality checks, and security vulnerability scanning for these languages?
Would love to hear what’s worked for you and if any new + reliable AI tools can take up the task!
https://redd.it/1j8kpab
@r_devops
Hey r/DevOps,
Most of our codebase is in JavaScript, TypeScript, and React, and we're currently looking for alternatives to SonarQube.
Does anyone have experience with AI tools that can help with static code analysis, code quality checks, and security vulnerability scanning for these languages?
Would love to hear what’s worked for you and if any new + reliable AI tools can take up the task!
https://redd.it/1j8kpab
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Can I Run MongoDB and PostgreSQL on Hetzner Cloud Volumes?
I was checking out Hetzner's documentation and noticed that their Cloud Volumes offer sustained IOPS (read/write) of up to 5000 and burst up to 7500 (Hetzner Cloud Volumes Overview). Given these specs, I'm curious if it's feasible to run MongoDB and PostgreSQL on these volumes for a medium-size web app focused on data processing.
Has anyone had success running MongoDB or PostgreSQL on Hetzner Cloud Volumes?
Have you encountered any performance or latency issues under moderate loads with these IOPS numbers?
https://redd.it/1j8le9s
@r_devops
I was checking out Hetzner's documentation and noticed that their Cloud Volumes offer sustained IOPS (read/write) of up to 5000 and burst up to 7500 (Hetzner Cloud Volumes Overview). Given these specs, I'm curious if it's feasible to run MongoDB and PostgreSQL on these volumes for a medium-size web app focused on data processing.
Has anyone had success running MongoDB or PostgreSQL on Hetzner Cloud Volumes?
Have you encountered any performance or latency issues under moderate loads with these IOPS numbers?
https://redd.it/1j8le9s
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Could anyone please assist me with this project title and provide guidance on how to begin, as I'm a beginner leading a group of three members ?
Title - Deterministic log test replay framework for devops
Abstract - Imagine trying to fix a bug in a complex software system where every step matters—but the logs that record these steps are jumbled, making it
hard to recreate the exact conditions that led to the error. Our project, DLTRF (Deterministic Log Test Replay Framework), tackles this problem
by capturing every log entry produced during testing along with its precise timestamp, then storing them in a structured way so that they can be
replayed in exactly the same order every time. Drawing inspiration from an IEEE study on FPGA-based deterministic replay in which achieves
bit-accurate visibility of hardware behavior—DLTRF applies similar principles to software logs in DevOps environments. In simple terms,
DLTRF guarantees that when you re-run a test, you experience the same sequence of events, allowing developers to consistently recreate the test
scenario, accurately trace bugs, and clearly determine if issues stem from configuration differences or genuine software defects. This reliable,
repeatable replay process not only improves debugging precision but also boosts developer productivity by reducing the time spent
isolating and fixing errors.
https://redd.it/1j8kmnb
@r_devops
Title - Deterministic log test replay framework for devops
Abstract - Imagine trying to fix a bug in a complex software system where every step matters—but the logs that record these steps are jumbled, making it
hard to recreate the exact conditions that led to the error. Our project, DLTRF (Deterministic Log Test Replay Framework), tackles this problem
by capturing every log entry produced during testing along with its precise timestamp, then storing them in a structured way so that they can be
replayed in exactly the same order every time. Drawing inspiration from an IEEE study on FPGA-based deterministic replay in which achieves
bit-accurate visibility of hardware behavior—DLTRF applies similar principles to software logs in DevOps environments. In simple terms,
DLTRF guarantees that when you re-run a test, you experience the same sequence of events, allowing developers to consistently recreate the test
scenario, accurately trace bugs, and clearly determine if issues stem from configuration differences or genuine software defects. This reliable,
repeatable replay process not only improves debugging precision but also boosts developer productivity by reducing the time spent
isolating and fixing errors.
https://redd.it/1j8kmnb
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
what are the better alternatives to sonarqube that you use currently?
Hey r/DevOps,
Most of our codebase is in JavaScript, TypeScript, and React, and we're currently looking for alternatives to SonarQube.
Does anyone have experience with AI tools that can help with static code analysis, code quality checks, and security vulnerability scanning for these languages?
Would love to hear what’s worked for you and if any new + reliable AI tools can take up the task!
https://redd.it/1j8kol8
@r_devops
Hey r/DevOps,
Most of our codebase is in JavaScript, TypeScript, and React, and we're currently looking for alternatives to SonarQube.
Does anyone have experience with AI tools that can help with static code analysis, code quality checks, and security vulnerability scanning for these languages?
Would love to hear what’s worked for you and if any new + reliable AI tools can take up the task!
https://redd.it/1j8kol8
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
ai or engineering jobs in med field ..tell me if you know
# Do you guys happen to know anyone in your experience who as software engineer got a job in med field(ai in med ) if you know any thing about it ..tell me what kinda skill set they had
https://redd.it/1j8p57m
@r_devops
# Do you guys happen to know anyone in your experience who as software engineer got a job in med field(ai in med ) if you know any thing about it ..tell me what kinda skill set they had
https://redd.it/1j8p57m
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Best cloud provider for AI workloads?
Been exploring different cloud providers for AI workloads, and I keep running into the same problem and AWS and Azure are overpriced as hell. Spot instances help, but they’re unreliable for longer jobs, and I’ve had training runs get killed halfway through because my instance got reclaimed. I’m using Compute with hivenet rn which is much better imo. Even if it doesn’t have templates yet it does the job in terms of just runnin some GPU instances on demand and costs way less than Amazon.
https://redd.it/1j8pmir
@r_devops
Been exploring different cloud providers for AI workloads, and I keep running into the same problem and AWS and Azure are overpriced as hell. Spot instances help, but they’re unreliable for longer jobs, and I’ve had training runs get killed halfway through because my instance got reclaimed. I’m using Compute with hivenet rn which is much better imo. Even if it doesn’t have templates yet it does the job in terms of just runnin some GPU instances on demand and costs way less than Amazon.
https://redd.it/1j8pmir
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Lenovo ThinkPad X1 Carbon G12 Touch (21KC000MUS) or Apple MacBook Pro 14.2” with M4 (24GB, 1TB SSD)
Hello, everyone.
Since I plan to learn Devops, I’m trying to find out which one is the best for DevOps? Can you advise?
Thank you, in advance.
https://redd.it/1j8qqar
@r_devops
Hello, everyone.
Since I plan to learn Devops, I’m trying to find out which one is the best for DevOps? Can you advise?
Thank you, in advance.
https://redd.it/1j8qqar
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Staying at a job too long?
The general advice I've heard throughout my life is that you should stick with a company 2 years and then job hop to increase your salary, but I think it's more than this. I think if you stay at a company too long, you run the risk of becoming complacent with the technology, your skills, and exposure in general.
I've worked at multiple companies in my life, and have noticed completely different ways of working. Different ways of setting up technology and architecture for solutions.
I am currently working at a company where there is an engineer who has been doing this type of work for 20 years - Been with our company for 10 of those years. I would have thought that he would have a wealth of knowledge on things, but he doesn't. He knows how to resolve very specific issues which occur with our infrastructure. But whenever we have been asked to setup new services, he's completely lost, and often recommends solutions which aren't great - such as hosting databases on EC2 instances (sole reason being that he knows how that works over RDS).
But this isn't the first I've noticed something like this. There have been a few cases from companies where I've been at where I've noticed people who are very complacent with their specific set of technology.
My post here isn't actually to attack individuals who are like this. But instead an advocacy where I think it is actually advantageous to move companies frequently, and if you're new to DevOps, and you're in the early period of your career, I'd maybe even suggest earlier than every 2 years.
My current company has horrible practices with things. There is chaos and disorder with our workflows. However, it is only through being with prior companies and seeing different approaches to work, that I feel confident about there being better alternatives.
If you are new to DevOps, and this is the environment you are first exposed to, then it's a terrible foundation to learn.
https://redd.it/1j8sp80
@r_devops
The general advice I've heard throughout my life is that you should stick with a company 2 years and then job hop to increase your salary, but I think it's more than this. I think if you stay at a company too long, you run the risk of becoming complacent with the technology, your skills, and exposure in general.
I've worked at multiple companies in my life, and have noticed completely different ways of working. Different ways of setting up technology and architecture for solutions.
I am currently working at a company where there is an engineer who has been doing this type of work for 20 years - Been with our company for 10 of those years. I would have thought that he would have a wealth of knowledge on things, but he doesn't. He knows how to resolve very specific issues which occur with our infrastructure. But whenever we have been asked to setup new services, he's completely lost, and often recommends solutions which aren't great - such as hosting databases on EC2 instances (sole reason being that he knows how that works over RDS).
But this isn't the first I've noticed something like this. There have been a few cases from companies where I've been at where I've noticed people who are very complacent with their specific set of technology.
My post here isn't actually to attack individuals who are like this. But instead an advocacy where I think it is actually advantageous to move companies frequently, and if you're new to DevOps, and you're in the early period of your career, I'd maybe even suggest earlier than every 2 years.
My current company has horrible practices with things. There is chaos and disorder with our workflows. However, it is only through being with prior companies and seeing different approaches to work, that I feel confident about there being better alternatives.
If you are new to DevOps, and this is the environment you are first exposed to, then it's a terrible foundation to learn.
https://redd.it/1j8sp80
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
If you're new to devops, heres a guide on docker and kubernetes
https://youtu.be/9BGnYHQv-dY
https://redd.it/1j8q49r
@r_devops
https://youtu.be/9BGnYHQv-dY
https://redd.it/1j8q49r
@r_devops
YouTube
Everything You Need to Get Started with Docker and Kubernetes
DevOps Bootcamp #7 - Docker and Kubernetes Tutorial
Learn the essential commands for devops engineers in this complete Docker and Kubernetes full course for beginners. Whether you're a complete beginner or brushing up, This is broken into two sections, a…
Learn the essential commands for devops engineers in this complete Docker and Kubernetes full course for beginners. Whether you're a complete beginner or brushing up, This is broken into two sections, a…
What is platform engineering?
Hey guys,
So I've been in DevOps sine last 3 years and I've been reading this word "Platform Engineering" many times throughout various articles.
Can someone shed some light on the same? And how can someone from DevOps background switch to it?
https://redd.it/1j8utzg
@r_devops
Hey guys,
So I've been in DevOps sine last 3 years and I've been reading this word "Platform Engineering" many times throughout various articles.
Can someone shed some light on the same? And how can someone from DevOps background switch to it?
https://redd.it/1j8utzg
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Email Spam Project
We are a SAAS company and a lot of our customers use our cloud infrastructure to send emails to their customers (around 3-4 million a day).
A lot of those customers have been misusing our services and sending a lot of spam which is damaging our IP reputation.
We are currently trying to figure out either to build our own custom solution or use a 3rd party tool.
Is there a 3rd party tool in the market that can help us out?
https://redd.it/1j8xaaf
@r_devops
We are a SAAS company and a lot of our customers use our cloud infrastructure to send emails to their customers (around 3-4 million a day).
A lot of those customers have been misusing our services and sending a lot of spam which is damaging our IP reputation.
We are currently trying to figure out either to build our own custom solution or use a 3rd party tool.
Is there a 3rd party tool in the market that can help us out?
https://redd.it/1j8xaaf
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Data Science related Ops
Im interested in courses that are worth a demn and can prepare you for data processing platforms.
Best if HIPAA applicable data processing course. How to maintain such platform, which tools are most commonly used, links with self-study and/or homeworks.
I would like to pivot from DevOps into MLOps or Data Processing Operations.
There seems to be a ton of content on the web, but most likely majority of it is SEO garbage and not worth my time. Someone experienced probably can distinguish.
Maybe someone in the field could point me to something worth checking that will really teach me something or certs that you did look into and were worth the time ?
(Im just short on time and have to correctly pick what to learn).
https://redd.it/1j8ywf3
@r_devops
Im interested in courses that are worth a demn and can prepare you for data processing platforms.
Best if HIPAA applicable data processing course. How to maintain such platform, which tools are most commonly used, links with self-study and/or homeworks.
I would like to pivot from DevOps into MLOps or Data Processing Operations.
There seems to be a ton of content on the web, but most likely majority of it is SEO garbage and not worth my time. Someone experienced probably can distinguish.
Maybe someone in the field could point me to something worth checking that will really teach me something or certs that you did look into and were worth the time ?
(Im just short on time and have to correctly pick what to learn).
https://redd.it/1j8ywf3
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Best course for GPC Professional Cloud Architect Exam?
Hello, i am preparing for the GCP professional exam directly, please suggest me some good paid courses and exam practices .
https://redd.it/1j8xpen
@r_devops
Hello, i am preparing for the GCP professional exam directly, please suggest me some good paid courses and exam practices .
https://redd.it/1j8xpen
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Use-Case Hands-On Project: Docker Container Best Practices
A new use-case hands-on project has been added to the FREE Dynamic DevOps Roadmap.
!Docker Container Best Practices
Docker Container Best Practices.
It's part of a bigger end-to-end hands-on project that touchs many aspects of the real-world DevOps task.
Happy DevOpsing ♾️
https://redd.it/1j90rlj
@r_devops
A new use-case hands-on project has been added to the FREE Dynamic DevOps Roadmap.
!Docker Container Best Practices
Docker Container Best Practices.
It's part of a bigger end-to-end hands-on project that touchs many aspects of the real-world DevOps task.
Happy DevOpsing ♾️
https://redd.it/1j90rlj
@r_devops
devopsroadmap.io
A FREE Pragmatic Roadmap | Dynamic DevOps Roadmap
A FREE Pragmatic DevOps learning to kickstart your DevOps career in the Cloud Native era following the Agile MVP style! (also mentorship and bootcamp)
Workaround/alternative for gated deployments in GitHub actions?
Is there an alternative/walkaround that simulates a manual step to approve the next step in the workflow? The official way of doing it is by adding required reviewers to the environment protection rule, but that feature is available only under the GitHub Enterprise plan. Is there a workaround that enables you to have a manual gate, but it is available under lower-tier plans?
https://redd.it/1j93et2
@r_devops
Is there an alternative/walkaround that simulates a manual step to approve the next step in the workflow? The official way of doing it is by adding required reviewers to the environment protection rule, but that feature is available only under the GitHub Enterprise plan. Is there a workaround that enables you to have a manual gate, but it is available under lower-tier plans?
https://redd.it/1j93et2
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Grafana Oncall is deprecated
Grafana announced today that they're deprecating Grafana Oncall. The cloudification trend continues.
Blog post: https://grafana.com/blog/2025/03/11/oncall-management-incident-response-grafana-cloud-irm/
I've been a big advocate for Grafana OSS for years, but it's getting harder to justify. With the deprecation of Grafana Alert, Grafana Agent, and its Operator, old Kubernetes app, not to mention the issues with Loki Helm charts and migrations, sticking with their OSS stack is becoming a challenge.
Glad I didn’t dive into Grafana Phlare, lol. Unless you're using their SaaS offerings, it feels like the OSS effort just isn’t worth it anymore.
Hope others didn’t get burned by this shift.
https://redd.it/1j948o9
@r_devops
Grafana announced today that they're deprecating Grafana Oncall. The cloudification trend continues.
Blog post: https://grafana.com/blog/2025/03/11/oncall-management-incident-response-grafana-cloud-irm/
I've been a big advocate for Grafana OSS for years, but it's getting harder to justify. With the deprecation of Grafana Alert, Grafana Agent, and its Operator, old Kubernetes app, not to mention the issues with Loki Helm charts and migrations, sticking with their OSS stack is becoming a challenge.
Glad I didn’t dive into Grafana Phlare, lol. Unless you're using their SaaS offerings, it feels like the OSS effort just isn’t worth it anymore.
Hope others didn’t get burned by this shift.
https://redd.it/1j948o9
@r_devops
Grafana Labs
Incident response and on-call management in one app: Introducing Grafana Cloud IRM | Grafana Labs
We’re excited to announce that we are merging OnCall and Incident into one unified Grafana Cloud IRM app for a more consistent and faster incident response and management workflow.
My Final Work: AmICompatible - A Cross-Platform Compatibility Testing Tool
Hello everyone,
I recently finished my final work and wanted to share it with you all.
It's a tool that automatically tests software compatibility across different platforms: Whether you're checking if a simple script runs on all Linux distributions or validating enterprise-level applications.
I highly recommend working on projects like this, especially for anyone looking to become a DevOps engineer or get into automation. It’s fun to build and teaches you a lot, especially about topics schools don’t usually cover, like Infrastructure as Code (IaC).
Check out the project on GitHub: https://github.com/IGLADI/AmICompatible
Hope it can be useful to anyone out there and let me know if you have any feedback.
https://redd.it/1j90vjq
@r_devops
Hello everyone,
I recently finished my final work and wanted to share it with you all.
It's a tool that automatically tests software compatibility across different platforms: Whether you're checking if a simple script runs on all Linux distributions or validating enterprise-level applications.
I highly recommend working on projects like this, especially for anyone looking to become a DevOps engineer or get into automation. It’s fun to build and teaches you a lot, especially about topics schools don’t usually cover, like Infrastructure as Code (IaC).
Check out the project on GitHub: https://github.com/IGLADI/AmICompatible
Hope it can be useful to anyone out there and let me know if you have any feedback.
https://redd.it/1j90vjq
@r_devops
GitHub
GitHub - IGLADI/AmICompatible: AIC is a cross-platform software compatibility testing tool.
AIC is a cross-platform software compatibility testing tool. - IGLADI/AmICompatible
I am fresher and is Devops / sre are safe career for me
I am fresher doing Devops internship at the startup, i mostly working with Kubernetes and monitoring infra with signoz, there is not much workload in my organisation, despite of resolving alerts, I am confused that whether this job is good for me in the term of growth like, I have this internship till July and after that most probably I need to search another job so the point is is Devops good career for fresher
For reference of my capabilities this is my resume
bit.ly/yashbhangaleresume1
https://redd.it/1j98275
@r_devops
I am fresher doing Devops internship at the startup, i mostly working with Kubernetes and monitoring infra with signoz, there is not much workload in my organisation, despite of resolving alerts, I am confused that whether this job is good for me in the term of growth like, I have this internship till July and after that most probably I need to search another job so the point is is Devops good career for fresher
For reference of my capabilities this is my resume
bit.ly/yashbhangaleresume1
https://redd.it/1j98275
@r_devops
Anyone actually using Woodpecker CI?
Jerkins definitely has the advantage of being well known and having a path that is well traversed. However, I feels a bit heavy and old. I came across Woodpecker CI the other day and it seems much more modern and light. It started as a fork of Drone and has a small but growing community.
For those who have tried it, how did it go? Is it something that is worth using or is there something better? Are there any major downsides I need to be aware off?
https://redd.it/1j8v64c
@r_devops
Jerkins definitely has the advantage of being well known and having a path that is well traversed. However, I feels a bit heavy and old. I came across Woodpecker CI the other day and it seems much more modern and light. It started as a fork of Drone and has a small but growing community.
For those who have tried it, how did it go? Is it something that is worth using or is there something better? Are there any major downsides I need to be aware off?
https://redd.it/1j8v64c
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
How to describe my ansible skills in resume?
My main job was to configure small form factor servers from scratch. I used a bootable Debian preseed ISO to install the OS and then used the DHCP IP address after OS was installed to configure the server. The server was then shipped to different sites across country.
SSH configuration
Installation of necessary debian packages
Configure unattended upgrades
Configure network with a particular IP scheme
Configure NTP
Install docker and build the containers.
Change passwords,
Create cron jobs etc.
This was an unusual case of using ansible due to business needs. It varied from what I learnt in RHCE where VMs are configured and a desired state is maintained.
I am looking for a new job and want to highlight my ansible skills.
To do the above project I used the following skills or gained knowledge in the areas.
Ansible Automation:
\- Used Debian pre-seeding and Ansible to automate server builds.
Understand configuration file precedence and the available directives such as privilege escalation, connection etc.
Understand difference between ad-hoc commands, task, play, playbook, roles.
Know different modules from documentation to accomplish a task.
Understand the difference between host_vars, group_vars, magic variables and variable precedence.
Understand ansible fact structure and retrieve required values.
Implement task control using loops, conditional tasks.
Create idempotent tasks to the extent possible and prevent unnecessary task executions.
Manage task errors using failure conditions.
Do you think this is too much detail just on Ansible? How can I streamline it?
For some background, I am looking for junior devops position and Ansible is the my main skill. I have 3 years of experience with Linux administration, networking, M365, Windows Admin and more. Certs wise, I have RHCSA and about to take RHCE. I have some AWS experience and in the process of getting SAA cert. Also trying to improve my bash, python and docker skills.
https://redd.it/1j9a7el
@r_devops
My main job was to configure small form factor servers from scratch. I used a bootable Debian preseed ISO to install the OS and then used the DHCP IP address after OS was installed to configure the server. The server was then shipped to different sites across country.
SSH configuration
Installation of necessary debian packages
Configure unattended upgrades
Configure network with a particular IP scheme
Configure NTP
Install docker and build the containers.
Change passwords,
Create cron jobs etc.
This was an unusual case of using ansible due to business needs. It varied from what I learnt in RHCE where VMs are configured and a desired state is maintained.
I am looking for a new job and want to highlight my ansible skills.
To do the above project I used the following skills or gained knowledge in the areas.
Ansible Automation:
\- Used Debian pre-seeding and Ansible to automate server builds.
Understand configuration file precedence and the available directives such as privilege escalation, connection etc.
Understand difference between ad-hoc commands, task, play, playbook, roles.
Know different modules from documentation to accomplish a task.
Understand the difference between host_vars, group_vars, magic variables and variable precedence.
Understand ansible fact structure and retrieve required values.
Implement task control using loops, conditional tasks.
Create idempotent tasks to the extent possible and prevent unnecessary task executions.
Manage task errors using failure conditions.
Do you think this is too much detail just on Ansible? How can I streamline it?
For some background, I am looking for junior devops position and Ansible is the my main skill. I have 3 years of experience with Linux administration, networking, M365, Windows Admin and more. Certs wise, I have RHCSA and about to take RHCE. I have some AWS experience and in the process of getting SAA cert. Also trying to improve my bash, python and docker skills.
https://redd.it/1j9a7el
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community