devops

AltSchool Of Engineering Tinyuka’24 Month 12 Week 3

Published: (February 8, 2026 at 07:10 AM EST)
6 min read
Source: Dev.to

Source: Dev.to

Source: Dev.to

Automated Web Server Setup with Security Hardening

If you missed our previous session, you can catch up here.

Workstation

Project Overview

In this project you will use Ansible to automatically:

  • Provision and configure multiple web servers
  • Use roles for a clean project structure
  • Install and configure Nginx
  • Deploy a dynamic HTML page using Jinja2
  • Secure the server with UFW
  • Enable HTTPS (TLS/SSL) using Certbot
  • Restart services automatically using handlers
  • Make the setup cloud‑ready (AWS EC2 compatible)

What You Will Learn

By completing this project you will understand:

  • Ansible inventory management
  • Playbooks and tasks
  • Core modules: apt, user, copy, service, ufw
  • Idempotency
  • Basic security automation
  • Running Ansible against multiple hosts

You will also be introduced to:

  • Ansible Roles
  • Handlers
  • Jinja2 templates
  • HTTPS with Certbot (Let’s Encrypt)
  • Cloud‑ready structure (AWS EC2 compatible)

Project Architecture

Control Node (Ansible)
        |
        |--- SSH
        |
-------------------------
|       |       |       |
Web1   Web2   (Optional) Web3

Prerequisites

  • Ansible control node (Linux)
  • Two Linux servers (Ubuntu recommended)
  • SSH access between the control node and the servers
  • Basic Linux knowledge

Project Structure (Industry Standard)

ansible-web-project/
├── inventory
├── playbook.yml
├── group_vars/
│   └── webservers.yml
└── roles/
    └── webserver/
        ├── tasks/
        │   └── main.yml
        ├── handlers/
        │   └── main.yml
        ├── templates/
        │   └── index.html.j2
        └── files/

Step 1 – Inventory (Cloud‑Ready)

[webservers]
web1 ansible_host=18.210.12.10
web2 ansible_host=3.92.55.23

[all:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=~/.ssh/aws-key.pem
  • Works locally
  • Works on AWS EC2
  • No changes needed later

Step 2 – Variables (group_vars)

Create the file group_vars/webservers.yml with the following contents:

app_user: appuser
http_port: 80
domain_name: example.com
email: admin@example.com

Defining these variables makes the project flexible and re‑usable across different environments.

Step 3 – Main Playbook

File: playbook.yml

- name: Configure Production Web Servers
  hosts: webservers
  become: yes

  roles:
    - webserver

Clean. Simple. Scalable.

Code screen

Step 4 – Role Tasks

File: roles/webserver/tasks/main.yml

- name: Update system packages
  apt:
    update_cache: yes

- name: Install required packages
  apt:
    name:
      - nginx
      - ufw
      - certbot
      - python3-certbot-nginx
    state: present

- name: Create application user
  user:
    name: "{{ app_user }}"
    shell: /bin/bash

- name: Allow HTTP and HTTPS
  ufw:
    rule: allow
    port: "{{ item }}"
  loop:
    - "80"
    - "443"

- name: Enable firewall
  ufw:
    state: enabled

- name: Deploy website template
  template:
    src: index.html.j2
    dest: /var/www/html/index.html
  notify: Restart Nginx

- name: Ensure Nginx is running
  service:
    name: nginx
    state: started
    enabled: yes

Step 5 – Handlers (Automatic Restarts)

File: roles/webserver/handlers/main.yml

- name: Restart Nginx
  service:
    name: nginx
    state: restarted

Note: Handlers are executed only when a task reports a change, making the playbook both efficient and safe.

Step 6 – Jinja2 Template (Dynamic Website)

File: roles/webserver/templates/index.html.j2

{{ inventory_hostname }}

🚀 Deployed with Ansible

Server: {{ inventory_hostname }}

Managed by Ansible automation

Each server now shows its own hostname (proof of automation).

Step 7 – Enable HTTPS (Certbot)

Add the following task to roles/webserver/tasks/main.yml after the Nginx setup:

- name: Obtain SSL certificate
  command: >
    certbot --nginx
    -d {{ domain_name }}
    --non-interactive
    --agree-tos
    -m {{ email }}
  notify: Restart Nginx
  • ✅ Secures your site
  • 🔐 Enables HTTPS automatically
  • 📦 Mirrors production setups

⚠️ Note: Requires a real domain pointing to the server IP.

Step 8 – Run the Project

ansible-playbook -i inventory playbook.yml

Final Outcome

  • ✅ Web servers configured consistently
  • ✅ Nginx installed and secured
  • ✅ Firewall enabled
  • ✅ HTTPS enabled
  • ✅ Dynamic site shows each server’s hostname

Happy automating! 🚀

Mic Content Deployed

  • ✔ Fully automated
  • ✔ Cloud‑ready

You now have a real DevOps‑grade automation project.

AWS EC2 Compatibility (Important)

This project works unchanged on AWS EC2 if:

  • The instance allows inbound traffic on ports 80 and 443
  • Security groups are configured accordingly
  • An SSH key is defined in the inventory

Ideal for:

  • AWS labs
  • Portfolio projects
  • Interview demos

Why This Project Is Portfolio‑Worthy

  • Configuration management
  • Security automation
  • Infrastructure‑as‑Code principles
  • Production‑grade thinking
  • Clean Ansible design

These are the exact skills many junior DevOps roles look for.

Next Possible Upgrades (Optional)

  • Integrate Terraform + Ansible
  • Add monitoring with CloudWatch or Prometheus
  • Build a CI/CD pipeline
  • Secure secrets with Ansible Vault
  • Deploy a load balancer (ALB / Nginx)

A work station

I encourage you to dive deeper into the concepts we’ve discussed and keep practicing to refine your skills. Thank you for reading this far—I appreciate the effort!

If you’re interested in the next steps of the application process, use the referral link below:

  • Apply here – or use code W2jBG8 during registration.
  • Special Offer: 10 % discount when you sign up through the link and code.

Feel free to reach out if you need assistance or clarification regarding the program. I’d love to hear your feedback—please leave a comment below!

Mentorship Program Discount

I’m excited to share a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.

Sanjeev Kumar brings over 20 years of hands‑on experience across multiple domains and every phase of product delivery. He is known for his strong architectural mindset, with a deep focus on Automation, DevOps, Cloud, and Security.

His expertise includes technology assessment, collaboration with senior leadership, architects, and diverse software delivery teams to build scalable and secure systems. He also runs a YouTube channel dedicated to helping professionals transition into DevOps and Cloud careers.

About Me

I’m Ikoh Sylva, a passionate cloud‑computing enthusiast with hands‑on experience in AWS. I document my cloud journey from a beginner’s perspective to inspire others along the way.

If you find my content helpful, please like, follow, and share this article with anyone starting their own cloud journey.

Connect With Me

0 views
#ansible #web server automation #security hardening #nginx #aws
View source
Share:
Back to Blog

Related posts

Read more »

Amazon Virtual Private Cloud (VPC)

Why VPC? Creating resources directly on the public cloud without a VPC is like leaving your laptop on a public sidewalk with no password and a “Free Access” si...