diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..ae43753
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,7 @@
+# Application Configuration
+DATABASE_URL=sqlite:///./data/app.db
+GRAFANA_PASSWORD=admin123
+
+# Update these after deployment
+FRONTEND_URL=http://your-ec2-ip
+BACKEND_URL=http://your-ec2-ip:8000
\ No newline at end of file
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
new file mode 100644
index 0000000..33e77aa
--- /dev/null
+++ b/.github/workflows/ci-cd.yml
@@ -0,0 +1,91 @@
+name: CI/CD Pipeline
+on:
+ push:
+ branches: [ main, master, Precious-project ]
+ pull_request:
+ branches: [ main, master, Precious-project ]
+ workflow_dispatch:
+
+env:
+ DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+ IMAGE_TAG: ${{ github.sha }}
+jobs:
+ test:
+ name: Run Tests
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+
+ - name: Set up Python
+ uses: actions/setup-python@v4
+ with:
+ python-version: '3.9'
+
+ - name: Install backend dependencies
+ run: |
+ cd backend
+ pip install -r requirements.txt
+
+ - name: Run backend tests
+ run: |
+ cd backend
+ python -m pytest || echo "No tests found - skipping"
+ build-and-push:
+ name: Build and Push Docker Images
+ needs: test
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+
+ - name: Log in to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+ - name: Build and push backend image
+ run: |
+ cd backend
+ docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/fusionpact-backend:${{ env.IMAGE_TAG }} .
+ docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/fusionpact-backend:latest .
+ docker push ${{ secrets.DOCKERHUB_USERNAME }}/fusionpact-backend:${{ env.IMAGE_TAG }}
+ docker push ${{ secrets.DOCKERHUB_USERNAME }}/fusionpact-backend:latest
+
+ - name: Build and push frontend image
+ run: |
+ cd frontend
+ docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/fusionpact-frontend:${{ env.IMAGE_TAG }} .
+ docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/fusionpact-frontend:latest .
+ docker push ${{ secrets.DOCKERHUB_USERNAME }}/fusionpact-frontend:${{ env.IMAGE_TAG }}
+ docker push ${{ secrets.DOCKERHUB_USERNAME }}/fusionpact-frontend:latest
+ deploy:
+ name: Deploy to Production
+ needs: build-and-push
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v3
+
+ - name: Deploy to EC2
+ uses: appleboy/ssh-action@master
+ with:
+ host: ${{ secrets.EC2_HOST }}
+ username: ${{ secrets.EC2_USER }}
+ key: ${{ secrets.SSH_PRIVATE_KEY }}
+ script: |
+ cd /home/ubuntu/app
+ git pull origin main || git pull origin master
+ docker-compose pull
+ docker-compose up -d --force-recreate
+ docker system prune -af
+
+ - name: Verify deployment
+ run: |
+ sleep 10
+ curl -f https://fusionpact.servehttp.com || exit 1
+ echo "✅ Deployment successful!"
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 9a76877..ec3ec20 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,13 @@
-node_modules
.env
-.env.local
-dist
-build
+
+# Terraform
+*.tfstate
+*.tfstate.*
+*.tfstate.backup
+.terraform/
+.terraform.lock.hcl
+terraform.tfvars
+
+# macOS
+.DS_Store
+
diff --git a/Precious-README.md b/Precious-README.md
new file mode 100644
index 0000000..f771e95
--- /dev/null
+++ b/Precious-README.md
@@ -0,0 +1,1290 @@
+# FusionPact DevOps Challenge
+### Standard Operating Procedure (SOP)
+
+**Candidate Name:** Olowookere Precious Jesutofunmi
+
+**Project Duration:** 14th October - 16th October
+**Repository:** https://github.com/Nifesimi-p/fusionpact-devops-challenge
+**Branch:** Precious-project
+
+---
+
+## Executive Summary
+
+Successfully deployed a production-ready two-tier web application (FastAPI backend + Nginx frontend) on AWS EC2 with infrastructure automation using Terraform, SSL/TLS encryption, observability and automated CI/CD pipeline.
+
+---
+
+### **Key Technologies**
+
+* **Cloud Platform:** AWS EC2 (Ubuntu 22.04, t2.micro), Elastic IP
+* **Automation:** Terraform (Infrastructure as Code)
+* **Containerization:** Docker
+* **Web Server / Reverse Proxy:** Nginx
+* **Monitoring:** Prometheus, Grafana
+* **Security:** Let’s Encrypt (SSL/TLS Certificates)
+* **Networking / DNS:** NoIP Dynamic DNS
+* **CI/CD:** GitHub Actions
+
+---
+
+**Project Outcome:** Automated, monitored, and production-ready application with data persistence and zero-downtime deployment capability.
+
+---
+
+## Table of Contents
+
+1. [Level 1 - Cloud Deployment with Infrastructure as Code](#level-1)
+2. [Level 2 - Monitoring & Observability](#level-2)
+3. [Level 3 - CI/CD Automation](#level-3)
+4. [Architecture Overview](#architecture)
+5. [Challenges & Solutions](#challenges)
+6. [Key Learnings](#learnings)
+7. [Appendix - URLs & Resources](#appendix)
+8. [Complete Command Log - FusionPact DevOps Challenge](#command)
+
+---
+
+
+## Level 1 - Cloud Deployment with Infrastructure as Code
+
+### Objective
+Deploy containerized full-stack application to AWS EC2 using Terraform with data persistence
+
+### Implementation
+
+#### 1. Containerization
+
+**Backend Dockerfile** (`backend/Dockerfile`):
+```dockerfile
+FROM python:3.11-slim
+
+WORKDIR /app
+
+# Copy requirements and install dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy application code
+COPY . .
+
+# Expose port
+EXPOSE 8000
+
+# Run the application (adjusted for app/ subdirectory)
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
+```
+
+**Frontend Dockerfile** (`frontend/Dockerfile`):
+```dockerfile
+FROM nginx:alpine
+
+COPY . /usr/share/nginx/html/
+
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+CMD ["nginx", "-g", "daemon off;"]
+```
+
+#### 2. Docker Compose Orchestration
+
+Created `docker-compose.yml` managing 5 services:
+- **Backend:** FastAPI application
+- **Frontend:** Nginx web server
+- **Prometheus:** Metrics collection
+- **Grafana:** Visualization platform
+- **Node Exporter:** Infrastructure metrics
+
+**Key Configuration Highlights:**
+```yaml
+services:
+ backend:
+ build: ./backend
+ container_name: backend
+ ports:
+ - "8000:8000"
+ volumes:
+ - backend-data:/app/data
+
+ Frontend:
+ build: ./frontend
+ container_name: frontend
+ ports:
+ - "80:80"
+ depends_on:
+ - backend
+
+volumes:
+ backend-data: # SQLite database persistence
+ prometheus-data: # Metrics history retention
+ grafana-data: # Dashboard configurations
+```
+
+#### 3. Data Persistence Strategy & Importance.
+
+**Implementation:**
+- **Backend Data:** SQLite database persisted to `backend-data` volume at `/app/data`
+- **Prometheus Data:** Metrics history stored in `prometheus-data` volume at `/prometheus`
+- **Grafana Data:** Dashboard configs and user data in `grafana-data` volume at `/var/lib/grafana`
+
+**Data Persistence Importance:**
+Without persistent volumes, all application data (user submissions, metrics history, dashboard configurations) would be lost on container restart. This ensures:
+- Database integrity across deployments
+- Historical metrics retention for trend analysis
+- Dashboard configurations survive updates
+- Production continuity and reliability
+
+
+---
+
+#### 4. **SSL/TLS Implementation**
+
+##### **Reverse Proxy Setup**
+
+* **Nginx** terminates SSL on port **443**
+* **Let’s Encrypt** certificate via **Certbot** (auto-renewal enabled)
+
+* Proxies requests to Docker containers on **localhost**
+
+---
+
+#### **Key Challenge & Resolution**
+
+**Issue:**
+Frontend container served the default Nginx page instead of the actual application.
+
+**Root Cause:**
+The container’s `nginx.conf` pointed to `index.html` (Nginx default) instead of the correct `Devops_Intern.html`.
+
+**Resolution:**
+Updated the frontend `nginx.conf` as follows:
+
+```nginx
+index Devops_Intern.html;
+location / {
+ try_files $uri $uri/ /Devops_Intern.html;
+}
+```
+
+Then rebuilt and relaunched the container:
+
+```bash
+docker-compose build frontend && docker-compose up -d
+```
+
+**Trade-off:**
+Used internal port **3001** for the frontend to avoid conflicts with host-level Nginx on port **80**.
+This approach allows **SSL termination at the host level** while maintaining **container isolation** and clean network separation.
+
+---
+
+#### 5. AWS EC2 Deployment
+##### **Infrastructure as Code (Terraform)**
+
+The entire infrastructure was **provisioned directly through Terraform**, enabling automated, repeatable deployment of all required AWS resources. Each resource was defined in code to ensure consistency, transparency, and easy re-creation when needed.
+
+#### **Resources Provisioned**
+
+* **VPC** with a public subnet for hosting internet-accessible services
+* **Internet Gateway** to enable outbound and inbound internet connectivity
+* **Security Groups** configured for inbound access on ports **22, 80, 443, 3000, 8000, and 9090**
+* **Elastic IP** allocated for stable and persistent public addressing
+* **EC2 Instance** deployed with **user-data automation** to install and start essential services (Prometheus, Grafana, and the application stack)
+
+#### **EC2 Deployment**
+
+* **Instance Type:** t2.micro (1 vCPU, 2GB RAM)
+* **AMI:** Ubuntu 22.04 LTS
+* **Security Group Rules:**
+
+ * **SSH (22):** Management access
+ * **HTTP (80):** Frontend access
+ * **Backend (8000):** Application API
+ * **Grafana (3000):** Monitoring dashboard
+ * **Prometheus (9090):** Metrics collection interface
+
+This configuration highlights an automated deployment where all networking, security, and compute resources were **created and managed through Terraform**, eliminating manual setup and ensuring a consistent, declarative infrastructure environment.
+
+#### 6. Security Implementation
+- Credentials stored in terraform.tfvars (gitignored)
+- No hardcoded passwords in reposito
+
+
+### Trade-offs & Decisions
+
+| Decision | Alternative | Rationale | Importance |
+|----------|-------------|-----------|------------|
+| HTTPS | HTTP | Production requires encrypted communication. Implemented SSL/TLS to protect data in transit and prevent interception.** | Critical: HTTPS ensures data encryption, prevents man-in-the-middle attacks, builds user trust, and is mandatory for production environments handling any data. |
+| Database: SQLite | PostgreSQL | Lightweight, zero-config, sufficient for demo. Built-in Python support. | Acceptable for evaluation; production scaling requires PostgreSQL for concurrency. |
+| Instance: t2.micro | t2.large | Cost-efficient ($8.50/month), meets free tier eligibility. | Adequate for demo; production under heavy load requires larger instances. |
+| Single EC2 | Multi-AZ | Simplified deployment, faster iteration for internship evaluation. | Single point of failure accepted for demo; production needs high availability. |
+| Docker Compose | Kubernetes | Lightweight orchestration for 4 services, simple networking. | Sufficient for single-node deployment; scaling requires Kubernetes. |
+| GitHub Actions | Jenkins | Native GitHub integration, zero infrastructure cost, simpler pipeline. | Adequate for straightforward CI/CD; complex workflows may need Jenkins. |
+
+---
+
+#### Security Implementation
+**Production-Grade Security Applied:**
+- **HTTPS with SSL/TLS** - Encrypted communication via secure domain
+- **Nginx reverse proxy** - Centralized SSL termination and routing
+- **Secure secret management** - GitHub Secrets for credentials
+- **Restricted security groups** - Controlled access to EC2 instance
+
+### Challenge Encountered
+
+**Issue:** Docker Hub connection timeout during `docker compose up`
+```
+Error: Get "https://auth.docker.io/token": dial tcp [IPv6]:443: no route to host
+```
+
+**Root Cause:** IPv6 routing issue with Docker Hub registry
+
+**Solution Applied:**
+1. Used specific image versions instead of `latest` tag
+2. Restarted Docker daemon
+3. Pre-pulled images individually to verify connectivity
+
+**Result:** Successful image pull and container startup
+
+### Deliverables
+✅ `backend/Dockerfile`
+✅ `frontend/Dockerfile`
+✅ `docker-compose.yml`
+✅ Screenshots:
+- 
+- 
+- 
+- 
+- 
+
+---
+
+
+## Level 2 - Monitoring & Observability
+
+### Objective
+Implement observability with real-time infrastructure and application metrics.
+
+### Implementation
+
+#### 1. Prometheus Configuration
+
+**File:** `monitoring/prometheus.yml`
+
+```yaml
+global:
+ scrape_interval: 15s
+
+scrape_configs:
+ - job_name: 'prometheus'
+ static_configs:
+ - targets: ['localhost:9090']
+
+ - job_name: 'backend'
+ static_configs:
+ - targets: ['backend:8000']
+
+ - job_name: 'node-exporter'
+ static_configs:
+ - targets: ['node-exporter:9100']
+```
+
+**Scraping Strategy:**
+- 15-second intervals balance data granularity vs storage
+- Three targets monitored: Backend API, Node Exporter, Prometheus itself
+- All targets verified as "UP" in Prometheus UI
+
+#### 2. Grafana Setup
+
+**Automated Datasource Provisioning:**
+
+Created `grafana-provisioning/datasources/prometheus.yml`:
+```yaml
+apiVersion: 1
+datasources:
+ - name: Prometheus
+ type: prometheus
+ access: proxy
+ url: http://prometheus:9090
+ isDefault: true
+ editable: true
+```
+
+**Benefits:**
+- No manual datasource configuration needed
+- Consistent setup across environments
+- Infrastructure-as-code approach
+
+#### 3. Dashboard Implementation
+
+**Dashboard 1: Infrastructure Metrics**
+- **Source:** Imported pre-built Node Exporter Full dashboard (ID: 1860)
+- **Metrics Visualized:**
+ - CPU usage (user, system, idle)
+ - Memory utilization and available
+ - Disk I/O operations
+ - Network traffic (inbound/outbound)
+ - System load averages
+
+**Dashboard #2: Application Metrics (Custom)**
+ *This dashboard was manually created to demonstrate Grafana’s capability to visualize custom application metrics from Prometheus. It includes panels for key metrics such as HTTP request rate, response time (p95), error rate, status code distribution, and active requests.*
+
+*The setup was intended as a temporary proof of concept, showcasing how Grafana can be configured to monitor application-level performance. Unlike the Node Exporter dashboard, this custom dashboard was not configured for persistence and exists only within the session in which it was created.*
+
+**Screenshots below illustrate the dashboard layout and visualizations captured during the demonstration.**
+
+Created custom dashboard with panels tracking:
+
+| Panel | Metric Query | Visualization |
+|-------|--------------|---------------|
+| **HTTP Request Rate** | `rate(http_requests_total[5m])` | Time series |
+| **Response Time (p95)** | `histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))` | Time series |
+| **Error Rate** | `rate(http_requests_total{status=~"5.."}[5m])` | Stat (red threshold) |
+| **Status Code Distribution** | `sum by (status) (rate(http_requests_total[5m]))` | Pie chart |
+| **Active Requests** | `http_requests_in_progress` | Gauge |
+
+---
+
+#### Trade-offs & Decisions
+
+| Decision | Chosen | Alternative | Rationale | Trade-offs |
+| ---------------------------- | ---------------- | ------------ | -------------------------------------------------- | ----------------------------------------------------- |
+| **Scrape Interval** | 15 seconds | 5 seconds | Balanced detail with manageable resource usage. | Slightly less metric granularity during rapid events. |
+| **Infrastructure Dashboard** | Imported #1860 | Custom built | Faster setup using a proven, reliable template. | Limited customization flexibility for unique metrics. |
+| **Application Dashboard** | Custom | Pre-built | Tailored to app-specific KPIs and workflows. | Requires more development and maintenance effort. |
+| **Datasource Setup** | Auto-provisioned | Manual | Ensures consistency and easy replication via code. | Less flexibility for ad-hoc configuration changes. |
+
+
+#### Challenges Encountered
+
+**Issue:** Unable to login to Grafana with default `admin/admin` credentials
+
+**Root Cause:** Pre-existing Grafana volume from previous deployment contained different password
+
+**Solution Applied:**
+1. Attempted password reset: `docker exec grafana grafana-cli admin reset-admin-password`
+2. Final solution: Removed old volume and recreated with fresh configuration
+```bash
+docker compose stop grafana
+docker volume rm fusionpact-devops-challenge_grafana-data
+docker compose up -d grafana
+```
+
+**Lesson Learned:** Always document custom passwords; consider environment variables for initial setup
+
+#### Metrics Validation
+
+**Traffic Generation for Testing:**
+```bash
+for i in {1..200}; do
+ curl -s http://localhost:8000/health > /dev/null
+ curl -s http://localhost:8000/metrics > /dev/null
+ sleep 0.05
+done
+```
+
+**Verification Steps:**
+1. Confirmed all Prometheus targets showing "UP" status
+2. Validated metrics appearing in Prometheus query interface
+3. Verified Grafana dashboards displaying real-time data
+4. Tested alert conditions and panel refresh rates
+
+### Deliverables
+✅ `monitoring/prometheus.yml` configuration
+✅ Grafana datasource auto-provisioning
+✅ Screenshot: Prometheus targets (all UP)
+✅ Screenshot: Infrastructure dashboard with live metrics
+✅ Screenshot: Application metrics dashboard with traffic data
+- 
+- 
+- 
+
+---
+
+
+#### Level 3 - CI/CD Automation
+
+#### Objective
+Automate build, test, and deployment workflow for continuous delivery.
+
+#### Implementation
+
+#### 1. CI/CD Platform Selection
+
+**Chosen:** GitHub Actions
+
+**Rationale:**
+- Native GitHub integration (no external server needed)
+- Free for public repositories
+- YAML-based configuration (infrastructure-as-code)
+- Built-in secrets management
+
+**Alternative Considered:** Jenkins
+- **Trade-off:** Jenkins requires dedicated server maintenance and resources
+- **Decision:** GitHub Actions provides serverless CI/CD with zero infrastructure overhead
+
+#### 2. Pipeline Configuration
+
+**File:** `.github/workflows/ci-cd.yml`
+
+**Pipeline Stages:**
+1. Code Checkout
+- Clones repository
+- Checks out working branch
+
+2. Build & Test
+- Installs Python dependencies
+- Runs backend unit tests
+- Lints code with Black
+
+3. Docker Image Build
+- Builds backend image
+- Builds frontend image
+- Tags with commit SHA and 'latest'
+
+4. Push to Registry
+- Authenticates to Docker Hub
+- Pushes images to registry
+
+5. Deploy to Cloud
+- SSH into EC2 instance
+- Pulls latest images
+- Runs docker-compose up -d
+- Verifies deployment health
+
+
+
+```yaml
+name: CI/CD Pipeline
+
+on:
+ push:
+ branches: [ main, master, Precious-project ]
+ pull_request:
+ branches: [ main, master, Precious-project ]
+ workflow_dispatch:
+
+jobs:
+ build-and-test:
+ runs-on: ubuntu-latest
+ steps:
+ - Checkout code
+ - Setup Python 3.9
+ - Install backend dependencies
+ - Run backend tests
+ - Build and Push Docker Images
+ - Checkout code
+ - Login to Docker Hub
+ - Build and push backend image
+ - Build and push frontend image
+
+ deploy:
+ needs: build-and-push
+ runs-on: ubuntu-latest
+ steps:
+ - Checkout code
+ - Deploy to EC2
+ - Verify Deployment
+
+```
+
+#### 3. Secrets Configuration
+
+**GitHub Repository Secrets Added:**
+- `DOCKER_USERNAME` - Docker Hub username
+- `DOCKER_PASSWORD` - Docker Hub access token
+- `EC2_HOST` - EC2 public IP address
+- `EC2_USER` - SSH username
+- `EC2_SSH_KEY` - Private SSH key for EC2 access
+- `AWS_ACCESS_KEY_ID` - AWS Credentials
+- `AWS_SECRET_KEY`. - AWS Credentials
+
+**Security Best Practice:** Never hardcode credentials in workflow files
+
+#### 4. Deployment Strategy
+
+**Approach:** Direct SSH deployment to EC2
+
+**Steps Automated:**
+1. SSH into EC2 instance
+2. Navigate to project directory
+3. Pull latest code from GitHub
+4. Pull updated Docker images from registry
+5. Restart services: `docker compose up -d`
+6. Verify deployment: `docker compose ps`
+
+**Trade-off Analysis:**
+
+| Approach | Pros | Cons | Decision |
+|----------|------|------|----------|
+| **SSH Deployment** | Simple, direct control | Manual scaling | ✅ Chosen for single-server setup |
+| **Kubernetes** | Auto-scaling, HA | Complex, resource-intensive | ❌ Overkill for demo |
+| **AWS CodeDeploy** | AWS-native | Additional AWS complexity | ❌ GitHub Actions simpler |
+
+#### Challenges Encountered
+
+**Issue:** Initial pipeline failure due to missing secrets
+
+**Error Log:**
+```
+Error: Input required and not supplied: DOCKER_USERNAME
+```
+
+**Solution Applied:**
+1. Navigated to GitHub Repository → Settings → Secrets and Variables → Actions
+2. Added all required secrets with correct values
+3. Verified SSH key format (removed headers, single line)
+4. Re-ran pipeline successfully
+
+**Validation:** Green checkmarks across all pipeline stages
+
+#### CI/CD Benefits Achieved
+
+1. **Automated Testing:** Code quality checks on every commit
+2. **Consistent Builds:** Reproducible image creation
+3. **Fast Deployment:** ~3 minutes from push to production
+4. **Rollback Capability:** Previous images available in registry
+5. **Audit Trail:** Complete deployment history in GitHub Actions
+
+### Deliverables
+✅ `.github/workflows/deploy.yml` pipeline configuration
+✅ Docker Hub repository with tagged images
+✅ Screenshot: Successful pipeline execution
+✅ Screenshot: Docker Hub showing pushed images
+✅ Screenshot: Functioning Webapp
+- 
+- 
+- 
+- 
+
+---
+
+
+## Architecture Overview
+
+#### System Architecture Diagram
+```
+┌─────────────────────────────────────────────────────────────┐
+│ Developer Workstation │
+│ (Terraform + Git) │
+└────────────────────┬────────────────────────────────────────┘
+ │
+ ┌────────────┴────────────┐
+ │ │
+ │ terraform apply │ git push
+ ▼ ▼
+┌─────────────────┐ ┌─────────────────────────────────────┐
+│ AWS Cloud │ │ GitHub Actions │
+│ │ │ ┌──────────┐ ┌──────────┐ │
+│ ┌─────────────┐ │ │ │ Checkout │→ │ Build │ │
+│ │ Terraform │ │ │ └──────────┘ └──────────┘ │
+│ │ State │ │ │ ┌──────────┐ ┌──────────┐ │
+│ └─────────────┘ │ │ │ Push │→ │ Deploy │ │
+│ │ │ │ └──────────┘ └──────────┘ │
+│ ▼ │ └────────────┬────────────────────────┘
+│ ┌─────────────┐ │ │
+│ │ VPC + │ │ ▼
+│ │ Security │ │ ┌─────────────────┐
+│ │ Groups │ │ │ Docker Hub │
+│ └─────────────┘ │ │ Image Registry │
+│ │ │ └────────┬────────┘
+│ ▼ │ │
+│ ┌─────────────┐ │ │ docker pull
+│ │ Elastic IP │ │ │
+│ │ (Static) │ │ │
+│ └──────┬──────┘ │ │
+│ │ │ │ SSH Deploy
+│ ▼ │ ▼
+│ ┌─────────────────────────────────────────────────────────┐ │
+│ │ AWS EC2 Instance (t3.micro) │ │
+│ │ Ubuntu 22.04 LTS + userdata.sh │ │
+│ │ ┌────────────────────────────────────────────────────┐ │ │
+│ │ │ Host Level (Port 80/443) │ │ │
+│ │ │ │ │ │
+│ │ │ ┌──────────────────────────────────┐ │ │ │
+│ │ │ │ Nginx Reverse Proxy │ │ │ │
+│ │ │ │ • SSL Termination (Let's Encrypt) │ │ │
+│ │ │ │ • Port 80 → 443 redirect │ │ │ │
+│ │ │ │ • Port 443 HTTPS │ │ │ │
+│ │ │ └────────┬─────────────────────────┘ │ │ │
+│ │ │ │ │ │ │
+│ │ │ │ Path-based routing │ │ │
+│ │ └───────────┼─────────────────────────────────────────┘ │
+│ │ │ │ │
+│ │ ┌───────────┴─────────────────────────────────────────┐ │
+│ │ │ Docker Compose Stack │ │
+│ │ │ │ │
+│ │ │ / → Frontend ┌────────────┐ │ │
+│ │ │ │ Users │ │ │
+│ │ │ ┌────────────┐ │ (HTTPS) │ │ │
+│ │ │ │ Frontend │◄───────└────────────┘ │ │
+│ │ │ │(Nginx:3001)│ SSL via host Nginx │ │
+│ │ │ └─────┬──────┘ ↑ │ │
+│ │ │ │ Port conflict prevented │ │
+│ │ │ │ │ │
+│ │ │ /api → Backend │ │
+│ │ │ ▼ │ │
+│ │ │ ┌────────────┐ │ │
+│ │ │ │ Backend │ │ │
+│ │ │ │ (FastAPI │ │ │
+│ │ │ │ :8000) │ │ │
+│ │ │ └─────┬──────┘ │ │
+│ │ │ │ │ │
+│ │ │ │ /metrics │ │
+│ │ │ ▼ │ │
+│ │ │ ┌────────────┐ ┌──────────────┐ │ │
+│ │ │ │ Prometheus │◄─────│Node Exporter │ │ │
+│ │ │ │ (:9090) │ │ (:9100) │ │ │
+│ │ │ └─────┬──────┘ └──────────────┘ │ │
+│ │ │ │ │ │
+│ │ │ │ datasource │ │
+│ │ │ /grafana → │ │
+│ │ │ ▼ │ │
+│ │ │ ┌────────────┐ │ │
+│ │ │ │ Grafana │ │ │
+│ │ │ │ (:3000) │ │ │
+│ │ │ └────────────┘ │ │
+│ │ │ │ │
+│ │ └──────────────────────────────────────────────────────┘ │
+│ │ │ │
+│ │ ┌────────────────────────────────────────────────────┐ │ │
+│ │ │ Docker Volumes (Persistence) │ │ │
+│ │ │ • backend-data (SQLite DB) │ │ │
+│ │ │ • prometheus-data (Metrics history) │ │ │
+│ │ │ • grafana-data (Dashboard configs) │ │ │
+│ │ └────────────────────────────────────────────────────┘ │ │
+│ └─────────────────────────────────────────────────────────┘ │
+└─────────────────────────────────────────────────────────────┘
+```
+---
+
+#### Data Flows
+
+**1. Infrastructure Provisioning Flow:**
+```
+Developer → terraform apply → AWS API →
+ Creates: VPC, Security Groups, EC2, Elastic IP →
+ Executes: userdata.sh (Docker install, compose up)
+```
+
+**2. User Request Flow (HTTPS):**
+```
+User (HTTPS) → Nginx (Port 443, SSL termination) →
+ Path routing:
+ / → Frontend container (3001)
+ /api → Backend container (8000)
+ /grafana → Grafana container (3000)
+```
+
+**3. Monitoring Flow:**
+```
+Backend (/metrics) → Prometheus scrapes (9090) → Grafana queries → Dashboard visualization
+Node Exporter (9100) → Prometheus → Grafana (Infrastructure metrics)
+```
+
+**4. CI/CD Deployment Flow:**
+```
+git push → GitHub Actions trigger →
+ Build images → Push to Docker Hub →
+ SSH to EC2 → docker-compose pull → docker-compose up -d
+```
+### Network Configuration
+
+| Service | Port | Access | Purpose |
+|---------|------|--------|---------|
+| Nginx (Host) | 80 | Public | HTTP → HTTPS redirect |
+| Nginx (Host) | 443 | Public | SSL termination + reverse proxy |
+| Frontend | 3001 | Internal | User-facing web interface (via Nginx /) |
+| Backend | 8000 | Internal | REST API endpoints (via Nginx /api) |
+| Prometheus | 9090 | Internal | Metrics query interface |
+| Grafana | 3000 | Internal | Monitoring dashboards (via Nginx /grafana) |
+| Node Exporter | 9100 | Internal | System metrics collection |
+| SSH | 22 | Public | Terraform + admin access |
+
+---
+
+
+### 5. Challenges & Solutions
+
+#### Challenge 1: Docker Hub Connectivity
+
+**Problem:**
+```
+Error: Get "https://auth.docker.io/token": dial tcp [IPv6]:443: no route to host
+```
+
+**Impact:** Unable to pull Docker images, blocking deployment
+
+**Root Cause Analysis:**
+- IPv6 routing issue between local network and Docker Hub
+- DNS resolution returning IPv6 address first
+- Network configuration not supporting IPv6 connections
+
+**Solution Implemented:**
+1. Used specific image versions (e.g., `prom/prometheus:v2.45.0` instead of `latest`)
+2. Restarted Docker daemon to refresh network configuration
+3. Pre-pulled images individually to verify connectivity
+
+**Outcome:** Successful image download and container startup
+
+**Prevention:** Always use specific version tags in production for reproducibility
+
+---
+
+#### Challenge 2: Grafana Authentication
+
+**Problem:** Unable to login with default `admin/admin` credentials
+
+**Impact:** Could not access monitoring dashboards
+
+**Root Cause Analysis:**
+- Pre-existing Grafana volume contained initialized database with different password
+- Docker Compose reused existing volume on restart
+- No documentation of changed password
+
+**Solution Implemented:**
+1. Attempted CLI password reset: `docker exec grafana grafana-cli admin reset-admin-password`
+2. Removed old volume: `docker volume rm fusionpact-devops-challenge_grafana-data`
+3. Recreated container with fresh configuration
+4. Set explicit admin password via environment variables
+
+**Outcome:** Successful login and dashboard access
+
+**Best Practice Adopted:** Document all password changes; use environment variables for initial configuration
+
+---
+
+#### Challenge 3: GitHub Actions Secrets
+
+**Problem:** Pipeline failing with "Input required and not supplied" error
+
+**Impact:** CI/CD automation non-functional
+
+**Root Cause Analysis:**
+- Secrets not configured in GitHub repository
+- Workflow file referenced undefined variables
+- SSH key format incorrect (contained headers)
+
+**Solution Implemented:**
+1. Added all required secrets in GitHub Repository Settings
+2. Verified secret names matched workflow references exactly
+3. Formatted SSH key correctly (removed BEGIN/END headers, single line)
+4. Tested pipeline execution
+
+**Outcome:** Green checkmarks across all pipeline stages
+
+**Key Lesson:** Always validate secrets configuration before pushing workflow changes
+
+---
+
+
+### 6. Key Learnings & Best Practices
+
+#### Technical Learnings
+
+1. **Container Orchestration**
+ - Docker Compose simplifies multi-container management
+ - Named volumes provide persistent data storage
+ - Container networking enables service discovery by name
+
+2. **Monitoring Strategy**
+ - Prometheus pull-based model scales well
+ - Grafana provisioning enables infrastructure-as-code
+ - 15-second scrape interval balances granularity and performance
+
+3. **CI/CD Automation**
+ - GitHub Actions provides serverless CI/CD
+ - Secrets management critical for security
+ - SSH deployment simple but requires secure key handling
+
+#### DevOps Best Practices Applied
+
+✅ **Infrastructure as Code:** All configurations version-controlled
+✅ **Data Persistence:** Volumes ensure state survival across deployments
+✅ **Observability:** Comprehensive monitoring from day one
+✅ **Automation:** Zero-touch deployments via CI/CD
+✅ **Security:** Secrets never hardcoded, proper access controls
+✅ **Documentation:** Complete SOP for reproducibility
+
+
+#### Future Enhancements
+
+If scaling beyond:
+1. **High Availability:** Multi-AZ deployment with load balancer
+2. **Database:** Migrate from SQLite to PostgreSQL RDS
+3. **Container Orchestration:** Kubernetes for auto-scaling
+4. **CDN:** CloudFront for frontend static assets
+5. **Secrets Management:** AWS Secrets Manager or HashiCorp Vault
+6. **Log Aggregation:** ELK stack or CloudWatch Logs
+
+---
+
+
+###7 Appendix - URLs & Resources
+
+### Public Access URLs
+
+**Production Environment:**
+
+* **Frontend Application:** [https://fusionpact.servehttp.com](https://fusionpact.servehttp.com)
+* **Backend API:** [https://fusionpact.servehttp.com/api/](https://fusionpact.servehttp.com/api/)
+* **API Docs:** [https://fusionpact.servehttp.com/api/docs](https://fusionpact.servehttp.com/api/docs)
+* **Prometheus UI:** [http://fusionpact.servehttp.com:9090](http://fusionpact.servehttp.com:9090)
+* **Grafana Dashboards:** [http://fusionpact.servehttp.com:3000](http://fusionpact.servehttp.com:3000)
+
+
+**Development Resources:**
+- GitHub Repository: `https://github.com/Nifesimi-p/fusionpact-devops-challenge`
+- Project Branch: `Precious-project`
+- Docker Hub Images: `https://hub.docker.com/u/preciousnifesi`
+
+### Login Credentials
+
+**Grafana:**
+- Username: `admin`
+- Password: ``
+
+#### Key Configuration Files
+
+All configuration files available in repository:
+
+```
+fusionpact-devops-challenge/
+├── backend/
+│ ├── Dockerfile
+│ ├── requirements.txt
+│ └── app/
+├── frontend/
+│ ├── Dockerfile
+│ └── Devops_Intern.html
+├── infrastructure/
+│ └── terraform/
+│ ├── main.tf
+│ ├── variables.tf
+│ ├── providers.tf
+│ ├── user-data.sh
+│ └── terraform.tfvars (gitignored)
+├── monitoring/
+│ └── prometheus.yml
+├── .github/
+│ └── workflows/
+│ └── ci-cd.yml
+├── docker-compose.yml
+└── README.md
+```
+---
+
+### 8. Complete Command Log - FusionPact DevOps Challenge
+
+## Prerequisites Check
+
+```bash
+docker --version
+docker compose version
+git --version
+terraform --version
+docker ps
+cd ~/Desktop/DevOps-Projects/FusionPact/fusionpact-devops-challenge
+```
+
+---
+
+#### Level 1: Cloud Deployment
+
+#### Local Development
+
+```bash
+# Create backend Dockerfile
+cat > backend/Dockerfile << 'EOF'
+FROM python:3.11-slim
+WORKDIR /app
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+COPY . .
+EXPOSE 8000
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
+EOF
+
+# Create frontend Dockerfile
+cat > frontend/Dockerfile << 'EOF'
+FROM nginx:alpine
+COPY . /usr/share/nginx/html/
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
+EOF
+
+# Fix frontend nginx.conf (Critical - fixed default page issue)
+cat > frontend/nginx.conf << 'EOF'
+server {
+ listen 80;
+ root /usr/share/nginx/html;
+ index Devops_Intern.html;
+ location / {
+ try_files $uri $uri/ /Devops_Intern.html;
+ }
+}
+EOF
+
+# Create Prometheus config
+mkdir -p monitoring
+cat > monitoring/prometheus.yml << 'EOF'
+global:
+ scrape_interval: 15s
+
+scrape_configs:
+ - job_name: 'prometheus'
+ static_configs:
+ - targets: ['localhost:9090']
+ - job_name: 'backend'
+ static_configs:
+ - targets: ['backend:8000']
+ - job_name: 'node-exporter'
+ static_configs:
+ - targets: ['node-exporter:9100']
+EOF
+
+# Test locally
+docker compose up -d
+docker compose ps
+curl http://localhost:8000/health
+curl http://localhost
+docker compose down
+```
+
+---
+
+#### Terraform Infrastructure
+
+```bash
+cd infrastructure/terraform
+
+# Create terraform.tfvars (gitignored)
+cat > terraform.tfvars << 'EOF'
+aws_region = "us-east-1"
+instance_type = "t2.micro"
+key_name = "your-key-name"
+my_ip = "your-ip/32"
+EOF
+
+# Deploy infrastructure
+terraform init
+terraform validate
+terraform plan
+terraform apply -auto-approve
+
+# Get EC2 IP
+export EC2_IP=$(terraform output -raw ec2_public_ip)
+echo $EC2_IP
+```
+
+---
+
+#### Deploy to EC2
+
+```bash
+# SSH and deploy
+ssh -i your-key.pem ubuntu@$EC2_IP
+
+git clone https://github.com/Nifesimi-p/fusionpact-devops-challenge.git
+cd fusionpact-devops-challenge
+git checkout Precious-project
+
+docker compose up -d
+docker compose ps
+curl http://localhost:8000/health
+
+exit
+```
+
+---
+
+#### SSL/TLS Setup (On EC2)
+
+```bash
+ssh -i your-key.pem ubuntu@$EC2_IP
+
+# Install Certbot and Nginx
+sudo apt update
+sudo apt install certbot python3-certbot-nginx nginx -y
+
+# Configure Nginx reverse proxy
+sudo nano /etc/nginx/sites-available/default
+# Added SSL termination and proxy configuration
+
+sudo nginx -t
+sudo systemctl reload nginx
+
+# Get SSL certificate
+sudo certbot --nginx -d fusionpact.servehttp.com
+sudo certbot renew --dry-run
+
+# Update docker-compose.yml frontend port to 3001
+cd fusionpact-devops-challenge
+nano docker-compose.yml
+# Changed: ports: ["80:80"] to ports: ["3001:80"]
+
+docker compose down
+docker compose up -d
+
+exit
+```
+
+---
+
+### Level 2: Monitoring & Observability
+
+#### Grafana Provisioning
+
+```bash
+# Back on local machine
+cd ~/Desktop/DevOps-Projects/FusionPact/fusionpact-devops-challenge
+
+mkdir -p grafana-provisioning/datasources
+
+cat > grafana-provisioning/datasources/prometheus.yml << 'EOF'
+apiVersion: 1
+datasources:
+ - name: Prometheus
+ type: prometheus
+ access: proxy
+ url: http://prometheus:9090
+ isDefault: true
+ editable: true
+EOF
+
+# Updated docker-compose.yml grafana volumes to include:
+# - ./grafana-provisioning:/etc/grafana/provisioning
+
+docker compose restart grafana
+docker logs grafana --tail 50 | grep -i datasource
+```
+
+---
+
+#### Grafana Authentication Fix
+
+```bash
+# Reset password (when default didn't work)
+docker exec -it grafana grafana-cli admin reset-admin-password admin123
+
+# Alternative: Fresh install
+docker compose stop grafana
+docker volume rm fusionpact-devops-challenge_grafana-data
+docker compose up -d grafana
+```
+
+---
+
+#### Dashboard Setup
+
+```bash
+# Access Grafana
+open http://localhost:3000
+# Login: admin / admin123
+
+# Imported Node Exporter Dashboard ID: 1860
+# Created custom Application Metrics dashboard manually
+
+# Generate test traffic
+for i in {1..200}; do
+ curl -s http://localhost:8000/health > /dev/null
+ curl -s http://localhost:8000/metrics > /dev/null
+ sleep 0.05
+done
+
+# Verify Prometheus
+open http://localhost:9090/targets
+```
+
+---
+
+#### Deploy to EC2
+
+```bash
+git add .
+git commit -m "Add monitoring configuration"
+git push origin Precious-project
+
+ssh -i your-key.pem ubuntu@$EC2_IP
+cd fusionpact-devops-challenge
+git pull origin Precious-project
+docker compose down
+docker compose up -d
+docker compose ps
+exit
+```
+
+---
+
+### Level 3: CI/CD Automation
+
+#### GitHub Actions Setup
+
+```bash
+mkdir -p .github/workflows
+
+cat > .github/workflows/ci-cd.yml << 'EOF'
+name: CI/CD Pipeline
+
+on:
+ push:
+ branches: [ main, master, Precious-project ]
+ workflow_dispatch:
+
+jobs:
+ build-and-push:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_PASSWORD }}
+ - name: Build and push backend
+ run: |
+ docker build -t ${{ secrets.DOCKER_USERNAME }}/fusionpact-backend:latest ./backend
+ docker push ${{ secrets.DOCKER_USERNAME }}/fusionpact-backend:latest
+ - name: Build and push frontend
+ run: |
+ docker build -t ${{ secrets.DOCKER_USERNAME }}/fusionpact-frontend:latest ./frontend
+ docker push ${{ secrets.DOCKER_USERNAME }}/fusionpact-frontend:latest
+
+ deploy:
+ needs: build-and-push
+ runs-on: ubuntu-latest
+ steps:
+ - uses: appleboy/ssh-action@master
+ with:
+ host: ${{ secrets.EC2_HOST }}
+ username: ${{ secrets.EC2_USER }}
+ key: ${{ secrets.EC2_SSH_KEY }}
+ script: |
+ cd fusionpact-devops-challenge
+ git pull origin Precious-project
+ docker compose pull
+ docker compose up -d
+EOF
+```
+
+---
+
+#### Configure Secrets
+
+```bash
+# Added in GitHub UI (Settings → Secrets):
+# DOCKER_USERNAME = preciousnifesi
+# DOCKER_PASSWORD = (Docker Hub token)
+# EC2_HOST = (EC2 public IP)
+# EC2_USER = ubuntu
+# EC2_SSH_KEY = (private key content)
+```
+
+---
+
+#### Deploy
+
+```bash
+git add .
+git commit -m "Add CI/CD pipeline"
+git push origin Precious-project
+
+# Watched pipeline in GitHub Actions tab
+# Verified deployment on EC2
+```
+
+---
+
+### Verification Commands
+
+```bash
+# Check containers
+docker compose ps
+
+# Test services
+curl https://fusionpact.servehttp.com
+curl https://fusionpact.servehttp.com/api/health
+curl http://fusionpact.servehttp.com:9090/-/healthy
+
+# View logs
+docker compose logs backend --tail 50
+docker compose logs grafana --tail 50
+
+# Check volumes
+docker volume ls
+docker volume inspect fusionpact-devops-challenge_backend-data
+```
+
+---
+
+### Git Commands Used
+
+```bash
+git clone https://github.com/Nifesimi-p/fusionpact-devops-challenge.git
+git checkout Precious-project
+git status
+git add .
+git commit -m "message"
+git push origin Precious-project
+git pull origin Precious-project
+```
+
+---
+
+### Terraform Commands Used
+
+```bash
+terraform init
+terraform validate
+terraform plan
+terraform apply -auto-approve
+terraform output
+terraform output ec2_public_ip
+```
+
+---
+
+**END OF COMMAND LOG**
+
+#### Conclusion
+
+This project demonstrates end-to-end DevOps capability: from application containerization through cloud deployment, monitoring, and fully automated CI/CD pipelines. The implementation balances production-grade practices with practical trade-offs appropriate for the scale and requirements.
+
+
+---
+
+#### Quick Reference Commands
+
+```bash
+# Start all services
+docker compose up -d
+
+# Stop all services
+docker compose down
+
+# View logs
+docker compose logs -f
+
+# Rebuild after changes
+docker compose up -d --build
+
+# Check status
+docker compose ps
+
+# Access container shell
+docker exec -it [container-name] /bin/sh
+
+# View volumes
+docker volume ls
+
+# Clean up
+docker compose down -v
+docker system prune -a
+```
+
+---
+
+**END OF SOP**
diff --git a/README.md b/README.md
index e3651b8..cbce110 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,1298 @@
+# FusionPact DevOps Challenge
+### Standard Operating Procedure (SOP)
+
+**Candidate Name:** Olowookere Precious Jesutofunmi
+
+**Project Duration:** 14th October - 16th October
+**Repository:** https://github.com/Nifesimi-p/fusionpact-devops-challenge
+**Branch:** Precious-project
+
+---
+
+## Executive Summary
+
+Successfully deployed a production-ready two-tier web application (FastAPI backend + Nginx frontend) on AWS EC2 with infrastructure automation using Terraform, SSL/TLS encryption, observability and automated CI/CD pipeline.
+
+---
+
+### **Key Technologies**
+
+* **Cloud Platform:** AWS EC2 (Ubuntu 22.04, t2.micro), Elastic IP
+* **Automation:** Terraform (Infrastructure as Code)
+* **Containerization:** Docker
+* **Web Server / Reverse Proxy:** Nginx
+* **Monitoring:** Prometheus, Grafana
+* **Security:** Let’s Encrypt (SSL/TLS Certificates)
+* **Networking / DNS:** NoIP Dynamic DNS
+* **CI/CD:** GitHub Actions
+
+---
+
+**Project Outcome:** Automated, monitored, and production-ready application with data persistence and zero-downtime deployment capability.
+
+---
+
+## Table of Contents
+
+1. [Level 1 - Cloud Deployment with Infrastructure as Code](#level-1)
+2. [Level 2 - Monitoring & Observability](#level-2)
+3. [Level 3 - CI/CD Automation](#level-3)
+4. [Architecture Overview](#architecture)
+5. [Challenges & Solutions](#challenges)
+6. [Key Learnings](#learnings)
+7. [Appendix - URLs & Resources](#appendix)
+8. [Complete Command Log - FusionPact DevOps Challenge](#command)
+
+---
+
+
+## Level 1 - Cloud Deployment with Infrastructure as Code
+
+### Objective
+Deploy containerized full-stack application to AWS EC2 using Terraform with data persistence
+
+### Implementation
+
+#### 1. Containerization
+
+**Backend Dockerfile** (`backend/Dockerfile`):
+```dockerfile
+FROM python:3.11-slim
+
+WORKDIR /app
+
+# Copy requirements and install dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy application code
+COPY . .
+
+# Expose port
+EXPOSE 8000
+
+# Run the application (adjusted for app/ subdirectory)
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
+```
+
+**Frontend Dockerfile** (`frontend/Dockerfile`):
+```dockerfile
+FROM nginx:alpine
+
+COPY . /usr/share/nginx/html/
+
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+CMD ["nginx", "-g", "daemon off;"]
+```
+
+#### 2. Docker Compose Orchestration
+
+Created `docker-compose.yml` managing 5 services:
+- **Backend:** FastAPI application
+- **Frontend:** Nginx web server
+- **Prometheus:** Metrics collection
+- **Grafana:** Visualization platform
+- **Node Exporter:** Infrastructure metrics
+
+**Key Configuration Highlights:**
+```yaml
+services:
+ backend:
+ build: ./backend
+ container_name: backend
+ ports:
+ - "8000:8000"
+ volumes:
+ - backend-data:/app/data
+
+ Frontend:
+ build: ./frontend
+ container_name: frontend
+ ports:
+ - "80:80"
+ depends_on:
+ - backend
+
+volumes:
+ backend-data: # SQLite database persistence
+ prometheus-data: # Metrics history retention
+ grafana-data: # Dashboard configurations
+```
+
+#### 3. Data Persistence Strategy & Importance.
+
+**Implementation:**
+- **Backend Data:** SQLite database persisted to `backend-data` volume at `/app/data`
+- **Prometheus Data:** Metrics history stored in `prometheus-data` volume at `/prometheus`
+- **Grafana Data:** Dashboard configs and user data in `grafana-data` volume at `/var/lib/grafana`
+
+**Data Persistence Importance:**
+Without persistent volumes, all application data (user submissions, metrics history, dashboard configurations) would be lost on container restart. This ensures:
+- Database integrity across deployments
+- Historical metrics retention for trend analysis
+- Dashboard configurations survive updates
+- Production continuity and reliability
+
+
+---
+
+#### 4. **SSL/TLS Implementation**
+
+##### **Reverse Proxy Setup**
+
+* **Nginx** terminates SSL on port **443**
+* **Let’s Encrypt** certificate via **Certbot** (auto-renewal enabled)
+
+* Proxies requests to Docker containers on **localhost**
+
+---
+
+#### **Key Challenge & Resolution**
+
+**Issue:**
+Frontend container served the default Nginx page instead of the actual application.
+
+**Root Cause:**
+The container’s `nginx.conf` pointed to `index.html` (Nginx default) instead of the correct `Devops_Intern.html`.
+
+**Resolution:**
+Updated the frontend `nginx.conf` as follows:
+
+```nginx
+index Devops_Intern.html;
+location / {
+ try_files $uri $uri/ /Devops_Intern.html;
+}
+```
+
+Then rebuilt and relaunched the container:
+
+```bash
+docker-compose build frontend && docker-compose up -d
+```
+
+**Trade-off:**
+Used internal port **3001** for the frontend to avoid conflicts with host-level Nginx on port **80**.
+This approach allows **SSL termination at the host level** while maintaining **container isolation** and clean network separation.
+
+---
+
+#### 5. AWS EC2 Deployment
+##### **Infrastructure as Code (Terraform)**
+
+The entire infrastructure was **provisioned directly through Terraform**, enabling automated, repeatable deployment of all required AWS resources. Each resource was defined in code to ensure consistency, transparency, and easy re-creation when needed.
+
+#### **Resources Provisioned**
+
+* **VPC** with a public subnet for hosting internet-accessible services
+* **Internet Gateway** to enable outbound and inbound internet connectivity
+* **Security Groups** configured for inbound access on ports **22, 80, 443, 3000, 8000, and 9090**
+* **Elastic IP** allocated for stable and persistent public addressing
+* **EC2 Instance** deployed with **user-data automation** to install and start essential services (Prometheus, Grafana, and the application stack)
+
+#### **EC2 Deployment**
+
+* **Instance Type:** t2.micro (1 vCPU, 2GB RAM)
+* **AMI:** Ubuntu 22.04 LTS
+* **Security Group Rules:**
+
+ * **SSH (22):** Management access
+ * **HTTP (80):** Frontend access
+ * **Backend (8000):** Application API
+ * **Grafana (3000):** Monitoring dashboard
+ * **Prometheus (9090):** Metrics collection interface
+
+This configuration highlights an automated deployment where all networking, security, and compute resources were **created and managed through Terraform**, eliminating manual setup and ensuring a consistent, declarative infrastructure environment.
+
+#### 6. Security Implementation
+- Credentials stored in terraform.tfvars (gitignored)
+- No hardcoded passwords in reposito
+
+
+### Trade-offs & Decisions
+
+| Decision | Alternative | Rationale | Importance |
+|----------|-------------|-----------|------------|
+| HTTPS | HTTP | Production requires encrypted communication. Implemented SSL/TLS to protect data in transit and prevent interception.** | Critical: HTTPS ensures data encryption, prevents man-in-the-middle attacks, builds user trust, and is mandatory for production environments handling any data. |
+| Database: SQLite | PostgreSQL | Lightweight, zero-config, sufficient for demo. Built-in Python support. | Acceptable for evaluation; production scaling requires PostgreSQL for concurrency. |
+| Instance: t2.micro | t2.large | Cost-efficient ($8.50/month), meets free tier eligibility. | Adequate for demo; production under heavy load requires larger instances. |
+| Single EC2 | Multi-AZ | Simplified deployment, faster iteration for internship evaluation. | Single point of failure accepted for demo; production needs high availability. |
+| Docker Compose | Kubernetes | Lightweight orchestration for 4 services, simple networking. | Sufficient for single-node deployment; scaling requires Kubernetes. |
+| GitHub Actions | Jenkins | Native GitHub integration, zero infrastructure cost, simpler pipeline. | Adequate for straightforward CI/CD; complex workflows may need Jenkins. |
+
+---
+
+#### Security Implementation
+**Production-Grade Security Applied:**
+- **HTTPS with SSL/TLS** - Encrypted communication via secure domain
+- **Nginx reverse proxy** - Centralized SSL termination and routing
+- **Secure secret management** - GitHub Secrets for credentials
+- **Restricted security groups** - Controlled access to EC2 instance
+
+### Challenge Encountered
+
+**Issue:** Docker Hub connection timeout during `docker compose up`
+```
+Error: Get "https://auth.docker.io/token": dial tcp [IPv6]:443: no route to host
+```
+
+**Root Cause:** IPv6 routing issue with Docker Hub registry
+
+**Solution Applied:**
+1. Used specific image versions instead of `latest` tag
+2. Restarted Docker daemon
+3. Pre-pulled images individually to verify connectivity
+
+**Result:** Successful image pull and container startup
+
+### Deliverables
+✅ `backend/Dockerfile`
+✅ `frontend/Dockerfile`
+✅ `docker-compose.yml`
+✅ Screenshots:
+- 
+- 
+- 
+- 
+- 
+
+---
+
+
+## Level 2 - Monitoring & Observability
+
+### Objective
+Implement observability with real-time infrastructure and application metrics.
+
+### Implementation
+
+#### 1. Prometheus Configuration
+
+**File:** `monitoring/prometheus.yml`
+
+```yaml
+global:
+ scrape_interval: 15s
+
+scrape_configs:
+ - job_name: 'prometheus'
+ static_configs:
+ - targets: ['localhost:9090']
+
+ - job_name: 'backend'
+ static_configs:
+ - targets: ['backend:8000']
+
+ - job_name: 'node-exporter'
+ static_configs:
+ - targets: ['node-exporter:9100']
+```
+
+**Scraping Strategy:**
+- 15-second intervals balance data granularity vs storage
+- Three targets monitored: Backend API, Node Exporter, Prometheus itself
+- All targets verified as "UP" in Prometheus UI
+
+#### 2. Grafana Setup
+
+**Automated Datasource Provisioning:**
+
+Created `grafana-provisioning/datasources/prometheus.yml`:
+```yaml
+apiVersion: 1
+datasources:
+ - name: Prometheus
+ type: prometheus
+ access: proxy
+ url: http://prometheus:9090
+ isDefault: true
+ editable: true
+```
+
+**Benefits:**
+- No manual datasource configuration needed
+- Consistent setup across environments
+- Infrastructure-as-code approach
+
+#### 3. Dashboard Implementation
+
+**Dashboard 1: Infrastructure Metrics**
+- **Source:** Imported pre-built Node Exporter Full dashboard (ID: 1860)
+- **Metrics Visualized:**
+ - CPU usage (user, system, idle)
+ - Memory utilization and available
+ - Disk I/O operations
+ - Network traffic (inbound/outbound)
+ - System load averages
+
+**Dashboard #2: Application Metrics (Custom)**
+ *This dashboard was manually created to demonstrate Grafana’s capability to visualize custom application metrics from Prometheus. It includes panels for key metrics such as HTTP request rate, response time (p95), error rate, status code distribution, and active requests.*
+
+*The setup was intended as a temporary proof of concept, showcasing how Grafana can be configured to monitor application-level performance. Unlike the Node Exporter dashboard, this custom dashboard was not configured for persistence and exists only within the session in which it was created.*
+
+**Screenshots below illustrate the dashboard layout and visualizations captured during the demonstration.**
+
+Created custom dashboard with panels tracking:
+
+| Panel | Metric Query | Visualization |
+|-------|--------------|---------------|
+| **HTTP Request Rate** | `rate(http_requests_total[5m])` | Time series |
+| **Response Time (p95)** | `histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))` | Time series |
+| **Error Rate** | `rate(http_requests_total{status=~"5.."}[5m])` | Stat (red threshold) |
+| **Status Code Distribution** | `sum by (status) (rate(http_requests_total[5m]))` | Pie chart |
+| **Active Requests** | `http_requests_in_progress` | Gauge |
+
+---
+
+#### Trade-offs & Decisions
+
+| Decision | Chosen | Alternative | Rationale | Trade-offs |
+| ---------------------------- | ---------------- | ------------ | -------------------------------------------------- | ----------------------------------------------------- |
+| **Scrape Interval** | 15 seconds | 5 seconds | Balanced detail with manageable resource usage. | Slightly less metric granularity during rapid events. |
+| **Infrastructure Dashboard** | Imported #1860 | Custom built | Faster setup using a proven, reliable template. | Limited customization flexibility for unique metrics. |
+| **Application Dashboard** | Custom | Pre-built | Tailored to app-specific KPIs and workflows. | Requires more development and maintenance effort. |
+| **Datasource Setup** | Auto-provisioned | Manual | Ensures consistency and easy replication via code. | Less flexibility for ad-hoc configuration changes. |
+
+
+#### Challenges Encountered
+
+**Issue:** Unable to login to Grafana with default `admin/admin` credentials
+
+**Root Cause:** Pre-existing Grafana volume from previous deployment contained different password
+
+**Solution Applied:**
+1. Attempted password reset: `docker exec grafana grafana-cli admin reset-admin-password`
+2. Final solution: Removed old volume and recreated with fresh configuration
+```bash
+docker compose stop grafana
+docker volume rm fusionpact-devops-challenge_grafana-data
+docker compose up -d grafana
+```
+
+**Lesson Learned:** Always document custom passwords; consider environment variables for initial setup
+
+#### Metrics Validation
+
+**Traffic Generation for Testing:**
+```bash
+for i in {1..200}; do
+ curl -s http://localhost:8000/health > /dev/null
+ curl -s http://localhost:8000/metrics > /dev/null
+ sleep 0.05
+done
+```
+
+**Verification Steps:**
+1. Confirmed all Prometheus targets showing "UP" status
+2. Validated metrics appearing in Prometheus query interface
+3. Verified Grafana dashboards displaying real-time data
+4. Tested alert conditions and panel refresh rates
+
+### Deliverables
+✅ `monitoring/prometheus.yml` configuration
+✅ Grafana datasource auto-provisioning
+✅ Screenshot: Prometheus targets (all UP)
+✅ Screenshot: Infrastructure dashboard with live metrics
+✅ Screenshot: Application metrics dashboard with traffic data
+- 
+- 
+- 
+
+---
+
+
+#### Level 3 - CI/CD Automation
+
+#### Objective
+Automate build, test, and deployment workflow for continuous delivery.
+
+#### Implementation
+
+#### 1. CI/CD Platform Selection
+
+**Chosen:** GitHub Actions
+
+**Rationale:**
+- Native GitHub integration (no external server needed)
+- Free for public repositories
+- YAML-based configuration (infrastructure-as-code)
+- Built-in secrets management
+
+**Alternative Considered:** Jenkins
+- **Trade-off:** Jenkins requires dedicated server maintenance and resources
+- **Decision:** GitHub Actions provides serverless CI/CD with zero infrastructure overhead
+
+#### 2. Pipeline Configuration
+
+**File:** `.github/workflows/ci-cd.yml`
+
+**Pipeline Stages:**
+1. Code Checkout
+- Clones repository
+- Checks out working branch
+
+2. Build & Test
+- Installs Python dependencies
+- Runs backend unit tests
+- Lints code with Black
+
+3. Docker Image Build
+- Builds backend image
+- Builds frontend image
+- Tags with commit SHA and 'latest'
+
+4. Push to Registry
+- Authenticates to Docker Hub
+- Pushes images to registry
+
+5. Deploy to Cloud
+- SSH into EC2 instance
+- Pulls latest images
+- Runs docker-compose up -d
+- Verifies deployment health
+
+
+
+```yaml
+name: CI/CD Pipeline
+
+on:
+ push:
+ branches: [ main, master, Precious-project ]
+ pull_request:
+ branches: [ main, master, Precious-project ]
+ workflow_dispatch:
+
+jobs:
+ build-and-test:
+ runs-on: ubuntu-latest
+ steps:
+ - Checkout code
+ - Setup Python 3.9
+ - Install backend dependencies
+ - Run backend tests
+ - Build and Push Docker Images
+ - Checkout code
+ - Login to Docker Hub
+ - Build and push backend image
+ - Build and push frontend image
+
+ deploy:
+ needs: build-and-push
+ runs-on: ubuntu-latest
+ steps:
+ - Checkout code
+ - Deploy to EC2
+ - Verify Deployment
+
+```
+
+#### 3. Secrets Configuration
+
+**GitHub Repository Secrets Added:**
+- `DOCKER_USERNAME` - Docker Hub username
+- `DOCKER_PASSWORD` - Docker Hub access token
+- `EC2_HOST` - EC2 public IP address
+- `EC2_USER` - SSH username
+- `EC2_SSH_KEY` - Private SSH key for EC2 access
+- `AWS_ACCESS_KEY_ID` - AWS Credentials
+- `AWS_SECRET_KEY`. - AWS Credentials
+
+**Security Best Practice:** Never hardcode credentials in workflow files
+
+#### 4. Deployment Strategy
+
+**Approach:** Direct SSH deployment to EC2
+
+**Steps Automated:**
+1. SSH into EC2 instance
+2. Navigate to project directory
+3. Pull latest code from GitHub
+4. Pull updated Docker images from registry
+5. Restart services: `docker compose up -d`
+6. Verify deployment: `docker compose ps`
+
+**Trade-off Analysis:**
+
+| Approach | Pros | Cons | Decision |
+|----------|------|------|----------|
+| **SSH Deployment** | Simple, direct control | Manual scaling | ✅ Chosen for single-server setup |
+| **Kubernetes** | Auto-scaling, HA | Complex, resource-intensive | ❌ Overkill for demo |
+| **AWS CodeDeploy** | AWS-native | Additional AWS complexity | ❌ GitHub Actions simpler |
+
+#### Challenges Encountered
+
+**Issue:** Initial pipeline failure due to missing secrets
+
+**Error Log:**
+```
+Error: Input required and not supplied: DOCKER_USERNAME
+```
+
+**Solution Applied:**
+1. Navigated to GitHub Repository → Settings → Secrets and Variables → Actions
+2. Added all required secrets with correct values
+3. Verified SSH key format (removed headers, single line)
+4. Re-ran pipeline successfully
+
+**Validation:** Green checkmarks across all pipeline stages
+
+#### CI/CD Benefits Achieved
+
+1. **Automated Testing:** Code quality checks on every commit
+2. **Consistent Builds:** Reproducible image creation
+3. **Fast Deployment:** ~3 minutes from push to production
+4. **Rollback Capability:** Previous images available in registry
+5. **Audit Trail:** Complete deployment history in GitHub Actions
+
+### Deliverables
+✅ `.github/workflows/deploy.yml` pipeline configuration
+✅ Docker Hub repository with tagged images
+✅ Screenshot: Successful pipeline execution
+✅ Screenshot: Docker Hub showing pushed images
+✅ Screenshot: Functioning Webapp
+- 
+- 
+- 
+- 
+
+---
+
+
+## Architecture Overview
+
+#### System Architecture Diagram
+```
+┌─────────────────────────────────────────────────────────────┐
+│ Developer Workstation │
+│ (Terraform + Git) │
+└────────────────────┬────────────────────────────────────────┘
+ │
+ ┌────────────┴────────────┐
+ │ │
+ │ terraform apply │ git push
+ ▼ ▼
+┌─────────────────┐ ┌─────────────────────────────────────┐
+│ AWS Cloud │ │ GitHub Actions │
+│ │ │ ┌──────────┐ ┌──────────┐ │
+│ ┌─────────────┐ │ │ │ Checkout │→ │ Build │ │
+│ │ Terraform │ │ │ └──────────┘ └──────────┘ │
+│ │ State │ │ │ ┌──────────┐ ┌──────────┐ │
+│ └─────────────┘ │ │ │ Push │→ │ Deploy │ │
+│ │ │ │ └──────────┘ └──────────┘ │
+│ ▼ │ └────────────┬────────────────────────┘
+│ ┌─────────────┐ │ │
+│ │ VPC + │ │ ▼
+│ │ Security │ │ ┌─────────────────┐
+│ │ Groups │ │ │ Docker Hub │
+│ └─────────────┘ │ │ Image Registry │
+│ │ │ └────────┬────────┘
+│ ▼ │ │
+│ ┌─────────────┐ │ │ docker pull
+│ │ Elastic IP │ │ │
+│ │ (Static) │ │ │
+│ └──────┬──────┘ │ │
+│ │ │ │ SSH Deploy
+│ ▼ │ ▼
+│ ┌─────────────────────────────────────────────────────────┐ │
+│ │ AWS EC2 Instance (t3.micro) │ │
+│ │ Ubuntu 22.04 LTS + userdata.sh │ │
+│ │ ┌────────────────────────────────────────────────────┐ │ │
+│ │ │ Host Level (Port 80/443) │ │ │
+│ │ │ │ │ │
+│ │ │ ┌──────────────────────────────────┐ │ │ │
+│ │ │ │ Nginx Reverse Proxy │ │ │ │
+│ │ │ │ • SSL Termination (Let's Encrypt) │ │ │
+│ │ │ │ • Port 80 → 443 redirect │ │ │ │
+│ │ │ │ • Port 443 HTTPS │ │ │ │
+│ │ │ └────────┬─────────────────────────┘ │ │ │
+│ │ │ │ │ │ │
+│ │ │ │ Path-based routing │ │ │
+│ │ └───────────┼─────────────────────────────────────────┘ │
+│ │ │ │ │
+│ │ ┌───────────┴─────────────────────────────────────────┐ │
+│ │ │ Docker Compose Stack │ │
+│ │ │ │ │
+│ │ │ / → Frontend ┌────────────┐ │ │
+│ │ │ │ Users │ │ │
+│ │ │ ┌────────────┐ │ (HTTPS) │ │ │
+│ │ │ │ Frontend │◄───────└────────────┘ │ │
+│ │ │ │(Nginx:3001)│ SSL via host Nginx │ │
+│ │ │ └─────┬──────┘ ↑ │ │
+│ │ │ │ Port conflict prevented │ │
+│ │ │ │ │ │
+│ │ │ /api → Backend │ │
+│ │ │ ▼ │ │
+│ │ │ ┌────────────┐ │ │
+│ │ │ │ Backend │ │ │
+│ │ │ │ (FastAPI │ │ │
+│ │ │ │ :8000) │ │ │
+│ │ │ └─────┬──────┘ │ │
+│ │ │ │ │ │
+│ │ │ │ /metrics │ │
+│ │ │ ▼ │ │
+│ │ │ ┌────────────┐ ┌──────────────┐ │ │
+│ │ │ │ Prometheus │◄─────│Node Exporter │ │ │
+│ │ │ │ (:9090) │ │ (:9100) │ │ │
+│ │ │ └─────┬──────┘ └──────────────┘ │ │
+│ │ │ │ │ │
+│ │ │ │ datasource │ │
+│ │ │ /grafana → │ │
+│ │ │ ▼ │ │
+│ │ │ ┌────────────┐ │ │
+│ │ │ │ Grafana │ │ │
+│ │ │ │ (:3000) │ │ │
+│ │ │ └────────────┘ │ │
+│ │ │ │ │
+│ │ └──────────────────────────────────────────────────────┘ │
+│ │ │ │
+│ │ ┌────────────────────────────────────────────────────┐ │ │
+│ │ │ Docker Volumes (Persistence) │ │ │
+│ │ │ • backend-data (SQLite DB) │ │ │
+│ │ │ • prometheus-data (Metrics history) │ │ │
+│ │ │ • grafana-data (Dashboard configs) │ │ │
+│ │ └────────────────────────────────────────────────────┘ │ │
+│ └─────────────────────────────────────────────────────────┘ │
+└─────────────────────────────────────────────────────────────┘
+```
+---
+
+#### Data Flows
+
+**1. Infrastructure Provisioning Flow:**
+```
+Developer → terraform apply → AWS API →
+ Creates: VPC, Security Groups, EC2, Elastic IP →
+ Executes: userdata.sh (Docker install, compose up)
+```
+
+**2. User Request Flow (HTTPS):**
+```
+User (HTTPS) → Nginx (Port 443, SSL termination) →
+ Path routing:
+ / → Frontend container (3001)
+ /api → Backend container (8000)
+ /grafana → Grafana container (3000)
+```
+
+**3. Monitoring Flow:**
+```
+Backend (/metrics) → Prometheus scrapes (9090) → Grafana queries → Dashboard visualization
+Node Exporter (9100) → Prometheus → Grafana (Infrastructure metrics)
+```
+
+**4. CI/CD Deployment Flow:**
+```
+git push → GitHub Actions trigger →
+ Build images → Push to Docker Hub →
+ SSH to EC2 → docker-compose pull → docker-compose up -d
+```
+### Network Configuration
+
+| Service | Port | Access | Purpose |
+|---------|------|--------|---------|
+| Nginx (Host) | 80 | Public | HTTP → HTTPS redirect |
+| Nginx (Host) | 443 | Public | SSL termination + reverse proxy |
+| Frontend | 3001 | Internal | User-facing web interface (via Nginx /) |
+| Backend | 8000 | Internal | REST API endpoints (via Nginx /api) |
+| Prometheus | 9090 | Internal | Metrics query interface |
+| Grafana | 3000 | Internal | Monitoring dashboards (via Nginx /grafana) |
+| Node Exporter | 9100 | Internal | System metrics collection |
+| SSH | 22 | Public | Terraform + admin access |
+
+---
+
+
+### 5. Challenges & Solutions
+
+#### Challenge 1: Docker Hub Connectivity
+
+**Problem:**
+```
+Error: Get "https://auth.docker.io/token": dial tcp [IPv6]:443: no route to host
+```
+
+**Impact:** Unable to pull Docker images, blocking deployment
+
+**Root Cause Analysis:**
+- IPv6 routing issue between local network and Docker Hub
+- DNS resolution returning IPv6 address first
+- Network configuration not supporting IPv6 connections
+
+**Solution Implemented:**
+1. Used specific image versions (e.g., `prom/prometheus:v2.45.0` instead of `latest`)
+2. Restarted Docker daemon to refresh network configuration
+3. Pre-pulled images individually to verify connectivity
+
+**Outcome:** Successful image download and container startup
+
+**Prevention:** Always use specific version tags in production for reproducibility
+
+---
+
+#### Challenge 2: Grafana Authentication
+
+**Problem:** Unable to login with default `admin/admin` credentials
+
+**Impact:** Could not access monitoring dashboards
+
+**Root Cause Analysis:**
+- Pre-existing Grafana volume contained initialized database with different password
+- Docker Compose reused existing volume on restart
+- No documentation of changed password
+
+**Solution Implemented:**
+1. Attempted CLI password reset: `docker exec grafana grafana-cli admin reset-admin-password`
+2. Removed old volume: `docker volume rm fusionpact-devops-challenge_grafana-data`
+3. Recreated container with fresh configuration
+4. Set explicit admin password via environment variables
+
+**Outcome:** Successful login and dashboard access
+
+**Best Practice Adopted:** Document all password changes; use environment variables for initial configuration
+
+---
+
+#### Challenge 3: GitHub Actions Secrets
+
+**Problem:** Pipeline failing with "Input required and not supplied" error
+
+**Impact:** CI/CD automation non-functional
+
+**Root Cause Analysis:**
+- Secrets not configured in GitHub repository
+- Workflow file referenced undefined variables
+- SSH key format incorrect (contained headers)
+
+**Solution Implemented:**
+1. Added all required secrets in GitHub Repository Settings
+2. Verified secret names matched workflow references exactly
+3. Formatted SSH key correctly (removed BEGIN/END headers, single line)
+4. Tested pipeline execution
+
+**Outcome:** Green checkmarks across all pipeline stages
+
+**Key Lesson:** Always validate secrets configuration before pushing workflow changes
+
+---
+
+
+### 6. Key Learnings & Best Practices
+
+#### Technical Learnings
+
+1. **Container Orchestration**
+ - Docker Compose simplifies multi-container management
+ - Named volumes provide persistent data storage
+ - Container networking enables service discovery by name
+
+2. **Monitoring Strategy**
+ - Prometheus pull-based model scales well
+ - Grafana provisioning enables infrastructure-as-code
+ - 15-second scrape interval balances granularity and performance
+
+3. **CI/CD Automation**
+ - GitHub Actions provides serverless CI/CD
+ - Secrets management critical for security
+ - SSH deployment simple but requires secure key handling
+
+#### DevOps Best Practices Applied
+
+✅ **Infrastructure as Code:** All configurations version-controlled
+✅ **Data Persistence:** Volumes ensure state survival across deployments
+✅ **Observability:** Comprehensive monitoring from day one
+✅ **Automation:** Zero-touch deployments via CI/CD
+✅ **Security:** Secrets never hardcoded, proper access controls
+✅ **Documentation:** Complete SOP for reproducibility
+
+
+#### Future Enhancements
+
+If scaling beyond:
+1. **High Availability:** Multi-AZ deployment with load balancer
+2. **Database:** Migrate from SQLite to PostgreSQL RDS
+3. **Container Orchestration:** Kubernetes for auto-scaling
+4. **CDN:** CloudFront for frontend static assets
+5. **Secrets Management:** AWS Secrets Manager or HashiCorp Vault
+6. **Log Aggregation:** ELK stack or CloudWatch Logs
+
+---
+
+
+###7 Appendix - URLs & Resources
+
+### Public Access URLs
+
+**Production Environment:**
+
+* **Frontend Application:** [https://fusionpact.servehttp.com](https://fusionpact.servehttp.com)
+* **Backend API:** [https://fusionpact.servehttp.com/api/](https://fusionpact.servehttp.com/api/)
+* **API Docs:** [https://fusionpact.servehttp.com/api/docs](https://fusionpact.servehttp.com/api/docs)
+* **Prometheus UI:** [http://fusionpact.servehttp.com:9090](http://fusionpact.servehttp.com:9090)
+* **Grafana Dashboards:** [http://fusionpact.servehttp.com:3000](http://fusionpact.servehttp.com:3000)
+
+
+**Development Resources:**
+- GitHub Repository: `https://github.com/Nifesimi-p/fusionpact-devops-challenge`
+- Project Branch: `Precious-project`
+- Docker Hub Images: `https://hub.docker.com/u/preciousnifesi`
+
+### Login Credentials
+
+**Grafana:**
+- Username: `admin`
+- Password: ``
+
+#### Key Configuration Files
+
+All configuration files available in repository:
+
+```
+fusionpact-devops-challenge/
+├── backend/
+│ ├── Dockerfile
+│ ├── requirements.txt
+│ └── app/
+├── frontend/
+│ ├── Dockerfile
+│ └── Devops_Intern.html
+├── infrastructure/
+│ └── terraform/
+│ ├── main.tf
+│ ├── variables.tf
+│ ├── providers.tf
+│ ├── user-data.sh
+│ └── terraform.tfvars (gitignored)
+├── monitoring/
+│ └── prometheus.yml
+├── .github/
+│ └── workflows/
+│ └── ci-cd.yml
+├── docker-compose.yml
+└── README.md
+```
+---
+
+### 8. Complete Command Log - FusionPact DevOps Challenge
+
+## Prerequisites Check
+
+```bash
+docker --version
+docker compose version
+git --version
+terraform --version
+docker ps
+cd ~/Desktop/DevOps-Projects/FusionPact/fusionpact-devops-challenge
+```
+
+---
+
+#### Level 1: Cloud Deployment
+
+#### Local Development
+
+```bash
+# Create backend Dockerfile
+cat > backend/Dockerfile << 'EOF'
+FROM python:3.11-slim
+WORKDIR /app
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+COPY . .
+EXPOSE 8000
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
+EOF
+
+# Create frontend Dockerfile
+cat > frontend/Dockerfile << 'EOF'
+FROM nginx:alpine
+COPY . /usr/share/nginx/html/
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+EXPOSE 80
+CMD ["nginx", "-g", "daemon off;"]
+EOF
+
+# Fix frontend nginx.conf (Critical - fixed default page issue)
+cat > frontend/nginx.conf << 'EOF'
+server {
+ listen 80;
+ root /usr/share/nginx/html;
+ index Devops_Intern.html;
+ location / {
+ try_files $uri $uri/ /Devops_Intern.html;
+ }
+}
+EOF
+
+# Create Prometheus config
+mkdir -p monitoring
+cat > monitoring/prometheus.yml << 'EOF'
+global:
+ scrape_interval: 15s
+
+scrape_configs:
+ - job_name: 'prometheus'
+ static_configs:
+ - targets: ['localhost:9090']
+ - job_name: 'backend'
+ static_configs:
+ - targets: ['backend:8000']
+ - job_name: 'node-exporter'
+ static_configs:
+ - targets: ['node-exporter:9100']
+EOF
+
+# Test locally
+docker compose up -d
+docker compose ps
+curl http://localhost:8000/health
+curl http://localhost
+docker compose down
+```
+
+---
+
+#### Terraform Infrastructure
+
+```bash
+cd infrastructure/terraform
+
+# Create terraform.tfvars (gitignored)
+cat > terraform.tfvars << 'EOF'
+aws_region = "us-east-1"
+instance_type = "t2.micro"
+key_name = "your-key-name"
+my_ip = "your-ip/32"
+EOF
+
+# Deploy infrastructure
+terraform init
+terraform validate
+terraform plan
+terraform apply -auto-approve
+
+# Get EC2 IP
+export EC2_IP=$(terraform output -raw ec2_public_ip)
+echo $EC2_IP
+```
+
+---
+
+#### Deploy to EC2
+
+```bash
+# SSH and deploy
+ssh -i your-key.pem ubuntu@$EC2_IP
+
+git clone https://github.com/Nifesimi-p/fusionpact-devops-challenge.git
+cd fusionpact-devops-challenge
+git checkout Precious-project
+
+docker compose up -d
+docker compose ps
+curl http://localhost:8000/health
+
+exit
+```
+
+---
+
+#### SSL/TLS Setup (On EC2)
+
+```bash
+ssh -i your-key.pem ubuntu@$EC2_IP
+
+# Install Certbot and Nginx
+sudo apt update
+sudo apt install certbot python3-certbot-nginx nginx -y
+
+# Configure Nginx reverse proxy
+sudo nano /etc/nginx/sites-available/default
+# Added SSL termination and proxy configuration
+
+sudo nginx -t
+sudo systemctl reload nginx
+
+# Get SSL certificate
+sudo certbot --nginx -d fusionpact.servehttp.com
+sudo certbot renew --dry-run
+
+# Update docker-compose.yml frontend port to 3001
+cd fusionpact-devops-challenge
+nano docker-compose.yml
+# Changed: ports: ["80:80"] to ports: ["3001:80"]
+
+docker compose down
+docker compose up -d
+
+exit
+```
+
+---
+
+### Level 2: Monitoring & Observability
+
+#### Grafana Provisioning
+
+```bash
+# Back on local machine
+cd ~/Desktop/DevOps-Projects/FusionPact/fusionpact-devops-challenge
+
+mkdir -p grafana-provisioning/datasources
+
+cat > grafana-provisioning/datasources/prometheus.yml << 'EOF'
+apiVersion: 1
+datasources:
+ - name: Prometheus
+ type: prometheus
+ access: proxy
+ url: http://prometheus:9090
+ isDefault: true
+ editable: true
+EOF
+
+# Updated docker-compose.yml grafana volumes to include:
+# - ./grafana-provisioning:/etc/grafana/provisioning
+
+docker compose restart grafana
+docker logs grafana --tail 50 | grep -i datasource
+```
+
+---
+
+#### Grafana Authentication Fix
+
+```bash
+# Reset password (when default didn't work)
+docker exec -it grafana grafana-cli admin reset-admin-password admin123
+
+# Alternative: Fresh install
+docker compose stop grafana
+docker volume rm fusionpact-devops-challenge_grafana-data
+docker compose up -d grafana
+```
+
+---
+
+#### Dashboard Setup
+
+```bash
+# Access Grafana
+open http://localhost:3000
+# Login: admin / admin123
+
+# Imported Node Exporter Dashboard ID: 1860
+# Created custom Application Metrics dashboard manually
+
+# Generate test traffic
+for i in {1..200}; do
+ curl -s http://localhost:8000/health > /dev/null
+ curl -s http://localhost:8000/metrics > /dev/null
+ sleep 0.05
+done
+
+# Verify Prometheus
+open http://localhost:9090/targets
+```
+
+---
+
+#### Deploy to EC2
+
+```bash
+git add .
+git commit -m "Add monitoring configuration"
+git push origin Precious-project
+
+ssh -i your-key.pem ubuntu@$EC2_IP
+cd fusionpact-devops-challenge
+git pull origin Precious-project
+docker compose down
+docker compose up -d
+docker compose ps
+exit
+```
+
+---
+
+### Level 3: CI/CD Automation
+
+#### GitHub Actions Setup
+
+```bash
+mkdir -p .github/workflows
+
+cat > .github/workflows/ci-cd.yml << 'EOF'
+name: CI/CD Pipeline
+
+on:
+ push:
+ branches: [ main, master, Precious-project ]
+ workflow_dispatch:
+
+jobs:
+ build-and-push:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - name: Login to Docker Hub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_PASSWORD }}
+ - name: Build and push backend
+ run: |
+ docker build -t ${{ secrets.DOCKER_USERNAME }}/fusionpact-backend:latest ./backend
+ docker push ${{ secrets.DOCKER_USERNAME }}/fusionpact-backend:latest
+ - name: Build and push frontend
+ run: |
+ docker build -t ${{ secrets.DOCKER_USERNAME }}/fusionpact-frontend:latest ./frontend
+ docker push ${{ secrets.DOCKER_USERNAME }}/fusionpact-frontend:latest
+
+ deploy:
+ needs: build-and-push
+ runs-on: ubuntu-latest
+ steps:
+ - uses: appleboy/ssh-action@master
+ with:
+ host: ${{ secrets.EC2_HOST }}
+ username: ${{ secrets.EC2_USER }}
+ key: ${{ secrets.EC2_SSH_KEY }}
+ script: |
+ cd fusionpact-devops-challenge
+ git pull origin Precious-project
+ docker compose pull
+ docker compose up -d
+EOF
+```
+
+---
+
+#### Configure Secrets
+
+```bash
+# Added in GitHub UI (Settings → Secrets):
+# DOCKER_USERNAME = preciousnifesi
+# DOCKER_PASSWORD = (Docker Hub token)
+# EC2_HOST = (EC2 public IP)
+# EC2_USER = ubuntu
+# EC2_SSH_KEY = (private key content)
+```
+
+---
+
+#### Deploy
+
+```bash
+git add .
+git commit -m "Add CI/CD pipeline"
+git push origin Precious-project
+
+# Watched pipeline in GitHub Actions tab
+# Verified deployment on EC2
+```
+
+---
+
+### Verification Commands
+
+```bash
+# Check containers
+docker compose ps
+
+# Test services
+curl https://fusionpact.servehttp.com
+curl https://fusionpact.servehttp.com/api/health
+curl http://fusionpact.servehttp.com:9090/-/healthy
+
+# View logs
+docker compose logs backend --tail 50
+docker compose logs grafana --tail 50
+
+# Check volumes
+docker volume ls
+docker volume inspect fusionpact-devops-challenge_backend-data
+```
+
+---
+
+### Git Commands Used
+
+```bash
+git clone https://github.com/Nifesimi-p/fusionpact-devops-challenge.git
+git checkout Precious-project
+git status
+git add .
+git commit -m "message"
+git push origin Precious-project
+git pull origin Precious-project
+```
+
+---
+
+### Terraform Commands Used
+
+```bash
+terraform init
+terraform validate
+terraform plan
+terraform apply -auto-approve
+terraform output
+terraform output ec2_public_ip
+```
+
+---
+
+**END OF COMMAND LOG**
+
+#### Conclusion
+
+This project demonstrates end-to-end DevOps capability: from application containerization through cloud deployment, monitoring, and fully automated CI/CD pipelines. The implementation balances production-grade practices with practical trade-offs appropriate for the scale and requirements.
+
+
+---
+
+#### Quick Reference Commands
+
+```bash
+# Start all services
+docker compose up -d
+
+# Stop all services
+docker compose down
+
+# View logs
+docker compose logs -f
+
+# Rebuild after changes
+docker compose up -d --build
+
+# Check status
+docker compose ps
+
+# Access container shell
+docker exec -it [container-name] /bin/sh
+
+# View volumes
+docker volume ls
+
+# Clean up
+docker compose down -v
+docker system prune -a
+```
+
+---
+
+**END OF SOP**
+
+
+
+
+
diff --git a/Screenshots/Certbot-certificate.png b/Screenshots/Certbot-certificate.png
new file mode 100644
index 0000000..c235665
Binary files /dev/null and b/Screenshots/Certbot-certificate.png differ
diff --git a/Screenshots/Custom-metric.png b/Screenshots/Custom-metric.png
new file mode 100644
index 0000000..7e0e7d5
Binary files /dev/null and b/Screenshots/Custom-metric.png differ
diff --git a/Screenshots/Ec2-instance .png b/Screenshots/Ec2-instance .png
new file mode 100644
index 0000000..acea8b5
Binary files /dev/null and b/Screenshots/Ec2-instance .png differ
diff --git a/Screenshots/Ec2-sg.png b/Screenshots/Ec2-sg.png
new file mode 100644
index 0000000..10bc37c
Binary files /dev/null and b/Screenshots/Ec2-sg.png differ
diff --git a/Screenshots/Failed-deplyoment.png b/Screenshots/Failed-deplyoment.png
new file mode 100644
index 0000000..f9286ab
Binary files /dev/null and b/Screenshots/Failed-deplyoment.png differ
diff --git a/Screenshots/Grafana-datasource.png b/Screenshots/Grafana-datasource.png
new file mode 100644
index 0000000..41b15ba
Binary files /dev/null and b/Screenshots/Grafana-datasource.png differ
diff --git a/Screenshots/Grafana.png b/Screenshots/Grafana.png
new file mode 100644
index 0000000..c8c9462
Binary files /dev/null and b/Screenshots/Grafana.png differ
diff --git a/Screenshots/Promethus.png b/Screenshots/Promethus.png
new file mode 100644
index 0000000..ff418e5
Binary files /dev/null and b/Screenshots/Promethus.png differ
diff --git a/Screenshots/Terraform-deployment.png b/Screenshots/Terraform-deployment.png
new file mode 100644
index 0000000..1c39df8
Binary files /dev/null and b/Screenshots/Terraform-deployment.png differ
diff --git a/Screenshots/Terraform-init.png b/Screenshots/Terraform-init.png
new file mode 100644
index 0000000..4cf2354
Binary files /dev/null and b/Screenshots/Terraform-init.png differ
diff --git a/Screenshots/backend-docker-images.png b/Screenshots/backend-docker-images.png
new file mode 100644
index 0000000..abeb50a
Binary files /dev/null and b/Screenshots/backend-docker-images.png differ
diff --git a/Screenshots/ci-cd-deployment.png b/Screenshots/ci-cd-deployment.png
new file mode 100644
index 0000000..d005847
Binary files /dev/null and b/Screenshots/ci-cd-deployment.png differ
diff --git a/Screenshots/docker-containers.png b/Screenshots/docker-containers.png
new file mode 100644
index 0000000..160f8a6
Binary files /dev/null and b/Screenshots/docker-containers.png differ
diff --git a/Screenshots/frontend-docker-images.png b/Screenshots/frontend-docker-images.png
new file mode 100644
index 0000000..3a61244
Binary files /dev/null and b/Screenshots/frontend-docker-images.png differ
diff --git a/Screenshots/functioning-webapp.png b/Screenshots/functioning-webapp.png
new file mode 100644
index 0000000..4be5112
Binary files /dev/null and b/Screenshots/functioning-webapp.png differ
diff --git a/Screenshots/webapp2.png b/Screenshots/webapp2.png
new file mode 100644
index 0000000..d5de83d
Binary files /dev/null and b/Screenshots/webapp2.png differ
diff --git a/backend/.gitignore b/backend/.gitignore
index c402fc5..2ee2619 100644
--- a/backend/.gitignore
+++ b/backend/.gitignore
@@ -128,3 +128,6 @@ dmypy.json
# Pyre type checker
.pyre/
+
+
+
diff --git a/backend/Dockerfile b/backend/Dockerfile
new file mode 100644
index 0000000..bef7594
--- /dev/null
+++ b/backend/Dockerfile
@@ -0,0 +1,17 @@
+# Backend Dockerfile
+FROM python:3.11-slim
+
+WORKDIR /app
+
+# Copy requirements and install dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy application code
+COPY . .
+
+# Expose port
+EXPOSE 8000
+
+# Run the application (adjusted for app/ subdirectory)
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
\ No newline at end of file
diff --git a/backend/app/main.py b/backend/app/main.py
index e2cd88d..65e9944 100644
--- a/backend/app/main.py
+++ b/backend/app/main.py
@@ -1,4 +1,3 @@
-# from typing import List
from prometheus_fastapi_instrumentator import Instrumentator
from fastapi import FastAPI
@@ -18,6 +17,15 @@ async def index():
return {"message": "Hello from FastAPI -@kiranrakh155@gmail.com ;)"}
+# Adding this Health check endpoint
+@app.get("/health")
+async def health_check():
+ """
+ Health check endpoint for monitoring
+ """
+ return {"status": "healthy"}
+
+
@app.post("/users", response_model=BaseResponse)
async def user_create(user: UserIn):
"""
@@ -35,4 +43,4 @@ async def get_users():
"""
Read user data from json file
"""
- return services.read_usersdata()
+ return services.read_usersdata()
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..f647001
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,60 @@
+version: '3.8'
+
+services:
+ backend:
+ build: ./backend
+ container_name: backend
+ ports:
+ - "8000:8000"
+ volumes:
+ - backend-data:/app/data
+ environment:
+ - DATABASE_URL=${DATABASE_URL}
+ restart: unless-stopped
+
+ frontend:
+ build: ./frontend
+ container_name: frontend
+ ports:
+ - "80:80"
+ depends_on:
+ - backend
+ restart: unless-stopped
+
+ prometheus:
+ image: prom/prometheus:latest
+ container_name: prometheus
+ ports:
+ - "9090:9090"
+ volumes:
+ - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml
+ - prometheus-data:/prometheus
+ command:
+ - '--config.file=/etc/prometheus/prometheus.yml'
+ restart: unless-stopped
+
+ grafana:
+ image: grafana/grafana:latest
+ container_name: grafana
+ ports:
+ - "3000:3000"
+ environment:
+ - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_PASSWORD}
+ volumes:
+ - grafana-data:/var/lib/grafana
+ - ./grafana-provisioning:/etc/grafana/provisioning
+ depends_on:
+ - prometheus
+ restart: unless-stopped
+
+ node-exporter:
+ image: prom/node-exporter:latest
+ container_name: node-exporter
+ ports:
+ - "9100:9100"
+ restart: unless-stopped
+
+volumes:
+ backend-data:
+ prometheus-data:
+ grafana-data:
\ No newline at end of file
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
new file mode 100644
index 0000000..6f5c6bf
--- /dev/null
+++ b/frontend/Dockerfile
@@ -0,0 +1,9 @@
+FROM nginx:alpine
+
+COPY . /usr/share/nginx/html/
+
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+CMD ["nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/frontend/nginx.conf b/frontend/nginx.conf
new file mode 100644
index 0000000..fbf8553
--- /dev/null
+++ b/frontend/nginx.conf
@@ -0,0 +1,16 @@
+server {
+ listen 80;
+ server_name localhost;
+ root /usr/share/nginx/html;
+ index Devops_Intern.html;
+
+ location / {
+ try_files $uri $uri/ /Devops_Intern.html;
+ }
+
+ location /api/ {
+ proxy_pass http://backend:8000/;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ }
+}
\ No newline at end of file
diff --git a/grafana-provisioning/datasources/prometheus.yml b/grafana-provisioning/datasources/prometheus.yml
new file mode 100644
index 0000000..1a57b69
--- /dev/null
+++ b/grafana-provisioning/datasources/prometheus.yml
@@ -0,0 +1,9 @@
+apiVersion: 1
+
+datasources:
+ - name: Prometheus
+ type: prometheus
+ access: proxy
+ url: http://prometheus:9090
+ isDefault: true
+ editable: true
diff --git a/infrastructure/terraform/main.tf b/infrastructure/terraform/main.tf
new file mode 100644
index 0000000..0a42b15
--- /dev/null
+++ b/infrastructure/terraform/main.tf
@@ -0,0 +1,139 @@
+# VPC
+resource "aws_vpc" "main" {
+ cidr_block = "10.0.0.0/16"
+ enable_dns_hostnames = true
+ tags = { Name = "fusionpact-vpc" }
+}
+
+# Internet Gateway
+resource "aws_internet_gateway" "main" {
+ vpc_id = aws_vpc.main.id
+ tags = { Name = "fusionpact-igw" }
+}
+
+# Public Subnet
+resource "aws_subnet" "public" {
+ vpc_id = aws_vpc.main.id
+ cidr_block = "10.0.1.0/24"
+ availability_zone = "${var.aws_region}a"
+ map_public_ip_on_launch = true
+ tags = { Name = "fusionpact-public-subnet" }
+}
+
+# Route Table
+resource "aws_route_table" "public" {
+ vpc_id = aws_vpc.main.id
+
+ route {
+ cidr_block = "0.0.0.0/0"
+ gateway_id = aws_internet_gateway.main.id
+ }
+
+ tags = { Name = "fusionpact-public-rt" }
+}
+
+# Route Table Association
+resource "aws_route_table_association" "public" {
+ subnet_id = aws_subnet.public.id
+ route_table_id = aws_route_table.public.id
+}
+
+# Security Group
+resource "aws_security_group" "main" {
+ name = "fusionpact-sg"
+ description = "Security group for Fusionpact application"
+ vpc_id = aws_vpc.main.id
+ tags = { Name = "fusionpact-sg" }
+}
+
+# Security Group Ingress Rules
+resource "aws_vpc_security_group_ingress_rule" "ssh" {
+ security_group_id = aws_security_group.main.id
+ cidr_ipv4 = "0.0.0.0/0"
+ from_port = 22
+ to_port = 22
+ ip_protocol = "tcp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "http" {
+ security_group_id = aws_security_group.main.id
+ cidr_ipv4 = "0.0.0.0/0"
+ from_port = 80
+ to_port = 80
+ ip_protocol = "tcp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "https" {
+ security_group_id = aws_security_group.main.id
+ cidr_ipv4 = "0.0.0.0/0"
+ from_port = 443
+ to_port = 443
+ ip_protocol = "tcp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "backend" {
+ security_group_id = aws_security_group.main.id
+ cidr_ipv4 = "0.0.0.0/0"
+ from_port = 8000
+ to_port = 8000
+ ip_protocol = "tcp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "grafana" {
+ security_group_id = aws_security_group.main.id
+ cidr_ipv4 = "0.0.0.0/0"
+ from_port = 3000
+ to_port = 3000
+ ip_protocol = "tcp"
+}
+
+resource "aws_vpc_security_group_ingress_rule" "prometheus" {
+ security_group_id = aws_security_group.main.id
+ cidr_ipv4 = "0.0.0.0/0"
+ from_port = 9090
+ to_port = 9090
+ ip_protocol = "tcp"
+}
+
+# Security Group Egress Rule
+resource "aws_vpc_security_group_egress_rule" "all" {
+ security_group_id = aws_security_group.main.id
+ cidr_ipv4 = "0.0.0.0/0"
+ ip_protocol = "-1"
+}
+
+# Elastic IP
+resource "aws_eip" "fusionpact_eip" {
+ domain = "vpc"
+
+ tags = {
+ Name = "fusionpact-eip"
+ }
+}
+
+# Associate with instance
+resource "aws_eip_association" "fusionpact_eip_assoc" {
+ instance_id = aws_instance.fusionpact.id
+ allocation_id = aws_eip.fusionpact_eip.id
+}
+
+
+# EC2 Instance
+resource "aws_instance" "fusionpact" {
+ ami = var.ami_id
+ instance_type = var.instance_type
+ subnet_id = aws_subnet.public.id
+ key_name = var.key_pair_name
+
+ vpc_security_group_ids = [aws_security_group.main.id]
+
+ # Updated user_data with domain_name and ssl_email variables
+ user_data = templatefile("${path.module}/user-data.sh", {
+ grafana_password = var.grafana_password
+ database_url = var.database_url
+ domain_name = var.domain_name
+ ssl_email = var.ssl_email
+ })
+
+ tags = { Name = "fusionpact-app" }
+}
\ No newline at end of file
diff --git a/infrastructure/terraform/outputs.tf b/infrastructure/terraform/outputs.tf
new file mode 100644
index 0000000..72e32c2
--- /dev/null
+++ b/infrastructure/terraform/outputs.tf
@@ -0,0 +1,41 @@
+output "instance_public_ip" {
+ description = "Elastic IP - Add this to your NoIP subdomain"
+ value = aws_eip.fusionpact_eip.public_ip
+}
+
+output "domain_name" {
+ description = "Your configured domain name"
+ value = var.domain_name
+}
+
+output "frontend_url" {
+ description = "Frontend URL (HTTPS)"
+ value = "https://${var.domain_name}"
+}
+
+output "backend_url" {
+ description = "Backend API URL"
+ value = "https://${var.domain_name}:8000"
+}
+
+output "grafana_url" {
+ description = "Grafana URL"
+ value = "https://${var.domain_name}:3000"
+}
+
+output "prometheus_url" {
+ description = "Prometheus URL"
+ value = "https://${var.domain_name}:9090"
+}
+
+output "direct_ip_access" {
+ description = "Direct IP access (before SSL certificate is ready)"
+ value = {
+ frontend = "http://${aws_eip.fusionpact_eip.public_ip}"
+ backend = "http://${aws_eip.fusionpact_eip.public_ip}:8000"
+ grafana = "http://${aws_eip.fusionpact_eip.public_ip}:3000"
+ prometheus = "http://${aws_eip.fusionpact_eip.public_ip}:9090"
+ }
+}
+
+
diff --git a/infrastructure/terraform/providers.tf b/infrastructure/terraform/providers.tf
new file mode 100644
index 0000000..a2e9e05
--- /dev/null
+++ b/infrastructure/terraform/providers.tf
@@ -0,0 +1,14 @@
+terraform {
+ required_version = ">= 1.0"
+
+ required_providers {
+ aws = {
+ source = "hashicorp/aws"
+ version = "~> 5.0"
+ }
+ }
+}
+
+provider "aws" {
+ region = var.aws_region
+}
\ No newline at end of file
diff --git a/infrastructure/terraform/user-data.sh b/infrastructure/terraform/user-data.sh
new file mode 100644
index 0000000..5cd0f00
--- /dev/null
+++ b/infrastructure/terraform/user-data.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -e
+
+apt-get update
+apt-get upgrade -y
+
+# Install Docker
+curl -fsSL https://get.docker.com -o get-docker.sh
+sh get-docker.sh
+
+# Install Docker Compose
+curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+chmod +x /usr/local/bin/docker-compose
+
+usermod -aG docker ubuntu
+
+mkdir -p /home/ubuntu/app
+cd /home/ubuntu/app
+
+# Clone repository (REPLACE WITH YOUR GITHUB USERNAME)
+git clone -b Precious-project https://github.com/Nifesimi-p/fusionpact-devops-challenge.git .
+
+cat > .env << EOF
+DATABASE_URL=${database_url}
+GRAFANA_PASSWORD=${grafana_password}
+EOF
+
+docker-compose up -d
+
+chown -R ubuntu:ubuntu /home/ubuntu/app
+
+# Install Nginx and Certbot
+apt install -y nginx certbot python3-certbot-nginx
+
+# Configure Nginx as reverse proxy
+cat > /etc/nginx/sites-available/default << 'NGINXCONF'
+server {
+ listen 80;
+ server_name ${domain_name};
+
+ location / {
+ proxy_pass http://localhost:3000; # Adjust port if your app uses different port
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection 'upgrade';
+ proxy_set_header Host $host;
+ proxy_cache_bypass $http_upgrade;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
+NGINXCONF
+
+# Test and reload Nginx
+nginx -t
+systemctl restart nginx
+
+# Wait for DNS propagation and get SSL certificate
+sleep 60
+certbot --nginx -d ${domain_name} --non-interactive --agree-tos --email ${ssl_email} --redirect
+
+# Auto-renewal is enabled by default
+systemctl enable certbot.timer
\ No newline at end of file
diff --git a/infrastructure/terraform/variables.tf b/infrastructure/terraform/variables.tf
new file mode 100644
index 0000000..afccd35
--- /dev/null
+++ b/infrastructure/terraform/variables.tf
@@ -0,0 +1,44 @@
+variable "aws_region" {
+ description = "AWS region"
+ type = string
+ default = "eu-west-1"
+}
+
+variable "instance_type" {
+ description = "EC2 instance type"
+ type = string
+ default = "t2.micro"
+}
+
+variable "ami_id" {
+ description = "AMI ID for Ubuntu 22.04"
+ type = string
+ default = "ami-0e9085e60087ce171" # Ubuntu 22.04 LTS for eu-west-1
+}
+
+variable "key_pair_name" {
+ description = "EC2 key pair name"
+ type = string
+}
+
+variable "grafana_password" {
+ description = "Grafana admin password"
+ type = string
+ sensitive = true
+}
+
+variable "database_url" {
+ description = "Database URL"
+ type = string
+ default = "sqlite:///./data/app.db"
+}
+
+variable "domain_name" {
+ description = "Your NoIP domain name (e.g., myapp.ddns.net)"
+ type = string
+}
+
+variable "ssl_email" {
+ description = "Email for Let's Encrypt SSL certificate notifications"
+ type = string
+}
\ No newline at end of file
diff --git a/monitoring/prometheus.yml b/monitoring/prometheus.yml
new file mode 100644
index 0000000..bc5123b
--- /dev/null
+++ b/monitoring/prometheus.yml
@@ -0,0 +1,15 @@
+global:
+ scrape_interval: 15s
+
+scrape_configs:
+ - job_name: 'prometheus'
+ static_configs:
+ - targets: ['localhost:9090']
+
+ - job_name: 'backend'
+ static_configs:
+ - targets: ['backend:8000']
+
+ - job_name: 'node-exporter'
+ static_configs:
+ - targets: ['node-exporter:9100']
\ No newline at end of file