If you missed our previous session, you can always catch up here. This week, we are going hands on with Automated Web Server Setup with Security Hardening. Let’s get to it, shall we?
Automated Web Server Setup with Security Hardening
Project Overview
In this project, you will use Ansible to automatically:
Provision and configure multiple web servers
Use roles for clean project structure
Install and configure Nginx
Deploy a dynamic HTML page using Jinja2
Secure the server with UFW
Enable HTTPS (TLS/SSL) using Certbot
Restart services automatically using handlers
Make the setup cloud-ready (AWS EC2 compatible)
This mirrors how DevOps teams actually automate servers in production.
What You Will Learn
By completing this project, you will understand:
Ansible inventory management
Playbooks and tasks
Modules (apt, user, copy, service, ufw)
Idempotency
Basic security automation
Running Ansible against multiple hosts
This introduces;
Ansible Roles
Handlers
Jinja2 Templates
HTTPS with Certbot (Let’s Encrypt)
Cloud-ready structure (AWS EC2 compatible)
Project Architecture
Control Node (Ansible)
|
|--- SSH
|
-------------------------
| | | |
Web1 Web2 (Optional) Web3
Prerequisites
1 Ansible control node (Linux)
2 Linux servers (Ubuntu recommended)
SSH access between control node and servers
Basic Linux knowledge
Project Structure (Industry Standard)
ansible-web-project/
├── inventory
├── playbook.yml
├── group_vars/
│ └── webservers.yml
└── roles/
└── webserver/
├── tasks/
│ └── main.yml
├── handlers/
│ └── main.yml
├── templates/
│ └── index.html.j2
└── files/
Step 1: Inventory (Cloud-Ready)
[webservers]
web1 ansible_host=18.210.12.10
web2 ansible_host=3.92.55.23
[all:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=~/.ssh/aws-key.pem
- Works locally
- Works on AWS EC2
- No changes needed later
Step 2: Variables (group_vars)
Create group_vars/webservers.yml:
app_user: appuser
http_port: 80
domain_name: example.com
email: admin@example.com
Variables make the project flexible and reusable.
Step 3: Main Playbook
playbook.yml:
- name: Configure Production Web Servers
hosts: webservers
become: yes
roles:
- webserver
Clean. Simple. Scalable.
Step 4: Role Tasks
roles/webserver/tasks/main.yml
- name: Update system packages
apt:
update_cache: yes
- name: Install required packages
apt:
name:
- nginx
- ufw
- certbot
- python3-certbot-nginx
state: present
- name: Create application user
user:
name: "{{ app_user }}"
shell: /bin/bash
- name: Allow HTTP and HTTPS
ufw:
rule: allow
port: "{{ item }}"
loop:
- "80"
- "443"
- name: Enable firewall
ufw:
state: enabled
- name: Deploy website template
template:
src: index.html.j2
dest: /var/www/html/index.html
notify: Restart Nginx
- name: Ensure Nginx is running
service:
name: nginx
state: started
enabled: yes
Step 5: Handlers (Automatic Restarts)
roles/webserver/handlers/main.yml
- name: Restart Nginx
service:
name: nginx
state: restarted
Handlers only run when changes occur → efficient & safe.
Step 6: Jinja2 Template (Dynamic Website)
roles/webserver/templates/index.html.j2
<!DOCTYPE html>
<html>
<head>
<title>{{ inventory_hostname }}</title>
</head>
<body>
<h1>🚀 Deployed with Ansible</h1>
<p>Server: {{ inventory_hostname }}</p>
<p>Managed by Ansible automation</p>
</body>
</html>
Each server now shows its own hostname (proof of automation).
Step 7: Enable HTTPS (Certbot)
Add to tasks/main.yml (after Nginx setup):
- name: Obtain SSL certificate
command: >
certbot --nginx
-d {{ domain_name }}
--non-interactive
--agree-tos
-m {{ email }}
notify: Restart Nginx
This:
Secures your site
Enables HTTPS automatically
Matches production setups
⚠️ Requires a real domain pointing to the server IP.
Step 8: Run the Project
ansible-playbook -i inventory playbook.yml
Final Outcome
✔ Web servers configured consistently
✔ Nginx installed and secured
✔ Firewall enabled
✔ HTTPS enabled
✔ Dynamic content deployed
✔ Fully automated
✔ Cloud-ready
You now have a real DevOps-grade automation project.
AWS EC2 Compatibility (Important)
This project works unchanged on AWS EC2 if:
Instances allow ports 80 & 443
Security groups are configured
SSH key is set in inventory
This makes it perfect for:
AWS labs
Portfolio projects
Interview demos
Why This Project Is Portfolio-Worthy
This demonstrates:
Configuration management
Security automation
Infrastructure as Code principles
Production thinking
Clean Ansible design
Many junior DevOps roles expect exactly this level.
Next Possible Upgrades (Optional)
If you want to go even further later:
Integrate Terraform + Ansible
Add monitoring with CloudWatch/Prometheus
Add CI/CD pipeline
Add Ansible Vault
Add Load Balancer (ALB/Nginx)
I encourage you to dive deeper into the concepts we've discussed and continue practicing to refine your skills. If you have read all the way to this point thank you So much! I appreciate the effort. If you also found this interesting and would love to take the next steps in the application process do use my referral link below;
Apply here or use this Code: W2jBG8 during the registration process and by so doing, you will be supporting me and also getting a discount!
Special Offer: By signing up through the link and using the code shared, you’ll receive a 10% discount!
Don’t miss out on this opportunity to transform your future and also save while doing it! Let’s grow together in the tech space. Also feel free to reach out if you need assistance or clarity regarding the program.
I would love to hear your feedback and insights. Please leave a comment below to join the conversation!
I’m also excited to share that I’ve been able to secure a special discount, in partnership with Sanjeev Kumar’s team, for the DevOps & Cloud Job Placement / Mentorship Program.
For those who may not be familiar, Sanjeev Kumar brings over 20 years of hands-on experience across multiple domains and every phase of product delivery. He is known for his strong architectural mindset, with a deep focus on Automation, DevOps, Cloud, and Security.
Sanjeev has extensive expertise in technology assessment, working closely with senior leadership, architects, and diverse software delivery teams to build scalable and secure systems. Beyond industry practice, he is also an active educator, running a YouTube channel dedicated to helping professionals successfully transition into DevOps and Cloud careers.
This is a great opportunity for anyone looking to level up their DevOps/Cloud skills with real-world mentorship and career guidance.
Do refer below for the link with a dedicated discount automatically applied at checkout;
DevOps & Cloud Job Placement / Mentorship Program.
I’m Ikoh Sylva, a passionate cloud computing enthusiast with hands-on experience in AWS. I’m documenting my cloud journey from a beginner’s perspective, aiming to inspire others along the way.
If you find my contents helpful, please like and follow my posts, and consider sharing this article with anyone starting their own cloud journey.
Let’s connect on social media. I’d love to engage and exchange ideas with you!
Top comments (0)