We require an experienced web server systems administrator to remotely access a machine running a bare-minimum Ubuntu Server install, and to deploy a full back-end web stack comprising PostgreSQL, Django, Gunicorn and Nginx. All components of the stack should be properly configured to interoperate, and then server should be locked down with small-scale production web server best practices.
The successful applicant will be granted VPN access to a machine at our site for the duration of the project. It is expected that the project be split into the following notional parts:
(1.) Lock-down of Ubuntu Server for production web server usage. This would include proper configuration of Uncomplicated Firewall (ufw) to allow only SSH and HTTPS requests, and also setup of automatic updates. All unnecessary software packages to be purged.
(2.) Installation of separate components PostgreSQL, Django (to be run on Python 3), Gunicorn and Nginx.
(3.) Configuration of components installed in step (2.). Specifically, where appropriate, each component to run by its own Linux user with minimal access to the server's file system and minimal permissions.
(4.) Web server configuration: Nginx to serve an empty Django project (running in its own virtualenv, administrated using virtualenvwrapper, and accessing a PostgreSQL database) over SSL only, with Gunicorn acting as the intermediary WSGI. (Encryption certificate for HTTPS to be provided by a CA determined at a later date.)
It is important that all configuration steps (that is, all changes made to the starting bare minimum Ubuntu Server installation) be fully documented and provided to us at the end of the project. It is expected that writing this documentation will take chargeable time.
On completion of this project, the fully-configured web server will be snapshotted, and used as a starting point for internal web app deployments.
The top priority for this project will be the implementation of security best practices. We particularly welcome applications from systems administrators with previous experience in locking down Linux web servers for small-scale production deployment.