Archives: Projects

Projects

Cloudflare DNS + Dockerized NGINX on AWS

🌐 Cloudflare DNS + Dockerized NGINX on AWS
Launching a website isn't enough β€” it should be automated, secure, and built like infrastructure. This project uses Dockerized NGINX on an AWS EC2 instance, paired with Cloudflare DNS and an API-driven TLS workflow to serve https://haelectricinc.com reliably and securely.

🧰 What It Does
Serves a static business website using Docker and NGINX:
βœ… Runs NGINX inside a Docker container
🌍 Uses Cloudflare DNS for global name resolution
πŸ”’ Automates TLS with Certbot and Cloudflare API (DNS-01 challenge)
πŸ” Auto-renews certificates and reloads NGINX with no downtime
πŸ“Ά Hosted on AWS EC2 with firewall, health checks, and monitoring

βš™οΈ Requirements

  • AWS EC2 (Ubuntu)

  • Docker + Docker Compose

  • Cloudflare account and API token

  • Certbot Docker image with DNS plugin

  • NGINX container with mounted HTML/CSS

πŸ“« Why It Matters
Static websites still deserve DevOps-grade deployment. This setup is:
βœ”οΈ Fully containerized and portable
βœ”οΈ TLS-secured using DNS automation β€” no ports needed
βœ”οΈ Designed for simplicity, uptime, and zero-touch renewals
βœ”οΈ Perfect for small business sites, portfolios, and DevOps learning labs

Fail2Ban Daily SSH Report Script

 

πŸ” Fail2Ban Daily Report Script

Security isn’t just about blocking attacks β€” it’s about knowing they happened. This lightweight Bash script integrates with Fail2Ban to generate daily email reports on SSH intrusion attempts, giving you clear, actionable visibility without logging into the server.

🧰 What It Does

  • Pulls the list of IPs banned by the sshd jail
  • Uses geoiplookup to identify attacker locations
  • Formats a clean daily report:
    • βœ… IP Address
    • 🌍 Country of Origin
    • πŸ•’ Timestamp
  • Emails the report to a predefined address

βš™οΈ Requirements

  • fail2ban
  • geoip-bin (for geoiplookup)
  • CLI mail client (e.g., mutt, mailx, or ssmtp)
  • Basic cron setup

πŸ“« Why It Matters

Many sysadmins install Fail2Ban and forget it’s there. This script makes intrusion detection visible again β€” without manual log review. Perfect for: βœ”οΈ Home lab monitoring βœ”οΈ Lightweight VPS hardening βœ”οΈ Situational awareness for SSH threats

πŸ“Ž Project Link

πŸ”— GitHub Repository: mikecozier/fail2ban

DevOps CI/CD Pipeline

πŸš€ DevOps CI/CD Pipeline for Python App Deployment

I built a robust CI/CD pipeline to automate the deployment of a Dockerized Python application using GitHub Actions and Docker Compose. The setup ensures that every code update is automatically built, pushed to Docker Hub, and deployed to a remote server.

βš™οΈ Tech Stack:

  • GitHub Actions: CI/CD automation

  • Docker: Containerization of the Python app

  • Docker Compose: Service orchestration

  • Ubuntu Server: Hosting environment

  • SSH: Secure remote deployment

🌐 Setup Highlights:

  • Automated build and push of Docker images to Docker Hub

  • Secure, automated deployment to a remote server using SSH

  • End-to-end CI/CD pipeline from code commit to live deployment

  • Docker Compose for easy service management and container orchestration

  • Continuous deployment to ensure the latest version is always live

πŸ“¦ Why It Rocks:

  • Eliminates manual deployment steps

  • Keeps the app updated with every code change

  • Reduces downtime with automated rollouts

  • Increases productivity through automation

  • Scalable and adaptable for various web applications

  πŸ”— GitHub: flask-ci-cd-pipeline

Docker Full-Stack

πŸš€ My Full-Stack Monitoring and Web Environment

I built a secure, containerized setup with Docker, Traefik, and Cloudflare β€” all running on my home server with public subdomain access.

βš™οΈ Tech Stack:

  • Docker Compose: Service orchestration

  • Traefik: Reverse proxy with TLS (Cloudflare DNS challenge)

  • Pi-hole: Network-wide ad blocking

  • Prometheus + Grafana: Metrics collection and dashboards

  • Netdata: Real-time system health

  • Nginx (Alpine): Static HTML site hosting

  • Cloudflare: DNS and DDoS protection

🌐 Setup Highlights:

  • Traefik routes HTTPS traffic securely to internal containers

  • BasicAuth protects internal services (like Grafana)

  • Docker Compose handles easy service management

πŸ“¦ Why It Rocks:

  • Secure, encrypted access to all services

  • Automated updates with Docker Compose

  • Real-time monitoring and dashboards

  • Scalable and adaptable for any homelab

πŸ”— Check it out on GitHub: docker-traefik-stack

Unauthorized SSH Attempts Script

πŸ” Tracking Unauthorized SSH Attempts with a Bash Script

Securing a Linux server isn’t just about firewalls β€” it’s about knowing who’s trying to break in. I wrote a lightweight Bash script called badssh.sh to track SSH intrusion attempts on port 22.

🧰 What It Does:

  • Scans UFW logs for blocked IPs

  • Displays the last 10 unique blocked IPs

  • Shows the timestamp, location, and network hops

  • Counts total blocked attempts for the day

βš™οΈ Setup:

  • Requires ufw, geoiplookup, and traceroute

  • Enable UFW logging with sudo ufw logging on

  • Run manually or schedule with cron: 0 9 * * * /path/to/badssh.sh >> /var/log/ssh-monitor.log

πŸ”— GitHub: mikecozier/Bad-SSH-Attempts

 

Server Status Script

πŸ“¬ Automating Linux Health Reports

To keep my home lab running smoothly, I built a simple Bash script called stats.sh that emails me daily server health reports. This way, I stay updated on performance and security without logging in manually.

πŸ› οΈ What It Does

  • Monitors system health: CPU, memory, disk usage, and temperatures

  • Tracks network status: connectivity, interface states, bandwidth

  • Detects security issues: failed SSH login attempts and inode usage

  • Sends a daily summary via email using mutt

πŸš€ Why I Built It

I wanted a hands-free way to monitor my server’s health and spot issues early. With daily email reports, I can catch resource bottlenecks or suspicious login attempts before they escalate.

πŸ”— GitHub: mikecozier/Server-Stat-Script

PI-Hole with OpenDNS

πŸ›‘οΈ Pi-hole with Docker and OpenDNS: Ad Blocking & Content Filtering

I set up Pi-hole in Docker with OpenDNS as the upstream DNS to block ads and filter unwanted content across my entire network. It’s a lightweight, portable way to secure DNS traffic while keeping devices ad-free.

🐳 Why Docker?

  • Portability: Easily move the setup between systems

  • Isolation: Keeps configs separate from the host

  • Easy Updates: Version control with Docker images

  • Consistency: Same setup on different environments

🌐 Why OpenDNS?

  • Content Filtering: Block categories like adult content or social media

  • Phishing Protection: Blocks access to malicious sites

  • DNS Security: Adds an extra layer to Pi-hole’s blocklists

βœ… Key Benefits:

  • Ad-Free Browsing: Works on all devices, including smart TVs

  • Network-Wide Security: Blocks phishing and malware domains

  • Custom Filtering: Manage settings via the OpenDNS dashboard

Combining Pi-hole and OpenDNS in Docker gives me a reliable, secure, and customizable way to manage network traffic. It’s perfect for improving privacy, speed, and control in any home lab or small office setup.

Packet Tracer

πŸ›‘οΈ Redundant Network Design with VLANs in Cisco Packet Tracer

I designed a fault-tolerant network using Cisco Packet Tracer to simulate an enterprise environment. The setup includes redundant links, VLANs, and EtherChannel to ensure high availability and efficient traffic management.

πŸ–₯️ Network Layout:

  • Network 1: VLAN 10, VLAN 20, VLAN 30

  • Network 2: VLAN 70, VLAN 80

  • Redundant Routers: Two ISR4331 routers for inter-VLAN routing and failover

πŸ” Key Features:

  • Redundancy: Multiple links grouped into EtherChannel for load balancing and failover

  • VLAN Segmentation: Logical separation of traffic for better performance and security

  • Subnetting: Each VLAN has a unique IP range

  • Scalability: Easily expandable for future needs

βœ… Why It Works:

  • High Availability: Redundant paths minimize downtime

  • Improved Performance: EtherChannel boosts bandwidth and link reliability

  • Structured Network: VLANs and subnetting enhance security and management

This project highlights how redundancy and VLAN management create a resilient, scalable network β€” essential for handling real-world demands.

Homelab

 

🏑 DevOps Home Lab

As a retired NYPD Sergeant and U.S. Army Veteran transitioning into DevOps, I built this self-hosted, production-grade home lab to mirror real-world infrastructure. It’s designed for learning, testing, automation, and hardening β€” with security and observability at its core.

βš™οΈ Hardware Setup

Device Purpose
Desktop Kali Linux + Windows 11 (dual boot) for local dev/testing
Laptop Kali Linux for mobility and SSH access
Server GMKtec N100 running Ubuntu Server
Hypervisor MinisForum MS-01 with Proxmox VE
NAS Synology DS223j (16TB) for media & backups

🐳 Core Dockerized Services

  • Traefik – Reverse proxy with auto HTTPS (Let’s Encrypt)
  • Pi-hole – Network-wide ad/malware blocking
  • Prometheus + Grafana – Metric collection and dashboards
  • Netdata – Real-time monitoring across containers
  • Plex – Media server integrated with NAS
  • Nginx – Static site hosting (including this website)

🌐 Networking & Access

  • TLS encryption for all services (Let’s Encrypt via Traefik)
  • Subdomain routing handled via Cloudflare
  • SSH access restricted to public key authentication
  • Dynamic DNS managed through Cloudflare API
  • Reverse proxy + firewall rules for tight access control

πŸ“ˆ Monitoring & Automation

  • Prometheus – Time-series metrics
  • Grafana – Visual dashboards (disk, CPU, containers)
  • Netdata – Real-time performance graphs
  • Fail2Ban – SSH brute-force protection
  • Bash scripts – Automated daily health reports via email (cron)

βœ… Design Principles

  • Security-first: Public key SSH, HTTPS, restricted ports
  • Separation of concerns: Media, DNS, compute split by service
  • Production-like: Infrastructure mimics real environments
  • Self-hosted: Full control, no third-party lock-in
  • Flexible + Scalable: Proxmox allows isolated VM environments for experimentation
This lab gives me hands-on experience with the same tools used in real-world DevOps β€” and helps me continuously improve my automation, observability, and security skills.
πŸ”— Back to Projects | View on GitHub

DDNS

🌐 Automating Cloudflare DDNS with a Shell Script

To keep my self-hosted services accessible, I built a Cloudflare DDNS updater using a Bash script. This solves the problem of dynamic IP changes from my ISP by automatically updating my domain (michaelcozierdns.com) to point to the correct public IP.

Why Cloudflare DDNS

Cloudflare offers fast DNS propagation, built-in DDoS protection, and API access for easy DNS management. It integrates well with Traefik, allowing me to securely route traffic to services like Pi-hole, Prometheus, and Netdata.

How It Works

The script detects my current public IP, compares it with the Cloudflare DNS record, and updates the record if they differ. It also supports notifications via Slack and Discord and logs updates for auditing. I automated the process with a cron job, running every 5 minutes to ensure my domain stays reachable.

Why It’s Useful

This setup keeps my domain accessible despite IP changes, gives me complete control over my DDNS setup, and integrates seamlessly with my self-hosted services. Automating infrastructure like this helps maintain reliability without relying on third-party tools.

This project reinforced my skills in API automation and DNS management β€” essential for resilient self-hosted environments.

GitHub: mikecozier/Cloudflare-DDNS-Script