Murdoch ICT171 Cloud Project · 2026 S1

Vantage

A cloud-hosted monitoring and server-status project for ICT171. Vantage runs on a DigitalOcean Ubuntu droplet, performs scheduled checks on the host and its own webpage — uptime, response headers, certificate handling, and content integrity — and keeps the detailed operational dashboard behind protected admin access.

Live server · 134.199.167.21
Student Name
Sahil Bawa
Student Number
35734862
Cloud Provider
DigitalOcean (IaaS)
Server
Ubuntu 24.04 LTS · Nginx

Project Description

Vantage is a cloud-hosted monitoring and server-status project built for Murdoch ICT171. It runs on a DigitalOcean Ubuntu droplet behind Nginx and uses a single Bash script, scheduled by cron, to perform recurring checks on the host and the project's own webpage. Results are written to a protected JSON file under the admin route and read by the authenticated operational dashboard.

The checks fall into three plain groups. Server self-health samples CPU, memory, disk, and uptime from the host so the project can report on the state of its own environment. Response checks make an HTTP request to the project's own webpage and record the status code and response time. Basic web security checks audit the response headers for common recommendations (HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) and SHA-256 hash the homepage to detect content changes against a stored baseline. A TLS certificate-expiry check is now active and reads the live Let's Encrypt certificate served from https://vantageproject.me.

The first stage of delivery focused on the cloud-deployment fundamentals required by ICT171: provisioning the server, connecting via SSH using key-based authentication, installing and configuring Nginx by hand, publishing a webpage, and writing a check script that runs on a five-minute cron schedule. The later stages focused on DNS, HTTPS, the live TLS check, and consolidating the project documentation so another student could rebuild it end to end.

Scope: Vantage performs checks only against the host server it runs on. It is not configured to target other systems.

What Vantage Monitors

The script performs the following checks on every run. All five checks below are now live and run automatically every five minutes through cron.

CHK-01

Uptime & Response

Sends an HTTP request to the project's webpage every five minutes via cron. Records the status code and response time in milliseconds.

Stage 1 · live
CHK-02

TLS Certificate Expiry

Reads the live Let's Encrypt certificate via openssl and reports days until expiry. Runs on the same 5-minute cron as the other checks.

Stage 1 · live
CHK-03

Security Headers

Checks for HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy. Scored A–F based on how many are present.

Stage 1 · live
CHK-04

Content Integrity

Calculates a SHA-256 hash of the homepage and compares it to a stored baseline. Flags when the hash changes between runs.

Stage 1 · live
CHK-07

Server Self-Check

Collects CPU usage, memory usage, disk usage, and uptime from the host using top, free, df, and uptime.

Stage 1 · live

Operational Dashboard

The detailed live dashboard — including per-check status, host metrics, and the latest status.json output — is hosted at /admin/ and protected by HTTP basic authentication. This keeps server-health details and response data out of public view.

Public status: if you can read this page, the server is online and HTTPS is working. Detailed operational monitoring is restricted to authorised admin access.

Development Roadmap

Vantage is delivered in three stages across the semester. Stages 1 and 2 and stage 3 are complete;

Stage 1

Cloud foundation and live checks

Provision the Ubuntu droplet, configure Nginx, set up SSH key authentication, publish this project page on the public IP, and write a Bash check script run every five minutes by cron. The script performs uptime, security-headers, content-integrity, and server self-health checks and writes the results to /var/www/html/admin/status.json which the protected admin dashboard reads.

Complete
Stage 2

DNS, HTTPS, and real TLS check

Registered the domain vantageproject.me and pointed an A record at the droplet. Updated Nginx server_name to respond to the domain. Installed Certbot to obtain and auto-renew a Let's Encrypt certificate. The check script's CHK-02 block now queries the live certificate via openssl s_client and reports days until expiry.

Complete
Stage 3

Documentation, verification, and security hardening

Finalised README.md and SETUP.md on GitHub so another student can rebuild the project end to end. Added a protected admin dashboard, security headers, dedicated admin and honeypot logging, fail2ban for SSH protection, and verification steps for the marker. Produced the final PDF report.

Complete

Security Features

Vantage now includes a small set of practical security controls focused on reducing unnecessary exposure, protecting administration, and improving monitoring visibility.

HTTPS enabled

Traffic is encrypted with TLS using a Let's Encrypt certificate managed through Certbot.

Protected admin dashboard

The detailed operational dashboard is separated from the public site and protected with Nginx basic authentication.

Security headers

Nginx now serves HSTS, CSP, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers.

Content integrity monitoring

The project compares the deployed site against a known-good baseline and detects content drift.

Fail2ban on SSH

Repeated failed SSH login attempts can now be monitored and automatically banned at the server level.

Admin and honeypot logging

Admin route access is logged separately, and a decoy /wp-admin path records opportunistic probing.

Technical Stack

Cloud ProviderDigitalOcean (IaaS)
Operating SystemUbuntu 24.04 LTS
Web ServerNginx
AutomationBash via cron
Tools used in checkscurl · openssl · sha256sum
Data file/var/www/html/admin/status.json
Log file/var/log/vantage.log
Source ControlGit · GitHub (public)
LicenseMIT

Why DigitalOcean Was Chosen

DigitalOcean was selected because it is a clean Infrastructure as a Service environment with full root SSH access, which matches the technical requirements of the unit. It allows the server to be configured manually rather than relying on a managed platform, making it well suited for demonstrating Linux administration, software installation, web hosting, and cloud deployment in a hands-on way. That level of control is necessary for Vantage — the check script reads system tools such as top, free, df, and openssl directly on the host, which is straightforward on IaaS but restricted on managed platforms.

Beyond technical fit, DigitalOcean has clear documentation, a well-organised control panel, and a straightforward droplet creation flow that lets attention go to the monitoring work rather than the provisioning ceremony. It also integrates with the GitHub Student Developer Pack, which reduces cost and makes it realistic to keep running the project after the unit ends.

Project License

This project is released under the MIT License. MIT was chosen because it is simple, widely used, and well suited for a student software project that may continue to develop over time. It allows other people to view, use, modify, and share the code, as long as the original copyright notice and license terms remain with the project. This is a practical choice for work that may later be expanded into a public cybersecurity portfolio piece. The license is reproduced in the project's GitHub repository as LICENSE, and is marked in the footer of this page and in the repository README.md.