A cloud-hosted monitoring and server-status project for ICT171. Vantage runs on a DigitalOcean Ubuntu droplet, performs scheduled checks on the host and its own webpage — uptime, response headers, certificate handling, and content integrity — and keeps the detailed operational dashboard behind protected admin access.
Vantage is a cloud-hosted monitoring and server-status project built for Murdoch ICT171. It runs on a DigitalOcean Ubuntu droplet behind Nginx and uses a single Bash script, scheduled by cron, to perform recurring checks on the host and the project's own webpage. Results are written to a protected JSON file under the admin route and read by the authenticated operational dashboard.
The checks fall into three plain groups. Server self-health
samples CPU, memory, disk, and uptime from the host so the project can report on the
state of its own environment. Response checks make an
HTTP request to the project's own webpage and record the status code and response time.
Basic web security checks audit the response headers for
common recommendations (HSTS, Content-Security-Policy, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy) and SHA-256 hash the homepage to detect content
changes against a stored baseline. A TLS certificate-expiry check is now active and
reads the live Let's Encrypt certificate served from https://vantageproject.me.
The first stage of delivery focused on the cloud-deployment fundamentals required by ICT171: provisioning the server, connecting via SSH using key-based authentication, installing and configuring Nginx by hand, publishing a webpage, and writing a check script that runs on a five-minute cron schedule. The later stages focused on DNS, HTTPS, the live TLS check, and consolidating the project documentation so another student could rebuild it end to end.
Scope: Vantage performs checks only against the host server it runs on. It is not configured to target other systems.
The script performs the following checks on every run. All five checks below are now live and run automatically every five minutes through cron.
Sends an HTTP request to the project's webpage every five minutes via cron. Records the status code and response time in milliseconds.
Stage 1 · liveReads the live Let's Encrypt certificate via openssl and reports days until expiry. Runs on the same 5-minute cron as the other checks.
Stage 1 · liveChecks for HSTS, Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy. Scored A–F based on how many are present.
Stage 1 · liveCalculates a SHA-256 hash of the homepage and compares it to a stored baseline. Flags when the hash changes between runs.
Stage 1 · liveCollects CPU usage, memory usage, disk usage, and uptime from the host using top, free, df, and uptime.
Stage 1 · live
The detailed live dashboard — including per-check status, host metrics, and the
latest status.json output — is hosted at /admin/ and
protected by HTTP basic authentication. This keeps server-health details and
response data out of public view.
Public status: if you can read this page, the server is online and HTTPS is working. Detailed operational monitoring is restricted to authorised admin access.
Vantage is delivered in three stages across the semester. Stages 1 and 2 and stage 3 are complete;
Provision the Ubuntu droplet, configure Nginx, set up SSH key authentication, publish this project page
on the public IP, and write a Bash check script run every five minutes by cron. The script performs
uptime, security-headers, content-integrity, and server self-health checks and writes the results to
/var/www/html/admin/status.json which the protected admin dashboard reads.
Registered the domain vantageproject.me and pointed an A record at the droplet. Updated
Nginx server_name to respond to the domain. Installed Certbot to obtain and auto-renew a
Let's Encrypt certificate. The check script's CHK-02 block now queries the live certificate via
openssl s_client and reports days until expiry.
Finalised README.md and SETUP.md on GitHub so another student can rebuild the project end to end. Added a protected admin dashboard, security headers, dedicated admin and honeypot logging, fail2ban for SSH protection, and verification steps for the marker. Produced the final PDF report.
Vantage now includes a small set of practical security controls focused on reducing unnecessary exposure, protecting administration, and improving monitoring visibility.
Traffic is encrypted with TLS using a Let's Encrypt certificate managed through Certbot.
The detailed operational dashboard is separated from the public site and protected with Nginx basic authentication.
Nginx now serves HSTS, CSP, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers.
The project compares the deployed site against a known-good baseline and detects content drift.
Repeated failed SSH login attempts can now be monitored and automatically banned at the server level.
Admin route access is logged separately, and a decoy /wp-admin path records opportunistic probing.
DigitalOcean was selected because it is a clean Infrastructure as a Service environment
with full root SSH access, which matches the technical requirements of the unit. It
allows the server to be configured manually rather than relying on a managed platform,
making it well suited for demonstrating Linux administration, software installation,
web hosting, and cloud deployment in a hands-on way. That level of control is necessary
for Vantage — the check script reads system tools such as top, free,
df, and openssl directly on the host, which is straightforward
on IaaS but restricted on managed platforms.
Beyond technical fit, DigitalOcean has clear documentation, a well-organised control panel, and a straightforward droplet creation flow that lets attention go to the monitoring work rather than the provisioning ceremony. It also integrates with the GitHub Student Developer Pack, which reduces cost and makes it realistic to keep running the project after the unit ends.
This project is released under the MIT License. MIT was
chosen because it is simple, widely used, and well suited for a student software project
that may continue to develop over time. It allows other people to view, use, modify,
and share the code, as long as the original copyright notice and license terms remain
with the project. This is a practical choice for work that may later be expanded into a
public cybersecurity portfolio piece. The license is reproduced in the project's GitHub
repository as LICENSE, and is marked in the footer of this page and in the
repository README.md.