eMarches
emarches.com portfolio

Mastering a full stack

From hardware and infrastructure provisioning to production deployment, fine-tuning and maintenance, we master a large spectrum of IT skills and techniques. We made eMarches.com all from scratch as a showcase.

Visit our site
Linux QEMU KVM Security Users

Infrastructure and System Administration

Key aspects of system administration, including the initial hardware setup, configuration of the operating system and network, and effective user management. This also covers the implementation of secure remote access protocols and firewall configurations to ensure system protection. Additionally, it involves monitoring system performance to maintain optimal functionality and quickly address potential issues.

  • Server cleaning
  • Hardware check
  • Racking and fastening
  • Power and network connection
  • OS media preparation
  • Bios configuration

  • Power on and boot up
  • Hard disk partitioning
  • Partitions mounting
  • Installing needed packages
  • Network configuration

  • Securing root user with a strong password
  • Creating and securing regular users and system users
  • Users rights and permissions management
  • Files and directory permissions tuning

  • SSH installation and configuration
  • Enabling SSH authentication using identity keys
  • Keys generation and transfer
  • Disabling password authentication

  • ufw Firewall installation
  • Setting up default policy
  • Rules management
  • Testing

  • Resources usage
  • Running software and services
  • Logs and system journals
PG PY SE CH Automation

Data Extraction and Automation Workflow

The process of setting up a PostgreSQL database and configuring a Python environment to support data handling and processing tasks. It includes analyzing and engineering the target website for data scraping, browsing the site to collect relevant information, and utilizing the scraped data effectively. Additionally, shell scripting and automation techniques are employed to streamline and optimize the entire workflow.

  • Postgresql installation
  • Cluster initialization
  • Database users management
  • Users and Databases management
  • Security and rights fine tuning
  • Enabling remote acces over SSH tunnel (using identity keys, not passwords)
  • PgAdmin4 installation
  • Remote access configuration for pgAdmin4 (over https)

  • Python installation
  • Setting up virtual environment
  • Libraries installation: Selenium, Chromium, Requests, BeautifulSoup, …

  • Source code review
  • Pages anatomy
  • Links and navigation
  • Framework and conventions
  • Security and limitations

  • Reading pages content
  • Listing and recognizing elements
  • Filling in forms and fields
  • Clicking and navigating pages
  • Parsing source data

  • Extracting data of interest
  • Formatting and sanitizing data
  • Securely connect to database and saving data
  • Managing files downloads and uploads
  • Staying legitimate and avoid blacklisting

  • Managing files on remote server: Create, delete, modify content, check existence, ...
  • Starting programs or scripts periodically
  • Creating system services to start scripts or programs automatically
  • Rotating logs
PY DJ PG JS H5

Full stack web application development

Development of web applications using the Python/Django ecosystem. This includes establishing and managing database connections, handling the complete user lifecycle, and generating dynamic web pages. Attention is given to serving static files, applying styling for a polished interface, and enhancing the overall user experience. Advanced Django features are leveraged to extend functionality, while administrative tools and supervision mechanisms ensure effective application management and maintenance.

  • Making Python virtual environment
  • Installing packages and dependencies
  • Database connection
  • Email gateway setup

  • Registeration and Signup
  • Email verification
  • Login and Logout
  • Password change
  • Password reset
  • Sessions and cookies management

  • Getting requests data
  • Checking user permissions
  • Getting data from databse
  • Formatting and presenting data
  • Writing/updating/deleting data in database
  • Display optimizations: sort, pagination, ...
  • Making clean, pertinent charts from complex data
  • Managing errors and exceptions
  • Downloading and uploading files
  • Generating and serving dynamic files

  • Applying and managing pages styles
  • Client-side scripting: Javascript
  • Implementing full translation and language selection
  • Easy navigation and simple URLs scheme
  • Responsive and fluid user interface
  • Clean and debloated interface
  • Modern dialogs: modals and toast messages
  • Modern and optimized graphics

  • Multi-application routing
  • Creating and using custom middlware
  • Creating and using custom template tags
  • Creating and using custom context processors
  • Custom logging and analytics
  • Remote host management with scripts over SSH
  • E-mail sending automation

  • Users and groups management
  • Custom administration interface
  • Granular permissions management
Deploy GU NGINX SSL WAF

Production Deployment

Deployment focuses on configuring the server environment for deploying web applications. It includes setting up the application server, configuring a reverse proxy for efficient traffic handling, and managing domain names along with SSL certificates to ensure secure communication. Additionally, the deployment of a Web Application Firewall (WAF) is covered to enhance security by protecting against common web threats.

  • Installing and configuring the OS (Arch linux)
  • Ensuring secure remote access over SSH using identity keys authentication
  • Configuring firewall
  • Setting up Python virtual environment
  • Copying the necessary files to the server

  • Installing and configuring gunicorn
  • Exposing Django application through Unix socket

  • Installing and enabling nginx
  • Configuring nginx as a proxy to gunicorn
  • Handling static files with nginx
  • Upgrading connection security
  • Implementing multi-tenancy
  • Configuring nginx logging

  • Updating DNS settings
  • Connecting application to domain name
  • Generating free SSL certificates
  • Configuring SSL certificates in nginx
  • SSL automatic renewal using scripts and timers

  • Coming soon: implementing a Web Application Firewall
Docker MC Keys Security Mail

Private Email Server Setup

Deploying and managing a private email server includes configuring the server environment, setting up secure mail protocols (SMTP, IMAP, and POP3), managing user accounts and mailboxes, and implementing encryption and authentication measures to ensure privacy and data protection. Special attention is given to spam filtering, DNS configurations (such as SPF, DKIM, and DMARC), maintaining overall server reliability and security in addition to the configuration of client access.

  • Installing and configuring the OS (Rocky linux, based on RedHat)
  • Ensuring secure remote access over SSH using identity keys authentication
  • Configuring firewall

  • Installing docker and docker-compose
  • Downloading and installing Mailcow (open source)
  • Running and enabling containers

  • Configuring DNS records
  • Generating and deploying identity keys
  • Hardening security and deliverability (DKIM, SPF, DMARK)
  • Configuring spam filters (rspamd and fail2ban)
  • Configuring antivirus scanning

  • Domains management (multi-tenancy)
  • Users and mailboxes management
  • Mailboxes Aliases management
  • Catch-all mailboxes

  • Accessing from Web browser
  • SMTP, IMAP, POP3 access
  • Accessing from private email clients (Android, iOS)
  • Access tests: Web, Python, Android

Note: This portfolio is not exhaustive. Please feel free to contact us for further information.