Deploy Portal (Capsule Cloud)

What it is

Deploy Portal is a Flask-based web application that acts as a control plane for managing deployments on an AWS EC2 instance. It integrates with AWS Cognito via oauth2-proxy for authentication, automatically manages EC2 Security Group rules to whitelist user IPs for SSH access, and generates deployment kits containing SSH keys and configuration scripts. It supports automated infrastructure setup including nginx reverse proxy configuration, port allocation, and framework-specific Dockerfile generation for applications like Next.js.

Features

• Automatic IP whitelisting in EC2 Security Groups upon login
• One-click generation of SSH deployment kits with keys and instructions
• Integrated application catalog with real-time status monitoring
• Automated nginx configuration and port allocation for deployed apps
• Framework-aware Dockerfile generation (e.g., Next.js, Vite)
• Self-signed SSL support with optional Let's Encrypt migration path

Quickstart

git clone https://github.com/davidbmar/deploy-portal.git
cd deploy-portal
bash scripts/github-deploy.sh

Architecture

flowchart TD
    User[User Browser] -->|HTTPS| Nginx[nginx :443]
    Nginx -->|Auth Check| OAuth[oauth2-proxy :4180]
    OAuth -->|Cognito Auth| Cognito[AWS Cognito]
    OAuth -->|X-User-Email Header| Flask[Deploy Portal Flask App :5000]
    Flask -->|boto3 API| EC2[EC2 Security Group Manager]
    Flask -->|File I/O| Registry[App/Port Registry JSON]
    Flask -->|Generate| Keys[SSH Key Generator]
    Flask -->|Detect| Framework[Framework Detector]
    subgraph Infrastructure
        EC2
        Registry
        Keys
        Framework
    end

How it's built

The core application is built with Python 3.8+ and Flask. It uses boto3 to interact with AWS EC2 APIs for security group management. The frontend is served via Jinja2 templates within Flask. Authentication is handled externally by nginx and oauth2-proxy, which injects the user's email into the `X-User-Email` header. Infrastructure automation is handled via Shell scripts for bootstrapping, SSL setup, and installing helper tools like `capsule-nginx-manager`. The system also includes a Firecracker VM manager module for microVM lifecycle management, though the primary deployment path focuses on containerized or direct application deployment on the host.

How it runs

sequenceDiagram
    participant User
    participant Nginx
    participant OAuth
    participant Flask
    participant AWS
    participant FS
    
    User->>Nginx: GET /deploy/
    Nginx->>OAuth: Forward request
    OAuth->>AWS: Validate Cognito Token
    AWS-->>OAuth: Valid User Email
    OAuth->>Nginx: Add X-User-Email Header
    Nginx->>Flask: Proxy Request
    Flask->>AWS: Get Instance Metadata
    Flask->>AWS: Resolve Security Group
    Flask->>AWS: Authorize User IP Ingress
    Flask->>FS: Generate SSH Key Pair
    Flask->>FS: Create Deployment Kit Zip
    Flask-->>Nginx: Return Deployment Kit
    Nginx-->>User: Download Zip

How to apply & reuse

This project is suitable for teams needing a lightweight, self-hosted deployment dashboard on AWS. It replaces manual SSH key distribution and security group editing with a web interface. It is ideal for internal tools, staging environments, or small-scale production setups where a full Kubernetes cluster is overkill. Developers can use it to quickly spin up new services with automatic HTTPS and port management.

At a glance