Integration with Configuration Management

2 min read Web Security Fundamentals

Integration with Configuration Management

Integrate updates with configuration management tools:

# Ansible playbook for managed updates
---
- name: Managed Web Server Updates
  hosts: webservers
  become: yes
  vars:
    maintenance_window_start: "02:00"
    maintenance_window_end: "04:00"
    
  tasks:
    - name: Check current time is in maintenance window
      assert:
        that:
          - ansible_date_time.time >= maintenance_window_start
          - ansible_date_time.time <= maintenance_window_end
        fail_msg: "Updates can only run during maintenance window"
      
    - name: Create pre-update backup
      include_role:
        name: backup
      vars:
        backup_type: pre_update
        
    - name: Update package cache
      apt:
        update_cache: yes
        cache_valid_time: 3600
        
    - name: Check for critical updates
      shell: apt list --upgradable 2>/dev/null | grep -E '(apache2|nginx|openssl)'
      register: critical_updates
      changed_when: false
      failed_when: false
      
    - name: Apply security updates
      apt:
        upgrade: safe
        autoremove: yes
        autoclean: yes
      when: critical_updates.stdout_lines | length > 0
      
    - name: Check if reboot required
      stat:
        path: /var/run/reboot-required
      register: reboot_required
      
    - name: Notify about required reboot
      mail:
        to: [email protected]
        subject: "Reboot required on {{ inventory_hostname }}"
        body: "Security updates require a reboot"
      when: reboot_required.stat.exists
      
    - name: Verify services after update
      systemd:
        name: "{{ item }}"
        state: started
        enabled: yes
      loop:
        - apache2
        - nginx
      register: service_status
      
    - name: Run post-update tests
      uri:
        url: "https://{{ inventory_hostname }}/health"
        status_code: 200
      retries: 3
      delay: 10

Effective patch management requires balancing security needs with operational stability. Automated updates, combined with proper testing and rollback procedures, ensure your web server remains secure without sacrificing reliability. The next chapter will explore load balancing and reverse proxy configurations to enhance both security and performance.## Load Balancing and Reverse Proxy Security

Load balancing and reverse proxy configurations enhance both performance and security for web applications. By distributing traffic across multiple backend servers and acting as an intermediary between clients and applications, these configurations provide resilience against attacks, hide backend infrastructure details, and enable sophisticated security policies. This chapter explores secure implementation of load balancers and reverse proxies using Apache and Nginx, covering high availability setups, SSL/TLS termination, and advanced security features.