A full-stack Instagram-inspired social media application built with a microservices architecture, containerized with Docker, and deployed through a secure CI/CD pipeline powered by Jenkins.
The application is split into independent backend microservices, a frontend client, and an Nginx reverse proxy that routes traffic between them.
┌─────────────┐
│ Nginx │ :80
│ (API Gateway)│
└──────┬──────┘
┌───────────────┼───────────────┐
▼ ▼ ▼ ▼
┌────────────┐ ┌────────────┐ ┌────────────┐ ┌────────────┐
│auth-service│ │user-service│ │post-service│ │media-service│
└────────────┘ └────────────┘ └────────────┘ └────────────┘
Insta/
├── Backend/
│ ├── auth-service/ # Authentication & JWT handling
│ ├── user-service/ # User profiles & relationships
│ ├── post-service/ # Posts, likes, comments
│ └── media-service/ # Image/video upload & storage
├── Frontend/ # Client-side app (JavaScript/HTML/CSS)
├── nginx/ # Nginx config files
├── nginx.conf # Reverse proxy routing rules
├── docker-compose.yml # Multi-service orchestration
├── Dockerfile # App container definition
├── Jenkinsfile # CI/CD pipeline definition
└── sonar-project.properties # SonarQube code quality config
| Layer | Technology |
|---|---|
| Frontend | HTML, CSS, JavaScript |
| Backend | Node.js (microservices) |
| Reverse Proxy | Nginx |
| Containerization | Docker & Docker Compose |
| CI/CD | Jenkins |
| Code Quality | SonarQube |
| Security Scanning | OWASP Dependency-Check, Trivy |
- Docker and Docker Compose installed
- Node.js (for local development)
-
Clone the repository:
git clone https://github.com/dvanhu/Insta.git cd Insta -
Create
.envfiles for each service:Backend/auth-service/.env Backend/user-service/.env Backend/post-service/.env Backend/media-service/.env -
Start all services:
docker-compose up --build
-
The application will be available at
http://localhost
Handles user registration, login, and JWT token issuance/validation.
Manages user profiles, followers, and following relationships.
Handles creating, reading, liking, and commenting on posts.
Manages file uploads (images/videos) and serves media assets.
Acts as a reverse proxy, routing incoming requests to the appropriate microservice based on path prefixes.
The Jenkinsfile defines a fully automated pipeline with the following stages:
- Checkout Code — Pulls the latest code from the
mainbranch - Install Dependencies — Runs
npm installin the Frontend directory - SonarQube Analysis — Static code analysis for code quality and bugs
- Quality Gate — Fails the build if code quality standards are not met
- OWASP Dependency Check — Scans for known CVEs in dependencies (fails on CVSS ≥ 7)
- Trivy Filesystem Scan — Scans source files for HIGH/CRITICAL vulnerabilities
- Docker Build — Builds the application Docker image
- Trivy Image Scan — Scans the final Docker image for HIGH/CRITICAL vulnerabilities
- Deploy Container — Runs the container on port 3000
Dependency check reports are archived as build artifacts after every run.
This project takes a DevSecOps approach, integrating security checks directly into the pipeline:
- SonarQube for static application security testing (SAST)
- OWASP Dependency-Check to detect vulnerable third-party libraries
- Trivy for both filesystem and Docker image vulnerability scanning
- Each microservice uses isolated
.envfiles to manage secrets — never commit these to source control