Setup a deployctl
deployment server on Digital Ocean for use with Gitlab to deploy static websites and releases.
setup deployctl
Prerequisites
- a Digital-Ocean Account
- a domain name, or sub-domain name
- a ssh-terminal program
- a public ssh-key for connecting to the new droplet
- And most important a gitlab account, private or public instance
Setup
Create a new drop-let on DO
if you don’t have an account yet consider to support this project by following this link.
- Select image Centos, 7.x (deployctl with scripts and RPM was writen for Centos7)
- Select size, in most cases, the 5$ option will do, giving you around 15G for deployment of websites and releases.
- Select Region
- Aditional Options
- optional Backups-> ensures weekly backup (please note this will increase cost)
- IPv6 => deployctl is ipv6 compliant
- optional Monitoring
- Add SSH-key IMPORTANT
- If you created a new account: add New SSH key
- to create a new key checkout How to Setup SSH keys and copy and paste in above window
- Choose a Hostname IMPORTANT
- Set hostname as per domain you have for deployctl
- Important to set it correct, the setup scripts use the domain name!!
- Optionaly add a Tags for your droplet e.g.
- deployctl
<domain_name>
<purpose>
- Press Create button and wait a minute.
Setup DNS
Click on your new dropled and Navigate to Networking and take note of the IP Address on the Public network and the Public IPV6 Address.
Navigate to Networking on top menu and select domain. Enter domain, transfer or create new, on transfer one need the domain token, and domain cannot be locked for transfer.
- add a A record for ipv4 to your
<domain_name>
. - add a AAAA record for ipv6 to your
<domain_name>
. - add a ***** CNAME to your
<domain_name>
Prepare new droplet
First we need to secure things a bit, as per good practice, we need to create a user and disable root access over SSH, furthermore it is advisable to to change the ssh-port.
Secondly setting up a firewall with rate limiting etc would be mandatory for a public server.
No worries, we’ve provide scripts for that.
First check the new domain: ping <domain_name>
, please note on transfer and/or move of a domain, it can take a few hours to propagate the <domain_name>
through all dns-servers
So after the droplet was created, open an SSH terminal on your computer:
ssh root@<domain_name>
that should connect immediately if id_rsa_key
is present in your $HOME/.ssh
directory and <domain_name>
pints to our droplet.
Let’s get to work
We provide 3 scripts:
- user_ssh :
- setup user according to the
$ssh_user
- ssh-port according to the
$ssh_port
- ssh disable root login
- ssh disable password login
- setup user according to the
- firewall :
- installs csf Configure Server/Security Firewall
- Configure the firewall to alow port
, http and https on ipv4 and ipv6 - enable rate control
- block failed login ip’s etc
- setup.sh : setup script
nginx
, install nginx from the nginx repo- Register a new runner with tag:
deployctl-<host domain name>
with:- gitlab_url
- registration token checkout creating-and-registering-a-runner for server and token
- install
acme.sh
: Let’s encrypt! (with auto crontab for renewals) - install
deployctl
from the repo and start it.
Putting it all together, in a terminal connected to our new droplet:
Please substitute the export
export ssh_user=<new_user>
export ssh_port=<ssh_port>
curl https://downloads.deployctl.com/latest/files/ssh_user.sh | bash
curl https://downloads.deployctl.com/latest/files/firewall.sh | bash
Now a new user is created with ssh access according to the root authorized_keys
and firewall is configured with access to the new ssh-port
, http and https.
The <new_user>
has as password the <new_user>
, so let’s get a proper password in there:
su - <new_user>
and put use
Test Preparation:
Open New terminal while old one is still open.
ssh <new_user>@<domain_name> -p <ssh_port>
If you get access, it’s time to move on, from this new terminal, and exit the previous terminal.
sudo su - root
to get root access to continue rest of setup.
Setup deployctl:
bash -c "$(curl -s https://downloads.deployctl.com/latest/files/setup.sh)"
Remark: enter gitlab url and token
Done
Check out some other blogs on how to use the new deployctl.