Setup a deployctl deployment server on Digital Ocean for use with Gitlab to deploy static websites and releases.

setup deployctl

Prerequisites

• a Digital-Ocean Account
• a domain name, or sub-domain name
• a ssh-terminal program
• a public ssh-key for connecting to the new droplet
• And most important a gitlab account, private or public instance

Setup

Create a new drop-let on DO

if you don’t have an account yet consider to support this project by following this link.

1. Select image Centos, 7.x (deployctl with scripts and RPM was writen for Centos7)
2. Select size, in most cases, the 5$ option will do, giving you around 15G for deployment of websites and releases.
3. Select Region
4. Aditional Options
   • optional Backups-> ensures weekly backup (please note this will increase cost)
   • IPv6 => deployctl is ipv6 compliant
   • optional Monitoring
5. Add SSH-key IMPORTANT
   • If you created a new account: add New SSH key
   • to create a new key checkout How to Setup SSH keys and copy and paste in above window
6. Choose a Hostname IMPORTANT
   • Set hostname as per domain you have for deployctl
   • Important to set it correct, the setup scripts use the domain name!!
7. Optionaly add a Tags for your droplet e.g.
   • deployctl
   • <domain_name>
   • <purpose>
8. Press Create button and wait a minute.

Setup DNS

Click on your new dropled and Navigate to Networking and take note of the IP Address on the Public network and the Public IPV6 Address.

Navigate to Networking on top menu and select domain. Enter domain, transfer or create new, on transfer one need the domain token, and domain cannot be locked for transfer.

• add a A record for ipv4 to your <domain_name>.
• add a AAAA record for ipv6 to your <domain_name>.
• add a ***** CNAME to your <domain_name>

Prepare new droplet

First we need to secure things a bit, as per good practice, we need to create a user and disable root access over SSH, furthermore it is advisable to to change the ssh-port.

Secondly setting up a firewall with rate limiting etc would be mandatory for a public server.

No worries, we’ve provide scripts for that.

First check the new domain: ping <domain_name>, please note on transfer and/or move of a domain, it can take a few hours to propagate the <domain_name> through all dns-servers

So after the droplet was created, open an SSH terminal on your computer:

ssh root@<domain_name>

that should connect immediately if id_rsa_key is present in your $HOME/.ssh directory and <domain_name> pints to our droplet.

Let’s get to work

We provide 3 scripts:

1. user_ssh :
   • setup user according to the $ssh_user
   • ssh-port according to the $ssh_port
   • ssh disable root login
   • ssh disable password login
2. firewall :
   • installs csf Configure Server/Security Firewall
   • Configure the firewall to alow port , http and https on ipv4 and ipv6
   • enable rate control
   • block failed login ip’s etc
3. setup.sh : setup script
   • nginx, install nginx from the nginx repo
   • Register a new runner with tag: deployctl-<host domain name> with:
     • gitlab_url
     • registration token checkout creating-and-registering-a-runner for server and token
   • install acme.sh : Let’s encrypt! (with auto crontab for renewals)
   • install deployctl from the repo and start it.

Putting it all together, in a terminal connected to our new droplet:

Please substitute the export with your correct setup.

export ssh_user=<new_user>
export ssh_port=<ssh_port>

curl https://downloads.deployctl.com/latest/files/ssh_user.sh | bash
curl https://downloads.deployctl.com/latest/files/firewall.sh | bash

Now a new user is created with ssh access according to the root authorized_keys and firewall is configured with access to the new ssh-port, http and https.

The <new_user> has as password the <new_user>, so let’s get a proper password in there:

su - <new_user>

and put use as ` (current) UNIX password: ` and input your new password.

Test Preparation:

Open New terminal while old one is still open.

ssh <new_user>@<domain_name> -p <ssh_port>

If you get access, it’s time to move on, from this new terminal, and exit the previous terminal.

sudo su - root to get root access to continue rest of setup.

Setup deployctl:

 bash -c "$(curl -s https://downloads.deployctl.com/latest/files/setup.sh)"

Remark: enter gitlab url and token

Done

Check out some other blogs on how to use the new deployctl.