Playground Web Server Install Memo

Confined, again.
This time I took a cheap VPS to play, this humble weblog is its first incarnation.

Base installation

I want to keep things simple, as my VPS will be mainly for experimenting, my goal is to have the faster workflow from my local to prod environment.

The distrib used is debian 10 “buster”.
I just had to install 2 programs: Caddy and docker.

Personal account

I just added myself to sudo and docker, and then copied my SSH key with ssh-copy-id.
The only important thing here is to remember to test a connection, before we disable password login.

Deployer account

The deployer account have to belong to docker group.
We must give it a password, just for the sake of authorizing its SSH key on the machine.

sudo useradd --create-home -s /bin/bash deploy
sudo adduser deploy docker
sudo passwd deploy
sudo su deploy
ssh-keygen -o -b 4096
ssh-copy-id -i ~/.ssh/ localhost

Base security

Disable the possibility to login with a password, the line to uncomment and change is PasswordAuthentication no
Then let’s remember to try to login in another terminal, before quitting the server and figure out that we forgot some detail.

sudo vim /etc/ssh/ssh_config
sudo systemctl restart sshd


I’ll be publishing my static experiments in /var/www, so I change the ownership of this dir so that the deployer can write there.

sudo mkdir -p /var/www/
sudo chown -R deploy.deploy /var/www

My Caddyfile looks like this: {
	root * /var/www/
} {

Then we need to reload Caddy with sudo systemctl reload caddy.
That’s all I did to have my domain served with SSL, as Caddy provides automatic-https

Gitlab CI

Now I can have gitlab ci automatically deploy when I push on this site repo.

For the CI part, we need to add the deployer account SSH key in the repository environment variables, and create the destination dir on the server.

sudo su - deploy -c 'cat /home/deploy/.ssh/id_rsa'
sudo su - deploy -c 'mkdir /var/www/test'

My gitlab ci file looks like this:

    - build
    - deploy

    stage: build
        - git submodule update --init
        - hugo
            - public

    stage: deploy
        - "which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )"
        - eval $(ssh-agent -s)
        - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
        - mkdir -p ~/.ssh
        - chmod 700 ~/.ssh
        - ssh-keyscan $PROD_SERVER_IP >> ~/.ssh/known_hosts
        - chmod 644 ~/.ssh/known_hosts
        - ssh deploy@$PROD_SERVER_IP "rm -rf /var/www/*"
        - scp -rp public/* deploy@$PROD_SERVER_IP:/var/www/

That’s it!