-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
ae0dade
commit 78bdd79
Showing
8 changed files
with
740 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| --- | ||
| layout: post | ||
| title: "Building my own infrastructure I" | ||
| date: 2020-08-10 10:00:00 +0100 | ||
| categories: development | ||
| comments: true | ||
| --- | ||
|
|
||
|  | ||
|
|
||
| I used to have my projects spread in different systems: | ||
|
|
||
| * [Github pages](https://pages.github.com/) | ||
| for my [Jekyll](https://jekyllrb.com/) personal blog. | ||
| * [Heroku](https://heroku.com) for my [Django](https://www.djangoproject.com/) | ||
| apis and also a [React](https://reactjs.org/) web application. | ||
| * External services for databases | ||
| ([Postgres](https://www.postgresql.org/), [Elasticsearch](https://www.elastic.co/)...). | ||
| * Other static hostings... | ||
|
|
||
| I decided to start the trip of building my own infrastructure | ||
| and migratinf all projects to a centralized system. | ||
|
|
||
| What do I gain with this? | ||
|
|
||
| * Costs reduction | ||
| * Easier customization | ||
| * Services are centralized & you gain control | ||
| * Lots of learning! | ||
|
|
||
| And what do I lose? | ||
|
|
||
| * Time and speed. | ||
|
|
||
| Is it worth? Maybe... | ||
| In my case I was willing to introduce my self in systems world | ||
| so I decided to put my hands on work to figure it out! | ||
|
|
||
| The first thing I did was improve my linux skills with two | ||
| [lpic-1](https://www.lpi.org/our-certifications/lpic-1-overview) courses. | ||
| It is always really useful to have a good operating system knowledge, | ||
| even if you are not working as devops nor system administrator. | ||
|
|
||
| Before starting the migration of any project I though about what I needed and | ||
| how to structure my server. | ||
| These are the projects I had: | ||
|
|
||
| * [jordifierro's](https://jordifierro.com) My personal blog. | ||
| It uses Jekyll framework and was hosted on Github pages | ||
| (which has Jekyll automatic building integrated). | ||
| * [Taddapp](https://taddapp.com) A simple landing page for an Android application. | ||
| I don't want to remeber where it was hosted... | ||
| * [Pachatary](https://pachatary.com) An Android & iOS application. | ||
| I had the api in Heroku and was using heroku plugins (external services) | ||
| for databases, mailer, etc. Images were (and are) stored on AWS S3. | ||
| * [Llaor](https://llaor.com) A dictionary web. Same as pachatary: | ||
| api and web where hosted on Heroku. | ||
|
|
||
| _(Heroku is a great service to quickly/easily deploy and scale anything, | ||
| but it is a bit expensive...)_ | ||
|
|
||
| So, I must implement a multiple domain hosting server | ||
| that can deliver statics, respond RESTful api requests, | ||
| store databases and connect to external services... | ||
|
|
||
| To achieve that, projects have to be prepared: | ||
| * Dockerize them (for both testing and running). | ||
| * Make them configurable. Setup variables must be injectable (eg: `env.list` files). | ||
| * Write an strong README documentation. | ||
|
|
||
| Once I'd had the schema in my mind I defined the pieces. | ||
| I should pick a linux distro ([Ubuntu server](https://releases.ubuntu.com/20.04/)). | ||
| Use [Nginx](https://www.nginx.com/) as a server | ||
| (to deliver statics and also as reverse proxy for api's). | ||
| [Docker](https://www.docker.com/) plays a very important role: | ||
| to build statics, run applications and test, store databases, etc. | ||
| making dependencies management much more easy. | ||
| And [Jenkins](https://www.jenkins.io/) to handle tests, deploys, backups... | ||
|
|
||
| And... to complicate it a little bit I added a requirement: | ||
| zero-downtime deployments. | ||
| So [Haproxy](http://www.haproxy.org/) comes into the equation. | ||
| Putting Haproxy before Nginx allows you to have multiple instances of an app | ||
| and load balance between them. | ||
|
|
||
| I already had the domains (at [namecheap](https://namecheap.pxf.io/4bR69)) | ||
| so I opened an account on [digital ocean](https://m.do.co/c/8edd7aed3fee) | ||
| (it is a cheap and easy ,I didn't want any complicated features). | ||
| I created a server instance there choosing Ubuntu 20.04 (LTS) x64 as image. | ||
|
|
||
| Here starts the journey! | ||
|
|
||
| Follow me to the [next post](https://jordifierro.com/building-my-own-infrastructure-2)! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| --- | ||
| layout: post | ||
| title: "Building my own infrastructure II" | ||
| date: 2020-08-10 12:00:00 +0100 | ||
| categories: development | ||
| comments: true | ||
| --- | ||
|
|
||
|  | ||
|
|
||
| At the [first post](https://jordifierro.com/building-my-own-infrastructure-1) | ||
| of this series I have explained the background and planned the system. | ||
|
|
||
| Once I had a running instance of ubuntu server, | ||
| first thing I did was secure it a little bit. | ||
| What I wanted was to avoid intrusions and decrease risks in case of them. | ||
| To do that, I created a sudo user, closed root and password ssh logins, | ||
| changed ssh port to prevent sniffer scripts to find it easily | ||
| and setup a firewall. | ||
|
|
||
| Here are the steps: | ||
|
|
||
| Login as root on your server. | ||
|
|
||
| Create your user, add a password to it and make it sudoer: | ||
| ```bash | ||
| useradd -m -s /bin/bash myuser | ||
| passwd myuser | ||
| usermod -aG sudo myuser | ||
| exit | ||
| ``` | ||
|
|
||
| Generate your ssh key (if not already done), add it to your server user trusted keys | ||
| and ssh into server: | ||
| ```bash | ||
| ssh-keygen | ||
| ssh-copy-id myuser@serverip | ||
| ssh myuser@serverip | ||
| ``` | ||
|
|
||
| Configure and activate firewall: | ||
| ```bash | ||
| sudo ufw allow ssh | ||
| sudo ufw allow 80/tcp | ||
| sudo ufw allow 443/tcp | ||
| sudo ufw allow 322/tcp # for ssh later use | ||
| sudo ufw --force enable | ||
| ``` | ||
|
|
||
| Edit ssh config to make it more secure | ||
| (close password and root login and change ssh port): | ||
| ```bash | ||
| sudo vim /etc/ssh/sshd_config | ||
|
|
||
| ---------------------------------- | ||
| Port 322 | ||
| PasswordAuthentication no | ||
| ChallengeResponseAuthentication no | ||
| PermitRootLogin no | ||
| ---------------------------------- | ||
|
|
||
| sudo systemctl restart ssh | ||
| exit | ||
| ``` | ||
|
|
||
| Now you can log in again and delete ssh ufw rule: | ||
| ```bash | ||
| ssh -p 322 myuser@serverip | ||
| sudo ufw delete allow ssh | ||
| ``` | ||
|
|
||
| Once that was done, I installed all the needed software: | ||
| * Docker | ||
| * HAProxy | ||
| * Nginx | ||
| * Jenkins | ||
| * AWS cli _(to store db backups)_ | ||
| * Letsencrypt certbot _(to generate ssl certificates)_ | ||
|
|
||
| Commands to install all these packages are explained in detail | ||
| on [project README](https://github.com/jordifierro/server-setup) | ||
| but almost all of them were installed using `apt install`. | ||
|
|
||
| Keep it reading how I | ||
| [built my own infrastructure](https://jordifierro.com/building-my-own-infrastructure-3)! |
Oops, something went wrong.