Various commands, important tutorials and settings for building and deploying services in a continuous way.
Approached Infrastructure Providers: Digital Ocean & Microsoft Azure.
CI: GitLab CI.
Author: Levindo Gabriel Taschetto Neto.
Used to take and run the jobs from GitLab.
curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | sudo bash
sudo apt-get install gitlab-runner- Go to the Project.
- Settings.
- CI/CD.
- Expand the Runners menu.
- Click "Disable shared Runners".
- Pay attention to the following information:
sudo gitlab-runner register- gitlab-ci coordinator URL: 2. from the previos image.
- gitlab-ci token for this runner: 3. from the previos image.
- gitlab-ci description for this runner: Anything.
- gitlab-ci tags for this runner: Tasks from the .gitlab-ci.yml file.
- gitlab-ci coordinator URL: docker.
- gitlab-ci coordinator URL: Any image, once this info is specified within the .gitlab-ci.yml file.
If everything went smoothly, this message will show up:
Runner registered successfully. Feel free to start it, but if it is running already the config should be automatically reloaded!And the runner should appear on the activated runners within the same page of configuration.
https://docs.gitlab.com/ee/ci/ssh_keys/ SSH_PRIVATE_KEY <- id_rsa in the ci settings variables
cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keyssudo apt-get install nginx
sudo nano /etc/nginx/sites-available/defaultCopy (nginx-config/http2)[nginx-config/http2] into it.
nginx -t -c /etc/nginx/nginx.confservice nginx reloadJun 10 23:56:30 dawntech systemd[1]: Failed to start A high performance web server and a reverse proxy server.
Close everything on Port 80 and run sudo service nginx restart.
Which results in a
YEAR/MONTH/DAY HOUR:MINUTE:SECOND [notice] 69063#69063: signal process started
on /var/log/nginx/error.log.
cat /var/log/nginx/error.logsudo mkdir /etc/nginx/ssl
sudo chown -R root:root /etc/nginx/ssl
sudo chmod -R 600 /etc/nginx/ssl
sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048sudo service nginx stop
The port 80 must be added to an inbound security rule, once it's accessed on the verification of Let's Encrypt.
- Go to Networking.
- Click the button Add inbound port rule.
- Fill up the information as the follow image.
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
Options may be found on ssl.
sudo certbot --nginx-server-root /etc/nginx
After the proccess is finished, the configuration will be able to be tested on https://www.ssllabs.com/ssltest/analyze.html?d=<DOMAIN_HERE>&latest.
https://www.digitalocean.com/community/questions/ssh-copy-id-not-working-permission-denied-publickey
https://dzone.com/articles/changing-a-gitlab-runner-from-locked-to-a-project
It happened because the apache2 service was also running, therefore:
sudo /etc/init.d/apache2 stop
TODO azure/.
Add a new entry to the file /etc/nginx/sites-available/default, such as the one below:
server {
server_name donna-api.dawntech.dev;
location / {
proxy_pass http://localhost:5090;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/donna-api.dawntech.dev/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/donna-api.dawntech.dev/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}sudo service nginx stop
sudo certbot --nginx # Follow the steps with the new subdomain and redirect
sudo fuser -k 80/tcp
sudo service nginx restart