💻
Today I Learned
  • README
  • analytics
    • convert json perline to panads data frame
    • hierarchical data format
    • pandas format custom date in data frame
  • bash
    • bash forloop
    • parameter expansion
    • prompt confirmation in bash
  • db
    • disabling foreign key when importing dump
    • postgres add object to jsonb array from the same column
    • postgres audit log trigger
    • postgres naming trigger
    • postgres rename enum
    • postgres reset sequence after import
    • postgres skip table from restore
    • set a column with value from different table
  • dgraph
    • dgraph docker compose whitelist ip
  • docker
    • docker compose make sure postgres is ready before starting other service
  • fish
    • edit last command in editor
  • git
    • checkout last branch
    • different between two dots and three
    • force fail commit on master
    • git finish helper script delete current branch and update master
    • git mergetool and diff with p4merge
    • global gitignore file
    • intellij as diff and mergetool
    • push only current branch
    • reset email multiple commit
    • sign commit with pgp
    • worktree switching branch without stash
  • go
    • default math.rand.source is thread save while rand.new source is not
    • deploying go to a vpn ubuntu server with github and ssl
  • k8s
    • copy file to pod
    • getting cpu and memory usage for container
    • how cert manager and letsencrypt challenge works
    • kubernetes resource short name
    • scale deployment
    • view secret
  • linux
    • boot zfs root filesystem on grub
    • clearing up swap space
    • connect bluetooth device from cli
    • get full argument from a process
    • merge multiple pdf into a single file
    • removing old kernel
    • symbolic vs hard link
    • zfs auto snapshot
    • zfs external backup drive with snapshot and encryption
  • net
    • dnssec
    • html form submit to different action depending on properties
    • ldap list users
  • osx
    • checksum a file from a url
    • cluster ssh in iterm2 with i2cssh
    • list open port
    • manage clipboard easily with jumpcut
    • pipe output to clipboard with pbcopy and pbpaste
    • show hidden file
    • sign application with self certificate
    • starting program on startup with login items
  • python
    • count frequency with lambda
    • dijkstra algorithm shortest path
    • double slash arithmetic operator
    • min and max of dict values
    • python3 match case
    • reduce and opeator
  • react
    • react named export vs default export
    • react useeffect
    • react.useref
  • unix
    • bulk renaming multiple file
    • convert pdf to text using ocr
    • diff output of 2 command
    • encryption with gpg
    • extend letsencrypt certificate with dns challenge
    • ffmpeg monitor and restart stream when it hung or stall
    • file size older than x days
    • filtering json with jq
    • find lines that matches on 2 different sorted file
    • find out what is using swap
    • fish environment variables from 1password
    • fix gpg warning unsafe permissions on homedir
    • formatting or parse json in command line
    • get all line except n last one
    • grep print only matched
    • grep using input file as pattern to search other file
    • jq counting lenght of an array
    • jq extracting properties to arrays from json row line
    • keep n recent item in folder
    • open last command in the editor with fc
    • parsing epoch timestamp to date
    • pbcopy alternative for copying to clipboard
    • process pipe operator
    • record a web stream to youtube
    • regex for validating password
    • rename tmux window
    • repeat content of text x time
    • replacing last command and execute it
    • reusing last command argument
    • send slack message from command line
    • sending curl post with file
    • sort file inline
    • specify compression level in tar gzip
    • zsh ctrl p same behavior as up arrow
  • vim
    • paste yanked text on command buffer
  • web
    • this article is published to dev to with github action
Powered by GitBook
On this page
  • Setup user and home
  • Install NGINX & Letsencrypt
  • Install systemd service
  • Deploy with Github Action

Was this helpful?

  1. go

deploying go to a vpn ubuntu server with github and ssl

Deploy a go application to a small server with SSL support and Github as CI/CD

Assumptions:

  • root repository contain main.go with the package name `aocweb`

  • we are using small VPS with ubuntu 20.04

  • app will be deployed to /home/web/aocweb

  • App runs HTTP on PORT 8080

Setup user and home

some VPS have root as default user, if not already we can create a user. In this example web

adduser web
usermod -aG sudo web

Install NGINX & Letsencrypt

sudo apt-get update
sudo apt-get install nginx
sudo ufw allow 'Nginx HTTP'

sudo apt-get install certbot python3-certbot-nginx
sudo certbot --nginx

Generate certificate

sudo certbot --nginx certonly

to test auto renewal

sudo certbot renew --dry-run

Add /etc/nginx/sites-enabled/example.com

server {
       listen         80;
       server_name    example.com;
       return         301 https://$server_name$request_uri;
}

server {
        server_name example.com;
        listen 443 ssl;
        ssl on;
        ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        root /var/www/html;

        location / {
                proxy_pass http://127.0.0.1:8080;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
	
	location /ws {
		proxy_buffering off;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Real-IP $remote_addr;proxy_pass http://127.0.0.1:8080/ws;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

Install systemd service

if the application requires environment we can put it on /home/web/aocweb/.env

ENV=prod
CLIENT_ID=abcdef

create /etc/systemd/system/aocweb.service

[Unit]
Description= AocWeb app
After=network.target
After=mysql.service

[Service]
User=web
Group=www-data

EnvironmentFile=/home/web/aocweb/.env
WorkingDirectory=/home/web/aocweb
ExecStart=/home/web/aocweb/aocweb web

[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload

To make sure we can run systemctl restart with sudo without password. Create sudo configuration file (make sure to use visudo so you don't accidentally locked your self.

visudo -f /etc/sudoers.d/systemctl

With content

web ALL=NOPASSWD: /usr/bin/systemctl restart aocweb
web ALL=NOPASSWD: /usr/bin/systemctl status aocweb

Deploy with Github Action

Generate SSH key for deployment

ssh-keygen -t ed25519 -C "user@email.com"    

example with that command I created 2 files on ~/.ssh/ : aocweb & aocweb.pub

add generated public key to server

Copy the content of aocweb.pub to /home/web/.ssh/authorized_key. This allows login with ssh private key. Test that you can login to the server with that key (check ssh -v output)

Add secrets

create these secrets on the github repository

  • HOST

  • KEY

  • USERNAME

KEY is the content of aocweb.pub ssh key

Github workflow

create .github/workflows/release.yaml

name: Release

on:
  push:
    branches:
    - release

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2

    - name: install go
      uses: actions/setup-go@v2
      with:
        go-version: '1.17.3'

    - name: build
      run: go build .

    - name: send binary
      uses: appleboy/scp-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        source: "aocweb"
        target: "/home/web/aocweb"

    - name: restart
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.HOST }}
        username: ${{ secrets.USERNAME }}
        key: ${{ secrets.KEY }}
        script: sudo systemctl restart aocweb && sudo systemctl status aocweb
Previousdefault math.rand.source is thread save while rand.new source is notNextk8s

Last updated 3 years ago

Was this helpful?

Encrypted secrets - GitHub DocsGitHub Docs
Logo