93 lines
2.4 KiB
Markdown
93 lines
2.4 KiB
Markdown
# Deployment DCDN Static
|
|
|
|
Deployment [**D**ebian](https://www.debian.org/) (os) + [**C**addy](https://caddyserver.com/) (webserver) + [**D**irectus](https://directus.io/) (cms) + [**N**uxt](https://nuxt.com/) (static front).
|
|
|
|
## Installation
|
|
|
|
On a fresh install as root user using
|
|
|
|
`sudo passwd root`
|
|
|
|
`su - root`
|
|
|
|
1. Upgrade
|
|
|
|
`apt update && apt upgrade -y`
|
|
|
|
2. Install git
|
|
|
|
`apt install -y git`
|
|
|
|
3. Download and make the instal script executable
|
|
|
|
`git clone https://gitea.valentin-le-moign.fr/val/deployment_dcdn_static`
|
|
|
|
`cd deployment_dcdn_static`
|
|
|
|
4. Launch the script
|
|
|
|
`bash install.sh`
|
|
|
|
## Environment
|
|
|
|
Tested and optimised for [OVH VPS Starter](https://www.ovhcloud.com/fr/vps/cheap-vps/) on Debian 12.
|
|
|
|
## Installation steps
|
|
|
|
1. Install php for the webhook
|
|
2. Create a user
|
|
3. Setup ssh, firewall and fail2ban
|
|
4. Add swapfile
|
|
5. Install [**C**addy](https://caddyserver.com/) webserver
|
|
6. Install [MariaDB](https://mariadb.org/)
|
|
7. Setup the [**D**irectus](https://directus.io/) Database
|
|
8. Install [Node](https://nodejs.org/fr)
|
|
9. Prompt for the url
|
|
10. Install and run [**D**irectus](https://directus.io/)
|
|
11. Setup backup
|
|
12. Setup [node exporter](https://github.com/prometheus/node_exporter)
|
|
13. Install and run the front-end
|
|
14. Setup a webhook
|
|
|
|
## Post-install
|
|
|
|
0. Delete unix Debian account
|
|
|
|
`userdel --remove-home debian`
|
|
|
|
1. Configure [DNS Zone](https://help.ovhcloud.com/csm/fr-dns-edit-dns-zone)
|
|
```
|
|
Domain : <domain_name> | Type : A | Target : <ip>
|
|
Domain : cms.<domain_name> | Type : A | Target : <ip>
|
|
Domain : www.<domain_name> | Type : A | Target : <ip>
|
|
```
|
|
|
|
|
|
2. Set [Directus roles](https://docs.directus.io/user-guide/user-management/users-roles-permissions.html)
|
|
```
|
|
Website role Read content collections and directus_files
|
|
User role All permissions on content collections, directus_files and directus_folders
|
|
```
|
|
|
|
|
|
3. Create a [Gitea](https://about.gitea.com/) webhook
|
|
`<repo_url>/settings/hooks/gitea/new`
|
|
```
|
|
Target URL https://<domain_name>/webhook.php
|
|
Branch filter prod
|
|
Authorization Header generate a safe string using : openssl rand -base64 32
|
|
```
|
|
|
|
4. Setup [Umami](https://umami.is/) tracking
|
|
|
|
Add a new website to track from the Umami interface as an admin user
|
|
|
|
Settings → Add Website
|
|
|
|
|
|
## Ref
|
|
|
|
[Debian Web Server](https://figureslibres.io/gogs/bachir/debian-web-server)
|
|
|
|
[Securing a dedicated server](https://help.ovhcloud.com/csm/en-gb-dedicated-servers-securing-server?id=kb_article_view&sysparm_article=KB0043969)
|