deployment_dcdn_static/README.md

# Deployment DCDN Static

Deployment [**D**ebian](https://www.debian.org/) (os) + [**C**addy](https://caddyserver.com/) (webserver) + [**D**irectus](https://directus.io/) (cms) + [**N**uxt](https://nuxt.com/) (static front).

## Installation

On a fresh install as root user using

`sudo passwd root`

`su - root`

1. Upgrade

`apt update && apt upgrade -y`

2. Install git

`apt install -y git`

3. Download and make the instal script executable

`git clone https://gitea.valentin-le-moign.fr/val/deployment_dcdn_static`

`cd deployment_dcdn_static`

4. Launch the script

`bash install.sh`

## Environment

Tested and optimised for [OVH VPS Starter](https://www.ovhcloud.com/fr/vps/cheap-vps/).

## Installation steps

1. Install php for the webhook
2. Create a user
3. Setup ssh, firewall and fail2ban
4. Add swapfile
5. Install Caddy webserver
6. Install MariaDB
7. Setup the Directus Database
8. Install Node
9. Prompt for the url
10. Install and run Directus
11. Install and run the front-end
12. Setup a webhook

## Post-install

0. Delete unix Debian account

`userdel --remove-home debian`

1. Configure DNS Zone
```
Domain : <domain_name>     | Type : A | Target : <ip>
Domain : cms.<domain_name> | Type : A | Target : <ip>
Domain : www.<domain_name> | Type : A | Target : <ip>
```


2. Set Directus roles
```
Website role   Read content collections and directus_files
User role      All permissions on content collections, directus_files and directus_folders
```


3. Create a webhook
`<repo_url>/settings/hooks/gitea/new`
```
Target URL             https://<domain_name>/webhook.php
Branch filter          prod
Authorization Header   generate a safe string using : openssl rand -base64 32
```

## Ref

[Debian Web Server](https://figureslibres.io/gogs/bachir/debian-web-server)

[Securing a dedicated server](https://help.ovhcloud.com/csm/en-gb-dedicated-servers-securing-server?id=kb_article_view&sysparm_article=KB0043969)