Deploy with Docker
Similar to how we did it in lesson 1, we will be deploying using CI and SSH, but instead of git, we will be using Docker.
Deploying with Docker is very similar to deploying with git in that we need to spin up a new server and use SSH to issue commands, however, as you will soon appreciate, there are some considerable differences.
Start by spinning up a new Droplet in DigitalOcean. Press
Create in the top
right corner and select
Droplet from the dropdown.
Instead of selecting a standard distribution, we will now select the
preset from the apps in the marketplace.
Once you have selected the image, select your preferred plan. As this is a tutorial, we will choose the cheapest one, but for production software, you might need more, depending on your applications.
For now you can skip extra block storage, but consider using this if you are storing uploads or other persistent data.
For the region, simply choose the closest to your location (or target location), and for authentication select SSH keys so that you can get access to the server once we create it.
Finalize the application by leaving the other options as default values and
We just need to wait for the Droplet to be created, so stay put for a few minutes.
Similar to what we did with the Git deployment, we now need to make our server secure and adjust some settings. SSH into your new server by getting its IP address from the Droplet page.
If you get a prompt for adding the host to your known list, you can accept it.
Set up firewall with UFW#
Docker server comes with some default firewall setup. Everything is
blocked except for ports 22, 2375 and 2376, but we only want port 22 and 80 to
allow for SSH and browser (HTTP) access. The next step is to set up our
firewall, and for this we will be using a tool called UFW. The steps taken will
be very similar tothis tutorial
By executing the below, we are by default denying all incoming, and allowing all outgoing connections. We are also allowing incoming SSH (port 22) and HTTP (port 80) connections.
IMPORTANT: before going further, be sure that you allowed SSH (port 22) from above, as you won't be able to access your server again if you don't, and will have to delete the droplet and start over.
Now we have to enable UFW to get the firewall up and running.
Add a CI user#
As we want our pipeline to access our server and run a script to update our application to the latest version, we need a separate user, only allowed to do these exact actions, for security reasons.
Let's start by adding the user and giving it a secure password.
We also need to add it to the Docker user group:
Once the new
ci user is set up, we can switch to it and confirm that we
actually have access to Docker:
Now we also want to make sure that we can log in remotely. In the
we need to create a SSH key which can be used by our pipeline:
The generator will give you a couple of prompts, but just
enter your way
through them to leave them to their default values.
Once the key is generated, we want to place it in the authorized keys so that we can log in using it.