Deploy with Docker

Similar to how we did it in lesson 1, we will be deploying using CI and SSH, but instead of git, we will be using Docker.

Deploying with Docker is very similar to deploying with git in that we need to spin up a new server and use SSH to issue commands, however, as you will soon appreciate, there are some considerable differences.

Create Droplet#

Start by spinning up a new Droplet in DigitalOcean. Press Create in the top right corner and select Droplet from the dropdown.

Instead of selecting a standard distribution, we will now select the Docker preset from the apps in the marketplace.

Once you have selected the image, select your preferred plan. As this is a tutorial, we will choose the cheapest one, but for production software, you might need more, depending on your applications.

For now you can skip extra block storage, but consider using this if you are storing uploads or other persistent data.

For the region, simply choose the closest to your location (or target location), and for authentication select SSH keys so that you can get access to the server once we create it.

Finalize the application by leaving the other options as default values and press Create Droplet.

We just need to wait for the Droplet to be created, so stay put for a few minutes.

Server setup#

Similar to what we did with the Git deployment, we now need to make our server secure and adjust some settings. SSH into your new server by getting its IP address from the Droplet page.

If you get a prompt for adding the host to your known list, you can accept it.

Set up firewall with UFW#

The Docker server comes with some default firewall setup. Everything is blocked except for ports 22, 2375 and 2376, but we only want port 22 and 80 to allow for SSH and browser (HTTP) access. The next step is to set up our firewall, and for this we will be using a tool called UFW. The steps taken will be very similar tothis tutorial from DigitalOcean.

By executing the below, we are by default denying all incoming, and allowing all outgoing connections. We are also allowing incoming SSH (port 22) and HTTP (port 80) connections.

IMPORTANT: before going further, be sure that you allowed SSH (port 22) from above, as you won't be able to access your server again if you don't, and will have to delete the droplet and start over.

Now we have to enable UFW to get the firewall up and running.

Add a CI user#

As we want our pipeline to access our server and run a script to update our application to the latest version, we need a separate user, only allowed to do these exact actions, for security reasons.

Let's start by adding the user and giving it a secure password.

We also need to add it to the Docker user group:

Once the new ci user is set up, we can switch to it and confirm that we actually have access to Docker:

Now we also want to make sure that we can log in remotely. In the ci account, we need to create a SSH key which can be used by our pipeline:

The generator will give you a couple of prompts, but just enter your way through them to leave them to their default values.

Once the key is generated, we want to place it in the authorized keys so that we can log in using it.

 

This page is a preview of Build and deploy a REST API with Deno

Start a new discussion. All notification go to the author.