Deploy with SSH and Git

We will deploy our application to a server using CI, SSH and git.

Deploy with SSH and git#

We will now create our first deployment using git and SSH. Although it's not the prettiest, and has its flaws, it's by far the easiest way to get up and running.

To be able to follow this tutorial, you will need a DigitalOcean account (see the Deployment Introduction lesson in this module for instructions).

Create Droplet#

Log into your Digital Ocean account if have not already done this. We will now proceed with creating a server which is called aDroplet in DigitalOcean.

Press the green Create button in the top right of the DigitalOcean console, and select Droplets from the dropdown.

You should now be on the Droplet creation page. Select the latest LTS image from Ubuntu, and then choose the smallest available CPU option from the Basic plan (should be $5 a month).

Skip adding block storage, and choose the datacentre closest to you (the location doesn't really matter for this tutorial). Accept the defaults for VPC network, and don't check any of the boxes for additional options.

For authentication, add your SSH key, and if you don't have one, follow their guide on how to create an SSH key. Only select one Droplet, and keep the default hostname. Keep the tags empty, select your default project, and don't select backups.

Finally press Create, and your Droplet should be up and running in a couple of minutes.

Server setup#

You should now be able to SSH into your new server by getting its IP address from the Droplet page.

If you get a prompt for adding the host to your known list, you can accept it.

You should now be inside your server. For good measure, run an update and upgrade to make sure that you have the latest updates. We should also take this opportunity to install Make and Deno, as we'll be using them soon.

Set up firewall with UFW#

The next step is to set up our firewall, and for this we will be using a tool called UFW. The steps taken will be very similar tothis tutorial from DigitalOcean.

By executing the below, we are by default denying all incoming, and allowing all outgoing connections. We are also allowing incoming SSH (port 22) and HTTP (port 80) connections.

IMPORTANT: before going further, be sure that you allowed SSH (port 22) from above, as you won't be able to access your server again if you don't, and will have to delete the Droplet and start over.

Now we have to enable UFW to get the firewall up and running.

Add a CI user#

As we want our pipeline to access our server and run a script to update our application to the latest version, we need a separate user, only allowed to do these exact actions, for security reasons.

Let's start by adding the user and giving it a secure password.

Now we also need to give it sudo permissions and make the access passwordless:

Once the new ci user is set up, we can switch to it and confirm that the sudo is indeed passwordless:

If you get no errors or password prompts, you can exit out of the root user and back into the ci user:

Now we also want to make sure that we can log in remotely. In the ci account, create an SSH key which can be used by our pipeline:

The generator will give you a couple of prompts, but just enter your way through them to leave them at their default values.

Once the key is generated, we want to place it in the authorized keys so that we can log in using it.

Lastly, copy the private key locally so that we can use it in the pipeline later.

Install database#

There are multiple ways of running Postgres, but generally you want to use a managed service likeDO's Managed Databases. That being said, for small hobby projects, or where you know what you are doing, you can also install it locally on your server. I will show both approaches, so choose the one best suited for you.

Local Postgres#

First let's install PostgreSQL. We will mostly followthis guide, but in summarized steps. Execute the following:

Postgres should now be running, so we can access it via psql which will allow us to directly query the database from our shell.

For security reasons, our application should never use the default postgres user when connecting, so we will need to change it, and for good measure, we should use MD5 authentication instead of the linux connected user. One reason for this is so that we have the server users separated from the database, and also so that we won't have to place server credentials in our application.

With the command below, change the default Postgres password to something you will remember.

Don't forget the semicolon (;) at the end of each database query!

 

This page is a preview of Build and deploy a REST API with Deno

Start a new discussion. All notification go to the author.