Digital Ocean - dev ops

Spin up server with NGINX hosted website

• Enter domain name for site here:
• Enter your username here:
• Enter your github username here:
• Enter your project name here:
• After you finish step 1, come back here and input the IP of the remote server here:

# Ideally in the future this will just require one command that handles spinning up everything but for now this is what we have

Instructions

1. Create Digital Ocean Droplet with the most basic settings.
2. Enable the firewall "Firewall" for the newly created droplet # This is important for security
3. Run slg-digital-ocean-droplet-setup -r 192.168.1.1 -u steven -dn on your local machine # use -h to check all options # If you don't have slg-dev-ops installed, install with pip install slg-dev-ops # If after this step it appears that the installation did not occur properly, the first 3 steps will need to be done again, as the setup fails randomly # I'm not sure if this occurs due to the shared compute nature of the servers I've tested on but its simple enough to recreate a new Droplet
4. Once thats done, ssh to the remote server with ssh steven@192.168.1.1 # If everything installed correctly you should be able to type "slg-" then hit tab and see many options available to you from the dev ops package
5. Install NGINX with slg-install-nginx. If you are on something other than Ubuntu 20.04 then you will need to slg-install-nginx -h to see what parameters need to be changed. The options available to you are listed. There may be more codename's available than listed if a later version of Ubuntu/Debian comes out.
6. Once that script has run, ensure it has been installed properly by visiting 192.168.1.1 in the browser # Should see the NGINX default page
7. Install firewall with slg-install-firewall
8. Run slg-init-remote-crontab -u steven to add PATH extension to crontab
9. Make sure you pointed your domain name to your new IP. Run sudo -E env "PATH=$PATH" slg-setup-tls-ssl-nginx example.com -u steven to setup HTTPS for the domain # The sudo -E env "PATH=$PATH" is so that sudo uses the users PATH so that slg scripts are available to the root's PATH
10. Run this to make your conf file act as a reverse proxy and use HTTP/2 sudo -E env "PATH=$PATH" slg-init-nginx-conf-gunicorn -f /etc/nginx/conf.d/project.conf -d example.com,www.example.com
11. Run sudo mkdir -p /var/www/html/static to make the directory where nginx will serve static files from
12. If you need to obfuscate the javascript, install obfuscator with sudo npm install -g javascript-obfuscator
13. Run detached mongo docker instance with sudo docker run -p 27017:27017 -v /home/steven/project-mongo:/data/db -d mongo # add support for Postgres in the future # also note the location of the persistent volume

The next commands relate to pulling projects from github and things to keep in mind

1. Pull project and remember to recurse submodules git clone --recurse-submodules git@github.com:username/project.git
2. Optionally create a virtual environment and then pip3 install -r requirements.txt
3. Update any config files for production values
4. Do any npm installs in related frontend (or backend) directories
5. Also, remember to run any initialization scripts and set up any cron jobs. Example: TwitchClip site which didn't have any streamer clips to retrieve
6. Run server with gunicorn --bind 127.0.0.1:5000 -w 1 wsgi:app
7. When you are at a desired place: Ctrl-C to kill gunicorn then Run gunicorn as a daemon gunicorn --bind 127.0.0.1:5000 -w 1 wsgi:app --daemon

# TODO 10. Create repository from github boilerplate 11. Update nginx server configuration for the site to point to the gunicorn instance 12. Create gunicorn socke 13. Build github action that, upon pushes to master branch, pushes

Create a Firewall with a list of IP's

# Get IP's from here https://api.github.com/meta
requests.post(
    'https://api.digitalocean.com/v2/firewalls/',
    headers={
        "Authorization": "Bearer $DIGITALOCEAN_TOKEN",
        "Content-Type": "application/json"
    },
    data=json.dumps({
        "name":"Firewall",
        "inbound_rules":[
        {
            "protocol":"tcp",
            "ports":"22",
            "sources": {"addresses": gh_action_ips[:900] }
        },
        {
            "protocol":"tcp",
            "ports":"22",
            "sources": {"addresses": gh_action_ips[900:1800] }
        },
        {
            "protocol":"tcp",
            "ports":"22",
            "sources": {"addresses": gh_action_ips[1800:] }
        },
    ]})
)