Damien/Notebook
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Scaleway Deployment Configuration #1

Merged
Damien merged 13 commits from scaleway-deployment into main 2025-11-19 14:42:07 +00:00
Conversation 0 Commits 13 Files Changed 2 -353
1 changed files with 0 additions and 353 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 1e6d82d9ee - Show all commits

353
docs/SCALEWAY_DEPLOYMENT_DOCKER.md
View File

@@ -1,353 +0,0 @@
# Alternative: Docker-based Deployment on Scaleway Instance
This guide provides an alternative deployment method using a Scaleway instance with Docker and Nginx.
## Advantages of this Method
- Full control over the web server
- Easy SSL/TLS setup with Let's Encrypt
- Better caching control
- Custom redirects and URL rewriting
- Lower egress costs for high-traffic sites
## Architecture
```
Gitea → Build Hugo → Push to Scaleway Registry → Deploy to Instance via Docker
```
## Step 1: Create Scaleway Instance
```bash
scw instance server create \
name=notebook-server \
type=DEV1-S \
image=ubuntu_jammy \
zone=fr-par-1
```
Or via console: Create a DEV1-S instance with Ubuntu 22.04
## Step 2: Install Docker on Instance
SSH into your instance and run:
```bash
# Update system
sudo apt update && sudo apt upgrade -y
# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo usermod -aG docker $USER
# Install Docker Compose
sudo apt install docker-compose-plugin -y
# Install Nginx and Certbot
sudo apt install nginx certbot python3-certbot-nginx -y
```
## Step 3: Create Docker Deployment Structure
On your instance, create:
```bash
mkdir -p /opt/notebook
cd /opt/notebook
```
Create `docker-compose.yml`:
```yaml
version: '3.8'
services:
nginx:
image: nginx:alpine
container_name: notebook-nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./public:/usr/share/nginx/html:ro
- ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
- ./ssl:/etc/nginx/ssl:ro
restart: unless-stopped
```
Create `nginx.conf`:
```nginx
server {
listen 80;
server_name notebook.arnodo.fr;
# Redirect to HTTPS
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name notebook.arnodo.fr;
ssl_certificate /etc/nginx/ssl/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
root /usr/share/nginx/html;
index index.html;
# Compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css text/xml text/javascript
application/x-javascript application/xml+rss
application/javascript application/json;
# Cache static assets
location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# Hugo pretty URLs
location / {
try_files $uri $uri/ $uri.html =404;
}
# Custom 404 page
error_page 404 /404.html;
}
```
## Step 4: Configure DNS
Point your domain to the Scaleway instance:
```
notebook.arnodo.fr A <INSTANCE_IP_ADDRESS>
```
## Step 5: Setup SSL Certificate
```bash
sudo certbot certonly --standalone -d notebook.arnodo.fr
# Copy certificates to project directory
sudo cp /etc/letsencrypt/live/notebook.arnodo.fr/fullchain.pem /opt/notebook/ssl/
sudo cp /etc/letsencrypt/live/notebook.arnodo.fr/privkey.pem /opt/notebook/ssl/
sudo chown -R $USER:$USER /opt/notebook/ssl
```
Set up auto-renewal:
```bash
# Add to crontab
0 0 1 * * certbot renew && cp /etc/letsencrypt/live/notebook.arnodo.fr/*.pem /opt/notebook/ssl/ && docker-compose -f /opt/notebook/docker-compose.yml restart nginx
```
## Step 6: Update Gitea Workflow
Create `.gitea/workflows/deploy-docker.yml`:
```yaml
name: Deploy to Scaleway Instance
on:
push:
branches:
- main
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive
fetch-depth: 0
- name: Setup Hugo
uses: peaceiris/actions-hugo@v2
with:
hugo-version: 'latest'
extended: true
- name: Build Hugo site
run: hugo --minify
- name: Install rsync
run: sudo apt-get install -y rsync
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.SERVER_IP }} >> ~/.ssh/known_hosts
- name: Deploy to server
run: |
rsync -avz --delete \
-e "ssh -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no" \
public/ \
${{ secrets.SERVER_USER }}@${{ secrets.SERVER_IP }}:/opt/notebook/public/
- name: Restart Nginx
run: |
ssh -i ~/.ssh/id_rsa ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_IP }} \
"cd /opt/notebook && docker-compose restart nginx"
```
## Step 7: Configure Gitea Secrets
Add to repository secrets:
- `SSH_PRIVATE_KEY`: Your SSH private key for the instance
- `SERVER_IP`: Your Scaleway instance IP
- `SERVER_USER`: SSH user (usually `root` or `ubuntu`)
## Step 8: Create Deployment User (Recommended)
For better security, create a dedicated deployment user:
```bash
# On the Scaleway instance
sudo useradd -m -s /bin/bash deployer
sudo usermod -aG docker deployer
sudo chown -R deployer:deployer /opt/notebook
# Generate SSH key on your local machine
ssh-keygen -t ed25519 -C "gitea-deployment" -f ~/.ssh/notebook_deploy
# Copy public key to instance
ssh-copy-id -i ~/.ssh/notebook_deploy.pub deployer@<instance-ip>
```
Then update the workflow to use `deployer` user.
## Cost Analysis
### Monthly Costs:
- **DEV1-S Instance**: ~€7-10/month
- **100 GB outbound traffic**: Included
- **Additional traffic**: €0.01/GB
- **Total**: ~€10/month for typical blog traffic
### Comparison with Object Storage:
- **More predictable costs**
- Better for high-traffic sites
- More control over caching and optimization
- Easier SSL/TLS management
## Monitoring
Install monitoring tools:
```bash
# Install Prometheus Node Exporter
docker run -d \
--name=node-exporter \
--net="host" \
--pid="host" \
-v "/:/host:ro,rslave" \
quay.io/prometheus/node-exporter:latest \
--path.rootfs=/host
```
Or use Scaleway monitoring (free):
- Enable in console under Instance → Monitoring
- Set up alerts for CPU, memory, disk usage
## Backup Strategy
1. **Automated backups**:
```bash
# Add to crontab
0 2 * * * tar -czf /backup/notebook-$(date +\%Y\%m\%d).tar.gz /opt/notebook
```
2. **Use Scaleway snapshots**:
```bash
scw instance snapshot create volume-id=<volume-id> name=notebook-backup
```
## Security Hardening
1. **Configure firewall**:
```bash
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
```
2. **Disable password authentication**:
Edit `/etc/ssh/sshd_config`:
```
PasswordAuthentication no
PubkeyAuthentication yes
```
3. **Keep system updated**:
```bash
sudo apt update && sudo apt upgrade -y
```
4. **Install fail2ban**:
```bash
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
```
## Troubleshooting
### Check logs:
```bash
docker-compose -f /opt/notebook/docker-compose.yml logs -f
```
### Test Nginx config:
```bash
docker-compose exec nginx nginx -t
```
### Check SSL certificate:
```bash
openssl s_client -connect notebook.arnodo.fr:443 -servername notebook.arnodo.fr
```
## Performance Optimization
Add to `nginx.conf`:
```nginx
# HTTP/2 Server Push
http2_push_preload on;
# Connection optimization
keepalive_timeout 65;
keepalive_requests 100;
# Buffer sizes
client_body_buffer_size 128k;
client_max_body_size 10m;
```
Enable Brotli compression (optional):
```bash
# Add Brotli module to nginx container
# Or use a pre-built image with Brotli support
```
---
This Docker-based approach gives you more control and can be more cost-effective for sites with consistent traffic patterns.