Installation

Requirements

  • Server access with root permissions
  • Get access token for deploy.party from pascal.klesse
  • Configure DNS with A record for YOUR_URL and *.YOUR_URL to SERVER_IP.

Replace follow placeholders with your values:
SERVER_IP: IP of the server
GITLAB_TOKEN: Access token for deploy.party

1. Connect to server as root

ssh root@SERVER_IP

apt-get update && apt-get upgrade -y

2. Create folder

mkdir -p /var/opt/deploy-party

3. Go to folder

cd /var/opt/deploy-party

4. Download files

Docker-compose.prod.yml is the file for the deploy.party and docker-compose.traefik.yml is the file for the traefik reverse proxy. The init.sh and update.sh are the scripts for the deploy.party. Replace GITLAB_TOKEN with the access token from deploy.party.

curl --header "PRIVATE-TOKEN: GITLAB_TOKEN" "https://gitlab.lenne.tech/api/v4/projects/91/repository/files/docker-compose.prod.yml/raw?ref=main" >> docker-compose.yml

curl --header "PRIVATE-TOKEN: GITLAB_TOKEN" "https://gitlab.lenne.tech/api/v4/projects/91/repository/files/docker-compose.traefik.yml/raw?ref=main" >> docker-compose.traefik.yml

curl --header "PRIVATE-TOKEN: GITLAB_TOKEN" "https://gitlab.lenne.tech/api/v4/projects/91/repository/files/init.sh/raw?ref=main" >> init.sh && chmod +x init.sh

curl --header "PRIVATE-TOKEN: GITLAB_TOKEN" "https://gitlab.lenne.tech/api/v4/projects/91/repository/files/update.sh/raw?ref=main" >> update.sh && chmod +x update.sh

5. Set environment variables in docker-compose.yml

Generate web push creds

npx web-push generate-vapid-keys

nano docker-compose.yml

Add the generated keys to the docker-compose.yml and set an instance name for your instance.
app:

...
      WEB_PUSH_KEY: '' # add public key here from npx web-push generate-vapid-keys
...

api:

...
      WEB_PUSH_PRIVATE_KEY: '' #  # add private key here from npx web-push generate-vapid-keys
      WEB_PUSH_PUBLIC_KEY: ''  # add public key here from npx web-push generate-vapid-keys
      INSTANCE_NAME: ''  # add instance name here for example Mustermann - deploy-party
...

6. Configure ufw

ufw allow 22

ufw allow ssh

ufw allow 80/tcp

ufw allow 443/tcp

ufw default allow outgoing

ufw default deny incoming

ufw deny 27017/tcp

ufw enable

7. Install fail2ban (optional)

https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-22-04

8. Run init script

  • YOUR_URL: The URL for deploy.party => traefik will be hosted on lb.YOUR_URL and deploy.party on YOUR_URL. Example: deploy.example.com
  • YOUR_EMAIL: The email for ssl certificates Example: admin@example.com
  • USERNAME: The username for the basic auth for traefik Example: admin
  • PASSWORD: The password for the basic auth for traefik Example: extremlyStrengthPassword123
  • PAT: The personal access token for the gitlab api Example: gpat-123213210392188ds90a088421
sh init.sh YOUR_URL YOUR_EMAIL USERNAME PASSWORD GITLAB_TOKEN

9. Check container are running

docker ps

10. Check urls

Now Traefik UI will be available at lb.YOUR_URL and deploy.party at YOUR_URL. Traefik has basic auth lock and can be accessed with the USERNAME and PASSWORD you set in the init.sh script.

11. Login to deploy.party

Default credentails can be found in 1Password.

Please create a new admin account and delete the old one.

Table of Contents