Server & CI/CD Set-up

Owner: Project Lead Last revision: 22.07.2022

A guide to installing LEMP Stack (Linux - nginx - MariaDB - PHP) on VPS and setting up a continuous deployment process from a Github repository.

Our preferred VPS provider is Linode. The below pages are taken from their guidelines, but should apply to any VPS provider.

$ sudo apt-get install nginx
Go to {ip} in your browser, you should see Welcome to nginx! page. If it’s not running, then: $ sudo service nginx start

Our preferred DNS provider is Cloudflare.

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:ondrej/php
$ sudo apt-get update
$ sudo apt-get install php8.1-fpm php8.1-cli php8.1-common
$ sudo apt-get install php8.1-curl php8.1-gd php8.1-mbstring php8.1-mysql php8.1-xml
Check status with $ service php8.1-fpm status // check status. If it’s not running, then $ sudo service php8.1-fpm start

$ sudo apt-get install mariadb-client mariadb-server
$ sudo mysql_secure_installation
If you can’t connect to mysql with root user:
- sudo mysql
- UPDATE mysql.user SET plugin = 'mysql_native_password';
- FLUSH PRIVILEGES;
Create database and user
- mysql -u root -p
- CREATE DATABASE {database};
- CREATE USER '{username}'@'localhost' IDENTIFIED BY '{password}';
- GRANT ALL ON {database}.* TO {username}@`localhost`;
- FLUSH PRIVILEGES;

Never leave it installed for projects in production!

$ curl -sS https://getcomposer.org/installer -o composer-setup.php
$ sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
Check of correctly installed $ composer
Install unzip, which is necessary for composer install
- $ sudo apt-get install unzip

Generate SSH key (for root user)
- $ ssh-keygen -t rsa
Set up SSH key in Github
- $ cat ~/.ssh/id_rsa.pub
- Copy key to clipboard
- Go to Github repository -> Settings -> Deploy keys and add your key
$ sudo apt-get install git
$ mkdir /var/www/{appdomain.com}
$ sudo chown -R www-data:www-data /var/www/{appdomain.com}
$ cd /var/www/{appdomain.com}
$ git clone [email protected]:{repo_url}.git .
$ mkdir /var/www/{staging.appdomain.com}
$ sudo chown -R www-data:www-data /var/www/{staging.appdomain.com}
$ cd /var/www/{staging.appdomain.com}
$ git clone [email protected]:{repo_url}.git .
$ git checkout staging // or develop

Create script file on CI/CD server in /var/lib/jenkins/scripts
Set up Jenkins pipeline
- Clone an existing project
- Change repo
- Change script file path

Add deploy keys to GitHub repo (Settings / Deploy keys) for user that handles pull on remote server (usually root, as commands run with sudo)
Create push webhook on GitHub repo (Settings / Webhooks): https://ci.gofurther.digital/github-webhook/
Make sure the CI/CD server jenkins user has SSH access to remote server
- Create jenkins user on remote server and give sudo rights
- Add jenkins public key to ~/.ssh/authorized_keys on remote server
- Add line jenkins ALL=(ALL) NOPASSWD: ALL to /etc/sudoers on remote server
- Add remote server to ~/.ssh/known_hosts
Clone GIT repo into /var/build (and /var/www if you haven’t done o yet)

All the following step shall be done on the CI/CD server:

Create script file on CI/CD server in /var/lib/jenkins/scripts/backups
Set up Jenkins pipeline
- Clone an existing project
- Change script file path
Make sure the CI/CD server jenkins user has SSH access to remote server
- Create jenkins user on remote server
- Add jenkins public key to ~/.ssh/authorized_keys on remote server
- Add remote server host key to ~/.ssh/known_hosts
Make sure the remote server jenkins user has rsync access to backup server
- Add jenkins public key to /.ssh/authorized_keys on backup server
- Add backup server host key to ~/.ssh/known_hosts