Setting up a webserver

Setting up a new webserver

This is a guide to setting up a new webserver based on the template found here website-template.

The general idea is that the cloned repository will be used to manage a webserver on a remote vps (without being cloned to the vps).

The repository includes scripts and Taskfile tasks to set up and manage the webserver, but the webserver itself never needs the repository cloned to it.

Additionally, the sites that are hosted on the webserver will generally be their own repositories. This repo provides tasks and examples that can be used in those other repositories to set up easy or automated deployment.

There are many ways to achieve many of these steps. I will give examples of what I use, the same outcomes can be achieved many ways.

Clone repository

First, create a new repository from the template.

Using the GitHub CLI to create a new repository based on the template.

gh repo create --template TimChild/webserver-template webserver-personal

Pulling changes from the template repository

When you create a new repository from a template, it is a one-time operation. This creates an entirely separate repository from the template repository. If you would like to be able to pull updates from the template repository, you can add it as a remote.

git remote add template [email protected]:TimChild/webserver-template.git

This adds the template repository as a remote called template. You can then pull changes from the template repository as needed. This will allow you merge changes from the template repository into your own repository.

git pull --rebase template main

By using --rebase the local changes will be applied on top of the changes from the template repository.

If there are conflicts, the rebase will pause and the conflicts will need to be resolved manually.

Tasks and scripts

The main things to note initially are:

• Taskfile – This is a modern alternative to Makefile written in go, and designed for more general purpose automation (much like a typical Makefile often gets used for even though it was originally for compiling code).
• scripts/ – This directory contains many scripts. Some are called locally by tasks and run on your llocal machine, others are intended to run on the remote server that will act as the webserver. In general, these are intended to be run via task commands, but it is helpful to be aware of them to understand what is happening.

Use task -l to see a list of available tasks.

Initial setup of VPS

Now let’s create a new virtual private server (VPS) that will become our webserver.

I use DigitalOcean for this, but there are many other options. The tasks and scripts here are written with DigitalOcean in mind, but should only require minimal adaptation for other providers.

DigitalOcean uses the term droplet to refer to their VPSs. I will use this terminology here.

Creating a droplet

We’ll start using tasks to achieve most things from here on.

task droplet:create-new DROPLET_NAME="webserver2"

Several other arguments can be passed to this task such as size, image, etc. (look in the taskfile-droplet.yml file to see them all).

These values will be validated against the DigitalOcean API, so if you pass an invalid value, the task will fail and tell you what you did wrong.

Defaults are set to create a small droplet.

Note

You might want to set some default values for SSH_KEY_NAME and PROJECT in the taskfile-droplet.yml file. E.g.

    vars:
      ...
      SSH_KEY_NAME: '{{default "tim-linux" .SSH_KEY_NAME}}'
      PROJECT: '{{default "Personal" .PROJECT}}'

This will actually run a series of scripts/tasks sequentially.

flowchart LR;
    A([create-new]) --> B[bash scripts/create-droplet.sh]
    A --> C([setup-new])
    C --> D[doctl compute ssh & scripts/setup-droplet-security.sh]
    C --> E[scripts/update-ssh-config.sh]
    C --> F([setup-config])
    C --> G([setup-docker])
    F --> H[[ssh < scripts/setup-droplet-config.sh]]
    G --> I[[ssh < scripts/setup-docker.sh]]

    classDef task fill:#ffccff,stroke:#333,stroke-width:2px,color:#333;
    classDef script fill:#ccccff,stroke:#333,stroke-width:2px,color:#333;
    classDef remote_script fill:#ccffcc,stroke:#333,stroke-width:2px,color:#333;

    class A,C,F,G task;
    class B,D,E script;
    class H,I remote_script;

    subgraph key
        K1(["Task"])
        K2["Local Script"]
        K3[["Remote Script"]]
    end

    class K1 task;
    class K2 script;
    class K3 remote_script;

If task fails…

If the task fails, it’s possible that the droplet just wasn’t fully booted up yet.

Check if the droplet was created with doctl compute droplet list.

If so, run the setup task manually with task droplet:setup-new DROPLET_NAME="webserver2"

Note

This will also update your ~/.ssh/config file to append an entry for the new droplet under the same name.

From this point on, the SSH_NAME will be referred to instead of the DROPLET_NAME.

A webadmin user (with sudo privilidges) has been created on the droplet, and that is the user we will connect to from now on.

You should now be able to run ssh webserver2 to connect to the vps.

Additional SSH Config

Adding this to your ~/.ssh/config file can speed up sequential ssh connections by reusing connections:

# Enable ssh multiplexing (faster sequential connections)
Host *
  ControlMaster auto
  ControlPath ~/.ssh/sockets/%r@%h-%p  # Note: .ssh/sockets dir must exist
  ControlPersist 10  # seconds

Setting up the webserver

I do the webserver part of the setup separately since the droplet creating can be useful for other things.

task droplet:setup-webserver SSH_NAME="webserver2"

This does a few things:

• Sends configuration files (these will be updated later as well).
• Creates some required directories
• Copies scripts to the server that are useful to call from automated workflows (e.g. a GitHub Actions deploy workflow in a site repository.)

Add webserver as an additional alias to the ~/.ssh/config entry to allow using the default SSH_NAME in the tasks.

This makes it easier to switch to a new server without having to modify any tasks (just move the webserver alias).

Optional – Copy state of existing webserver

This is only useful if migrating a webserver to a new vps for example.

If you already have sites set up and running on a server, but are in the process of creating a new server, most things will already have been set up on the new server just by following the steps above (all config files etc. will have been copied over). But some site specific data, like .env files, may be missing.

Rather than running the deploy tasks for each site, copying the current state of the running server should only require copying the ~/sites/ directory from the old server to the new server.

The ~/sites/ directory contains all the data for each site, including .env files for example. A typical sites dir might look like this:

sites/
├── site1
│   ├── .env
│   └── static
│       ├── ...
│       └── index.html
└── site2
    ├── .env
    └── static
        ├── ...
        └── index.html

This can be copied from one server to another with rsync:

rsync -avz webserver1:sites/ /tmp/sites
rsync -avz /tmp/sites webserver2:sites
rm -rf /tmp/sites

Then just restart the compose services:

ssh webserver2 "docker compose down && docker compose up -d"

Summary

The webserver is set up and ready to host sites. See the guides below for adding different types of sites:

• Static Site
• Site with a backend