My Site setup

4-minute read
gitlab nginx rsync website

Seems that it is a mandatory second post, so here it goes. We’ll need:

  1. A domain (mine is karasz.im)
  2. A GitLab Account
  3. A Linux server (I rent a Cloud one from Hetzner)
  4. DNS I use Cloudflare for DNS hosting

Domain

It is important to have a domain that you own and reflects you. This is one of the best investments that you can make with your web presence. If you don’t know what a domain is you can check this.

Now that you are back we can talk domains ;-).

A lot of entities that will sell domain names, from them I chose Gandi.

There are some principles that you could follow (if so inclined) when choosing a domain name:

  1. Stick with .com. Well yeah usually that is the first thing that you will hear when shopping for a domain. While it is true that .com is the most popular top level domain, it is also true that it is the most crowded domain space so the best chance is that the domain you want to register is already taken, I tend to not agree with this rule hence my top level domain of choice.

  2. Make it brandable. The domain is the first impression that a visitor has about you (even before it visits) so it must stand out and be something that can be branded. Try to avoid generic domains and domains that do not represent you (there are only a very few cases ever where you want your website to be beepboopboy39.com).

  3. Keep it as short as possible. While IamJohnDoeandIlikeChokolatewithRum.com might be a brandable domain (not really sure) it is too long and that means that users have more chances to make typos. ijdlcr.com is safer. Aim for 6-14 characters.

  4. Make it easy to type and pronounce. Keep in mind that there will be occasions in which you will transmit your domain via voice (this is not only registered but also a mouthfull). Avoid double letters, hyphens and numbers

  5. Think about the fact that this domain will stick with you and changing it is kind of painful.

  6. Think about trademarks, you can check your domain name at Knowem

So now that we decided about the domain we can check:

GitLab

If you don’t have a GitLab account get over to GitLab and create one, it’s free.

Create a new Project (hit Projects>Create from Template) and choose Pages/Hugo and name it like the domain you bought then clone the repository to your computer.

Server

As I said previously I rent a cloud server from Hetzner, their interface is nice and intuitive and they also have a powerful API and client so you can create resources programmatically. The following commands are for an Ubuntu server which already has nginx set up and working and with DNS pointing to it. The general setup of the server will probably be another post as this one is already getting a bit long. Suffice to say that you need to have a general user with sudo rights that connects to that server and is able to perform management tasks. This user is a different one from the user that we will create in a moment

Create the user we will use for file transfer tasks blogger.

adduser blogger

Create the ssh infrastructure for it

mkdir -p /home/blogger/.ssh
touch /home/blogger/.ssh/authorized_keys
cd /home/blogger/.ssh/
ssh-keygen -f .ssh/blogger-key
cat .ssh/blogger-key.pub >> .ssh/authorized_keys
chmod 700 /home/blogger/.ssh
chmod 600 /home/blogger/.ssh/authorized_keys
chown -R blogger:blogger /home/blogger

Copy securely the private key to your machine.

Install rssh on the machine and modify the blogger user to not be able to login but only to transfer files.

apt install rssh
usermod blogger -s /usr/bin/rssh

Edit /etc/rssh.conf and enable rsync by removing the comment from allowrsync

GitLab again

Back on gitlab territory we will need to go to the Project>Settings>CI/CD>Variables and click Expand, here wil will register some variables for later use:

Variable Value
DEPLOY_PATH This is the path on the server where the site resides something along /var/www/somedir
SERVER This is the hostname of the server in my case karasz.im used later to ssh to the server
SERVER_USER The user we created, blogger
SSH_HOST_KEY The host keys for the server, we can get them with ssh-keyscan karasz.im
SSH_PRIVATE_KEY The content of /home/blogger/.ssh/blogger-key

Try to make all the variables as Protected and as much as you can Masked.

Back on your computer

After you checked out the repository from GitLab you will need to modify the .gitlab-ci.yml and add the following content:

deploy:
  image: alpine:latest
  before_script:
  - apk update && apk add openssh-client bash git rsync hugo
  - git submodule update --init --recursive
  script:
  - hugo
  - eval $(ssh-agent -s)
  - bash -c 'ssh-add <(echo "${SSH_PRIVATE_KEY}")'
  - mkdir -p ~/.ssh
  - echo "${SSH_HOST_KEY}" > ~/.ssh/known_hosts
  - rsync -hrvz --exclude=_ -e 'ssh -p 22' public/ "${SERVER_USER}"@"${SERVER}":"${DEPLOY_PATH}"
  only:
  - master

Now you can save git commit -a and git push and if everything went well you should see your new website.