Setting up a production ready VPS is a lot easier than I thought.

Share

Summary

This video details the process of setting up a production-ready Virtual Private Server (VPS) from scratch. It covers the requirements for a production environment, including DNS, application deployment, security, high availability, automated deployments, and monitoring. The video also explores technical approaches, tool selection, and a step-by-step guide to configuring a VPS using Docker, Traefik, and Watchtower, demonstrating that the process is significantly easier than commonly perceived.

Highlights

Introduction to VPS vs. Serverless & Project Requirements
00:00:00

The video starts by discussing the benefits of a VPS over serverless platforms for long-running tasks and large data transfers, highlighting cost consistency. The presenter outlines a challenge to set up a production-ready VPS from scratch and introduces a simple guestbook web app as the project. Key requirements for a production-ready setup are defined: DNS record, application running, TLS over HTTPS, SSH hardening, firewall, high availability (load balancer), automated deployments, and website monitoring.

Technical Approach and Hostinger VPS Setup
00:02:43

The presenter chooses simple tooling, avoiding Kubernetes, full-featured solutions like Coolify, or Infrastructure as Code (Terraform). The video then introduces Hostinger as the sponsor, detailing its affordable VPS offerings. The setup process on Hostinger involves selecting an Ubuntu 24.04 LTS operating system, disabling malware scanning, setting a strong root password, and adding an SSH public key for secure login. A new non-root user with sudo permissions is created for daily operations.

DNS Setup and SSH Hardening
00:06:50

A new domain name (zen.cloud) is purchased from Hostinger, and a DNS A record is configured to point to the VPS IP address. While waiting for DNS propagation, the presenter focuses on hardening SSH. This involves removing password authentication, disabling root login, and disabling PAM authentication in the SSH daemon configuration. The presenter also discusses the option of changing the SSH port but opts to keep the default for this tutorial.

Deploying the Web Application with Docker
00:10:32

The web application, a Go-based guestbook, is initially deployed by cloning the repository and building it on the VPS. However, the preferred method is containerization using Docker. Docker and Docker Compose are installed, and the user is added to the Docker group. A PostgreSQL database password is set using a Docker Compose secret, and the entire application stack (guestbook and PostgreSQL) is deployed using Docker Compose. The application is confirmed to be running and accessible via the domain name on port 8080.

Firewall Configuration with UFW
00:14:45

A firewall is set up using Uncomplicated Firewall (UFW) to only allow SSH (port 22), HTTP (port 80), and HTTPS (port 443). The presenter notes a caveat: Docker's port exposure can override UFW rules. To address this, the video suggests not defining ports in the Docker Compose file directly but instead using a reverse proxy.

Implementing a Reverse Proxy and Load Balancer with Traefik
00:17:10

Traefik is chosen as the reverse proxy. It is added as a service to the Docker Compose file, configured to listen on ports 80 (HTTP) and 8080 (for its web UI). Traefik is set up to route requests for 'zen.cloud' to the guestbook service using Docker labels. Traefik also inherently provides load balancing, which is demonstrated by scaling the guestbook service to three replicas, increasing availability and user experience despite being on a single node.

Automatic TLS Certificates with Traefik
00:21:14

Traefik's built-in functionality for automatic TLS certificate generation from Let's Encrypt is configured. This involves adding specific commands and labels to the Traefik and guestbook services in Docker Compose, ensuring all communication happens over HTTPS (port 443). An HTTP to HTTPS redirect is also implemented to automatically reroute traffic from port 80 to port 443.

Automated Deployments with Watchtower
00:23:32

Automated deployments are set up using Watchtower, a service that monitors Docker images for updates. Watchtower is added to the Docker Compose file, configured to poll for new images every 30 seconds. The guestbook service is labeled for Watchtower monitoring, and its Docker image tag is explicitly set to 'prod' to enable Watchtower to detect and redeploy new versions. The video addresses the issue of downtime during redeployments by enabling Watchtower's rolling restart feature.

Website Monitoring and Conclusion
00:27:54

For basic website monitoring, Uptime Robot is used, which periodically checks website availability and sends email notifications if an error is detected. Finally, the Traefik web UI is removed from the exposed ports, and the Docker Compose stack is redeployed in a detached state. The presenter concludes by emphasizing that setting up a production-ready VPS was easier than anticipated, largely due to tools like Traefik and Watchtower, and thanks Hostinger for their sponsorship.

Recently Summarized Articles

Loading...