Skip to main content

Deployment

Introduction

In this part we will see how we did the setup of the VPS, to host our service. We own a domain name oseryx.com that is available at this moment, and a server that has 2vCPU and 8Gb of RAM.

VPS Setup

SSH Hardening

The fist thing we did, is create a special user to SSH into the server, we blocked any password login we only accept SSH keys, and SSH into root is forbidden and was removed.

Firewall

The second thing was adding a firewall, we allow any outgoing traffic, but all incoming traffic is blocked by default, except for the ones that come on these ports:

  • 22 the SSH port
  • 80 the HTTP port
  • 443 the HTTPS port in this server, every request is encrypted with TLS/SSL, so any request that comes into port 80 is redirected to port 443.

Docker

Finally we installed Docker, and also containerized our Django server so it can be used anywhere on any machine that has Docker.

Deployment

Now we need to actually deploy our app to be available on the web. For this we will use the following containers:

  • Django Server the backend service we developed and explain in chapter 2
  • Redis the cache database for our websocket connections
  • PostgreSQL the database for our users
  • Traefik a reverse proxy, loadbalancing and encryption app that will orchestrate the traffic on the network.
  • React Website the actual website where the operators and guests will connect on, and will be explained in the next chapter.

Backend architecture

Docker Swarm

We use Docker Swarm to allow the auto scaling of our service, if our VPS is not enough we can add a second one and third one and Docker will replicate the necessary containers to ensure reliability and availability.

Docker Stack

We also use Docker Stack instead of Docker Compose, which has multiple advantages, like auto scaling, failures fallbacks in case of a bad image version it rolls back to the previous stable version, load balancing etc.

Traefik

Traefik is a key piece of this whole orchestration, it serves a reverse proxy and encryption, every network request coming in or out of the VPS passes by traefik, if it gets out it get encrypted, if in it get decrypted, which secures our Django Server that only works with HTTP. It also routes the requests if the request are from the api.oseryx.com url the request is forwarded to the Django Server, if it comes from the oseryx.com url the request is forwarded to the React Website.

Automated Deployment and Fallback

We also developed an auto deployment system with Github Actions, every time we push a change in the main branch of the repository, an action is triggered that builds the necessary docker images, publish them and deploy them automatically in our VPS without the need of human intervention. There’s also a fallback system, if the container we build crashes, the VPS uses the previous stable container version.

Conclusion

In this section we deployed our Django Server to the web, and we also talked about the React Website that will be our interface for the operator, and it will be explained in the next chapter.