Configuring a New Server on Rocky Linux 8

Important!

The current version of the scripts is designed for various Linux versions, but primarily Debian.
The general idea remains the same, but the installation is now slightly different.
For a new server, look for a more recent version.
This version will be useful for working with already existing services.

This guide describes the process of preparing and configuring a new server for deploying GoCore-based applications. The recommended operating system is Rocky Linux 8.

1. Ordering a Server

• OS: Rocky Linux 8.
• Security: Save the root password in a secure place.

2. Preparing Code and Database

• Identify the working branch of the repository.
• Prepare a database dump (recommended name: DB/ccs.init.sql). Ensure there is no personal data and compliance with the law.

3. Domain Name Configuration

• Configure the A record (IPv4) and AAAA record (IPv6). The presence of IPv6 is critical for the correct operation of certbot when issuing certificates.
• To get IPv6, connect to the server and run ip addr. Look for a line like inet6 ... scope global.

4. Primary OS Configuration

1. Changing the root Password:
   • Generate a password: pwgen -1 32 -cny
   • Change the password: passwd
2. Installing vim: dnf install -y vim
3. Environment Preparation:
   • Create a prepare.sh file, copy the content from CCS.Deployment/prepareOS/prepare.sh into it.
   • Grant permissions and run: chmod u+x prepare.sh && ./prepare.sh
   • Follow the script’s instructions to create a system user (e.g., ccs_app).

5. Service Configuration (CCS.Deployment)

Deployment is performed using podman containers based on templates.

1. Configuration File: An example is in CCS.Deployment/config_template.sh. On the first run of start.sh, it will be copied to config.sh.
2. Configuring Parameters:
   • ccs_app_git_url: Repository SSH URL (starts with git@).
   • ccs_app_git_branch: Project branch.
   • ccs_app_init_sql: Database dump filename.
   • ccs_app_domains: List of domains separated by spaces.
   • services: List the required services, for example: declare services=("db" "ccs_app" "nginx" "backup").

6. Installation and Launch

1. Under the Application User:
   • Generate an SSH key: ssh-keygen && cat ~/.ssh/id_rsa.pub
   • Add the key to the CCS.Deployment repository.
   • Clone the project: git clone -b master git@github.com:CCSMSKRU/CCS.Deployment.git
2. Running the Installation:
   • Copy the launch script: cp ~/CCS.Deployment/start_template.sh ~/start.sh && chmod u+x ~/start.sh
   • Configure config.sh, set config_is_ready=1.
   • Run the installation: ./start.sh install db ccs_app nginx backup

7. Installing SSL Certificates

1. Under root:
   • Create and fill cert.sh (can be taken from CCS.Deployment).
   • Run: ./cert.sh ccs_app (specifying the application username).
2. Reinstalling Nginx:
   • Return to the application user and run: ./start.sh install nginx

8. Useful start.sh Commands

• Logs: ./start.sh log <service_name>
• Restart: ./start.sh restart <service_name>
• Update code: ./start.sh update <service_name>

Important: When restarting the application, it is recommended to also restart nginx: ./start.sh restart ccs_app nginx.