Kuv ib zaug xav txog automating kev xa tawm ntawm kuv qhov project. gitlab.com ua siab zoo muab tag nrho cov cuab yeej rau qhov no, thiab tau kawg kuv txiav txim siab coj kom zoo dua ntawm nws, xam nws tawm thiab sau ntawv me me xa mus. Hauv tsab xov xwm no kuv qhia kuv qhov kev paub dhau los rau cov zej zog.
TL; DR
Teem VPS: lov tes taw hauv paus, nkag mus nrog tus password, nruab dockerd, teeb tsa ufw
Sau npe mus rau daim ntawv pov thawj hauv docker.json
Sau npe nyob rau hauv gitlab variables nyob rau hauv CI / CD teeb tsa nrog cov ntsiab lus ntawm daim ntawv pov thawj. Sau ib tsab ntawv .gitlab-ci.yml rau kev xa tawm.
Yog li koj yuav ib qho piv txwv ntawm DO, thawj qhov koj yuav tsum tau ua yog tiv thaiv koj lub server los ntawm kev ua phem rau sab nraud. Kuv yuav tsis ua pov thawj lossis lees paub dab tsi, Kuv tsuas yog qhia lub cav /var/log/messages ntawm kuv lub server virtual:
Cov Vijtsam
Ua ntej, nruab ufw firewall:
apt-get update && apt-get install ufw
Cia peb tso cai rau lub neej ntawd txoj cai: thaiv txhua qhov kev sib txuas nkag, tso cai rau txhua qhov kev sib txuas:
Lub server ip yuav tsum yog koj li. Tam sim no sim nkag mus siv tus neeg siv koj tau tsim ua ntej; koj tsis tas yuav nkag mus rau tus password. Tom ntej no, hauv kev teeb tsa kev teeb tsa, hloov cov hauv qab no:
sudo nano /etc/ssh/sshd_config
disable password nkag mus:
PasswordAuthentication no
Restart sshd daemon:
sudo systemctl reload sshd
Tam sim no yog tias koj lossis lwm tus neeg sim nkag mus ua tus neeg siv hauv paus, nws yuav tsis ua haujlwm.
Tom ntej no, nruab dockerd, Kuv yuav tsis piav qhia txog cov txheej txheem ntawm no, txij li txhua yam tuaj yeem hloov pauv, ua raws li qhov txuas mus rau lub vev xaib raug cai thiab mus dhau cov kauj ruam ntawm kev txhim kho docker ntawm koj lub tshuab virtual: https://docs.docker.com/install/linux/docker-ce/debian/
Tsim daim ntawv pov thawj
Txhawm rau tswj tus docker daemon nyob deb, yuav tsum muaj kev sib txuas TLS encrypted. Ua li no, koj yuav tsum muaj daim ntawv pov thawj thiab tus yuam sij, uas yuav tsum tau tsim thiab xa mus rau koj lub tshuab tej thaj chaw deb. Ua raws li cov kauj ruam tau muab hauv cov lus qhia ntawm lub vev xaib official docker: https://docs.docker.com/engine/security/https/#create-a-ca-server-and-client-keys-with-openssl Tag nrho cov tsim tawm *.pem cov ntaub ntawv rau lub server, xws li ca.pem, server.pem, key.pem, yuav tsum muab tso rau hauv /etc/docker directory ntawm lub server.
Yog tias txhua yam yog "ntsuab", ces peb xav tias peb tau ua tiav kev teeb tsa docker ntawm lub server.
Teeb tsa kev xa khoom tas mus li ntawm gitlab
Txhawm rau kom tus neeg ua haujlwm Gitalaba tuaj yeem ua tiav cov lus txib ntawm Docker tus tswv tsev nyob deb, nws yuav tsum txiav txim siab yuav ua li cas thiab qhov twg yuav khaws daim ntawv pov thawj thiab tus yuam sij rau kev sib txuas encrypted nrog Dockerd. Kuv tau daws qhov teeb meem no los ntawm kev ntxiv cov hauv qab no rau cov hloov pauv hauv gitlbab nqis: