|
2 | 2 |
|
3 | 3 | Infra for utilizing Hetzner low-cost VPS and Docker containers, wrapped in [Coolify](https://coolify.io) as an all-in-one PaaS, to self-host your own applications, databases, or services. |
4 | 4 |
|
5 | | -<p align="center"> |
6 | | - <img src="public/01_infra-diagram.png" width="600" alt="Infrastructure Diagram"> |
7 | | -</p> |
8 | | - |
| 5 | + |
9 | 6 |
|
10 | 7 | ## Prerequisites |
11 | 8 |
|
12 | 9 | Before you begin, ensure you have the following: |
13 | 10 |
|
14 | | -- [Hetzner](https://hetzner.cloud/?ref=Ix9xCKNxJriM) Cloud account |
| 11 | +- [Hetzner Cloud account](https://hetzner.cloud/?ref=Ix9xCKNxJriM) |
15 | 12 | - [Terraform](https://www.terraform.io/downloads.html) |
16 | 13 | - [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) |
17 | | - |
18 | | -## Deployment Steps |
19 | | - |
20 | | -### 1. Generate Hetzner API Token |
21 | | - |
22 | | -Create new project in Hetzner [console](https://console.hetzner.cloud/projects) |
23 | | - |
24 | | -Obtain API token from Hetzner console that will be used by Terraform to interact with the platform. |
25 | | -Navigate to your project and click on SECURITY > API TOKENS > GENERATE API (give read/write access) |
26 | | - |
27 | | -Paste API token in the `.auto.tfvars`. This will overwrite default values in `variables.tf` file. |
28 | | - |
29 | | -### 2. Configure infrastructure |
30 | | - |
31 | | -Choose how many servers you want to have in your cluster. For a minimum, you can create and deploy on your controller, but this is not recommended. Read more about possible configurations and how to use Coolify in the official docs. There is also the possibility to use workers in swarm mode, and you can put a load balancer in front of your cluster. For now, you need to configure lb yourself, but in future Coolify releases, this will be automated. This can get complex as you want to be. |
32 | | - |
33 | | -```shell |
34 | | -hcloud_token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" |
35 | | - |
36 | | -location_list = ["fsn1", "nbg1", "hel1"] |
37 | | -instances_coolify_controler = "1" |
38 | | -instances_coolify_worker = "2" |
39 | | -server_type_coolify_controler = "cx21" |
40 | | -server_type_coolify_worker = "cx21" |
41 | | -os_type = "debian-12" |
42 | | -public_net = true |
43 | | -``` |
44 | | - |
45 | | -### 3. Initialize and Apply Terraform |
46 | | - |
47 | | -Initialize Terraform and apply the configuration: |
48 | | - |
49 | | -```shell |
50 | | -cd hetzner-infra |
51 | | -terraform init --upgrade |
52 | | -terraform validate |
53 | | -terraform apply |
54 | | -``` |
55 | | - |
56 | | -### 4. Define hosts and run ansible playbook |
57 | | - |
58 | | -In your `inventory/hosts` file, specify the IP addresses of your newly created servers obtained from Terraform output, or alternatively, verify them in the Hetzner Cloud console |
59 | | - |
60 | | -```shell |
61 | | -[coolify-controler] |
62 | | -49.13.73.3 |
63 | | - |
64 | | -[coolify-worker] |
65 | | -91.107.208.20 |
66 | | -128.140.0.112 |
67 | | -``` |
68 | | - |
69 | | -Run playbook: |
70 | | -```shell |
71 | | -cd ansible |
72 | | -ansible-playbook playbooks/playbook_install_coolify.yml |
73 | | -``` |
74 | | -Ansible playbook automates the installation of Coolify on controller hosts. It configures common dependencies and enhances system security on both controller and workers hosts: |
75 | | - |
76 | | -- Updates package lists and upgrades all packages to ensure the system is up to date. |
77 | | -- Installs necessary dependencies including UFW and Fail2Ban for enhancing system security. |
78 | | -- Sets up UFW to allow specific incoming traffic and enables it for added security. |
79 | | -- Configures Fail2Ban to prevent unauthorized access attempts by banning malicious IP addresses. |
80 | | -- Implements SSH hardening measures to secure remote access to the system. |
81 | | -- Installs Coolify on controller hosts and configures it to listen on specific ports. |
82 | | -- Configures worker hosts to allow incoming traffic on specified ports required for Coolify operation |
83 | | -. |
84 | | -### 5. Open UI: |
85 | | - |
86 | | -When Ansible finishes, Coolify's UI will be available at: |
87 | | - |
88 | | -```shell |
89 | | -CONTROLER_SERVER_IP:8000 |
90 | | -``` |
91 | | - |
92 | | -Now is the time to configure Coolify. Add your private key that Terraform created, use workers private IPs and add the workers to your cluster. Consult the [documentation](https://coolify.io/docs/) for futher steps. |
93 | | - |
94 | | -## 6. SSH into server |
95 | | - |
96 | | -Terraform creates SSH private and public keys that are added to Hetzner and servers. They are also used by Ansible. Be careful with keys, you don't want to lose them. |
97 | | - |
98 | | -If needed, you can ssh into the server with the following command: |
99 | 14 |
|
100 | | -```shell |
101 | | -ssh root@<server-ip> -i ~/.ssh/self_hosted_hetzner_key.pem |
102 | | -``` |
| 15 | +This second iteration offers more granular control over the infrastructure that is created. |
| 16 | +It abstracts components into modules that can be reused and imported as source. |
103 | 17 |
|
104 | | -### 7. Destroy infrastructure |
| 18 | +Benefits include the ability to change infrastructure components in place, targeting specific components. |
| 19 | +For example, in earlier iterations, you might not have known which server would be destroyed. |
105 | 20 |
|
106 | | -To destroy the infrastructure run the following command: |
| 21 | +Old code is available in the [old_config branch](https://github.com/Ujstor/self-hosting-infrastructure-cluster/tree/old_config) |
107 | 22 |
|
108 | | -```shell |
109 | | -terraform destroy |
110 | | -``` |
| 23 | +***Check [docs](ujstor.github.io/self-hosting-infrastructure-cluster) for more detailed info.*** |
| 24 | +Docs are work in progress. |
0 commit comments