Automated Deployment with GitHub Webhooks and SSL Configuration
To achieve your requirements, you'll need to set up a deployment process that automatically manages branch updates, builds your project, and serves it with appropriate SSL configurations. Below is a high-level step-by-step guide to help you set everything up:
Step 1: Prepare Your Server Environment
Before you start setting up automatic deployments, ensure that your server is properly configured.
-
Ensure Node.js and npm are Installed
- Install Node.js and npm on your server if you haven't done so already.
sudo apt update sudo apt install nodejs npm -
Install PM2 for Process Management
- PM2 is a Node.js process manager that makes it easy to run your app as a service.
npm install -g pm2 -
Install and Configure NGINX
- Install NGINX to serve your applications and handle SSL.
sudo apt install nginx -
Install Certbot for SSL
- Certbot can automatically obtain and renew SSL certificates from Let's Encrypt.
sudo apt install certbot python3-certbot-nginx
Step 2: Set Up GitHub Webhooks
Set up GitHub Webhooks on your repository to trigger scripts on your server whenever there are updates to the main or stage branches.
-
Create a Webhook in GitHub
- Go to your GitHub repository.
- Navigate to Settings > Webhooks.
- Add a new webhook with your server’s public URL (e.g.,
https://your-server.com/webhook). - Ensure it listens only to push events.
-
Set Up Express App to Listen to Webhooks
- Write a simple Node.js express app to listen to GitHub Webhooks.
const express = require('express'); const { exec } = require('child_process'); const app = express(); app.use(express.json()); app.post('/webhook', (req, res) => { const branch = req.body.ref.split('/').pop(); if (branch === 'main') { exec('cd /path-to-your-app && git pull && npm install && npm run build && pm2 restart main', (err, stdout, stderr) => { if (err) { console.error(`Error: ${stderr}`); return res.sendStatus(500); } console.log(stdout); res.sendStatus(200); }); } if (branch === 'stage') { exec('cd /path-to-stage-app && git pull && npm install && npm run build && pm2 restart stage', (err, stdout, stderr) => { if (err) { console.error(`Error: ${stderr}`); return res.sendStatus(500); } console.log(stdout); res.sendStatus(200); }); } }); const PORT = process.env.PORT || 3000; app.listen(PORT, () => console.log(`Server running on port ${PORT}`));- Save this script and run it using PM2:
pm2 start webhook.js
Step 3: Configure NGINX and SSL
-
Configure NGINX for Your Domains
- Edit your NGINX configuration files to route requests to your app and handle SSL.
server { listen 80; server_name arisdomain.com; location / { proxy_pass http://localhost:MAIN_APP_PORT; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } server { listen 80; server_name stage.arisdomain.com; location / { proxy_pass http://localhost:STAGE_APP_PORT; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } -
Set up SSL with Certbot
sudo certbot --nginx -d arisdomain.com -d stage.arisdomain.comThis command will configure SSL on both your main and stage domains.
-
Auto-renew SSL Certificates
Certbot handles auto renewal by default, but you can check your cron job.
sudo certbot renew --dry-run
Step 4: Use Systemd for Webhook Script
-
Create a Systemd Service
Create a systemd service file for your webhook server to ensure it starts with the system.
sudo nano /etc/systemd/system/webhook.service
[Unit] Description=GitHub Webhook Listener After=network.target [Service] ExecStart=/usr/bin/node /path-to-your-webhook.js Restart=on-failure [Install] WantedBy=multi-user.target -
Enable and Start the Service
sudo systemctl enable webhook sudo systemctl start webhook
With these steps, your server should automatically deploy updates from the main and stage branches from GitHub to your specified domains, secure them with SSL, and restart the server whenever necessary.