Skip to content

4. Infrastructure Setup

Jump to bottom
Daniel Favour edited this page Aug 8, 2024 · 39 revisions

After completing all local tests, the application is ready to be deployed to your server in various environments. Before proceeding with deployment, ensure the following configurations are set up on the server.

Database Setup

Outlined below are the steps to install and create databases for development, staging, and production environments on your server.

Database Installation and Setup

For this project, we are going to use a PostgresDB. Follow these instructions to install and start the database:

  • First, we have to make sure our Linux server is up to date by running this command
sudo apt update
  • Install postgresDB
sudo apt install postgresql -y
  • Start the PostgreSQL database service
sudo systemctl start postgresql
  • Configure the PostgreSQL service to start automatically at boot time
sudo systemctl enable postgresql
  • Check the status of the PostgreSQL service
sudo systemctl status postgresql

Create a Database and User

  • Login with default user (postgres)
sudo -u postgres psql
  • Create a new user
CREATE USER <username> WITH PASSWORD 'password';
  • Create a new database for dev, staging & prod
CREATE DATABASE <db_name>;
  • Grant all privileges on the databases to the new 
GRANT ALL PRIVILEGES ON DATABASE <db_name> TO <username>;
  • Assign database ownership to the 
ALTER DATABASE <db_name> OWNER TO <username>;
  • Login with the created user
psql -h your_server_ip -U your_database_username -d your_database_name

Flyway Migration

Flyway migration files are located in the src/main/resources/db/migration directory.

  • Each migration file should follow the naming convention V<version>__<description>.sql. e.g V1__create_users_table.sql

Here's a sample migration file

-- V1__create_users_table.sql
CREATE TABLE users (
id VARCHAR(255) PRIMARY KEY,
name VARCHAR(255) NOT NULL,
email VARCHAR(255) NOT NULL UNIQUE
);

-- V2__create_profiles_table.sql
CREATE TABLE profiles (
id VARCHAR(255) PRIMARY KEY,
first_name VARCHAR(255),
last_name VARCHAR(255),
phone VARCHAR(255),
avatar_url VARCHAR(255)
);

-- V3__create_products_table.sql
CREATE TABLE products (
id VARCHAR(255) PRIMARY KEY,
name VARCHAR(255) NOT NULL,
description TEXT,
user_id VARCHAR(255) NOT NULL,
FOREIGN KEY (user_id) REFERENCES users(id)
);

-- V4__create_organisations_table.sql
CREATE TABLE organisations (
id VARCHAR(255) PRIMARY KEY,
name VARCHAR(255) NOT NULL,
description TEXT
);

-- Many-to-Many Relationship Table
CREATE TABLE user_organisation (
user_id VARCHAR(255) NOT NULL,
organisation_id VARCHAR(255) NOT NULL,
PRIMARY KEY (user_id, organisation_id),
FOREIGN KEY (user_id) REFERENCES users(id),
FOREIGN KEY (organisation_id) REFERENCES organisations(id)
);
  • Update the application.properties file with your database credentials
# datasource configuration
spring.datasource.url=jdbc:postgresql://localhost:5432/<db_name>
spring.datasource.username=<db_username>
spring.datasource.password=<password>
spring.jpa.hibernate.ddl-auto=validate
  • Create a flyway.conf file in the project root directory with the details below to configure flyway
flyway.url=jdbc:postgresql://localhost:5432/<db_name>
flyway.user=<db_username>
flyway.password=<password>
flyway.locations=classpath:db/migration
flyway.baselineOnMigrate=true
flyway.baselineVersion=1
  • Apply migrations
./mvnw flyway:migrate

Setting up Domain and SSL

Domain and Subdomain

Domains and subdomains are hierarchical structures in a URL where a domain represents the main address (e.g., example.com) and subdomains are prefixes that organize or differentiate parts of the site (e.g., blog.example.com).

The application will be run in different environments and needs a domain pointing to each environment. Get a domain from any domain provider of your choice and configure DNS records for each domain/subdomain to point them to the correct servers.

For example:

Environment Domain/Subdomain
Dev dev.domain.com
Staging staging.domain.com
Prod domain.com

SSL Set Up

To ensure secure access to your domain and subdomains, you need to set up SSL. SSL (Secure Sockets Layer) encrypts the data transmitted between the server and the client, enhancing security.

Steps to Set Up SSL:

  • Install Certbot and its Nginx plugin

Certbot is a tool that automates the process of obtaining and renewing SSL/TLS certificates from Let's Encrypt.

sudo apt install certbot python3-certbot-nginx
  • Once Certbot and the Nginx plugin are installed, you can obtain an SSL certificate for your domain
sudo certbot --nginx -d <domain-name> -d <subdomain1> -d <subdomain2>
  • sudo certbot runs Certbot with root privileges.
  • --nginx tells Certbot to use the Nginx plugin, which will automatically configure your Nginx server to use the obtained SSL certificate.
  • -d <domain-name> The -d flag specifies the domain for which you want to obtain the certificate. You can include multiple domains by adding more -d flags, like -d staging.api-java.boilerplate.hng.tech -d deployment.api-java.boilerplate.hng.tech.

Note: Replace <domain-name> and <subdomain1>, <subdomain2>, etc., with your actual domain and subdomain names.

Reverse Proxy Setup

Setting up a reverse proxy using Nginx involves several steps. Below is a detailed explanation of each step, along with the commands and configuration needed.

  • Update the Package Index Before installing any new packages, it's essential to update the package index to ensure you get the latest versions available.
sudo apt update
  • Install Nginx
sudo apt install nginx
  • Start and Enable Nginx Start the Nginx service and enable it to start automatically on boot.
sudo systemctl start nginx
sudo systemctl enable nginx

Start the Nginx service and enable it to start automatically on boot. sudo systemctl start nginx starts the Nginx service. sudo systemctl enable nginx ensures that Nginx will start automatically when the server boots.

  • Check Nginx Status Verify that Nginx is running correctly.
sudo systemctl status nginx
  • Create a New Server Block Configuration for your Java application

This file will be used to define the server blocks for your application, specifying how Nginx should handle incoming requests.

sudo nano /etc/nginx/sites-available/javaapp.conf
  • Add this configuration to the file

The below configuration sets up Nginx as a reverse proxy for your Java application and handles SSL termination using certificates managed by Certbot.

server {
    server_name api-java.boilerplate.hng.tech;
    location / {
        proxy_pass http://localhost:8080/;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api-java.boilerplate.hng.tech/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api-java.boilerplate.hng.tech/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    listen 80;
    server_name api-java.boilerplate.hng.tech;

    location / {
        return 301 https://$host$request_uri;
    }
}
    
server {
    server_name staging.api-java.boilerplate.hng.tech;

    location / {
        proxy_pass http://localhost:8000/;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/staging.api-java.boilerplate.hng.tech/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/staging.api-java.boilerplate.hng.tech/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    server_name deployment.api-java.boilerplate.hng.tech;

    location / {
        proxy_pass http://localhost:5000/;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/deployment.api-java.boilerplate.hng.tech/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/deployment.api-java.boilerplate.hng.tech/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


    
server {
    if ($host = staging.api-java.boilerplate.hng.tech) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name staging.api-java.boilerplate.hng.tech;
    return 404; # managed by Certbot


}

server {
    if ($host = deployment.api-java.boilerplate.hng.tech) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name deployment.api-java.boilerplate.hng.tech;
    return 404; # managed by Certbot


}

  • server_name: Specifies the domain name for which this server block is responsible. Each environment (production, staging, deployment) has a unique domain.

  • location / { proxy_pass ... }: Forwards incoming requests to the respective backend service running on a specific port (e.g., 8080 for production, 8000 for staging, and 5000 for deployment).

  • listen 443 ssl: Configures Nginx to listen for HTTPS traffic on port 443 with SSL enabled.

  • SSL Configuration:

    • ssl_certificate and ssl_certificate_key: Paths to the SSL certificate and private key provided by Let's Encrypt, managed by Certbot.
    • **include /etc/letsencrypt/options-ssl-nginx.conf:** Includes recommended SSL settings for enhanced security.
    • ssl_dhparam: Specifies Diffie-Hellman parameters for improved security.

  • HTTP to HTTPS Redirection:

    • listen 80: Listens for HTTP traffic on port 80.
    • return 301 https://$host$request_uri: Redirects HTTP traffic to the corresponding HTTPS URL.

Note: Repeat the setup and configuration in the other environments.

  • Enable the Configuration

Create a symbolic link to enable the configuration

sudo ln -s /etc/nginx/sites-available/javaapp.conf /etc/nginx/sites-enabled/

This command creates a link in the sites-enabled directory pointing to your configuration file in sites-available, effectively enabling it.

  • Test the Nginx Configuration Test the Nginx configuration for syntax errors:
sudo nginx -t
  • Reload Nginx to Apply Changes If the test is successful, reload Nginx to apply the changes:
sudo systemctl reload nginx
  • Check Nginx Status Finally, ensure Nginx is running properly after reloading the configuration:
sudo systemctl status nginx

RabbitMQ Server Setup

RabbitMQ is an open-source message broker that facilitates communication between distributed systems by enabling them to send and receive messages asynchronously. It is commonly used to manage and route messages in applications, ensuring reliable and scalable data exchange between different services or components.

Prerequisites

  • A server with Ubuntu installed.
  • SSH access to the server.
  • Basic knowledge of using the terminal and editing files.

Setting up RabbitMQ on a server for message queuing involves several steps. Below is a detailed explanation of each step, along with the commands and configuration needed.

  • Connect to your Server via SSH
ssh username@server_ip

Replace username with your actual username and server_ip with the IP address of your server.

  • Update the Server Packages Update the package lists for upgrades and new package installations.
sudo apt update
  • Create a Bash Script to Automate RabbitMQ Installation.

Create a new file named rabbitMQ.sh and make it executable.

touch rabbitMQ.sh
sudo chmod +x rabbitMQ.sh

Open the file in your preferred text editor

vim rabbitMQ.sh
  • Write the Bash Script rabbitMQ.sh Paste the below script in the rabbitMQ.sh file:
     #!/bin/sh

     sudo apt-get install curl gnupg apt-transport-https -y

     ## Team RabbitMQ's main signing key
     curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/          keyrings/com.rabbitmq.team.gpg > /dev/null
     ## Community mirror of Cloudsmith: modern Erlang repository
     curl -1sLf https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-erlang.E495BB49CC4BBE5B.key | sudo gpg --dearmor |      sudo tee /usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg > /dev/null
     ## Community mirror of Cloudsmith: RabbitMQ repository
     curl -1sLf https://github.com/rabbitmq/signing-keys/releases/download/3.0/cloudsmith.rabbitmq-server.9F4587F226208342.key | sudo gpg --dearmor |  sudo tee /usr/share/keyrings/rabbitmq.9F4587F226208342.gpg > /dev/null

     ## Add apt repositories maintained by Team RabbitMQ
     sudo tee /etc/apt/sources.list.d/rabbitmq.list <<EOF
     ## Provides modern Erlang/OTP releases
     ##
     deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu  jammy main
     deb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu jammy  main

     # another mirror for redundancy
     deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa2.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu  jammy main
     deb-src [signed-by=/usr/share/keyrings/rabbitmq.E495BB49CC4BBE5B.gpg] https://ppa2.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu jammy main

     ## Provides RabbitMQ
     ##
     deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu  jammy main
     deb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu jammy main

     # another mirror for redundancy
     deb [arch=amd64 signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa2.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu    jammy main
     deb-src [signed-by=/usr/share/keyrings/rabbitmq.9F4587F226208342.gpg] https://ppa2.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu jammy  main
     EOF

     ## Update package indices
     sudo apt-get update -y

     ## Install Erlang packages
     sudo apt-get install -y erlang-base \
                        erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets \
                        erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key \
                        erlang-runtime-tools erlang-snmp erlang-ssl \
                        erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl

     ## Install rabbitmq-server and its dependencies
     sudo apt-get install rabbitmq-server -y --fix-missing
  • Execute the RabbitMQ server script to install RabbitMQ
./rabbitMQ.sh
  • Enable the RabbitMQ Management Plugin for web-based management:
sudo rabbitmq-plugins enable rabbitmq_management
  • Create a RabbitMQ User and set the necessary Permissions
sudo rabbitmqctl set_permissions -p / guest ".*" ".*" ".*"
  • Update the configuration files Edit the RabbitMQ configuration file to make any necessary changes.
sudo nano /etc/rabbitmq/rabbitmq.conf

Modify this configuration file as needed for your environment.

  • Restart RabbitMQ Server Apply configuration changes by restarting the RabbitMQ service.
sudo systemctl restart rabbitmq-server
  • Check RabbitMQ Server Status Verify that RabbitMQ is running properly.
sudo rabbitmqctl status

Made by Dhee ‖ Sudobro ‖ Stephennwachukwu ‖ Dominic-source

Clone this wiki locally