VasylShevchenko · December 12, 2019 21:55
diff --git a/Bitbucket Pipelines (DotNet) b/Bitbucket Pipelines (DotNet)
 // 1
 deployer$ sudo visudo
 // add
 deployer$ ALL=NOPASSWD: /bin/systemctl restart nginx, /bin/systemctl status nginx
 deployer$ ALL=NOPASSWD: /bin/systemctl restart dotnet.service, /bin/systemctl status dotnet.service

 // 2
 // add dotnet.service
 deployer$ sudo vim /etc/systemd/system/dotnet.service
 // insert file dotnet.service see below
 deployer$ sudo systemctl status dotnet.service
 deployer$ sudo systemctl start dotnet.service
 deployer$ sudo systemctl enable dotnet.service

 // PM2
 // https://pm2.keymetrics.io/
 deployer$ npm install pm2 -g
 deployer$ pm2 start dist/server
 deployer$ pm2 save
 deployer$ pm2 startup
 // To setup the Startup Script, copy/paste the following command:
 deployer$ sudo reboot
 deployer$ pm2 satatus


diff --git a/bitbucket-deploy.sh b/bitbucket-deploy.sh
 #!/bin/bash

 echo "Deploy script start (deploy.sh)"


 echo ""
 echo "Git fetch ($ git fetch --all && git reset --hard origin/master)"
 git reset --hard origin/master
 git fetch --all
 git reset --hard origin/master


 echo ""
 echo "yarn install"
 /usr/bin/yarn install


 echo ""
 echo "pm2 restart all"
 /home/deployer/.nvm/versions/node/v10.16.0/bin/pm2 restart all
 /home/deployer/.nvm/versions/node/v10.16.0/bin/pm2 status

 echo ""
 echo "Restart DotNet ($ sudo /bin/systemctl restart dotnet.service)"
 sudo /bin/systemctl restart dotnet.service
 sudo /bin/systemctl status dotnet.service


 echo ""
 echo "Restart Nginx ($ sudo /bin/systemctl restart nginx)"
 sudo /bin/systemctl restart nginx
 sudo /bin/systemctl status nginx


 echo "Deploy script finish (deploy.sh)"
diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml
 image: atlassian/default-image:latest

 pipelines:
  default:
    - step:
        deployment: production
        script:
          - echo "Depleoy"
          - ssh deployer@SERVER_IP 'pwd'
          - ssh deployer@SERVER_IP 'cd /home/deployer/apps/PROJECT_NAME && sh bitbucket-deploy.sh && exit'
          - echo "Deploy step finished"
diff --git a/dotnet.service b/dotnet.service
 [Unit]
 Description=Example .NET Web API App running on Ubuntu

 [Service]
 WorkingDirectory=/home/deployer/apps/PROJECT_NAME
 ExecStart=/usr/bin/dotnet /home/deployer/apps/PROJECT_NAME/PROJECT_NAME.dll
 Restart=always
 # Restart service after 10 seconds if the dotnet service crashes:
 RestartSec=10
 KillSignal=SIGINT
 SyslogIdentifier=dotnet-example
 User=www-data
 Environment=ASPNETCORE_ENVIRONMENT=Production
 Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false

 [Install]
 WantedBy=multi-user.target
diff --git a/nginx DotNet 443 b/nginx DotNet 443
 server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen        80;
    server_name   example.com;
    return 404; # managed by Certbot
 }


 server {
    #server_name   example.com;
    server_name   _;

    location / {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        #proxy_set_header   Connection "Upgrade";
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;


        #client_body_temp_path      /tmp/;
        #client_body_in_file_only   on;
        #client_body_buffer_size    1M;
        #client_max_body_size       200M;

        #proxy_pass_request_headers on;
        #proxy_set_header           X-File-Name $request_body_file;
        #proxy_set_body             off;
        #proxy_redirect             off;
        #proxy_pass                 http://backend/file;
    }

    # for socket  
    #location /syncHub {
    #    proxy_pass         http://localhost:5000;
    #    proxy_http_version 1.1;
    #    proxy_set_header   Upgrade $http_upgrade;
    #    #proxy_set_header   Connection keep-alive;
    #    proxy_set_header   Connection "Upgrade";
    #    proxy_set_header   Host $host;
    #    proxy_cache_bypass $http_upgrade;
    #    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    #    proxy_set_header   X-Forwarded-Proto $scheme;
    #}
    
    access_log  /home/deployer/log/nginx/example.com.access.log;
    error_log   /home/deployer/log/nginx/example.com.error.log;

    sendfile on;
    keepalive_timeout 65;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 }
diff --git a/nginx DotNet 80 b/nginx DotNet 80
 server {
    listen        80;
    
    #server_name   example.com;
    server_name   _;
    
    location / {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
    
    access_log  /home/deployer/log/nginx/example.com.access.log;
    error_log   /home/deployer/log/nginx/example.com.error.log;

 #    listen 443 ssl; # managed by Certbot
 #    ssl_certificate /etc/letsencrypt/live/example/fullchain.pem; # managed by Certbot
 #    ssl_certificate_key /etc/letsencrypt/live/example/privkey.pem; # managed by Certbot
 #    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
 #    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 }
diff --git a/nginx index.html 443 b/nginx index.html 443
 server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    }

    listen        80;
    server_name   example.com www.example.com;
    return 404; # managed by Certbot
    return 301 https://$host$request_uri;
 }

 server {
    #server_name   example.com;
    server_name   _;
    
    root /home/deployer/apps/PROJECT_NAME/www;
    index index.html;

    location / {
      try_files $uri $uri/ /index.html;
    }

    access_log  /home/deployer/log/nginx/example.com.acsses.log;
    error_log   /home/deployer/log/nginx/example.com.error.log;

    proxy_set_header    Host              $host;
    proxy_set_header    X-Real-IP         $remote_addr;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-SSL   on;
    proxy_set_header    X-Forwarded-Proto $scheme;

    location ^~ /images/ {
      gzip_static on;
      expires max;
      add_header Cache-Control public;
    }
   
 #--------- START SSL CONFIG --------- 

      listen 443 ssl; # managed by Certbot
      ssl on;
      ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
      ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
      include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
      ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

      # ssl_session_timeout 1d;
      ssl_session_cache shared:SSL:20m;
      ssl_session_tickets off;

      # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      # ssl_prefer_server_ciphers on;
      # ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';

      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;

      add_header Strict-Transport-Security "max-age=31536000;";
      add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:;  report-uri /csp-report";

 #--------- END ---------
 }
diff --git a/nginx index.html 80 b/nginx index.html 80
 server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root  /home/deployer/apps/PROJECT_NAME/www;
    index index.html;
  
    #server_name example.com;
    server_name   _;

    location / {
      try_files $uri $uri/ /index.html;
    }
  
    access_log  /home/deployer/log/nginx/example.com.access.log;
    error_log   /home/deployer/log/nginx/example.com.error.log;
   
 #    listen [::]:443 ssl ipv6only=on; # managed by Certbot
 #    listen 443 ssl; # managed by Certbot
 #    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
 #    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
 #    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
 #    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 }
diff --git a/nginx node 443 b/nginx node 443
 server {
  server_name example.com www.example.com;

  location / {
    proxy_pass http://localhost:4000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    access_log  /home/deployer/log/nginx/example.com.access.log;
    error_log   /home/deployer/log/nginx/example.com.error.log;

 }
 server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = www.example.com) {
        return 301 https://example.com$request_uri;
    } # managed by Certbot

  listen 80;
  server_name example.com www.example.com;
    return 404; # managed by Certbot
 }
diff --git a/nginx node 80 b/nginx node 80
 server {
    listen 80 default_server;
    listen [::]:80 default_server;

    #server_name example.com;
    server_name   _;
  
    root   /home/deployer/apps/pwrset-seo/current/dist/;
    #index  index.html index.htm;
  
    location / {
      proxy_pass http://localhost:4000;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
    }

    access_log  /home/deployer/log/nginx/example.com.access.log;
    error_log   /home/deployer/log/nginx/example.com.error.log;

    #listen [::]:443 ssl ipv6only=on; # managed by Certbot
    #listen 443 ssl; # managed by Certbot
    #ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    #ssl_certificate_key /etc/letsencrypt/live/example.comm/privkey.pem; # managed by Certbot
    #include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 }
	// 1
	deployer$ sudo visudo
	// add
	deployer$ ALL=NOPASSWD: /bin/systemctl restart nginx, /bin/systemctl status nginx
	deployer$ ALL=NOPASSWD: /bin/systemctl restart dotnet.service, /bin/systemctl status dotnet.service

	// 2
	// add dotnet.service
	deployer$ sudo vim /etc/systemd/system/dotnet.service
	// insert file dotnet.service see below
	deployer$ sudo systemctl status dotnet.service
	deployer$ sudo systemctl start dotnet.service
	deployer$ sudo systemctl enable dotnet.service

	// PM2
	// https://pm2.keymetrics.io/
	deployer$ npm install pm2 -g
	deployer$ pm2 start dist/server
	deployer$ pm2 save
	deployer$ pm2 startup
	// To setup the Startup Script, copy/paste the following command:
	deployer$ sudo reboot
	deployer$ pm2 satatus
	#!/bin/bash

	echo "Deploy script start (deploy.sh)"


	echo ""
	echo "Git fetch ($ git fetch --all && git reset --hard origin/master)"
	git reset --hard origin/master
	git fetch --all
	git reset --hard origin/master


	echo ""
	echo "yarn install"
	/usr/bin/yarn install


	echo ""
	echo "pm2 restart all"
	/home/deployer/.nvm/versions/node/v10.16.0/bin/pm2 restart all
	/home/deployer/.nvm/versions/node/v10.16.0/bin/pm2 status

	echo ""
	echo "Restart DotNet ($ sudo /bin/systemctl restart dotnet.service)"
	sudo /bin/systemctl restart dotnet.service
	sudo /bin/systemctl status dotnet.service


	echo ""
	echo "Restart Nginx ($ sudo /bin/systemctl restart nginx)"
	sudo /bin/systemctl restart nginx
	sudo /bin/systemctl status nginx


	echo "Deploy script finish (deploy.sh)"
	image: atlassian/default-image:latest

	pipelines:
	default:
	- step:
	deployment: production
	script:
	- echo "Depleoy"
	- ssh deployer@SERVER_IP 'pwd'
	- ssh deployer@SERVER_IP 'cd /home/deployer/apps/PROJECT_NAME && sh bitbucket-deploy.sh && exit'
	- echo "Deploy step finished"
	[Unit]
	Description=Example .NET Web API App running on Ubuntu

	[Service]
	WorkingDirectory=/home/deployer/apps/PROJECT_NAME
	ExecStart=/usr/bin/dotnet /home/deployer/apps/PROJECT_NAME/PROJECT_NAME.dll
	Restart=always
	# Restart service after 10 seconds if the dotnet service crashes:
	RestartSec=10
	KillSignal=SIGINT
	SyslogIdentifier=dotnet-example
	User=www-data
	Environment=ASPNETCORE_ENVIRONMENT=Production
	Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false

	[Install]
	WantedBy=multi-user.target
	server {
	if ($host = example.com) {
	return 301 https://$host$request_uri;
	} # managed by Certbot

	listen 80;
	server_name example.com;
	return 404; # managed by Certbot
	}


	server {
	#server_name example.com;
	server_name _;

	location / {
	proxy_pass http://localhost:5000;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection keep-alive;
	#proxy_set_header Connection "Upgrade";
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;


	#client_body_temp_path /tmp/;
	#client_body_in_file_only on;
	#client_body_buffer_size 1M;
	#client_max_body_size 200M;

	#proxy_pass_request_headers on;
	#proxy_set_header X-File-Name $request_body_file;
	#proxy_set_body off;
	#proxy_redirect off;
	#proxy_pass http://backend/file;
	}

	# for socket
	#location /syncHub {
	# proxy_pass http://localhost:5000;
	# proxy_http_version 1.1;
	# proxy_set_header Upgrade $http_upgrade;
	# #proxy_set_header Connection keep-alive;
	# proxy_set_header Connection "Upgrade";
	# proxy_set_header Host $host;
	# proxy_cache_bypass $http_upgrade;
	# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	# proxy_set_header X-Forwarded-Proto $scheme;
	#}

	access_log /home/deployer/log/nginx/example.com.access.log;
	error_log /home/deployer/log/nginx/example.com.error.log;

	sendfile on;
	keepalive_timeout 65;

	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}
	server {
	listen 80 default_server;
	listen [::]:80 default_server;

	root /home/deployer/apps/PROJECT_NAME/www;
	index index.html;

	#server_name example.com;
	server_name _;

	location / {
	try_files $uri $uri/ /index.html;
	}

	access_log /home/deployer/log/nginx/example.com.access.log;
	error_log /home/deployer/log/nginx/example.com.error.log;

	# listen [::]:443 ssl ipv6only=on; # managed by Certbot
	# listen 443 ssl; # managed by Certbot
	# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
	# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
	# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	}
	server {
	server_name example.com www.example.com;

	location / {
	proxy_pass http://localhost:4000;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_set_header Host $host;
	proxy_cache_bypass $http_upgrade;
	}

	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	access_log /home/deployer/log/nginx/example.com.access.log;
	error_log /home/deployer/log/nginx/example.com.error.log;

	}
	server {
	if ($host = example.com) {
	return 301 https://$host$request_uri;
	} # managed by Certbot

	if ($host = www.example.com) {
	return 301 https://example.com$request_uri;
	} # managed by Certbot

	listen 80;
	server_name example.com www.example.com;
	return 404; # managed by Certbot
	}