Madalin Ignisca madalinignisca

How to setup next.js app on nginx with letsencrypt

next.js, nginx, reverse-proxy, ssl

1. Install nginx and letsencrypt

$ sudo apt-get update
$ sudo apt-get install nginx letsencrypt

Also enable nginx in ufw

Discover

SELECT CEILING(Total_InnoDB_Bytes*1.6/POWER(1024,3)) RIBPS FROM
(SELECT SUM(data_length+index_length) Total_InnoDB_Bytes
FROM information_schema.tables WHERE engine='InnoDB') A;

Take the value and set it as innodb_buffer_pool_size sufixed with G, example 20G

Cloud init snippets

Mostly used by me for Hetzner cloud, but should work with all Public Cloud server providers.

cloud-init.yml
- please ensure to set your user, group for the normal user you want to use
- ssh_import_id can be used with github usernames instead of ssh_authorized_keys
- disable_root: true ensures root can't ssh in

optionally add a sshd extra config that will secure more; tweak TcpForwarding and PermitTunnel as your requiments are!

Kubernetes 1.25 on Fedora 37 @ Hetzner the right way

Using only kubeadm and helm from Fedora's repository Instructions are for Fedora 37+ only, using distribution's repository for installing Kubernetes.

Note: avoid kubernetes and kubernetes-master as there are deprecated and setup is more complex.

Note: I have not yet tinkered using ipv6, but it is in my plans to do it.

The result should be a decent Kubernetes cluster, with Cloud Control Manager installed and controlling layer 2 private networking allowing pods to talk at fastest speed possible. Will default to Hetzner's cloud volumes.

Original

Scaling up the control plane nodes is a bit more complicated. That's because the worker nodes can be easily replaced and/or powered off, but that's not the case for the control plane nodes.

In this case, you can't rely on Terraform to scale up the control plane nodes for you, because Terraform would power off all control plane nodes at the same time, which could make etcd lose the quorum (in that case your cluster would be corrupt/lost).

I haven't tested it, but I think you might have success if you do something like this:

Drain one of the control plane nodes (kubectl drain ) SSH to that node and power it off (sudo poweroff)

setup a network 10.0.0.0/8 with defaults (like hetzner panel does).
setup a few servers (I start with 1 control-plane and 2 nodes), attaching them to the network (I did setup a snapshot image with common OS setup before, so next steps I usually skip)
setup containerd (I do the manual setup, and all all container network plugins and rest of deps)
setup kubeadm, kubelet, kubectl on latest or a maintained version as per kubernetes.io docs (I do again the manual setup)
Edit on all servers /etc/hosts and add all nodes -- make sure to match the name in hetzner!!! (not necessary if you are going to do a dns server accessible in your private network)
I'm adding a load balancer ip identical with first control-plane to be able to run the init, so later I can add the real load balancer and point to the new ip. Add it to hosts in all nodes.
Example of init the cluster: kubeadm init --control-plane-endpoint=cplb.dev.saasified.dev --upload-certs --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-ad

	#!/usr/bin/env bash
	#
	# Certbot Nginx Reload
	#
	# Let's Encrypt Certbot post hook command for Nginx which checks the updated
	# configuration files and reloads the server if everything validates.
	#
	# Author : Justin Hartman <[email protected]>
	# Version : 1.0.1
	# License : MIT <https://opensource.org/licenses/MIT>

	# This will hide
	defaults write com.apple.finder CreateDesktop -bool false; killall Finder

	# This will show them back
	defaults write com.apple.finder CreateDesktop -bool true; killall Finder

	-- Made by Jairo Tylera
	-- (github.com/Tylerian)
	-- (c) 2019 - present
	-- Released under MIT X11 License

	CREATE
	DEFINER=`root`@`localhost`
	FUNCTION
	`ST_Epgs3857_DWithin`(p1 POINT, p2 POINT, distance_mts FLOAT)
	RETURNS

	# hel1, CX51, Ubuntu 20.04, 10 GB EXT4 Volume, 240 GB EXT4 Volume



	# local NVME


	root@ubuntu-32gb-hel1-1:~# hdparm -Tt /dev/sda

	/dev/sda: