/rust-score-tracker

Hobby project developed in order to learn rust and maybe make something useful.

Primary LanguageRust

Score tracker

Setup

Need to be able to compile to linus musl, so rustup target add x86_64-unknown-linux-musl and brew install filosottile/musl-cross/musl-cross and add the following to ~/.cargo/config.toml:

[target.x86_64-unknown-linux-musl]
linker = "x86_64-linux-musl-gcc"

For frontend, pnpm install.

Run

Server: cargo run.

To have live css updates, npx tailwindcss -i ./input.css -o ./pages/index.css --watch.

Build

  • cargo build --release --target=x86_64-unknown-linux-musl
  • npx tailwindcss -i ./input.css -o ./pages/index.css --minify
  • docker build . -f release.dockerfile -t rust-score-tracker

Then to run the built image:

  • docker run -d -p 127.0.0.1:8000:80 rust-score-tracker --config config.json.

Deploy

Save latest image as a .tar file: docker save -o image.tar rust-score-tracker.

Copy that to the server: scp image.tar user@server:/home/user/image.tar.

Set up the config and copy that to the server: scp release.config.json user@server:/home/user/config.json

Stop and remove the old image sudo docker ps, sudo docker rm -f <id>, sudo docker image rm rust-score-tracker

Add it to the images on the server: sudo docker load -i image.tar.

Run it:

podman run -d -p 8000:80 -p 8001:443 \
-v rust-score-tracker-data:/app/data \
-v /home/user/config.json:/app/config.json \
-v "/home/user/score-tracker-static/.well-known/acme-challenge:/app/acme" \
-v "/etc/letsencrypt:/app/certs" \
rust-score-tracker --config /app/config.json

Notes

Used this guide to install docker on the debian instance.

Also would be interested to follow the guides on security from OVH. Not done yet though. Server up first!

  • Change ssh-port done!
  • Setting up firewalld, since debian wiki recommends it
  • Shot myself in the foot. Enabled the firewall and then lost the connection, now I can't access ssh šŸ¤¦. Changed the ssh back by booting in rescue mode, hope I can connect now.
  • It worked! Now really setting up the firewall.
  • Done. Followed this guide to set up firewalld https://docs.rockylinux.org/guides/security/firewalld-beginners/.
  • Changed the port again.
  • Set up fail2ban too

Would be nice if the app itself knew how to create the missing data.

Also https://wiki.debian.org/Docker - maybe have a look at podman instead?

  • Setting up podman to be able to run as non-root.
  • Had to set up port forwarding in firewalld because podman can't access 80 and 443.
    • sudo firewall-cmd --zone=public --add-masquerade
    • sudo firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8000
    • sudo firewall-cmd --zone=public --add-forward-port=port=443:proto=tcp:toport=8001
    • test and then sudo firewall-cmd --runtime-to-permanent
  • Getting errors because I need the certificates from /etc/letsencrypt which are all root-owned. Found this great article https://www.redhat.com/sysadmin/container-permission-denied-errors.
  • Changing the owner of /etc/letsencrypt recursively worked. Now running podman! Curious if this causes problems next time I have to get new certificates. But I'll worry about that then.

Followed the let's encrypt guide to add tls, since .dev domains have to be https (who knew?). I'm using certbot, which is running on snapd.

Should look into podman quadlets to make the container start again after a reboot.

Connect to a running docker container:

  • sudo docker ps to find the container id.
  • `sudo docker exec -it bash