Skip to main content

Deployment in HKT (Staging)

Requirements

Hardware

  • CPU: 4 cores or more
  • RAM: 8GB or more
  • Storage: 450GB or more
  • OS: Redhat 9 CIS level 1 settings

Network

  • DNS: HKT apply the router’s DNS to the server
  • ASTRI’s account shall have sudo right
  • Allow SSH from ASTRI CSA team’s IP range: 118.140.170.251/29
  • Allow external access to the server’s port 80 and 443
  • Domain name pointing to the server’s public IP
  • Reverse Proxy Setup with auto SSL Certificate Renewal (e.g., using Let's Encrypt)

Software

  • Git
  • Tmux
  • NVM
  • Node.js 22+ (LTS)
    • Bun
    • pm2
  • Docker 28+ (with docker-compose)
sudo dnf install git tmux
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
source ~/.bashrc
nvm install --lts
npm install -g npm@latest
npm install -g bun pm2

Documentation Deployment

ssh astri@218.102.61.16
mkdir -p repo
cd repo

git clone https://gitlab.astricsa.cf/hkt-idps/docs
cd docs
bun install
pm2 start "bun run ci" --name docs:3001

pm2 save

Release Package preparation

in ASTRI environment

mkdir -p repo
cd repo
git clone https://gitlab.astricsa.cf/hkt-idps/backend-server
cd backend-server/api-server
git clone https://gitlab.astricsa.cf/hkt-idps/rules-generation
export API_IMAGE=idps-api-server:$(date --iso-8601=date | tr -d "-")
export API_IMAGE_FILE=$(echo $API_IMAGE | tr ":" "-").tgz
docker build -t $API_IMAGE .
docker save  $API_IMAGE | gzip > $API_IMAGE_FILE

git clone https://gitlab.astricsa.cf/hkt-idps/deployment-server
git archive main -o deployment-server.tgz

# scp $API_IMAGE_FILE and deployment-server.tgz to HKT Server

Backend Deployment

ssh astri@218.102.61.16

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload

docker load < ~/$API_IMAGE_FILE

mkdir -p /opt/deployment-server/
cd /opt/deployment-server/
tar zxf ~/deployment-server.tgz

cp .env.example .env
# Update the Environment Variables in .env file
sudo docker compose up -d

SSH tunneling for Postgres

Setup a connection to server at local to access remote's service.
These steps are executed on local machine.

# local port forwarding
# `localhost:5432` is the remote `127.0.0.1:5432`
ssh -fNT4 -L 5432:127.0.0.1:5432 astri@218.102.61.16

# DB available at
# postgres://{user}:{password}@localhost:5432/adaptive_idps?sslmode=disable

# stop local port forwarding
ps aux | grep 'ssh -fNT4 -L '
# kill the ssh process