svltkt v0.0.2

Sveltekit + Tailwind + Lucia auth + Postgres + Knex

How to init new project

• scaffold using sh script (tbd)
• create new postgres db on local machine
• make sure that db supports uuids (CREATE EXTENSION IF NOT EXISTS "uuid-ossp";)
• update database env variable name
• run migration to create base tables
• if needed, generate tokens to send emails in auth-emails.ts, see Send emails section
• check setup auth section

Installation & Dev

• run yarn to install
• run yarn dev to start dev

Send emails

• based on https://www.labnol.org/google-api-service-account-220405

Setup Auth

How to setup server

• create server on Hetzner, choose Docker app

Config server

• add new user adduser ondrejrohon

• make him sudo usermod -aG sudo ondrejrohon

• setup firewall, allow openssh ufw allow OpenSSH

• enable it ufw enable

• check allowed apps ufw status

• copy root's ssh to new user rsync --archive --chown=ondrejrohon:ondrejrohon ~/.ssh /home/ondrejrohon

• try to ssh as new user
• prohibit root login using password, edit sudo vim /etc/ssh/sshd_config
• uncomment line PermitRootLogin prohibit-password

• reload sshd: sudo service sshd reload

• setup nginx:

• update: sudo apt update
• install: sudo apt install nginx
• check status: systemctl status nginx
• allow: sudo ufw allow 'Nginx HTTP'
• allow: sudo ufw allow 'Nginx HTTPS'
• check ufw status: sudo ufw status

Setup domain and reverse proxy

• point A records to new server IP address
• create new nginx config file: sudo touch /etc/nginx/sites-available/sveltekit.conf
• edit it: sudo vim /etc/nginx/sites-available/sveltekit.conf
• add content and check correct app port:

server {
    listen  80;

    server_name YOUR_DOMAIN;
    client_max_body_size 50M;
    proxy_busy_buffers_size   512k;
    proxy_buffers   4 512k;
    proxy_buffer_size   256k;

    location / {
      proxy_pass http://localhost:3000;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
      proxy_set_header X-Real-IP $remote_addr;
   }
}

• link config: sudo ln -s /etc/nginx/sites-available/sveltekit.conf /etc/nginx/sites-enabled/
• check config for errors: sudo nginx -t
• reload: sudo systemctl reload nginx

Enable https -install certbot

• sudo apt install snapd
• sudo snap install --classic certbot
• sudo ln -s /snap/bin/certbot /usr/bin/certbot
• get certificate: sudo certbot --nginx
• test dry run cert renewal: sudo certbot renew --dry-run

Config DB

• install postgres: sudo apt install postgresql
• switch to postgres user: sudo -i -u postgres
• run psql
• create new db: create database sveltekitdb;
• set password for postgres user: ALTER USER postgres WITH PASSWORD 'newpassword';
• setup TablePlus connection
• make sure that uuid is supported: CREATE EXTENSION IF NOT EXISTS "uuid-ossp";

Setup Docker deploy using Github Action

• check all envs, and Docker image name on ghcr in .github/workflows/develop.yml
• check if server port matches one in nginx config
• check docker image name in workflow
• created necessary secrets in Github

• double check dockerfile, if all envs are there defined and if everything makes sense

• allow docker to be run without sudo:

• add current user to docker group: sudo usermod -aG docker $USER
• refresh: newgrp docker
• test: docker ps

Setup DB backups

• set S3_BUCKET variable to a bucket name and check other variables in backup_db.sh script
• copy it to server (~/db-backups/backup_db.sh) and try to run it, verify that backup was made and it was copied to s3 bucket
• make sure backup script is executable chmod +x ~/db-backups/backup_db.sh
• save db password to .pgpass: echo "your_actual_password" > ~/.pgpass
• chmod 600 ~/.pgpass
• edit crontab: crontab -e
• add new line: 0 2 * * * PGPASSWORD=$(cat ~/.pgpass) ~/db-backups/backup_db.sh
• check if cron is running: sudo systemctl status cron