An introductory but comprehensive guide to web application deployment.
Demystify running web applications in production. Learn the groundwork for setting up Linux virtual servers and containers. Provision web servers and databases. Stop guessing and learn from scratch.
What will you get?
- A distilled knowledge of a few books in a single packaging written by a former professional Linux packager. Everything from network theory to encrypting database backups. 26 chapters of great content.
- Scripted real-world demonstrations using just plain Bash. They will help you understand more about good system defaults, secure configuration, and how things work if they are not buried in thousands of lines of higher-level tooling.
- Checklists and cheatsheets for your later reference.
Who is it for?
I wrote the book for software engineers, programmers, indie hackers, and makers on the web. Inside I teach system administration, server provisioning, and deployment of web applications. It's designed to be both a good first exposure and a great second dive-in.
I use Ruby and Python for the examples, but you can follow easily even if you come from a different programming language background. More than 90% of the book is language-independent. I use Rocky Linux 8 and CentOS 8 as examples.
Bird’s Eye: A bird's eye view of high-level concepts regarding provisioning, configuration management, and application deployment.
Terminals: Many exciting journeys start in a terminal, and it won't be any different for us. Before dispatching to clouds, we buckle up and get everyone familiar with standard streams, pipes, and other shell basics.
Little Bit of Network Theory: The theoretical foundation for understanding a multi-server setup, networking utilities, webserver configuration, and firewalls. A local and Internet addressing.
Secure Connections: Connecting to our first virtual private server. Getting familiar with the SSH protocol and its public key encryption. Configuring SSH on client and server.
Hands-On Networking: A hands-on exploration of a newly created virtual machine with a focus on networking. We'll learn about network interfaces, IP addresses, ports, and sockets in a more practical way.
Server Configuration 101: Installation and configuration of software from package repositories. Automating configuration management with Bash.
Filesystem: A detailed look at the filesystem layout in Linux systems. Locations, paths, standards. Where do files go? Where will our applications live?
User Roles: Privileged and unprivileged access. Implementing user roles with Linux users and groups.
Permissions: Exploring the Linux discreet permission system and Access Control List to set ownership and limit access for services on the system.
Processes: A closer look at Linux processes. CPU and virtual memory, background processes, monitoring, debugging, systemd, system logging, and scheduled processes.
Web Servers: Kinds of web servers. Setting up NGINX as a web server and a reverse proxy. Automating log rotation.
Domain Names and Certificates: A closer look at DNS services and working with TLS certificates. Self-signed and Let's Encrypt.
Firewalls: Building imaginary walls with firewalld. Editing and defining zones to manage risk expectations.
Bashful Configuration Management: Building a tiny configuration management system for configuration and deployment experiments.
Application Runtime: Exploring version managers of popular programming languages. Isolating application dependencies.
Application Servers: Concurrency, threading, logging, and other considerations for a good application server configuration. systemd configuration.
Building Services: Learning to write systemd unit files. Working with cgroups. System and user systemd services. Socket activation.
Databases and Key-Value Stores: Running PostgreSQL and Redis in production. Installation, configuration, client configuration. Backups and restores.
SELinux: A closer look at often overlooked Security-Enhanced Linux. Understanding the targeted policy and contexts. Fixing SELinux violations.
Storage and Backups: Storage questions. Data collection, compression, and encryption for frictionless data backups and restores.
Secrets Management: Secret management. Environment files and Rails Encrypted Credentials.
Application Deployment: Discussing deployment and post-deployment tasks. Making a Heroku-like git-push deployment.
Email Delivery: Sending and receiving email. Discussing email delivery and implementation.
Linux Containers: A primer on Linux containers. Building and running containers with Docker and Podman. Rootless and caching considerations.
Scaling: Scaling considerations and misconceptions. Single server upgrades, load balancers, and new deployment strategies.
Fortune Telling: What did you learn and where to go next from here?
- A static website served over TLS with Let's Encrypt certificates.
- A single server demonstration of running a full-featured Rails web application with UNIX sockets, PostgreSQL ident system authentication, Web Sockets, and Let's Encrypt certificates. A git-push deployment with helpful administration scripts for connecting to the server or handling file and database backups.
- A self-sufficient PostgreSQL cluster demo with automatic system upgrades and log rotation. TLS with custom certificates and custom scripts for cluster-wide backups and restores.
I am Josef Strzibny, a full-stack web developer. I made and deployed the first commercial web applications during high school in 2008. I have Bachelor's and Master's degrees in Applied Informatics. I have worked for Red Hat on the platform and developer experience teams as a Linux packager. I was a Red Hat Certified Engineer. I led a small startup as their CTO. You might know me from packaging Vagrant for Fedora.