Last active
August 7, 2025 17:57
-
-
Save limkhashing/6a2c43aa51d5b150609c1668686b2ecf to your computer and use it in GitHub Desktop.
Nginx config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Notes SpringBoot Backend | |
| on: | |
| push: | |
| branches: | |
| - master | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Setup SSH | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.DEPLOY_KEY }} | |
| - name: Add server to known hosts | |
| run: | | |
| ssh-keyscan -H 91.99.31.20 > ~/.ssh/known_hosts | |
| - name: Build JAR | |
| run: | | |
| ./gradlew bootJar | |
| - name: Deploy JAR to Server | |
| run: | | |
| JAR_NAME="spring_boot_crash_course-0.0.1-SNAPSHOT.jar" | |
| LOCAL_JAR_PATH="build/libs/$JAR_NAME" | |
| REMOTE_SERVER="[email protected]" | |
| REMOTE_JAR_DIR="/opt/notes" | |
| rsync -avz -e "ssh" $LOCAL_JAR_PATH $REMOTE_SERVER:$REMOTE_JAR_DIR/$JAR_NAME | |
| ssh $REMOTE_SERVER << EOF | |
| mv $REMOTE_JAR_DIR/$JAR_NAME $REMOTE_JAR_DIR/notes.jar | |
| sudo systemctl restart notes.service | |
| EOF |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server { | |
| server_name example.something.com; # replace with your domain | |
| location / { | |
| proxy_pass http://127.0.0.1:8080; # replace with your port | |
| proxy_http_version 1.1; | |
| proxy_set_header Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Spring Boot Notes Application | |
| After=network.target | |
| [Service] | |
| User=admin | |
| Group=admin | |
| EnvironmentFile=/etc/default/notes-env | |
| ExecStart=/usr/bin/java -jar /opt/notes/notes.jar | |
| Restart=always | |
| RestartSec=5 | |
| [Install] | |
| WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
notes.serviceis for the server/machine to relaunch the application if the backend crashesSet a particular sudo command not require a password, because we need to allow GitHub Actions to be able to run the command
Need to make sure the particular directory that was written into (Example
/opt/notesfor REMOTE_JAR_DIR) has permissions to allow GitHub Actions to writeIf the permissions belong to Root, then we need to change the permissions
sudo chown -R admin:admin .Configure Firewall to only allow HTTP, HTTPS and SSH connections. Deny other traffic