Evergreen Infrastructure

As a DevOps enthusiast, my journey in self-hosting is encapsulated within the Evergreen system, a reliable structure designed for deploying applications onto a Docker Swarm hosted on a Contabo server.

Architecture Overview

The architecture of Evergreen consists of three primary components:

• Cloudflare
• Evergreen TF
• Evergreen

Cloudflare

Cloudflare plays a pivotal role in securing the server's IP, managing DNS routing, and optimizing asset delivery through caching.

Evergreen-TF

The Evergreen-TF repository is my go-to for managing Cloudflare DNS configurations, embracing the Infrastructure as Code approach. This method allows for quick and efficient modifications of DNS entries with just a simple commit, thus bypassing the need for direct interaction with the Cloudflare panel. Further enhancing the process, Terraform Cloud is integrated with the Evergreen-TF repository. It automatically applies changes to Cloudflare DNS configurations upon any push to the main branch, significantly streamlining the DNS management process.

Evergreen

The Evergreen repository is a collection of docker-compose files, organized into:

• .github: Hosting GitHub Actions for remote synchronization.

• scripts: A variety of scripts for deploying or removing services, abstracting Docker commands for streamlined operations.

• services: This directory contains Docker service configuration files structured for individual services like so:

  .
  ├── dpulpeiro.xyz
  │ ├── config.yml
  │ └── docker-compose.yml
  ...
  │
  └── traefik
  ├── app
  │ └── docker-compose.yml
  ├── auth
  │ └── docker-compose.yml
  └── config.yml
  

Services are deployed utilizing both config.yml for stack naming and docker-compose.yml for deployment specifics.

Deployment Example: dpulpeiro.xyz

The deployment of dpulpeiro.xyz involves a config.yaml defining the stack name and a docker-compose.yml detailing the service deployment, including network configurations and Traefik labels for routing and HTTPS certification.

Network Strategy

In this server configuration, only three ports are externally exposed (22 for SSH, 80 for HTTP, and 443 for HTTPS). Internal communication between containers is secured using Docker's internal networking, enhancing security by limiting exposed ports. Additionally, external networks referenced in the docker-compose files are automatically created by the deployment script, ensuring a streamlined setup and consistent network configuration across deployments.

Final Thoughts

With the Evergreen system in place, managing and deploying applications has become more streamlined and less of a headache. It's a practical setup that simplifies complex tasks, reflecting the everyday value of integrating good DevOps practices and automation into our workflows.

Link to Evergreen Template in github