As we are still in the process of getting our tools and environment set up, this is a nice opportunity for me to as well look into gitlab CI and this blog system.
While it is really nice from gitlab to automatically serve the compiled version through their pages system (also on our own domain, if we would like to), setting up https is a hassle, when you want to use letsencrypt.org certificates.
So, as we have the infrastructure for hosting different kinds of mini projects already available on our main yunity project server, its codename is yuca, why not host it there?
That server is setup to serve all pages only ever through https. We do that through a simple force-https virtual host, that keeps support for serving the .well-known path used for letsencrypt domain verification directly over http:
For each site, we expect a folder for it to exist that contains a subfolder
with a file called
dns that just contains the domain name which should be
used in the certificate.
Our certificates are created by a monthly cronjob executing the following script:
With all that already in place, it should just be 5 minutes to deploy our blog there.
Reality went into 2-3 hours with some parallel social interaction…
See our CI script
for details. It just needs you to setup a SSH private key in your project secret
variables so gitlab can directly rsync to your server. Beware to use a rsa key
without a comment (
-t rsa -C ""), otherwise it did always ask for a passphrase
and fail the deploy here. Also, I did not manage to get host key verification working.
Not really an issue in this scenario, though.