Self-Hosted S3 Static Website with Garage, Nginx, and GitLab CI/CD

Learn how to set up your own S3-compatible static website hosting using Garage, Nginx, and automate deployments with GitLab CI/CD. This guide uses Ansible for infrastructure automation and demonstrates everything with the domain molokov.de.

Prerequisites

• Debian/Ubuntu server with root access
• Domain name (we’ll use molokov.de)
• Ansible installed locally
• GitLab account (for CI/CD)

1. Install Docker with Ansible

First, create an Ansible playbook to install Docker:

Preparing ubuntu for web-server, gaming and streaming. Including auto install with yaml config and encrypted partition

For your baremetal server hosting multiple services—a one-page website, a Counter-Strike game server, video hosting, and video streaming—designing your disk partitions with encryption requires balancing security, performance, and management ease. Here are best practices to map your disk partitions with encryption for such a setup:

1. Separate Key Partitions for Isolation and Performance

   • /boot (unencrypted): Small partition (512MB–1GB) on an unencrypted partition. It holds bootloader and kernel files that must be accessible before unlocking encrypted volumes.
   • Encrypted root (/) partition: Holds the operating system and core software.
   • Encrypted data partitions, separately for major service data:
     • Web server data (e.g., /var/www or a dedicated mount point)
     • Game server files (Counter-Strike server files and logs)
     • Video storage (videos for hosting and streaming)
     • Logs and cache (optionally, isolate logs on a separate partition to avoid filling critical volumes)

2. Use LUKS Full Disk / Partition Encryption

Here are production-tested, real-world DevOps automation examples in Python and Bash from reputable DevOps resources.

Python DevOps Automation Scripts

1. System Resource Monitoring

Monitor CPU and memory usage, sending alerts if thresholds are exceeded:

import psutil

def check_system_resources():
    cpu_usage = psutil.cpu_percent(interval=1)
    memory_usage = psutil.virtual_memory().percent
    if cpu_usage > 80:
        print(f"High CPU usage: {cpu_usage}%")
    if memory_usage > 80:
        print(f"High Memory usage: {memory_usage}%")

check_system_resources()

This type of monitoring is fundamental for production reliability.[1][2]

2. AWS Automation (List S3 Buckets)

Automate AWS tasks like listing all S3 buckets with boto3:

Here are the advanced bug fixing tasks about DevSecOps in Terraform manifests for GitLab CI/CD pipelines, now with concrete example snippets and solutions:

1. Production Pipeline: Misconfigured Terraform State Backends

Problem:
The terraform apply step in your production GitLab CI pipeline fails with errors related to locked state files or concurrent access conflicts.

Example and Solution:

In your Terraform manifest (e.g., backend.tf), configure the backend with proper state locking using AWS S3 and DynamoDB for locking:

Here are three advanced bug examples and solutions related to modern GitLab CI/CD DevSecOps pipelines with security best practices and explanations. These focus on common pitfalls and necessary configurations for secure, robust pipelines using .gitlab-ci.yml.

Advanced Bug Example 1: Secrets Leakage via Unprotected Variables

Buggy .gitlab-ci.yml snippet:

stages:
  - build
  - deploy

variables:
  DB_PASSWORD: "SuperSecretPassword"

build_job:
  stage: build
  script:
    - echo "Building the app..."
    - ./build-script.sh

deploy_job:
  stage: deploy
  script:
    - echo "Deploying with password $DB_PASSWORD"

Problem: