Forem: Rizqiyanto Imanullah The latest articles on Forem by Rizqiyanto Imanullah (@rizqiyi). https://forem.com/rizqiyi https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3373426%2F3f566150-1175-46a0-a587-576c7f0234da.jpeg Forem: Rizqiyanto Imanullah https://forem.com/rizqiyi en Next.js Self-Hosting VPS Basic Setup Rizqiyanto Imanullah Mon, 21 Jul 2025 03:36:36 +0000 https://forem.com/rizqiyi/nextjs-self-hosting-vps-basic-setup-mn3 https://forem.com/rizqiyi/nextjs-self-hosting-vps-basic-setup-mn3 <p><strong>Prerequisites</strong></p> <ol> <li>VPS server (Ubuntu/Debian) (Preferred 6gb memory)</li> <li>Domain name (optional)</li> <li>GitHub repository with Next.js project</li> <li>Basic terminal knowledge</li> </ol> <p><strong>Goals</strong></p> <ol> <li>Auto deployment with Github Actions (single build)</li> <li>Custom domain with SSL/HTTPS encryption</li> </ol> <p><strong>Steps</strong></p> <h2> 1. Connect into your SSH server with root user </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh root@&lt;your_vps_ip_address&gt; </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh-keygen <span class="nt">-t</span> rsa <span class="nt">-b</span> 4096 <span class="nt">-f</span> ~/.ssh/github_actions <span class="nt">-N</span> <span class="s2">""</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> ~/.ssh/github_actions.pub <span class="o">&gt;&gt;</span> ~/.ssh/authorized_keys </code></pre> </div> <p><strong># you need to copy the content of this file for next step</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> ~/.ssh/github_actions </code></pre> </div> <h2> 2. Install packages, docker and project directory </h2> <h3> Update system and install packages </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>apt update <span class="o">&amp;&amp;</span> apt upgrade <span class="nt">-y</span> apt <span class="nb">install</span> <span class="nt">-y</span> curl wget git ufw </code></pre> </div> <h3> Install Docker </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-fsSL</span> https://get.docker.com | sh systemctl <span class="nb">enable </span>docker systemctl start docker </code></pre> </div> <h3> Install Docker Compose </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-L</span> <span class="s2">"https://github.com/docker/compose/releases/download/v2.24.0/docker-compose-</span><span class="si">$(</span><span class="nb">uname</span> <span class="nt">-s</span><span class="si">)</span><span class="s2">-</span><span class="si">$(</span><span class="nb">uname</span> <span class="nt">-m</span><span class="si">)</span><span class="s2">"</span> <span class="nt">-o</span> /usr/local/bin/docker-compose <span class="nb">chmod</span> +x /usr/local/bin/docker-compose </code></pre> </div> <h3> Setup firewall </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ufw allow OpenSSH ufw allow 80 ufw allow 443 ufw <span class="nt">--force</span> <span class="nb">enable</span> </code></pre> </div> <h3> Create project directory and clone repository </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir</span> <span class="nt">-p</span> /var/www/&lt;your_project_dir_name&gt; <span class="nb">cd</span> /var/www/&lt;your_project_dir_name&gt; <span class="c"># Clone your repository (replace with your actual repository URL)</span> git clone https://github.com/yourusername/your-repo.git <span class="nb">.</span> </code></pre> </div> <p><strong>Note</strong>: If you have a private repository, you'll need to set up SSH keys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generate SSH key for GitHub access (as root)</span> ssh-keygen <span class="nt">-t</span> rsa <span class="nt">-b</span> 4096 <span class="nt">-C</span> <span class="s2">"your-email@example.com"</span> <span class="nt">-f</span> /root/.ssh/github_repo <span class="c"># Display public key to add to GitHub</span> <span class="nb">cat</span> /root/.ssh/github_repo.pub <span class="c"># Add to SSH config</span> <span class="nb">echo</span> <span class="s2">"Host github.com HostName github.com User git IdentityFile /root/.ssh/github_repo"</span> <span class="o">&gt;&gt;</span> /root/.ssh/config <span class="c"># Test connection</span> ssh <span class="nt">-T</span> git@github.com </code></pre> </div> <h2> 3. Setup Docker, Nginx, Github Actions in Next.js Project </h2> <p><strong><code>Dockerfile</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">node:18-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">dependencies</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm ci <span class="nt">--only</span><span class="o">=</span>production <span class="k">FROM</span><span class="w"> </span><span class="s">node:18-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm ci <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>npm run build <span class="k">FROM</span><span class="w"> </span><span class="s">node:18-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">runner</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">ENV</span><span class="s"> NODE_ENV production</span> <span class="k">RUN </span>addgroup <span class="nt">-g</span> 1001 <span class="nt">-S</span> nodejs <span class="k">RUN </span>adduser <span class="nt">-S</span> nextjs <span class="nt">-u</span> 1001 <span class="k">COPY</span><span class="s"> --from=dependencies /app/node_modules ./node_modules</span> <span class="k">COPY</span><span class="s"> --from=builder /app/.next ./.next</span> <span class="k">COPY</span><span class="s"> --from=builder /app/public ./public</span> <span class="k">COPY</span><span class="s"> --from=builder /app/package.json ./package.json</span> <span class="k">USER</span><span class="s"> nextjs</span> <span class="k">EXPOSE</span><span class="s"> 3000</span> <span class="k">CMD</span><span class="s"> ["npm", "start"]</span> </code></pre> </div> <p><strong><code>docker-compose.yml</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.8'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">nextjs-app</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">.</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">&lt;container_name&gt;</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">3000:3000'</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">NODE_ENV=production</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./logs:/app/logs</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">app-network</span> <span class="na">nginx</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">nginx-proxy</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">unless-stopped</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">80:80'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">443:443'</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./nginx.conf:/etc/nginx/nginx.conf:ro</span> <span class="pi">-</span> <span class="s">/etc/letsencrypt:/etc/letsencrypt:ro</span> <span class="pi">-</span> <span class="s">/var/www/certbot:/var/www/certbot:ro</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">nextjs-app</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">app-network</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">app-network</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">bridge</span> </code></pre> </div> <p><strong><code>nginx.conf</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">events</span> <span class="p">{</span> <span class="kn">worker_connections</span> <span class="mi">1024</span><span class="p">;</span> <span class="p">}</span> <span class="k">http</span> <span class="p">{</span> <span class="kn">upstream</span> <span class="s">nextjs</span> <span class="p">{</span> <span class="kn">server</span> <span class="nf">nextjs-app</span><span class="p">:</span><span class="mi">3000</span><span class="p">;</span> <span class="p">}</span> <span class="kn">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">&lt;your_domain_name&gt;.com</span> <span class="s">www.&lt;your_domain_name&gt;.com</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/.well-known/acme-challenge/</span> <span class="p">{</span> <span class="kn">root</span> <span class="n">/var/www/certbot</span><span class="p">;</span> <span class="p">}</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">301</span> <span class="s">https://</span><span class="nv">$server_name$request_uri</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kn">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">&lt;your_domain_name&gt;.com</span> <span class="s">www.&lt;your_domain_name&gt;.com</span><span class="p">;</span> <span class="kn">ssl_certificate</span> <span class="n">/etc/letsencrypt/live/&lt;your_domain_name&gt;.com/fullchain.pem</span><span class="p">;</span> <span class="kn">ssl_certificate_key</span> <span class="n">/etc/letsencrypt/live/&lt;your_domain_name&gt;.com/privkey.pem</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://nextjs</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">'upgrade'</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="kn">proxy_cache_bypass</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p><strong><code>.github/workflows/deploy.yml</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to VPS</span> <span class="na">on</span><span class="pi">:</span> <span class="na">push</span><span class="pi">:</span> <span class="na">branches</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">master</span><span class="pi">]</span> <span class="na">jobs</span><span class="pi">:</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">runs-on</span><span class="pi">:</span> <span class="s">ubuntu-latest</span> <span class="na">steps</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy to VPS</span> <span class="na">uses</span><span class="pi">:</span> <span class="s">appleboy/ssh-action@v0.1.5</span> <span class="na">with</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s">${{ secrets.HOST }}</span> <span class="na">username</span><span class="pi">:</span> <span class="s">${{ secrets.USERNAME }}</span> <span class="na">key</span><span class="pi">:</span> <span class="s">${{ secrets.PRIVATE_KEY }}</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">cd /var/www/&lt;your_project_dir_name&gt;</span> <span class="s">git pull origin master</span> <span class="s">docker-compose down</span> <span class="s">docker-compose build --no-cache</span> <span class="s">docker-compose up -d</span> <span class="s">docker system prune -f</span> </code></pre> </div> <p><strong>Push into git</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git add <span class="nb">.</span> git commit <span class="nt">-m</span> <span class="s2">"chore: setup deployment"</span> git push origin master </code></pre> </div> <h2> 4. Github Setup for Secrets </h2> <p>Go to GitHub Repository → Settings → Secrets and variables → Actions<br> Add these secrets:</p> <ul> <li> <code>HOST</code>: Your VPS IP address</li> <li> <code>USERNAME</code>: root</li> <li> <code>PRIVATE_KEY</code>: Content from ~/.ssh/github_actions file on previous step</li> </ul> <h2> 5. Domain and SSL Setup </h2> <h3> Setup DNS Records </h3> <p>In your domain registrar, point your domain to your VPS IP:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Type: A Record Name: @ (or leave blank) Value: YOUR_VPS_IP Type: A Record Name: www Value: YOUR_VPS_IP </code></pre> </div> <p><strong>Important</strong>: Wait for DNS propagation (5-30 minutes) before proceeding.</p> <h3> Phase 1: Initial HTTP-only Nginx Configuration </h3> <p>First, create a temporary HTTP-only nginx config to obtain SSL certificates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create temporary HTTP-only config</span> <span class="nb">sudo </span>nano /var/www/&lt;your_project_dir_name&gt;/nginx-temp.conf </code></pre> </div> <p>Add this temporary configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">events</span> <span class="p">{</span> <span class="kn">worker_connections</span> <span class="mi">1024</span><span class="p">;</span> <span class="p">}</span> <span class="k">http</span> <span class="p">{</span> <span class="kn">upstream</span> <span class="s">nextjs</span> <span class="p">{</span> <span class="kn">server</span> <span class="nf">nextjs-app</span><span class="p">:</span><span class="mi">3000</span><span class="p">;</span> <span class="p">}</span> <span class="kn">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">&lt;your_domain_name&gt;.com</span> <span class="s">www.&lt;your_domain_name&gt;.com</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/.well-known/acme-challenge/</span> <span class="p">{</span> <span class="kn">root</span> <span class="n">/var/www/certbot</span><span class="p">;</span> <span class="p">}</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://nextjs</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">'upgrade'</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="kn">proxy_cache_bypass</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Update docker-compose.yml for temporary config </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Update the nginx volumes in docker-compose.yml temporarily</span> <span class="c"># Change this line:</span> <span class="c"># - ./nginx.conf:/etc/nginx/nginx.conf:ro</span> <span class="c"># To:</span> <span class="c"># - ./nginx-temp.conf:/etc/nginx/nginx.conf:ro</span> </code></pre> </div> <h3> Start services with HTTP-only config </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd</span> /var/www/&lt;your_project_dir_name&gt; docker-compose up <span class="nt">-d</span> </code></pre> </div> <h3> Install Certbot and obtain SSL certificates </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install certbot</span> apt <span class="nb">install </span>certbot python3-certbot-nginx <span class="nt">-y</span> <span class="c"># Create certbot directory</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /var/www/certbot <span class="c"># Stop nginx container temporarily</span> docker-compose stop nginx <span class="c"># Get SSL certificates using standalone mode</span> certbot certonly <span class="nt">--standalone</span> <span class="se">\</span> <span class="nt">--preferred-challenges</span> http <span class="se">\</span> <span class="nt">-d</span> &lt;your_domain_name&gt;.com <span class="se">\</span> <span class="nt">-d</span> www.&lt;your_domain_name&gt;.com <span class="c"># Restart nginx container</span> docker-compose start nginx </code></pre> </div> <h3> Phase 2: Update to HTTPS Configuration </h3> <p>Now update your <code>nginx.conf</code> file with the HTTPS configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">events</span> <span class="p">{</span> <span class="kn">worker_connections</span> <span class="mi">1024</span><span class="p">;</span> <span class="p">}</span> <span class="k">http</span> <span class="p">{</span> <span class="kn">upstream</span> <span class="s">nextjs</span> <span class="p">{</span> <span class="kn">server</span> <span class="nf">nextjs-app</span><span class="p">:</span><span class="mi">3000</span><span class="p">;</span> <span class="p">}</span> <span class="kn">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">&lt;your_domain_name&gt;.com</span> <span class="s">www.&lt;your_domain_name&gt;.com</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/.well-known/acme-challenge/</span> <span class="p">{</span> <span class="kn">root</span> <span class="n">/var/www/certbot</span><span class="p">;</span> <span class="p">}</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">301</span> <span class="s">https://</span><span class="nv">$server_name$request_uri</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="kn">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">&lt;your_domain_name&gt;.com</span> <span class="s">www.&lt;your_domain_name&gt;.com</span><span class="p">;</span> <span class="kn">ssl_certificate</span> <span class="n">/etc/letsencrypt/live/&lt;your_domain_name&gt;.com/fullchain.pem</span><span class="p">;</span> <span class="kn">ssl_certificate_key</span> <span class="n">/etc/letsencrypt/live/&lt;your_domain_name&gt;.com/privkey.pem</span><span class="p">;</span> <span class="c1"># SSL security settings</span> <span class="kn">ssl_protocols</span> <span class="s">TLSv1.2</span> <span class="s">TLSv1.3</span><span class="p">;</span> <span class="kn">ssl_ciphers</span> <span class="s">ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384</span><span class="p">;</span> <span class="kn">ssl_prefer_server_ciphers</span> <span class="no">off</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://nextjs</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">'upgrade'</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="kn">proxy_cache_bypass</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Update docker-compose.yml back to HTTPS config </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Revert the nginx volumes in docker-compose.yml</span> <span class="c"># Change back to:</span> <span class="c"># - ./nginx.conf:/etc/nginx/nginx.conf:ro</span> </code></pre> </div> <h3> Final deployment with HTTPS </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Pull latest changes</span> git pull origin master <span class="c"># Restart with HTTPS configuration</span> docker-compose down docker-compose build <span class="nt">--no-cache</span> docker-compose up <span class="nt">-d</span> <span class="c"># Clean up</span> <span class="nb">rm </span>nginx-temp.conf docker system prune <span class="nt">-f</span> </code></pre> </div> <h3> Setup automatic SSL renewal </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Add cron job for automatic renewal (as root)</span> <span class="nb">echo</span> <span class="s2">"0 12 * * * /usr/bin/certbot renew --quiet &amp;&amp; docker-compose restart nginx"</span> | crontab - </code></pre> </div> <h3> Test your deployment </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Test HTTP redirect</span> curl <span class="nt">-I</span> http://&lt;your_domain_name&gt;.com <span class="c"># Test HTTPS</span> curl <span class="nt">-I</span> https://&lt;your_domain_name&gt;.com <span class="c"># Check SSL certificate</span> openssl s_client <span class="nt">-connect</span> &lt;your_domain_name&gt;.com:443 <span class="nt">-servername</span> &lt;your_domain_name&gt;.com </code></pre> </div> <h2> 6. Troubleshooting Common Issues </h2> <h3> Check container status </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># View running containers</span> docker ps <span class="c"># Check container logs</span> docker logs &lt;container_name&gt; docker-compose logs <span class="nt">-f</span> </code></pre> </div> <h3> Common fixes </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># If containers won't start</span> docker-compose down docker system prune <span class="nt">-f</span> docker-compose up <span class="nt">-d</span> <span class="c"># If SSL issues persist</span> <span class="nb">sudo </span>certbot certificates <span class="nb">sudo </span>certbot renew <span class="nt">--dry-run</span> <span class="c"># Check nginx configuration</span> docker <span class="nb">exec </span>nginx-proxy nginx <span class="nt">-t</span> <span class="c"># Restart specific services</span> docker-compose restart nginx docker-compose restart nextjs-app </code></pre> </div> <h3> Verify deployment </h3> <ul> <li>✅ HTTP redirects to HTTPS: <code>curl -I http://yourdomain.com</code> </li> <li>✅ HTTPS works: <code>curl -I https://yourdomain.com</code> </li> <li>✅ Containers running: <code>docker ps</code> </li> <li>✅ SSL certificate valid: Check browser or use SSL checker online</li> </ul> <p><strong>Achieved:</strong></p> <ol> <li>Auto deployment with Github Actions (single build) ✅ (~5 mins process)</li> <li>Custom domain with SSL/HTTPS encryption ✅</li> <li>Secure server setup with firewall ✅</li> <li>Automatic SSL certificate renewal ✅</li> </ol> docker nextjs react webdev