- Extended GitHub Actions workflow to deploy to server via rsync - Fixed favicon reference in index.html (favicon.png → favicon-48.png) - Added deploy-site.sh script for manual deployments - Added deploy-homepage.md documentation Co-Authored-By: Paperclip <noreply@paperclip.ing>
3.9 KiB
3.9 KiB
Deploying the Hatch Homepage
This document describes how the Hatch static homepage is deployed to hatch.surf.
Overview
The homepage is deployed to two locations:
- GitHub Pages - Serves as a fallback and for GitHub-based discovery
- hatch.surf server - Primary deployment at https://hatch.surf
Architecture
site/
├── index.html # Main homepage
├── style.css # Stylesheet
├── brand/ # Logo and favicon assets
│ ├── favicon/
│ └── og/
└── blog/ # Blog directory (placeholder)
Server Setup
Prerequisites
- Server: 46.250.250.48 (hatch.surf)
- nginx installed and configured
- Let's Encrypt certificate for hatch.surf
- SSH access for deployment
Nginx Configuration
The nginx server block is located at:
/etc/nginx/sites-available/hatch.surf.conf- Symlinked to
/etc/nginx/sites-enabled/hatch.surf.conf
Configuration highlights:
- HTTP → HTTPS redirect
- SSL with Let's Encrypt certificate
- Security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy)
- Gzip compression
- Static asset caching (30 days)
SSL Certificate
- Certificate managed by Let's Encrypt
- Auto-renewal via certbot
- Expiry: September 22, 2026
Deployment
Automated (GitHub Actions)
When changes are pushed to main branch affecting site/ directory:
- GitHub Pages - Deployed automatically via GitHub Actions
- Server - Deployed via rsync to
/var/www/hatch.surf/
Required GitHub secrets:
DEPLOY_HOST- Server IP (46.250.250.48)DEPLOY_USER- SSH username (root)DEPLOY_KEY- SSH private key (base64 encoded)
Manual Deployment
Use the deployment script:
# Dry run
./scripts/deploy-site.sh --dry-run
# Deploy
DEPLOY_HOST=46.250.250.48 \
DEPLOY_USER=root \
DEPLOY_KEY=$(cat ~/.ssh/id_rsa | base64) \
./scripts/deploy-site.sh
Direct rsync
rsync -avz --delete site/ root@46.250.250.48:/var/www/hatch.surf/
ssh root@46.250.250.48 "nginx -t && systemctl reload nginx"
Verification
Check Site Status
# HTTP redirect
curl -s -o /dev/null -w "%{http_code}" http://hatch.surf/
# HTTPS site
curl -s -o /dev/null -w "%{http_code}" https://hatch.surf/
# SSL certificate
curl -v https://hatch.surf/ 2>&1 | grep -E "expire|issuer|subject"
# Static assets
curl -s -o /dev/null -w "%{http_code}" https://hatch.surf/style.css
curl -s -o /dev/null -w "%{http_code}" https://hatch.surf/brand/og/default.png
Browser Verification
- Visit https://hatch.surf
- Verify no browser warnings (SSL valid)
- Check that all assets load (CSS, images)
- Test responsive design
Troubleshooting
SSL Certificate Issues
# Check certificate status
sudo certbot certificates
# Renew certificate manually
sudo certbot renew --cert-name hatch.surf
# Test nginx config
sudo nginx -t
Deployment Failures
- Check GitHub Actions logs
- Verify SSH access:
ssh root@46.250.250.48 - Check nginx status:
sudo systemctl status nginx - Check nginx logs:
sudo tail -f /var/log/nginx/error.log
Missing Assets
- Verify files exist on server:
ls -la /var/www/hatch.surf/brand/ - Check nginx access logs:
sudo tail -f /var/log/nginx/access.log - Ensure proper file permissions:
chown -R www-data:www-data /var/www/hatch.surf
Maintenance
Updating Content
- Edit files in
site/directory - Commit and push to
mainbranch - GitHub Actions will auto-deploy to both locations
SSL Renewal
Certbot is configured to auto-renew. To check renewal status:
sudo certbot renew --dry-run
Backup
The site is version-controlled in Git. For server backups:
# Backup nginx config
sudo tar -czf nginx-hatch-backup.tar.gz /etc/nginx/sites-available/hatch.surf.conf /etc/letsencrypt/live/hatch.surf/