# Deployment — bigscreen10.maxbrandenbarg.nl Static site behind nginx + basic-auth on a VPS. Auto-deploys via GitHub Actions on every push to `main`. ## How it deploys ``` GitHub Desktop ─push→ GitHub ─Action runs→ rsync over SSH → /var/www/bigscreen10 ``` You only push from your laptop. The server doesn't pull anything itself. --- ## One-time setup (do this once, in order) ### 1. GitHub repo Create a private repo on your account (GitHub.com → New → Private). Name it `bigscreen10` (or anything — doesn't have to match the subdomain). In GitHub Desktop: File → Add local repository → point at this folder → Publish to your account, **Keep this code private** checked. ### 2. DNS Add an A-record at your DNS host: | Name | Type | Value | | ------------- | ---- | ----------------- | | `bigscreen10` | A | *your VPS IP* | Wait for it to propagate (usually a minute or two). Verify with `ping bigscreen10.maxbrandenbarg.nl` — it should resolve to the VPS IP. ### 3. SSH deploy key On your laptop, generate a key dedicated to GitHub Actions (no passphrase): ```bash ssh-keygen -t ed25519 -f ~/.ssh/bigscreen10_deploy -N "" -C "github-actions-bigscreen10" ``` This creates `~/.ssh/bigscreen10_deploy` (private) and `~/.ssh/bigscreen10_deploy.pub` (public). Add the public key to your VPS's `authorized_keys`: ```bash ssh-copy-id -i ~/.ssh/bigscreen10_deploy.pub root@YOUR_VPS_IP # or manually: scp the .pub up and append to ~/.ssh/authorized_keys ``` ### 4. GitHub Secrets In the GitHub repo → Settings → Secrets and variables → Actions → New repository secret. Add: | Name | Value | | ----------------- | -------------------------------------------------- | | `SSH_HOST` | Your VPS IP or hostname (e.g. `vps.example.com`) | | `SSH_USER` | `root` (or your deploy user) | | `SSH_PRIVATE_KEY` | Paste the **contents** of `~/.ssh/bigscreen10_deploy` (the private key — starts with `-----BEGIN OPENSSH PRIVATE KEY-----`) | | `SSH_PORT` | *(optional)* SSH port if not 22 | ### 5. Provision the VPS SSH into your VPS and run the setup script. It needs `nginx` and `certbot` installed already (`sudo apt install nginx certbot python3-certbot-nginx`). ```bash git clone git@github.com:YOUR_USER/bigscreen10.git /tmp/bigscreen10-setup cd /tmp/bigscreen10-setup bash deploy/setup-vps.sh rm -rf /tmp/bigscreen10-setup ``` The script will: - Create `/var/www/bigscreen10` with a "Coming soon" placeholder - Prompt you for a basic-auth username + password and write `/etc/nginx/.htpasswd-bigscreen10` - Install the nginx site config and enable it - Run `certbot --nginx` to issue a Let's Encrypt SSL cert (needs DNS to be live) - Reload nginx --- ## Day-to-day Edit files in `timeline/` → commit + push via GitHub Desktop → Actions runs in ~30s → live at `https://bigscreen10.maxbrandenbarg.nl` (behind the basic-auth prompt). ## Updating the basic-auth password On the VPS: ```bash sudo htpasswd /etc/nginx/.htpasswd-bigscreen10 USERNAME sudo systemctl reload nginx ``` (`apt install apache2-utils` if `htpasswd` isn't there.) ## Removing the basic-auth gate (once you're ready to launch publicly) Edit `/etc/nginx/sites-available/bigscreen10` on the VPS, comment out: ```nginx # auth_basic "Bigscreen 10 Years (preview)"; # auth_basic_user_file /etc/nginx/.htpasswd-bigscreen10; ``` Then `sudo nginx -t && sudo systemctl reload nginx`. ## Files - `.github/workflows/deploy.yml` — GitHub Actions workflow (rsync over SSH on push to main) - `deploy/nginx-bigscreen10.conf` — nginx site config (basic-auth + SSL + caching) - `deploy/setup-vps.sh` — one-time VPS provisioning script - `deploy/README.md` — this file