Github Actions is a great tool for automating your workflows. It's built into Github and is free for public repositories. However, if you have a private repository, you will need to pay for Github Actions. This can be a bit expensive if you have a lot of repositories. There is a way to reduce the cost of Github Actions by using self hosted runners. This allows you to run your Github Actions workflows on your own servers. This can be a great way to reduce the cost of Github Actions.

To be fair, Github Actions does have a free tier for private repositories. However, this free tier only allows for 2000 minutes of build time per month. This can be a bit limiting if you have a lot of repositories or if you have a lot of builds.

The good news is that you can set up your own self hosted runner for free. This will allow you to run your Github Actions workflows on your own servers. This can be a great way to reduce the cost of Github Actions.

Setting up a Self Hosted Runner

To set up a self hosted runner, you will need to have a server that you can SSH into. This can be a server that you already have or it can be a new server that you create. It could also be something like a Raspberry Pi or a Virtual Machine hosted in the cloud.

To start, we will use Debian 12 (Bookworm) as our base operating system. This is the latest version of Debian and it is a great choice for a server. It is lightweight and it is easy to install. Once you have a running Debian 12 server, we can SSH into it and update and install some packages.

apt update && apt upgrade -y && \
apt-get install -y \
    curl nano git gnupg apt-transport-https ca-certificates \
    software-properties-common make gcc autoconf patch \
    build-essential rustc libssl-dev libyaml-dev libreadline6-dev \
    zlib1g-dev libgmp-dev libncurses5-dev libffi-dev libgdbm6 \
    libgdbm-dev libdb-dev uuid-dev htop libpq-dev

We'll then create a new user for our runner so that we don't have to run everything as root.

adduser --quiet --disabled-password --shell /bin/bash --home /home/developer --gecos "Developer" developer

The runner will need to be able to run Docker containers, so we'll need to install Docker.

install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update && apt install docker-ce -y

And the developer user will need to be able to run Docker containers without sudo.

usermod -aG docker developer

Since I typically use esbuild on my projects, It'll be best to install nodejs and yarn.

curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | \
    gpg --dearmor -o /etc/apt/nodesource.gpg && \
    echo "deb [signed-by=/etc/apt/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | \
    tee /etc/apt/sources.list.d/nodesource.list && \
    apt update && apt install nodejs -y && \
    npm install --global yarn

We can then log in as the developer user to install Ruby.

su - developer

On my development machines, I prefer to use asdf, but for a runner, rbenv is a great choice.

git clone https://github.com/rbenv/rbenv.git ~/.rbenv
echo 'eval "$(~/.rbenv/bin/rbenv init - bash)"' >> ~/.bashrc
git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build
git -C "$(rbenv root)"/plugins/ruby-build pull
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' | tee -a ~/.bashrc
source ~/.bashrc

We can then install the Github Actions Runner. You can check for the latest versions on the Github Actions Runner Releases page.

mkdir actions-runner && cd actions-runner
export RUNNER_VERSION="2.311.0"
curl -o actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz -L https://github.com/actions/runner/releases/download/v${RUNNER_VERSION}/actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz
tar xzf ./actions-runner-linux-x64-${RUNNER_VERSION}.tar.gz

You'll need to register this runner, so be sure to check out the steps below on how to do that. You'll need to run the registration script in the folder that you extracted the runner to. I keep the default settings in wizard of the script.

To register the runner, head over to one of your projects on Github and select the Actions > Runners. Then click on the New self-hosted runner button. Select your operating system and architecture.

Under the Configure section, there will be a script to run that starts with ./config.sh and ends with a token. Copy this script and run it on your server. This will register the runner with Github. This will need to be done in the folder that you extracted the runner to.

# ./config <- run the config registration script from below here.

Installing Ruby

We can now install our Ruby version. I've updated all of my projects to Ruby 3.3.0, so that's the version that I'll be using. However, modify this as needed. This is also assuming that you're installing this on an amd64 machine. If you're using a Raspberry Pi or something else, you'll need to modify the path. It's also important to let the runner know that we've installed Ruby so we will touch a file to let the runner know that this Ruby version is present.

export RUBY_VERSION="3.3.0"
ruby-build ${RUBY_VERSION} /home/developer/actions-runner/_work/_tool/Ruby/${RUBY_VERSION}/x64
touch /home/developer/actions-runner/_work/_tool/Ruby/${RUBY_VERSION}/x64.complete

Starting the Runner at boot

We'll edit the /etc/systemd/system/github-runner.service file and place the following contents in it. This will allow us to start the runner at boot.

[Unit]
Description=GitHub Runner
After=network.target

[Service]
User=developer
WorkingDirectory=/home/developer/actions-runner
ExecStart=/home/developer/actions-runner/run.sh
Restart=always
RestartSec=3
LimitNOFILE=4096

[Install]
WantedBy=multi-user.target

Reload systemd, enable and start the service

systemctl daemon-reload
systemctl enable github-runner
systemctl start github-runner

Conclusion

We now have a self hosted runner that we can use for our Github Actions workflows. This will allow us to run our workflows on our own servers. This can be a great way to reduce the cost of Github Actions. If you have any questions or comments, please feel free to reach out. I'm always happy to help.

One of the drawbacks with Kamal is that it doesn't have a built in way to update the servers. This is where Ansible comes in. Ansible is a tool that allows you to automate server configuration and deployment. But, in our case, we are going to use it to update our servers. This is a great solution for me since I already had some familiarity with Ansible and it's a great tool to have in your toolbelt. I need to look up some Ansible tricks a bit more to look at full server provisioning, but this will be a good start.

Note I am performing these steps with the assumption that you have already set up your Kamal servers and have them running. You can check out a recent episode on Kamal which covers deploying with Github Actions, but I also go through the steps of setting up the servers. I also have an older episode when Kamal was called MRSK which covers setting up the servers with a managed database and load balancer.

Note This Ansible playbook is also assuming that you'll be running this on a computer that has shell access to the servers that you're wanting to manage.

Setting up Ansible

Since I am on an Apple computer, I'm going to use Homebrew to install Ansible. If you're on a different platform, you can check out the Ansible installation documentation for more information.

brew install ansible

Understanding Ansible

This Ansible setup is going to have two different files. The first is the inventory file which will contain the list of servers that we want to manage. The second is the playbook.yml file which will contain the instructions for Ansible to run.

The inventory file will look something like this:

[server_group]
app1            ansible_host=PUBLIC_IP_ADDRESS_OF_SERVER
app2            ansible_host=PUBLIC_IP_ADDRESS_OF_SERVER

The inventory has different groups of servers. In this case, we only have one group called server_group. This group contains two servers. The first server is called app1 and the second server is called app2. You can add as many servers as you want to this group. You can also create multiple groups if you want to manage different servers with different playbooks. You will want to replace the PUBLIC_IP_ADDRESS_OF_SERVER with the public IP address of your server. This should be the same IP address that you use to SSH into your server and that you have set up in the Kamal deploy.yml file.

The playbook.yml file will look something like this:

---
- name: Update and Upgrade Packages on Servers Sequentially
  hosts: all
  serial: 1
  become: yes

  tasks:
    - name: Run apt update and apt upgrade on servers
      apt:
        update_cache: yes
        upgrade: yes
        cache_valid_time: 3600
      register: apt_update

    - name: Pause for 2 minutes before next server update
      pause:
        minutes: 2
      when: apt_update.changed

This is a bit more complicated because we have some additional things to take into consideration. The first thing to note is that we are running the playbook on all servers in the inventory. This is because we want to update all of the servers. However, we don't want to update them all at the same time. This is where the serial option comes in. This will tell Ansible to run the playbook on one server at a time. This is important because we don't want to take down our application while we are updating the servers. This could happen if there was an update to Docker. If we updated Docker on all of the servers at the same time, then our application would be down until the update was complete. This is why we want to update the servers one at a time.

The become option tells Ansible to run the commands as the root user. This is important because we need to be able to update the packages on the server. If we didn't have this option, then we would get an error when trying to update the packages.

The tasks section is where we define the tasks that we want Ansible to run. The first task is to run the apt update and apt upgrade commands. This will update all of the packages on the server. The register option tells Ansible to store the output of the command in a variable called apt_update. This will be used in the next task.

The second task is to pause for 2 minutes before running the next server update. This is important because we want to make sure that the server is fully updated before we update the next server. The when option tells Ansible to only run this task if the apt_update variable has changed. This will only happen if the server was updated. If the server was already up to date, then this task will not run.

Running the Ansible Playbook

Now that we have our playbook and inventory files set up, we can run the playbook using the following command:

ansible-playbook -i inventory playbook.yml

This will run the playbook on all of the servers in the inventory file. You should see something like this:

PLAY [Update and Upgrade Packages on Servers Sequentially] *********

TASK [Gathering Facts] *********************************************
ok: [app1]

TASK [Run apt update and apt upgrade on servers] *******************
ok: [app1]

TASK [Pause for 2 minutes before next server update] ***************
skipping: [app1]

PLAY [Update and Upgrade Packages on Servers Sequentially] *********

TASK [Gathering Facts] *********************************************
ok: [app2]

TASK [Run apt update and apt upgrade on servers] *******************
ok: [app2]

TASK [Pause for 2 minutes before next server update] ***************
skipping: [app2]

PLAY RECAP *********************************************************
app1 : ok=2 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
app2 : ok=2 changed=0 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0

You can see that the playbook ran on both servers and that the apt update and apt upgrade commands were run. You can also see that the Pause for 2 minutes before next server update task was skipped. This is because the server was already up to date.

I hope that this helps close another gap in the Kamal deployment process. I'm looking forward to seeing what else is in store for Kamal and I'm excited to see what the future holds for Ruby on Rails deployments.

To start, there's some value in asking ChatGTP what they think about using SQLite in production. So, the below information is from ChatGPT and it has some interesting points. However, some of these points are flawed and I don't agree with them. So, this is another example where you must take everything with a grain of salt when it comes to generative AI content.

My responses will be in italics next to the points made by ChatGPT.

Pros of Using SQLite in Production:

Simplicity and Maintenance: SQLite requires no separate server process or system to operate. Its serverless nature makes it easy to set up, backup, and maintain. Keep in mind that this is requiring you to install the sqlite service on the server that will be using the database. This isn't a big deal as the sqlite3 binary is about 4MB. Though, it doesn't run as a service so it is simple to manage.

Portability: All the data in an SQLite database is stored in a single file, making it extremely easy to transfer, copy, or backup. This is true. However, you may want to be careful in situations where you could run out of disk space. Make sure that you have proper monitoring in place on the server. Also, while I've never confirmed that this could be an issue, but this is also putting all of your eggs in one basket. If there was ever an issue with the file being corrupted then it could be a total loss. Again, I've never seen this happen, but I also don't use SQLite enough to have experienced this.

Low Resource Footprint: It’s lightweight and requires minimal memory, making it suitable for devices with limited resources like IoT devices or mobile applications. The IoT devices and mobile applications is where I have seen this the most. While a default Ruby on Rails application does come with SQLite as the default database engine, typically it isn't seen in a production setting.

Consistent Performance: For applications with a moderate load and where the read operations far outnumber the write operations, SQLite can deliver consistent and fast performance. There's no network hops to worry about. Optimized SQL queries are often not the slow point of the application. Even with network latency it's often a tiny amount such that you won't notice. If we're talking about a huge application that's service millions of requests per second then these network hops could add up with a traditional database.

ACID Compliant: SQLite transactions are ACID compliant, ensuring data integrity even after system crashes or power failures. Atomic, consistent, isolated, and durable (ACID). It's true that SQLite has come a long way in terms of integrity and reliability of handling the data. However, with system crashes or power failures, database corruptions can occur especially on systems where RAID systems are configured improperly. If the RAID cache is set to write-back, you get better performance but could end up in a situation where there is data loss or corruption.

Cross-Platform: SQLite is cross-platform and can be used on all major operating systems, including Windows, Linux, and macOS. In terms of deploying a Ruby on Rails application, this is kind of a moot point as we will typically not change the platform the application is hosted on.

Free and Open-Source: SQLite is free to use and is released under the Public Domain license, which means it can be used for any purpose, including commercial applications. The same could be said for MySQL (or MariaDB) and PostgreSQL. MySQL is GPL licensed which probably doesn't make a difference if you're hosting your own application and not distributing it.

No Configuration: SQLite doesn’t require any configuration or setup, making it easy to use for beginners. Yes, properly configuring a MySQL or PostgreSQL instance can be difficult and should be done properly for optimal performance. However, using a managed service with AWS, GCP, Digital Ocean, Azure, etc. will often have a decent configuration that you don't need to worry about.

No Dependencies: SQLite doesn’t have any dependencies, which means it can be used in any programming language or framework. While MySQL and PostgreSQL have dependencies and you'll need to install some libraries on the server, they're well documented steps and usually not a big deal.

Cons of Using SQLite in Production:

Concurrency Issues: SQLite is not ideal for applications with a high level of concurrent write operations. It locks the entire database during a write operation, which can cause a bottleneck. If we're working on a single threaded application since we're talking about smaller applications without too much traffic, this will not really be an issue. However, it does bring up a good point for any kind of background workers that occur asynchronous. Even though SQLite does a good job at handling transactions, it is easy to get ourselves into situations of Deadlocks when background jobs are trying to write to the database at the same time.

Not Suited for Large Databases: While SQLite supports database files up to 140 TB, it’s generally not the best choice for very large datasets due to potential performance issues. Most databases will never reach 140TB. But this does not talk to file system limits. This is really a moot point since modern file systems exceed SQLite's limits, but if you're file system was improperly set (to something like Fat32), then you could easily reach the 4GB limit. Most likely, if your database was even getting to a fraction of this size, you'll have other issues to be concerned with; system resources, performance issues, etc.

Limited Built-in Features: Unlike more robust RDBMS like PostgreSQL or MySQL, SQLite doesn’t have a wide range of built-in tools or support for stored procedures, right out of the box. It supports the important ones like JSON data types. Typically, we don't use stored procedures in Ruby on Rails applications since the ActiveRecord ORM is powerful enough in most cases.

Limited Security: SQLite doesn’t have built-in support for user management or access control, making it less secure than other RDBMS. While this can be a critical aspect in some scenarios, the Ruby on Rails applications will likely not need this level of access control. However, it does speak to the vulnerability of the database as it will be much easier to make a copy of if the system is ever breached. In a traditional deployment, there's still nothing that could really stop the attacker if they gained access to the machine, but it does offer some levels of obfuscation if they don't know about how Rails handles credentials. But, the reality is that if a bad actor has gained access to your machine, all bets are already off and you're in a very bad situation.

No Client-Server Model: SQLite doesn’t have a client-server model, which means it can’t be accessed by multiple users at the same time. This is going to be a big issue if High Availability is a concern. Typically, we will have a load balancer as the SSL termination point and it will route the traffic to one of the available web servers. This is a deal breaker in many situations as using SQLite in a production setting could mean that you have downtime during deployments. You lose the ability for rolling deployments and have basically put all eggs in one basket. Depending on your deployment strategy, it could also mean that you're having to maintain a server instead of being able to manually or automatically provision and scale up new web servers.

Conclusion

So, there's some pros and cons to using SQLite in production. I think that the pros are valid, but the cons must also be taken into consideration. The recent push for using SQLite in production isn't necessarily a bad direction, but shouldn't be blindly followed. There's a lot of factors that go into deciding what database engine to use. I think that SQLite is a great choice for smaller applications that don't have a lot of traffic. It is also a good choice when architecture simplicity is a concern. Just make sure that you're weighing all of your options and understand the consequences and benefits of your choices. There's no one size fits all solution in this case. Also keep in mind that a lot of platforms will have a free tier or a cheap tier for managed database engines. You can get a lot of value out of these services and it will be much easier to scale up in the future if you need to. I think that the biggest concern is the lack of High Availability This is a deal breaker for most applications that are going to be deployed in a production setting. However, for non-revenue generating applications or applications that are not mission critical, SQLite could be a good choice.

Prerequisites

Before you begin, make sure you have the following tools installed on your system:

Docker: Ensure Docker is installed and running on your machine. You can follow the installation guide on the official Docker website.

Docker Compose: Make sure Docker Compose is installed. You can find installation instructions on the official Docker Compose website.

OpenSSL: Required for generating SSL certificates. You can install OpenSSL through your package manager or download it from the official OpenSSL website.

Configuration

Create a docker-compose.yml file in your project directory and copy the following content:

services:
  meilisearch:
    image: getmeili/meilisearch:v1.1
    restart: always
    ports:
      - '7700:7700'
    environment:
      - MEILI_MASTER_KEY=key
    volumes:
      - meili_data:/meili_data

  nginx:
    image: nginx:stable-alpine
    restart: always
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - /home/ubuntu/cert.pem:/etc/nginx/certs/fullchain.pem
      - /home/ubuntu/key.pem:/etc/nginx/certs/privkey.pem
    depends_on:
      - meilisearch

volumes:
  meili_data:

This configuration file sets up two services: MeiliSearch and Nginx.

Meilisearch service:

You should replace the key value with a random string. This key will be used to secure your MeiliSearch instance. You can generate a random string using the following command:

openssl rand -hex 16

Nginx service:

There's a bit more config to do with the Nginx service. We can create a ssl certificate using OpenSSL. We will use this certificate to enable SSL encryption for our MeiliSearch instance. You can generate a self-signed certificate using the following command:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -subj "/CN=yourdomainname" -nodes

Then we can create a configuration file called nginx.conf and copy the following content:

events {
    worker_connections 1024;
}
http {
    server {
        listen 80;
        server_name yourdomainname;
        return 301 https://$host$request_uri;
    }
    server {
        listen 443 ssl;
        server_name yourdomainname;
        ssl_certificate /etc/nginx/certs/fullchain.pem;
        ssl_certificate_key /etc/nginx/certs/privkey.pem;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
        location / {
            proxy_pass http://meilisearch:7700;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }
}

You'll want to update the appropriate values for your domain name and SSL certificate paths.

Running the application

Now that we have our configuration files ready, we can run the application using the following command:

docker compose up -d

This will start both services in the background. You can check the status of your services using the following command:

docker compose ps

You should see something like this:

Name                Command               State           Ports
--------------------------------------------------------------------------------
meilisearch         ...                   Up              ..
nginx               ...                   Up              ..

The -d in the docker compose up -d command tells Docker to run the services in the background.

This will also cause the services to restart automatically if they crash or if you reboot the machine.

Thanks for reading!

So, I've recently formatted my primary desktop which is running macOS 13.2.1 and figured that I would document my steps on my preferred way of installing Ruby as well as getting YJIT to work. It's important to note that this is also an Apple Silicon machine. These steps should work regardless of which Apple Silicon you're using.

First, I'll install homebrew. This will automatically install the Command Line Tools for Xcode.

/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

You'll then be prompted to run some additional commands.

(echo; echo 'eval "$(/opt/homebrew/bin/brew shellenv)"') >> /Users/$(whoami)/.zprofile
eval "$(/opt/homebrew/bin/brew shellenv)"

We can then start our install of Ruby. However, there are a few things that we should do first. Firstly, we need to select a manager for our Ruby interpreter. I normally use RVM as it's what I used for the longest time. It works well and I never had any complaints. However, with Ruby 3.2.1, we're also going to need an installation of Rust if we want to enable YJIT. So, instead of RVM, I'm going to be using ASDF.

brew install asdf
echo -e "\n. $(brew --prefix asdf)/libexec/asdf.sh" >> ${ZDOTDIR:-~}/.zshrc
source ~/.zshrc

Now that we have a manager for our Ruby and Rust, we can now proceed to install Rust.

asdf plugin add rust
asdf install rust latest
asdf global rust latest

Now that Rust is installed, we can proceed with our Ruby installation. Normally there are some dependencies that we need to handle, but luckily, asdf will take care of that for us.

asdf plugin add ruby

However, there is a strange thing with the mapping of the libraries so if we were to try and install Ruby right now, it would fail. So let's take care of this. This is around the libyaml package and we need to set some environment variables for this. I've added all four of these to my ~/.zshrc so that Ruby can install properly and YJIT is enabled out of the box.

brew install openssl@3 readline libyaml gmp
echo 'export LDFLAGS="-L$(brew --prefix libyaml)/lib"' >> ~/.zshrc
echo 'export CPPFLAGS="-I$(brew --prefix libyaml)/include"' >> ~/.zshrc
echo 'export RUBY_YJIT_ENABLE=1' >> ~/.zshrc
echo 'export RUBY_CONFIGURE_OPTS=--enable-yjit' >> ~/.zshrc
source ~/.zshrc
asdf install ruby 3.2.1
asdf global ruby 3.2.1

I had to restart my terminal, but once I did, everything seemed to work as expected.

ruby -v
ruby 3.2.1 (2023-02-08 revision 31819e82c8) +YJIT [arm64-darwin22]

As mentioned earlier, there are scenarios where you need to update your code on multiple repositories, and doing so manually can be time-consuming and error-prone. For instance, you may have a blog that you want to host on multiple domains, but instead of redirecting users to a new site, you prefer to update the content on both domains simultaneously. In such cases, you can use Git to push changes to multiple repositories with just a few commands.

To push code to multiple repositories, you first need to initialize your Git repository and push the changes to one of the repositories. In our example, let's say we push the changes to the repository kobaltz/blog-kobaltz.git. Now, we want to push the same code to another repository kobaltz/blog-driftingruby.git. To achieve this, we can add another push URL to our .git/config file using the following command:

git remote set-url --add --push origin git@github.com:kobaltz/blog-driftingruby.git

This command adds a new push URL to the origin remote and sets it to the git@github.com:kobaltz/blog-driftingruby.git repository. Now, whenever you commit your changes and push them, Git will push the changes to both repositories.

You can verify that the push URL has been added by running the following command:

git remote -v

This command will display the two push URLs under the origin remote, as shown below:

origin  git@github.com:kobaltz/blog-kimura.git (fetch)
origin  git@github.com:kobaltz/blog-kimura.git (push)
origin  git@github.com:kobaltz/blog-driftingruby.git (push)

Now, your code is being pushed to two repositories with minimal effort. If you ever want to remove one of the push URLs, you can do so by using the following command:

git remote set-url --delete --push origin git@github.com:kobaltz/blog-driftingruby.git

In this article, we've explored a simple solution to push code to multiple repositories using Git. By adding a new push URL to the origin remote, we can push changes to multiple repositories with minimal effort. This technique can be useful in scenarios where you need to update your code on multiple domains or repositories. And, remember that you can use different services as well for the push URLs; one pointing to GitHub and another pointing to GitLab.

By consolidating your code base and keeping multiple repositories up to date, you can simplify your workflow and save time. Give this approach a try and see how it works for you. Happy coding!

Sure, having a CI/CD platform to do this is probably ideal, but for little programs or just sometimes in general, it may be handy to know this.

If you have a spare Intel machine laying around, you can turn it into a build server. Get something like Ubuntu installed on there and install the latest Docker. On your development machine, copy your publish SSH key over to this build server.

So now you you have your server set up and you want to build your Docker image for an x86/amd64 platform. Typically, you would run a command like this below to target the platform.

docker buildx build -f Dockerfile --platform linux/amd64 .

And this will work, but what you'll notice is that this is an extremely slow process. The Apple Silicon chips are amazing and are the fastest machines I've ever used. However, when emulating the x86 instructions to build a docker image, it takes such a long time. I've seen this take over an hour on larger and more complex projects.

Just as an example. Here we have a very simple Ruby on Rails application that has little moving parts. I'm using things like esbuild and css-bundling, but nothing fancy. On the M1 chip, it took over 250 seconds to build the image.

# Apple Silicon
[+] Building 316.4s (23/23) FINISHED

However, on a AMD 5900X server, I have a Virtual Machine running on there which has Docker installed. Running the exact same project on there took much less time.

# AMD 5900X
[+] Building 62.3s (24/24) FINISHED

So, the main concern here is that I do not want to interrupt my normal process on how I build images or handle things. It would be a pain to push up my code, ssh into the build server, pull it down, and then build the image. This is a lot of steps, but luckily there is a MUCH easier way to do this.

Docker's buildx build command has a flag that we can specify a specific builder.

So, we can create this builder on our local machine. The nice part about this creation is that it is idempotent, so you can run this command many times without changing the result. All we have to do is to create a builder profile and in this case I have named it amd64_builder.  Since this builder is a pool of resources, I give a name to for the VM. I'm also specifying the platform that I'm building against and then pass in the SSH url for my builder machine.

docker buildx create \
  --name amd64_builder \
  --node linux_amd64_builder \
  --platform linux/amd64 \
  ssh://USERNAME@IP_ADDRESS_OF_BUILDER

Now, I can build and push the image to the registry. The magical flag that we'll use is --builder as we can now specify the builder VM. The rest of the buildx command is the same as we would expect.

docker buildx build \
  --builder amd64_builder \
  --tag USERNAME/REPONAME:TAG \
  --push .

In some cases, I've seen this go almost 10x faster than the amd64 emulation on the M1 chip. If you have a spare Intel/AMD machine laying around, this may be a worthwhile adventure.

Installation

brew install magic-wormhole

Linux (Debian/Ubuntu)

sudo apt install magic-wormhole

Usage

To send a file, you simply use the wormhole command and specify which file you wish to send.

➜  ~ wormhole send server.log
Sending 1.1 GB file named 'server.log'
Wormhole code is: 5-hydraulic-snowslide
On the other computer, please run:

wormhole receive 5-hydraulic-snowslide

Now that we have specified which file we want to send, we've been provided with a "wormhole code" that we can use on the receiving end.

wormhole receive 5-hydraulic-snowslide

And that's all we have to do! On the receiving computer, we've downloaded the requested file! In the past, I would have used scp or ftp but remembering the syntax, while isn't too difficult, can prove to be challenging at times especially if nonstandard ports are used or if ports aren't opened up on the firewall to make the connection.

➜  ~ wormhole receive 5-hydraulic-snowslide
Receiving file (1.1 GB) into: server.log
ok? (y/N): y
Receiving (->tcp:some-external-ip:65250)..
 80%|█████████████████▏               | 859M/1.07G [00:04<00:01, 206MB/s]

Recently, I found out about Portainer for managing a docker environment. Think of this as a kubernetes-lite. This isn't good for any kind of production use case, but does have some benefits for at home management of a local docker instance.

So in this illustration, we have a request coming in on 443. This request could be using the domain name c1.mydomain.com and there could be another request coming in from c2.mydomain.com.

Previously, you would have a certificate for both subdomains and would need to set up the appropriate port forwarding for each subdomain to the appropriate server. This is a huge pain, so, instead, this is where a wildcard certificate can come in handy.

In this particular scenario, I have an nginx proxy which will be used to route all of the traffic coming in to my network. This is handy because I can use this reverse proxy for SSL termination and also routing the traffic to various servers based on the domain name. This doesn't have to be a powerful server. You could even use a Raspberry Pi to route this traffic. Again, this is for a home server and not really production grade.

You will need some prerequisites. And I also use CloudFlare's DNS for handling these wildcard domains. This is nice because certbot and cloudflare play pretty nicely to automatically verify the challenges via their API.

apt install certbot letsencrypt python3-certbot-dns-cloudflare

If you already have certbot and the necessary extensions installed, you can simply run this script to get a wildcard certificate.

sudo certbot certonly \
     --cert-name mydomain.com \
     --dns-cloudflare \
     --dns-cloudflare-credentials /etc/letsencrypt/cloudflareapi.cfg \
     --server https://acme-v02.api.letsencrypt.org/directory \
     -d "*.mydomain.com" \
     -d mydomain.com

So, now we can configure our nginx proxy to take any request from this domain and forward it over to my docker host.

server {
  server_name *.mydomain.com;
  server_name ~^(?<subdomain>.+)\.mydomain\.com$;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  # proxy_next_upstream error timeout http_502;
  location / {
    proxy_pass http://DOCKER_HOST_IP_ADDRESS;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_buffering off;
  }
  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
  return 301 https://$host$request_uri;
  listen 80 ;
  listen [::]:80 ;
  server_name *.mydomain.com;
  server_name ~^(?<subdomain>.+)\.mydomain\.com$;
}

In another blog article, I'll describe how I set up the Docker host to take in these requests from the nginx server.