CI/CD & Production Infrastructure for a Social App
Production Infrastructure & CI/CD for a Social App Launch
Client
Puzzle Master β a social matching platform
Challenge
The startup had a production-ready Nest.js backend and Angular frontend, but zero infrastructure: deployments were manual, there was no CI/CD, no monitoring, no backups, and no separation between dev and prod environments. The goal was to build a complete DevOps stack from scratch before the public launch.
Solution
1. Application Containerization
- Multi-stage Dockerfile for backend (Nest.js + Prisma, non-root user)
- Multi-stage Dockerfile for frontend (Angular 12, legacy OpenSSL, Nginx for static assets)
- Docker Compose full stack: PostgreSQL 15, Redis 7, imgproxy, Nginx
- Healthchecks and
depends_onfor correct startup ordering - Isolated dev and prod environments in
/opt/devand/opt/prod
2. GitLab CI/CD
- Migration of repository from Bitbucket to GitLab
- Pipeline for backend and frontend: build β push β deploy
- GitLab Container Registry for Docker image storage
- Automatic deploy to dev on every push; manual trigger for prod
- SSH deployment to VPS via
SSH_PRIVATE_KEY
3. Nginx Reverse Proxy
- Environment-agnostic config via
envsubstfor dev/prod parity - SSL/TLS (TLSv1.2, TLSv1.3) with Cloudflare certificates
- Routing:
/api/*β backend:4000,/*β frontend:80 - www β root domain redirect (301)
- Separate imgproxy stack with SSL termination
4. Security (Ansible)
- Server hardening via Ansible: SSH key-only auth, root login disabled
- UFW Firewall: only ports 80, 443, and custom SSH open
- Database accessible only via SSH tunnel
- All secrets stored in GitLab CI/CD variables
5. Monitoring
- Prometheus + Grafana with automated dashboard provisioning
- Exporters: Node, cAdvisor, Postgres, Redis, Nginx, Blackbox
- 5 Grafana dashboards: server, Docker containers, PostgreSQL, Redis, Nginx
- Alertmanager with Slack/webhook integration; alerts on CPU/RAM/Disk/API/SSL
6. Database Backups
- Automated
pg_dumpevery hour - gzip compression and upload to S3-compatible object storage (Cloudflare R2)
- Prometheus backup metrics: success status, size, timestamp
- Alerts:
DatabaseBackupMissing,DatabaseBackupFailed,DatabaseBackupSizeAnomaly
Technologies
Results
β
Deploy: git push to main β automatic build and deploy to server
β
Environments: full dev/prod isolation on a single VPS
β
Monitoring: 5 dashboards, alerts across 6 categories
β
Backups: automated hourly pg_dump to Cloudflare R2
β
Security: UFW, key-based SSH, database inaccessible from outside
β
Scalability: architecture ready for database extraction to a dedicated server
Architecture
Duration
42 hours (Docker, CI/CD, monitoring, alerting, backups, documentation)
Cost
from $1,300