Hero Image
CI/CD & Production Infrastructure for a Social App

Production Infrastructure & CI/CD for a Social App Launch Client Puzzle Master β€” a social matching platform Challenge The startup had a production-ready Nest.js backend and Angular frontend, but zero infrastructure: deployments were manual, there was no CI/CD, no monitoring, no backups, and no separation between dev and prod environments. The goal was to build a complete DevOps stack from scratch before the public launch. Solution 1. Application Containerization Multi-stage Dockerfile for backend (Nest.js + Prisma, non-root user) Multi-stage Dockerfile for frontend (Angular 12, legacy OpenSSL, Nginx for static assets) Docker Compose full stack: PostgreSQL 15, Redis 7, imgproxy, Nginx Healthchecks and depends_on for correct startup ordering Isolated dev and prod environments in /opt/dev and /opt/prod 2. GitLab CI/CD Migration of repository from Bitbucket to GitLab Pipeline for backend and frontend: build β†’ push β†’ deploy GitLab Container Registry for Docker image storage Automatic deploy to dev on every push; manual trigger for prod SSH deployment to VPS via SSH_PRIVATE_KEY 3. Nginx Reverse Proxy Environment-agnostic config via envsubst for dev/prod parity SSL/TLS (TLSv1.2, TLSv1.3) with Cloudflare certificates Routing: /api/* β†’ backend:4000, /* β†’ frontend:80 www β†’ root domain redirect (301) Separate imgproxy stack with SSL termination 4. Security (Ansible) Server hardening via Ansible: SSH key-only auth, root login disabled UFW Firewall: only ports 80, 443, and custom SSH open Database accessible only via SSH tunnel All secrets stored in GitLab CI/CD variables 5. Monitoring Prometheus + Grafana with automated dashboard provisioning Exporters: Node, cAdvisor, Postgres, Redis, Nginx, Blackbox 5 Grafana dashboards: server, Docker containers, PostgreSQL, Redis, Nginx Alertmanager with Slack/webhook integration; alerts on CPU/RAM/Disk/API/SSL 6. Database Backups Automated pg_dump every hour gzip compression and upload to S3-compatible object storage (Cloudflare R2) Prometheus backup metrics: success status, size, timestamp Alerts: DatabaseBackupMissing, DatabaseBackupFailed, DatabaseBackupSizeAnomaly Technologies GitLab CI Docker Ansible Prometheus Nginx PostgreSQL Results βœ… Deploy: git push to main β†’ automatic build and deploy to server βœ… Environments: full dev/prod isolation on a single VPS βœ… Monitoring: 5 dashboards, alerts across 6 categories βœ… Backups: automated hourly pg_dump to Cloudflare R2 βœ… Security: UFW, key-based SSH, database inaccessible from outside βœ… Scalability: architecture ready for database extraction to a dedicated server