Adventures in Automation, Part 3

Adventures in Automation, Part 3

This is the third article in a series documenting my quest to transform a $5/month VPS into a playground for experimenting with web programming technologies.

Last week, I left off with a GitHub Actions workflow that could automatically provision and deprovision my VPS at "test.siefken.us." That setup left me with a vanilla Ubuntu server—but no software, no settings, and none of the infrastructure I needed for my projects.

This next phase of the journey was by far the most complex part of the automation process. I put together a hefty bash script that does the following:

bash script

Despite the complexity of the script, it runs reliably every time I launch the provisioning workflow - a satisfying payoff! The GitHub workflow itself, by contrast, was delightfully simple to set up. It performs the following tasks:

  1. Downloads my infrastructure repository code
  2. Runs Terraform to provision the cloud resources as described in the code
  3. Sets up an SSH key (so I can remote into the server from my laptop)
  4. Copies setup files to the server securely
  5. Executes the bash script to finish configuring the system

Having all the details of your network, servers, and operating system codified into a few files that guarantee a consistent outcome every time you run them is strangely comforting. This practice, called "Infrastructure as Code" (IaC), is a cornerstone of the modern DevOps movement.

The Traefik Adventure

Once the server automation was in place, I hit a design snag. I didn't want to run dozens of separate apps on different ports or subdomains—it felt messy and created complications for web security. I needed a solution that could treat multiple services as one cohesive site. That's when I discovered Traefik, an open-source reverse proxy that does exactly that.

Traefik lets you combine several Docker containers into a unified web experience. However, setting it up wasn't exactly plug-and-play. While automating the server setup accounted for half the project's complexity, the other half was consumed by fiddling with Traefik's configuration.

One key challenge was figuring out Traefik's "middlewares"—components that reshape HTTP requests as they come in. Their order is surprisingly important, something I learned through trial and error. I also had to add specific configurations to handle quirks in some of my internal projects, such as ensuring certain requests ended with a forward slash.

Securing the Site

Setting up HTTPS with Traefik turned out to be another headache. Most tutorials and AI tools insisted on using automated certificate management, but I wasn't comfortable with that approach due to potential rate limits from Let's Encrypt. Instead, I opted to manage certificates manually.

It took some digging through Traefik's documentation (and more than a few false starts), but I eventually figured out how to configure Traefik to use certificates stored in an S3 bucket. The key was to use dynamic configuration rather than static configuration - a crucial distinction that wasn't obvious from the start.

A Final Note on Traefik

Throughout this entire process, I pronounced "Traefik" in my head as "tray-feek," imagining it as a fancy French term. To my amusement, I later discovered it's pronounced just like "traffic"! It even has a delightful logo:

docker/traefik

With my reverse proxy now up and running, my static site is humming along, and containerization awaits. But I'll save that adventure for the next article!

What sort of fun applications or tools would you host on your personal website powered by Traefik? Let me know in the LinkedIn comments!