如何使用 SST 和 Docker 将 Nextjs 应用程序部署到 Hetzner VPS

pnpx sst@ion init

pnpm install

# sst.sstsst.config.tstsconfig.json

/// export default $config({  app(input) {    return {      name: "next-self-hosted",      removal: input?.stage === "production" ? "retain" : "remove",      home: "aws",    };  },  async run() {},});

/// export default $config({  app(input) {    return {      name: "next-self-hosted",      removal: input?.stage === "production" ? "retain" : "remove",      home: "local",    };  },  async run() {},});

pnpm sst add tlspnpm sst add hcloudpnpm install

// in the run() function:// generate an ssh keyconst sshkeylocal = new tls.privatekey("ssh key - local", {  algorithm: "ed25519",});// add the ssh key to hetznerconst sshkeyhetzner = new hcloud.sshkey("ssh key - hetzner", {  publickey: sshkeylocal.publickeyopenssh,});

pnpm sst deploysst ❍ ion 0.1.90  ready!➜  app:        next-self-hosted   stage:      antonprudkohliad~  deploy|  created     ssh key - local tls:index:privatekey|  created     ssh key - hetzner hcloud:index:sshkey✓  complete

// in the run() function:// create a server on hetznerconst server = new hcloud.server("server", {  image: "docker-ce",  servertype: "cx22",  location: "nbg1",  sshkeys: [sshkeyhetzner.id],});

pnpm sst deploysst ❍ ion 0.1.90  ready!➜  app:        next-self-hosted   stage:      antonprudkohliad~  deploy|  created     server hcloud:index:server (34.5s)✓  complete

pnpm sst add dockerpnpm install

// at the top of the file:import { resolve as pathresolve } from "node:path";import { writefilesync as fswritefilesync } from "node:fs";// in the run() function:// store the private ssh key on disk to be able to pass it to the docker// providerconst sshkeylocalpath = sshkeylocal.privatekeyopenssh.apply((k) => {  const path = "id_ed25519_hetzner";  fswritefilesync(path, k, { mode: 0o600 });  return pathresolve(path);});// connect to the docker server on the hetzner serverconst dockerserverhetzner = new docker.provider("docker server - hetzner", {  host: $interpolate`ssh://root@${server.ipv4address}`,  sshopts: ["-i", sshkeylocalpath, "-o", "stricthostkeychecking=no"],});

pnpm sst deploysst ❍ ion 0.1.90  ready!➜  app:        next-self-hosted   stage:      antonprudkohliad~  deploy|  created     docker server - hetzner pulumi:providers:docker✓  complete

// in the run() function:// build the docker imageconst dockerimagehetzner = new docker.image(  "docker image - app - hetzner",  {    imagename: "next-self-hosted/next-self-hosted:latest",    build: {      context: pathresolve("./"),      dockerfile: pathresolve("./dockerfile"),      target: "production",      platform: "linux/amd64",    },    skippush: true,  },  {    provider: dockerserverhetzner,    dependson: [server],  });

pnpm sst deploysst ❍ ion 0.1.90  ready!➜  app:        next-self-hosted   stage:      antonprudkohliad~  deploy|  log         starting docker build|  log         image built successfully, local id "sha256:629a6cdfc298c74599a3056278e31c64197a87f6d11aab09573bc9171d2f3362"|  created     docker image - app - hetzner docker:index:image (36.0s)✓  complete

ssh root@116.203.183.180 -i ./id_ed25519_hetzner -o stricthostkeychecking=no -c "docker image ls"repository                          tag       image id       created              sizenext-self-hosted/next-self-hosted   latest    629a6cdfc298   about a minute ago   712mb

// in the run() function:// setup docker networksconst dockernetworkpublic = new docker.network(  "docker network - public",  { name: "app_network_public" },  { provider: dockerserverhetzner, dependson: [server] });const dockernetworkinternal = new docker.network(  "docker network - internal",  { name: "app_network_internal" },  { provider: dockerserverhetzner, dependson: [server] });

pnpm sst deploysst ❍ ion 0.1.90  ready!➜  app:        next-self-hosted   stage:      antonprudkohliad~  deploy|  created     docker network - public docker:index:network (2.3s)|  created     docker network - internal docker:index:network (3.1s)✓  complete

ssh root@116.203.183.180 -i ./id_ed25519_hetzner -o stricthostkeychecking=no -c "docker network ls"network id     name                   driver    scope0590360bd4ae   app_network_internal   bridge    locale3bd8be72506   app_network_public     bridge    local827fa5ca5de2   bridge                 bridge    localdc8880514199   host                   host      localf1481867db18   none                   null      local

// in the run() function:// setup docker volumesconst dockervolumeappbuild = new docker.volume(  "docker volume - app build",  { name: "app_volume_build" },  { provider: dockerserverhetzner, dependson: [server] });

pnpm sst deploysst ❍ ion 0.1.90  ready!➜  app:        next-self-hosted   stage:      antonprudkohliad~  deploy|  created     docker volume - app build docker:index:volume✓  completessh root@116.203.183.180 -i ./id_ed25519_hetzner -o stricthostkeychecking=no -c "docker volume ls"driver    volume namelocal     app_volume_build

// in the run() function:// run a one-off container to build the appconst dockerappbuildcontainer = new docker.container(  "docker container - app build",  {    name: "app_container_build",    image: dockerimagehetzner.imagename,    volumes: [      {        volumename: dockervolumeappbuild.name,        containerpath: "/app/.next",      },    ],    command: ["pnpm", "build"],    mustrun: true,  },  {    provider: dockerserverhetzner,  });

pnpm sst deploysst ❍ ion 0.1.90  ready!➜  app:        next-self-hosted   stage:      antonprudkohliad~  deploy|  created     docker container - app build docker:index:container (1.1s)✓  completessh root@116.203.183.180 -i ./id_ed25519_hetzner -o stricthostkeychecking=no -c "docker logs -f app_container_build"> next-self-hosted@ build /app> next build  ▲ next.js 14.2.5   creating an optimized production build ... ✓ compiled successfully   linting and checking validity of types ...   collecting page data ...   generating static pages (0/4) ...   generating static pages (1/4)   generating static pages (2/4)   generating static pages (3/4) ✓ generating static pages (4/4)   finalizing page optimization ...   collecting build traces ...route (app)                              size     first load js┌ ○ /                                    142 b          87.2 kb└ ○ /_not-found                          871 b          87.9 kb+ first load js shared by all            87 kb  ├ chunks/52d5e6ad-40eff88d15e66edb.js  53.6 kb  ├ chunks/539-e1fa9689ed3badf0.js       31.5 kb  └ other shared chunks (total)          1.84 kb○  (static)  prerendered as static content

// in the run() function:const dockerappcontainer = new docker.container(  "docker container - app",  {    name: "app",    image: dockerimagehetzner.imagename,    volumes: [      {        volumename: dockervolumeappbuild.name,        containerpath: "/app/.next",      },    ],    networksadvanced: [      { name: dockernetworkpublic.id },      { name: dockernetworkinternal.id },    ],    command: ["pnpm", "start"],    restart: "always",  },  { provider: dockerserverhetzner, dependson: [dockerappbuildcontainer] });

pnpm sst deploysst ❍ ion 0.1.90  ready!➜  app:        next-self-hosted   stage:      antonprudkohliad~  deploy|  created     docker container - app docker:index:container (1.1s)✓  completessh root@116.203.183.180 -i ./id_ed25519_hetzner -o stricthostkeychecking=no -c "docker logs -f app"> next-self-hosted@ start /app> next start  ▲ next.js 14.2.5  - local:        http://localhost:3000 ✓ starting... ✓ ready in 497ms

pnpm sst add @pulumi/commandpnpm add -d @pulumi/pulumipnpm install

// at the top of the fileimport { asset as pulumiasset } from "@pulumi/pulumi";// in the run() function:// make sure that app directory existsnew command.remote.command("command - ensure app directory", {  create: "mkdir -p /root/app",  connection: {    host: server.ipv4address,    user: "root",    privatekey: sshkeylocal.privatekeyopenssh,  },});// make sure that app/certs directory existsnew command.remote.command("command - ensure app/certs directory", {  create: "mkdir -p /root/app/certs",  connection: {    host: server.ipv4address,    user: "root",    privatekey: sshkeylocal.privatekeyopenssh,  },});// copy certificates to the vpsnew command.remote.copytoremote(  "copy - certificates - key",  {    source: new pulumiasset.fileasset(      pathresolve("./certs/cloudflare.key.pem")    ),    remotepath: "/root/app/certs/cloudflare.key.pem",    connection: {      host: server.ipv4address,      user: "root",      privatekey: sshkeylocal.privatekeyopenssh,    },  });new command.remote.copytoremote(  "copy - certificates - cert",  {    source: new pulumiasset.fileasset(      pathresolve("./certs/cloudflare.cert.pem")    ),    remotepath: "/root/app/certs/cloudflare.cert.pem",    connection: {      host: server.ipv4address,      user: "root",      privatekey: sshkeylocal.privatekeyopenssh,    },  });new command.remote.copytoremote(  "copy - certificates - authenticated origin pull",  {    source: new pulumiasset.fileasset(      pathresolve("./certs/authenticated_origin_pull_ca.pem")    ),    remotepath: "/root/app/certs/authenticated_origin_pull_ca.pem",    connection: {      host: server.ipv4address,      user: "root",      privatekey: sshkeylocal.privatekeyopenssh,    },  });

// in the run() function:// copy nginx config to the vpsconst commandcopynginxconfig = new command.remote.copytoremote(  "copy - nginx config",  {    source: new pulumiasset.fileasset(      pathresolve("./nginx/production.conf")    ),    remotepath: "/root/app/nginx.conf",    connection: {      host: server.ipv4address,      user: "root",      privatekey: sshkeylocal.privatekeyopenssh,    },  });// run the nginx containerconst dockernginxcontainer = new docker.container(  "docker container - nginx",  {    name: "app_container_nginx",    image: "nginx:1.27.0-bookworm",    volumes: [      {        hostpath: "/root/app/nginx.conf",        containerpath: "/etc/nginx/nginx.conf",      },      {        hostpath: "/root/app/certs",        containerpath: "/certs",      },    ],    command: ["nginx", "-g", "daemon off;"],    networksadvanced: [{ name: dockernetworkpublic.id }],    restart: "always",    ports: [      {        external: 443,        internal: 443,      },    ],    healthcheck: {      tests: ["cmd", "service", "nginx", "status"],      interval: "30s",      timeout: "5s",      retries: 5,      startperiod: "10s",    },  },  { provider: dockerserverhetzner, dependson: [dockerappcontainer] });return { ip: server.ipv4address };

pnpm sst deploysst ❍ ion 0.1.90  ready!➜  app:        next-self-hosted   stage:      antonprudkohliad~  deploy|  deleted     docker container - app build docker:index:container|  created     command - ensure app/certs directory command:remote:command|  created     command - ensure app directory command:remote:command|  created     docker container - app build docker:index:container|  created     copy - certificates - cert command:remote:copytoremote (1.2s)|  created     copy - nginx config command:remote:copytoremote (1.2s)|  created     copy - certificates - key command:remote:copytoremote (1.2s)|  created     copy - certificates - authenticated origin pull command:remote:copytoremote (1.2s)|  deleted     docker container - app docker:index:container|  created     docker container - app docker:index:container (1.2s)|  created     docker container - nginx docker:index:container (7.1s)✓  complete   ip: 116.203.183.180ssh root@116.203.183.180 -i ./id_ed25519_hetzner -o stricthostkeychecking=no -c "docker ps -a"container id   image                                      command                  created         status                     ports                          names9c2cb18db304   nginx:1.27.0-bookworm                      "/docker-entrypoint.…"   3 minutes ago   up 3 minutes (healthy)     80/tcp, 0.0.0.0:443->443/tcp   app_container_nginx32e6a4cee8bc   next-self-hosted/next-self-hosted:latest   "docker-entrypoint.s…"   4 minutes ago   up 3 minutes               3000/tcp                       appf0c50aa32493   next-self-hosted/next-self-hosted:latest   "docker-entrypoint.s…"   4 minutes ago   exited (0) 3 minutes ago                                  app_container_build

pnpm sst removeSST ❍ ion 0.1.90  ready!➜  App:        next-self-hosted   Stage:      antonprudkohliad~  Remove|  Deleted     Docker Container - Nginx docker:index:Container (1.9s)|  Deleted     Docker Container - App docker:index:Container|  Deleted     Docker Container - App Build docker:index:Container|  Deleted     Docker Image - App - Hetzner docker:index:Image|  Deleted     Docker Volume - App Build docker:index:Volume (2.1s)|  Deleted     Docker Network - Public docker:index:Network (3.1s)|  Deleted     Docker Network - Internal docker:index:Network (3.2s)|  Deleted     Copy - Nginx Config command:remote:CopyToRemote|  Deleted     Docker Server - Hetzner pulumi:providers:docker|  Deleted     Copy - Certificates - Authenticated Origin Pull command:remote:CopyToRemote|  Deleted     Command - Ensure app/certs directory command:remote:Command|  Deleted     Copy - Certificates - Key command:remote:CopyToRemote|  Deleted     Command - Ensure app directory command:remote:Command|  Deleted     Copy - Certificates - Cert command:remote:CopyToRemote|  Deleted     Server hcloud:index:Server (16.8s)|  Deleted     SSH Key - Hetzner hcloud:index:SshKey|  Deleted     SSH Key - Local tls:index:PrivateKey✓  Removed