Apple Android Qrcode
  • High Performance Application Deployment on Ubuntu Server
ubuntu-server-uzerinde-yuksek-performansli-uygulama-deploymenti

High Performance Application Deployment on Ubuntu Server

Table of Contents

A reliable, fast and scalable infrastructure is critical for the backend services of mobile applications. As Chipode, we will examine the reasons why we prefer Ubuntu Server and how we optimize it in detail in this article.

Why Ubuntu Server?

The main reasons why we prefer Ubuntu Server:
1. Broad community support
2. Regular security updates
3. Comprehensive package management
4. Docker and container support
5. Cost effectiveness

Server Preparation and Basic Security

1- SSH Security

				
					bash
# Change SSH Port
sudo nano /etc/ssh/sshd_config

# Recommended settings
Port 2222
PermitRootLogin no
PasswordAuthentication no
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2

# SSH service restart
sudo systemctl restart sshd

2- Firewall Configuration

				
					bash
# UFW setup and basic rules
sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp  # SSH
sudo ufw allow 80/tcp    # HTTP
sudo ufw allow 443/tcp   # HTTPS
sudo ufw allow 50051/tcp # gRPC

# Activate Firewall
sudo ufw enable

# Status check
sudo ufw status verbose

3- Fail2Ban Implementation

				
					bash
# Setup
sudo apt install fail2ban

# Configuration
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local

[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
findtime = 600

# Start service
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Nginx ve SSL Konfigürasyonu

1- Nginx Kurulumu ve Optimizasyonu 

				
					bash
# Nginx setup
sudo apt install nginx

# Setting system limits
sudo nano /etc/security/limits.conf
# Add:
nginx soft nofile 65535
nginx hard nofile 65535


### SSL Certificate (Let's Encrypt)
bash
# Certbot setup
sudo apt install certbot python3-certbot-nginx

# Get Certificate
sudo certbot --nginx -d api.chipode.com

2- Nginx Configuration

				
					nginx
server {
    listen 443 ssl http2;
    server_name api.chipode.com;

    ssl_certificate /etc/letsencrypt/live/api.chipode.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/api.chipode.com/privkey.pem;
    
    # SSL optimizations
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    
    # Modern SSL configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    
    # HSTS
    add_header Strict-Transport-Security "max-age=63072000" always;
    
    # Other safety topics
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    
    # gRPC proxy
    location / {
        grpc_pass grpc://localhost:50051;
        grpc_set_header Host $host;
        grpc_set_header X-Real-IP $remote_addr;
    }
}

Docker ve Container Orchestration

1- Docker installation 

				
					bash
# Repository ekleme
sudo apt update
sudo apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

# Docker setup
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io

2- Docker Compose Configuration 

				
					yaml
version: '3.8'

services:
  game-service:
    build: 
      context: .
      dockerfile: Dockerfile
    restart: always
    environment:
      - DB_HOST=postgres
      - REDIS_URL=redis://redis:6379
      - LOG_LEVEL=info
    depends_on:
      - postgres
      - redis
    deploy:
      replicas: 3
      update_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure
        
  postgres:
    image: postgres:14-alpine
    volumes:
      - pgdata:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=${DB_USER}
      - POSTGRES_PASSWORD=${DB_PASSWORD}
    deploy:
      placement:
        constraints:
          - node.role == manager
          
  redis:
    image: redis:6-alpine
    command: redis-server --appendonly yes
    volumes:
      - redisdata:/data
      
volumes:
  pgdata:
  redisdata:

Monitoring ve Logging

1- Prometheus installation 

				
					yaml
# prometheus.yml
global:
  scrape_interval: 15s

scrape_configs:
  - job_name: 'game-service'
    static_configs:
      - targets: ['localhost:9090']
    
  - job_name: 'node-exporter'
    static_configs:
      - targets: ['localhost:9100']

2- Grafana Dashboard 

				
					bash
# Adding repos to graph
sudo apt-get install -y apt-transport-https
sudo apt-get install -y software-properties-common wget
sudo wget -q -O /usr/share/keyrings/grafana.key https://packages.grafana.com/gpg.key

# Grafana installation
sudo apt-get update
sudo apt-get install grafana

3- Log Management with ELK Stack 

				
					yaml
# docker-compose-elk.yml
version: '3.8'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.9.3
    environment:
      - discovery.type=single-node
    volumes:
      - elasticsearch_data:/usr/share/elasticsearch/data
      
  logstash:
    image: docker.elastic.co/logstash/logstash:7.9.3
    volumes:
      - ./logstash/pipeline:/usr/share/logstash/pipeline
    depends_on:
      - elasticsearch
      
  kibana:
    image: docker.elastic.co/kibana/kibana:7.9.3
    ports:
      - "5601:5601"
    depends_on:
      - elasticsearch

volumes:
  elasticsearch_data:

Performance Optimization

1- System Settings

				
					bash
# /etc/sysctl.conf edits
# Network optimizations
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15

# Disk I/O optimization
# /etc/fstab
UUID=xxx / ext4 defaults,noatime,nodiratime 0 1

2- Resource Limits 

				
					bash
# /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535
* soft nproc 32768
* hard nproc 32768

3- Redis Optimization 

				
					conf
# redis.conf
maxmemory 2gb
maxmemory-policy allkeys-lru
activerehashing yes
no-appendfsync-on-rewrite yes

Backup Strategy

1- Automatic Backup Script

				
					bash
#!/bin/bash

# Değişkenler
BACKUP_DIR="/backup"
POSTGRES_CONTAINER="postgres"
DATE=$(date +%Y%m%d_%H%M%S)

# PostgreSQL backup
docker exec $POSTGRES_CONTAINER pg_dump -U gameuser gamedb > $BACKUP_DIR/db_$DATE.sql

# Redis backup
docker exec redis redis-cli SAVE

# Compress backup files
tar -czf $BACKUP_DIR/backup_$DATE.tar.gz \
    $BACKUP_DIR/db_$DATE.sql \
    /var/lib/redis/dump.rdb

# Clean up old backups
find $BACKUP_DIR -type f -mtime +7 -delete

# install to S3
aws s3 cp $BACKUP_DIR/backup_$DATE.tar.gz s3://chipode-backups/

Result

With this infrastructure we built on Ubuntu Server:

1. High security
2. Scalability
3. Easy manageability
4. Performance optimization
5. Reliable backup strategy

This provides a strong foundation for Chipode’s mobile apps to run smoothly.

References

Twitter
LinkedIn
Related Articles
Contact Form
  • Please fill out the form below for your questions, suggestions and comments. We will get back to you as soon as possible.
  • Fun Intelligence Enhancing App
  • Sudoku not only keeps me entertained but also keeps me mentally sharp. Especially the advanced scoring system makes the game more enjoyable. This is a great app!
  • Excellent Support in Mobile Software
  • The software consultancy process we received for our custom mobile application project was very professional. With the team's fast communication and quality solutions, we launched our application on time.
  • Enjoying Time with Sudoku
  • I love the Sudoku app! The difficulty levels are just right for me and the modern interface is very pleasant to use. I recommend it to everyone!
  • We Met an Expert Team
  • The team that guided us in our mobile software needs quickly understood our needs and offered a complete solution. Our project was successfully realized. Thank you!

Great Consulting Service!

  • Thanks to the consultancy team, we have greatly improved our business processes. From the first meeting, they analyzed our needs in detail with a professional approach.
  • Throughout the process, we worked in harmony with the team at every stage and found answers to all our questions quickly. Thanks to the steps they suggested to improve our technological infrastructure, we saved a lot of time and cost. In addition, the guidance they provided on reporting and analysis helped us make more informed business decisions. I highly recommend them! Working with such a team has contributed greatly to taking our business to the next level.
erman-soner

Erman Soner

İstanbul

footer-logo
  • Where Code Meets Fun
Apple Android Qrcode
  • Quick Access
  • Projects
  • Recent Articals
  • Terms and Conditions
  • © Copyright 2024 Chipode Ltd. Şti. All rights reserved.
  • Designed By Chipode Team

Chipode Apps

  • Visit the stores to discover our apps.
loading...
Google Play Store
Visit
loading...
Apple Store
Visit