Docker + Nginx + GitHub Actions: Complete CI/CD Setup

architectureGitHub Push -> GitHub Actions -> Build Docker Image -> Run Tests -> Push to GitHub Container Registry (GHCR) -> SSH into VPS -> docker compose pull && up -d --force-recreate VPS: Nginx (port 443) -> Docker container (app:3000)

dockerfileFROM node:20-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . RUN npm run build FROM node:20-alpine AS runner WORKDIR /app ENV NODE_ENV=production COPY --from=builder /app/.next ./.next COPY --from=builder /app/node_modules ./node_modules EXPOSE 3000 CMD ["npm", "start"]

yamlversion: "3.9" services: app: image: ghcr.io/your-org/your-app:latest restart: unless-stopped env_file: .env expose: ["3000"] db: image: postgres:16-alpine restart: unless-stopped volumes: [pgdata:/var/lib/postgresql/data] env_file: .env volumes: pgdata:

nginxserver { listen 443 ssl http2; server_name yourdomain.com; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } }

yamlname: Deploy to Production on: push: branches: [main] jobs: deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - uses: docker/build-push-action@v5 with: push: true tags: ghcr.io/${{ github.repository }}:latest - uses: appleboy/ssh-action@v1 with: host: ${{ secrets.VPS_HOST }} username: root key: ${{ secrets.SSH_PRIVATE_KEY }} script: | cd /opt/myapp docker compose pull docker compose up -d --force-recreate docker system prune -f

bash# AlmaLinux/RHEL dnf install -y certbot python3-certbot-nginx certbot --nginx -d yourdomain.com -d www.yourdomain.com # Certificates auto-renew via systemd timer