Practical Guide For Cross-border Developers Using Vietnamese CN2 VPSs To Deploy CI/CD Pipelines

1. Select the Vietnamese CN2 VPS and its basic configuration

Steps: Choose a VPS that comes with a CN2 routing node (such as Vultr, Bandwagon, or Vietnam CN2 offered by domestic resellers). Configuration recommendations: Ubuntu 20.04, 2 vCPUs, 4GB of memory, 40GB SSD ； Note down the public IP address and control panel information at the time of purchase. small segments: After activation, set the installation image in the panel settings and enable password protection or insert a public key.

2. Prepare SSH and basic security settings

Steps: Generate a local key using `ssh-keygen -t ed25519` ； Upload the public key to VPS in the ~/.ssh/authorized directory_Keys. Implement security enhancements: Prohibit password-based login (/etc/ssh/sshd)_config: If PasswordAuthentication is disabled, change the default port and restart sshd. small segments: Verify login by using the command `ssh -p port user@IP`.

3. System optimization and firewalls

Steps: Update the system: `apt update && apt upgrade -y` ； Set the time zone and clock. Install ufw and allow the necessary ports (SSH, HTTP, HTTPS, CI ports): ufw allow 22/tcp; ufw allow 80; ufw allow 443; ufw enable. small segments: Turn off unnecessary services and set up a swapfile (e.g., 2GB) to prevent out-of-memory errors from occurring.

4. Install Docker and Docker Compose

Steps: Install Docker following the official steps: apt install ca-certificates curl gnupg lsb-release -y ； Add the Docker GPG key and repository, then use `apt install docker-ce docker-ce-cli` to install them containerd.io -y ； usermod -aG docker ubuntu. Install Docker Compose: curl -L " https://github.com/docker/compose/releases/download/... " -o /usr/local/bin/docker-compose && chmod +x. small segments: Verify that `docker run hello-world` works correctly.

5. Install Git and set it up to connect with your code repository

Steps: apt install git -y ； It is recommended to use self-hosted repositories on GitLab/GitHub or cloud-based repositories. If you are using self-hosted GitLab, you can deploy gitlab-ce using docker-compose ； If you are using only remote repositories, make sure that the VPS has access to those repositories and that the SSH deployment key is configured correctly. small segments: `git clone repository /home/ci/projects`.

6. Install and register GitLab Runner (example)

Steps: curl -L https://packages.gitlab.com/install/repositories/runner/gitlab-runner/script.deb.sh | bash ； apt install gitlab-runner -y ； Use `gitlab-runner register` to enter the GitLab URL and token, select the `docker executor`, and specify the image, such as `docker:20.10`. small segments: Configure `/etc/gitlab-runner/config.toml` to mount `/var/run/docker.sock` when using Docker-in-Docker.

7. Example CI/CD Pipeline Configuration (.gitlab-ci.yml)

Steps: Create it in the root directory of the repository .gitlab-ci.yml Example: stages: [Build, test, deploy] build: image: docker:20.10 services: - docker:dind script: - docker build -t my-app:$CI_COMMIT_SHORT_SHA. – docker push registry.example.com/my-app:$CI_COMMIT_SHORT_SHA deploy: script: - ssh deploy@vps 'docker pull ... && docker-compose up -d' small segments: If dind is not allowed, Kaniko can be used or an external CI system can be implemented.

8. Deployment and Integration with Webhooks

Steps: Set up a CI/CD token in the repository and configure a webhook to point to the recipient on the VPS (for example, using gitlab-runner or a custom-built webhook service). Configure on a VPS docker-compose.yml Used for running applications and acting as a reverse proxy (nginx). small segments: Configure SSL using certbot and set up a reverse proxy in nginx to point to the container port.

9. Common Questions and Operational Tips

Steps: Monitoring: Install Prometheus/Node_The exporter and simple log collection using Filebeat ； Backup: Regularly back up Docker images and volumes. small segments: Performance optimization: Adjust sysctl settings, disable swapiness, and properly configure the number of concurrent CI runners.

10. Question: What are the advantages of using a CN2 VPS in Vietnam for accessing mainland China?

Answer: The CN2 route in Vietnam is typically connected directly through China Telecom, resulting in lower latency and packet loss rates compared to conventional international routes. This makes it ideal for cross-border developers who need to integrate their services with those on the Chinese mainland. It is especially stable when CI systems require access to mainland mirrors or need to be deployed on Chinese servers.

11. Question: How to avoid the security issues associated with Docker-in-Docker?

Answer: It is recommended to build images using non-privileged methods: 1) Use Kaniko or buildkit remote; 2) Place the build process on an isolated build node; 3) Strictly control runner permissions and never expose the docker.sock on the same VPS to untrusted tasks.

12. Question: Can a configuration with the lowest cost support CI/CD?

Answer: It’s possible, but it is recommended to use at least 2 vCPUs and 4GB of memory, and to configure swap space as well; otherwise, concurrent builds and image creation are likely to result in out-of-memory errors. For long-term use, it is recommended to use a VPS with an SSD and regularly clean up images and caches to save space.