DRAFT: Add Terraform Deployment

[benloh]

Terraform/Ansible Deployment Features

This PR adds support for running nc-multiplex on DigitalOcean droplets with SSL (to support subdomain mapping, e.g. https://red.netcreate.app) via a CI/CD workflow.

• See the nc-terraform-cloud-mgr repo for details.
• See also the corresponding changes in Deploy & SSL PR #404

New Features

• Adds SSL support
• Adds support for an NGINX reverse proxy server that maps port 8080 to websockets.

Details

Supporting subdomains and SSL with nc-multiplex requires the addition of an NGINX reverse proxy server that can route websocket traffic to opened graphs.

In order to support HTTPS on DigitalOcean droplets, web sockets needed to also be secure. If https is detected in the URL, then websocket traffic is now directed to wss:///ws_port/ instead of ws://:.

This requires corresponding changes in the netcreate-itest deploy-terraform branch.

nc-multiplex manage
Admin manage requests are sent via SSL to nc-multiplex via port 8080.

flowchart TD
    A[https\://red.netcreate.app/manage] -->|443| B(NGINX Reverse Proxy)
    B -->|8080| C[nc-multiplex]

Loading

Basic graph request
Loading a graph uses a similar mechanism, mapping a specific graph (e.g. demo) to a specific port...

flowchart TD
    A[https\://red.netcreate.app/graph/demo] -->|port 443| B(NGINX Reverse Proxy)
    B -->|port 8080| C[nc-multiplex -- node express reverse proxy]
    C -->|port 3001| D[netcreate-itest]

Loading

Graph websocket request
..while websocket requests for a specific graph (e.g. demo) are routed via a url on port 443 (matching /ws-port/xxxx) to the websocket port running on netcreate-itest.

flowchart TD
    A[Graph request maps 'demo' to URL https\://red.netcreate.app/ws-port/4001/] -->|port 443| B(NGINX Reverse Proxy)
    B -->|port 8080| C[nc-multiplex -- node express reverse proxy]
    C -->|websocket 4001| D[netcreate-itest]

Loading

New Branching Strategy

• deploy-terraform branch will be a new branch that is used to deploy nc-multiplex to DigitalOcean droplets via the nc-terraform-cloud-mgr and nc-app-config repos. It is a protected branch.
• Any droplets created using nc-terraform-cloud-mgr and nc-app-config will pull from the deploy-terraform branch -- this insures that automated workflows will always function.
• This also means that:
  • deploy-terraform needs to be synced with main and dev (eventually)
  • deploy-terraform needs to ALWAYS be runnable -- you don't know when droplets might be updated.

To Do

• PR into dev so that deployment updates are available in the working branches. (This PR should remain a DRAFT until we are ready to merge into dev).

[benloh]

To Do

• Confirm that it's safe to update the dev and production branches -- does Kalani have any active installs that might get inadvertently updated?
• Merge Feature: Download Zips #17 first
• Then merge this (deploy-terraform) into dev
• Then merge dev into production
• Then tag v1.1.0

[kalanicraig]

No active installs that will get borked if the main repo changes.

…

On Fri, Sep 5, 2025 at 12:39 PM benloh ***@***.***> wrote: *benloh* left a comment (netcreateorg/nc-multiplex#19) <#19 (comment)> To Do - Confirm that it's safe to update the dev and production branches -- does Kalani have any active installs that might get inadvertently updated? - Merge #17 <#17> first - Then merge this (deploy-terraform) into dev - Then merge dev into production - Then tag v1.1.0 — Reply to this email directly, view it on GitHub <#19 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACKL4NCHJKFIEQDOUBPX5ED3RHDGRAVCNFSM6AAAAACBEZDMLSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTENJZGI2DENJXGE> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>