# Create directory
sudo mkdir -p /var/www/rest-api.ir
sudo chown www-data:www-data /var/www/rest-api.ir
# Deploy files
scp target/release/rust_rest_api user@server:/tmp/
scp .env user@server:/tmp/
ssh user@server
sudo mv /tmp/rust_rest_api /var/www/rest-api.ir/
sudo mv /tmp/.env /var/www/rest-api.ir/
sudo chown www-data:www-data /var/www/rest-api.ir/*
sudo chmod 750 /var/www/rest-api.ir/rust_rest_api
sudo chmod 600 /var/www/rest-api.ir/.env/etc/systemd/system/rest-api.ir.service
[Unit]
Description=Rest-api.ir Web Service
After=network.target
[Service]
Type=simple
User=www-data
Group=www-data
WorkingDirectory=/var/www/rest-api.ir
Environment="RUST_LOG=info"
EnvironmentFile=/var/www/rest-api.ir/.env
ExecStart=/var/www/rest-api.ir/rust_rest_api
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.targetsudo systemctl daemon-reload
sudo systemctl enable rest-api.ir.service
sudo systemctl start rest-api.ir.service/etc/nginx/conf.d/rest-api.ir.conf
server {
listen 80;
server_name rest-api.ir;
location / {
proxy_pass http://127.0.0.1:8585;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
limit_req zone=api_limit_rest burst=20 nodelay;
limit_req_status 429;
}
}
server {
listen 443 ssl http2;
server_name rest-api.ir;
ssl_certificate /etc/letsencrypt/live/rest-api.ir/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rest-api.ir/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
client_max_body_size 200M;
location / {
proxy_pass http://127.0.0.1:8585;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
limit_req zone=api_limit_rest burst=20 nodelay;
limit_req_status 429;
}
}Rate limit configuration in /etc/nginx/nginx.conf (http block):
limit_req_zone $binary_remote_addr zone=api_limit_rest:10m rate=60r/m;sudo nginx -t
sudo systemctl reload nginxsudo certbot --nginx -d rest-api.irCrontab for auto-renewal:
0 3 * * * certbot certonly --quiet --nginx -d rest-api.ir# Start
sudo systemctl start rest-api.ir.service
# Stop
sudo systemctl stop rest-api.ir.service
# Restart
sudo systemctl restart rest-api.ir.service
# Status
sudo systemctl status rest-api.ir.service
# Logs
sudo journalctl -u rest-api.ir.service -f# Build
cargo build --release
# Deploy
scp target/release/rust_rest_api user@server:/tmp/
ssh user@server
sudo systemctl stop rest-api.ir.service
sudo cp /var/www/rest-api.ir/rust_rest_api /var/www/rest-api.ir/rust_rest_api.backup
sudo mv /tmp/rust_rest_api /var/www/rest-api.ir/
sudo chown www-data:www-data /var/www/rest-api.ir/rust_rest_api
sudo chmod 750 /var/www/rest-api.ir/rust_rest_api
sudo systemctl start rest-api.ir.service
# Test
curl https://rest-api.ir/healthsudo systemctl stop rest-api.ir.service
sudo mv /var/www/rest-api.ir/rust_rest_api.backup /var/www/rest-api.ir/rust_rest_api
sudo systemctl start rest-api.ir.service