Documented zero-downtime deployment installation. Included SSL version of the...

Documented zero-downtime deployment installation. Included SSL version of the nginx configuration template as a sample. Removed old and unused nginx configuration templates. (On the server, fixed permissions for /etc/nginx/sites-available and deployed the new waystone.template — closes #55.)
parent 56c97d74
......@@ -17,8 +17,8 @@ RUNNING="$(docker ps | grep waystone: | head -1 | awk '{ print $1 }')"
# If there is an existing container running, kill it.
if [ ! -z $RUNNING ]; then
echo "[DEPLOY] Killing container with ID '$RUNNING'"
docker kill $RUNNING
echo "[DEPLOY] Killing container with ID '$RUNNING'"
docker kill $RUNNING
fi
#
......@@ -35,35 +35,35 @@ WAYSTONE_PORT=$(docker inspect -f '{{ .NetworkSettings.Ports }}' $ID | sed -e 's
WAYSTONE_HOST="localhost"
if [ ! -z $DOCKER_HOST ]
then
WAYSTONE_HOST=`echo $DOCKER_HOST | sed -e 's#^tcp\://\(.*\):.*$#\1#'`
WAYSTONE_HOST=`echo $DOCKER_HOST | sed -e 's#^tcp\://\(.*\):.*$#\1#'`
fi
WAYSTONE="http://$WAYSTONE_HOST:$WAYSTONE_PORT"
echo "[DEPLOY] Waystone running locally at $WAYSTONE"
# Begin attempting to view waystone page
# Begin attempting to view waystone page.
for i in 1 2 3 4 5 6 7 8 9 10; do
# Make a HEAD request to waystone in order to see if it's up
echo "[DEPLOY] [ $i/10] Checking if Waystone has begun\c"
# Break if waystone responds with a non-zero request
curl -s --head "$WAYSTONE" >/dev/null && echo "\n[DEPLOY] Waystone Up" && break
sleep 1
echo "\r\c"
if [ "$i" -eq "10" ]; then
echo "\n[DEPLOY] Waystone didn’t start; exiting. Logs follow:"
docker logs $ID
exit 1
fi
# Make a HEAD request to waystone in order to see if it's up.
echo "[DEPLOY] [ $i/10] Checking if Waystone has begun\c"
# Break if waystone responds with a non-zero request
curl -s --head "$WAYSTONE" >/dev/null && echo "\n[DEPLOY] Waystone Up" && break
sleep 1
echo "\r\c"
if [ "$i" -eq "10" ]; then
echo "\n[DEPLOY] Waystone didn’t start; exiting. Logs follow:"
docker logs $ID
exit 1
fi
done
# If nginx is not present as expected then exit with zero status
# If nginx is not present as expected then exit with zero status.
if [ -f /etc/init.d/nginx ]; then
# Otherwise re-write and restart nginx
echo "[DEPLOY] Rewriting nginx config with new port"
# Write out new nginx template to default available site
echo $WAYSTONE_PORT | xargs -I{} sh -c "sed -e 's/SERVICE_ADDR/localhost:{}/' /home/git/default.conf.tmpl > /etc/nginx/sites-available/default" -- {}
# Otherwise re-write and restart nginx.
echo "[DEPLOY] Rewriting nginx config with new port."
# Write out new nginx template to default available site.
sudo echo $WAYSTONE_PORT | xargs -I{} sh -c "sed -e 's/SERVICE_ADDR/localhost:{}/' /home/git/waystone.template > /etc/nginx/sites-available/waystone" -- {}
# Send a reload to nginx
echo "[DEPLOY] Restarting nginx"
sudo /etc/init.d/nginx reload
# Reload nginx
echo "[DEPLOY] Restarting nginx."
sudo /etc/init.d/nginx reload
fi
#!/bin/sh
echo "[DEPLOY] BEGIN"
echo "[DEPLOY] Started."
# Create a flag that Waystone can use to tell that it’s
# running on the deployment server.
......@@ -15,11 +15,11 @@ docker build -t $TAG --no-cache . || exit 1
echo "[DEPLOY] Running container from build '$TAG'"
if [ ! -f config.json ]; then
cat << EOF > ./config.json
{
"PulseAPIKey":"",
"DeviceID":""
}
cat << EOF > ./config.json
{
"PulseAPIKey":"",
"DeviceID":""
}
EOF
fi
......
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
# fastcgi_pass unix:/var/run/php5-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
\ No newline at end of file
server {
listen 80;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://SERVICE_ADDR;
}
}
\ No newline at end of file
##
#
# Waystone deployment server nginx configuration.
#
# Do not deploy Waystone without TLS. At the very least, the admin
# routes use basic authentication with is not secure without TLS.
# (Not to mention all the other reasons.)
#
# For help in setting up SSL with nginx, please see:
# https://aralbalkan.com/scribbles/setting-up-ssl-with-nginx-using-a-namecheap-essentialssl-wildcard-certificate-on-digitalocean/
#
# Note that the service address (SERVICE_ADDR) is a template
# variable that is updated automatically by the __start-deployment-server script.
#
# To install, move this script to /home/git and make sure that the git deployment user
# on your server has privileges to access it and to write to /etc/nginx/sites-available/waystone
# (These are used by the __start-deployment-server script for zero-downtime deployments.)
#
##
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;
# Configure this for your own server.
server_name waystone.ind.ie;
# Place your SSL certificate and private key at the default locations
# (or configure the settings, below.)
ssl on;
ssl_certificate /etc/nginx/ssl/waystone.crt;
ssl_certificate_key /etc/nginx/ssl/waystone.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Add perfect forward secrecy
# Implement a unique Diffie Hellman Group
# (See https://weakdh.org/sysadmin.html for details on generating your own.)
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";
ssl_ecdh_curve secp521r1;
# Implement HSTS
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# We pass the service address dynamically from the Git post-commit hook.
proxy_pass http://SERVICE_ADDR
}
}
......@@ -1014,9 +1014,15 @@ body .markdown-body
page-break-after: avoid;
}
}
</style><title>readme</title></head><body><article class="markdown-body"><h1 id="deployment-server-files"><a name="user-content-deployment-server-files" href="#deployment-server-files" class="headeranchor-link" aria-hidden="true"><span class="headeranchor"></span></a>Deployment server files</h1>
<p>These files should be on the deployment server.</p>
<ul>
<li><code>default</code> and <code>default.conf.tmpl</code>: in <code>/home/git</code></li>
<li><code>hooks/post-receive</code> in <code>/home/git/waystone.git/</code></li>
</ul></article></body></html>
\ No newline at end of file
</style><title>readme</title></head><body><article class="markdown-body"><h1 id="waystone-zero-downtime-deployments"><a name="user-content-waystone-zero-downtime-deployments" href="#waystone-zero-downtime-deployments" class="headeranchor-link" aria-hidden="true"><span class="headeranchor"></span></a>Waystone zero-downtime deployments</h1>
<p>Unfortunately, it is currently a manual process to set up the server itself.</p>
<h2 id="installation"><a name="user-content-installation" href="#installation" class="headeranchor-link" aria-hidden="true"><span class="headeranchor"></span></a>Installation</h2>
<ol>
<li>Create a deployment user (we’ll call ours <code>git</code>)</li>
<li>Create a full git repository at <code>/home/git/waystone.git</code></li>
<li>Copy <code>hooks/post-receive</code> to <code>/home/git/waystone.git/hooks</code></li>
<li>Copy <code>nginx-config/waystone.template</code> to <code>/home/git</code></li>
</ol>
<h2 id="deploy"><a name="user-content-deploy" href="#deploy" class="headeranchor-link" aria-hidden="true"><span class="headeranchor"></span></a>Deploy</h2>
<p>Run <code>./deploy</code></p>
<p>In a nutshell, this will push to the <code>live</code> remote (as set up by the <code>./install</code> script). That will trigger the post-receive hook and that will result in the <code>deploy-to-docker</code> script being run. Finally, the <code>__start-deployment-server</code> will be run and it will do a zero-downtime switchover between the old Docker container and the new one.</p></article></body></html>
\ No newline at end of file
Deployment server files
=======================
# Waystone zero-downtime deployments
These files should be on the deployment server.
Unfortunately, it is currently a manual process to set up the server itself.
* ```default``` and ```default.conf.tmpl```: in ```/home/git```
* ```hooks/post-receive``` in ```/home/git/waystone.git/```
## Installation
\ No newline at end of file
1. Create a deployment user (we’ll call ours `git`)
2. Make sure the `git` user or the group they’re in has access to `/etc/nginx/sites-available` (e.g., `chown git /etc/nginx/sites-available`)
2. Create a full git repository at `/home/git/waystone.git`
3. Copy `hooks/post-receive` to `/home/git/waystone.git/hooks`
4. Copy `nginx-config/waystone.template` to `/home/git`
## Deploy
Run `./deploy`
In a nutshell, this will push to the `live` remote (as set up by the `./install` script). That will trigger the post-receive hook and that will result in the `deploy-to-docker` script being run. Finally, the `__start-deployment-server` will be run and it will do a zero-downtime switchover between the old Docker container and the new one.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment