Skip to content

Freehub Deployment

Jump to bottom Edit New page
Alon Salant edited this page Dec 24, 2019 · 21 revisions

For information on how to make changes to Freehub, see the Freehub Developer Guide. This document is for administrators only.

For http://freehub.bikekitchen.org, Freehub is deployed on Engine Yard AppCloud from the 'release' branch of this GitHub project. http://freehub-staging.bikekitchen.org is also available for testing.

Deploying

Use the AppCloud dashboard to trigger new stage and production deploys.

Command Line

You may also trigger deploys using the EngineYard ey utility.

gem install engineyard
ey deploy -e Freehub_v4_Staging -r release [--no-migrate]

Configuration

Database

EngineYard handles configuring connections to production and staging databases.

Email

We use SendMail to send emails in production that is configured on EngineYard using this Chef recipe. This page has more information on using Chef with EngineYard.

Basic steps for next time a new environment is set up:

  • Check out ey-cloud-recipes
  • Edit cookbooks/main/default.rb to enable ssmtp
  • gem install engineyard
  • ey recipes upload -e Freehub_v4_Production
  • Apply changes to the environment from the EY dashboard
  • Copy /data/ssmtp/ssmtp.conf from an existing environment using scp (sudo mv ssmtp.conf /data/ssmtp/ssmtp.conf on the destination instance once the file is there)
  • Done

SSL

Freehub uses free SSL certs from the EFF Let's Encrypt service. They are managed using acme.sh on each of the application servers and are set up as follows.

First enable SSL in the environment by assigning any SSL cert from the dashboard and Applying. This sets up the nginx SSL config files. (See https://support.cloud.engineyard.com/hc/en-us/requests/159530.)

On the application server:

curl https://get.acme.sh | sh

mkdir -p /data/letsencrypt/www/.well-known/acme-challenge
Edit /data/nginx/servers/freehub/custom.conf
location /.well-known/acme-challenge/ {
  alias /data/letsencrypt/www/.well-known/acme-challenge/;
}

mkdir -p /data/letsencrypt/live/freehub-staging.bikekitchen.org/

acme.sh --install-cert -d freehub-staging.bikekitchen.org \
--cert-file /data/letsencrypt/live/freehub-staging.bikekitchen.org/cert.pem \
--key-file /data/letsencrypt/live/freehub-staging.bikekitchen.org/key.pem \
--fullchain-file /data/letsencrypt/live/freehub-staging.bikekitchen.org/fullchain.pem \
--ca-file /data/letsencrypt/live/freehub-staging.bikekitchen.org/a.pem \
--reloadcmd “sudo /etc/init.d/nginx reload"

Edit /etc/nginx/servers/freehub/customer.ssl_cert

ssl on;
ssl_certificate /data/letsencrypt/live/freehub-staging.bikekitchen.org/fullchain.pem;
ssl_certificate_key     /data/letsencrypt/live/freehub-staging.bikekitchen.org/key.pem;
ssl_trusted_certificate /data/letsencrypt/live/freehub-staging.bikekitchen.org/a.pem;
``

Then run:

sudo /etc/init.d/nginx configtest sudo /etc/init.d/nginx reload



Verify SSL certificates are correctly configured at [SSL Checker](https://www.sslshopper.com/ssl-checker.html#hostname=freehub-staging.bikekitchen.org). If `acme.sh` is set up correctly, it will renew the SSL certificates every 90 days with a job scheduled  in the `deploy` user crontab.


Edit /etc/nginx/servers/freehub/custom.conf to redirect HTTP to HTTPS

return 301 https://$host$request_uri;
Add a custom footer
Add a custom sidebar
Clone this wiki locally