-
Notifications
You must be signed in to change notification settings - Fork 0
Portal
Jia Huang edited this page Aug 12, 2014
·
12 revisions
#Portal
##Overview
- Provider: DigitalOcean
- Instance Type: small
- OS: Ubuntu 12.04
- Contact: Jia
- Hostname: Portal
- External: ssh [email protected]
- Docker: no
- Ansible: no
- Users
- root - sudo access
- Services
- Data
- on the web s3’s tessel-backup bucket
- /opt/backups
- Logs
- /opt/logs
Portal relies on several things:
- Discourse needs to have embedding set up so that comments can show up
- Tessel Oauth is used for all of the sign in, so those have to be pointed properly.
Portal runs on Digital Ocean. The stack is:
- Nginx
- Portal
- Postgres
- Redis
-
Bring up a new DO box (512MB works)
-
Run the following
apt-get update; apt-get install nodejs nodejs-legacy npm nginx postgresql postgresql-contrib redis-server
The postgres user can use psql to access the postgres database. Launch the postgres console via
sudo -u postgres psql -U postgres
-
Set up Nginx
- copy ssl certs to
/opt/apps/certs/ssl-bundle.pemand/opt/apps/certs/ssl.key - make a config file for the app
vi /etc/nginx/sites-available/portal
upstream portal { server 127.0.0.1:3000; } #redirect 80 to ssl 443 server { listen 80; return 301 https://$host$request_uri; } server { listen 443; ssl on; ssl_prefer_server_ciphers on; #ssl_session_tickets off; ssl_certificate /opt/apps/certs/ssl-bundle.pem; ssl_certificate_key /opt/apps/certs/ssl.key; server_name projects.tessel.io; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains'; access_log /var/log/nginx/portal.log; # Make site accessible from http://localhost/ server_name portal.tessel.io; # swap out with server name location / { proxy_redirect off; //proxy_set_header X-Real-IP $remote_addr; - copy ssl certs to
//proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; //proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; // set the host name here proxy_set_header X-NginX-Proxy true; proxy_set_header Connection ""; proxy_pass http://portal/; proxy_set_header X-Forwarded-Proto https; }
}
2. symlink over to sites-enabled `ln -s /etc/nginx/sites-available/portal /etc/nginx/sites-enabled/portal`
3. restart nginx `sudo /etc/init.d/nginx restart`
4. [Set up Redis](http://redis.io/topics/quickstart). Default Redis port is 6379.
4. Set up backups. Switch to user postgres. `su postgres`
1. Make these directories
```
mkdir /opt/backups;
mkdir /opt/scripts;
mkdir /opt/logs;
```
2. set up s3cmd so that we can back up to it.
```
wget -O- -q http://s3tools.org/repo/deb-all/stable/s3tools.key | sudo apt-key add -
wget -O/etc/apt/sources.list.d/s3tools.list http://s3tools.org/repo/deb-all/stable/s3tools.list
apt-get update
apt-get install -y s3cmd
```
Now configure it with `s3cmd --configure`. The bucket is `tessel-backups`. Look for users in the `backup` group on s3.
2. put this `backup_postgres.sh` script in `/opt/scripts`
```
#!/bin/bash
DATE=$(date +"%m-%d-%y")
echo "Starting backup of $1 on $DATE"
pg_dump -U postgres $1 > /opt/backups/$1-$DATE.sql
s3cmd put /opt/backups/$1-$DATE.sql s3://tessel-backups/
```
2. Set up a cronjob. The `backup_postgres` script can only be run as the `postgres` user and not root, so either switch to the `postgres` user or add backup to the postgres cronjob. Right now we're going to add it to the postgres cron job.
`su postgres; crontab -e;`
Now add the following
```
0 3 * * * /opt/scripts/backup_postgres.sh portal > /opt/logs/backup_postgres.log 2>&1
```
Note that the 'portal' in this command must match the database name declared in the `.env` file
*** make sure permissions are properly set on all files not accessed by root ***
5. Clone down the repo `cd /opt/apps; git clone https://github.com/tessel/portal.git`
6. Fill out the config envs to `.env` or copy them over from another server
7. Run the db migrations
1. make the proper users/databases in postgres. switch to the postgres user `su postgres;` then `psql -U postgres`
2. Now alter the database:
```
create user portal;
create database tesselportal owner portal;
alter user portal with password 'testpw';
```
3. exit out of `psql` and run the db migrations with `make migrate`.
8. Set up Nginx, Postgres, Redis, and the node app to boot on startup. (I think that the nginx, postgres, and redis setup already covers this part)
9. [Supervisor that up](https://www.digitalocean.com/community/tutorials/how-to-install-and-manage-supervisor-on-ubuntu-and-debian-vps).
1. `vi /etc/supervisor/conf.d/portal.conf`
```
[program:portal]
command=/opt/apps/portal/startup.sh
autostart=true
autorestart=true
stderr_logfile=/var/log/portal.err.log
stdout_logfile=/var/log/portal.out.log
```
2. `supervisorctl reread; supervisorctl update`
3. If you need to restart/start/stop run
```
>> supervisorctl
supervisor> stop portal
supervisor> start portal
supervisor> restart portal
```
10. Restart nginx `sudo /etc/init.d/nginx restart`
Now hit the server and you should see portal.