setup.md

Open Questions

• Setup let's encrypt via a script
• How do we have a consistent salt on the servers?

Types of servers

Servers need to be created in this order:

• master database
• replica database [skippable]
• app server
• load balancer

Commands

• provision server
• switch floating ips to new loadbalancers

Provision Load Balancer

apt-get update
apt-get install nginx
  [copy ./lb.nginx.conf to /etc/nginx/nginx.conf]
  restart nginx

App Servers

apt-get update
apt-get install nginx
  [copy ./app.nginx.conf to /etc/nginx/nginx.conf]
  restart nginx
apt-get install git
  git clone cloakedpost ~/www/current
install node (http://do.co/2gW07gf)
install pm2
  start pm2

Database Servers

I don't even remember

Security on all boxes

disallow ssh login (http://bit.ly/2gW0h7k)
disable ssh/ports (ufw?)

Options:

1. Provision from snapshot
2. Shared volume, with the load balancers redirecting port 80 to 443 except
   /.well-known/acme-challenge which is pointing to the shared volume.
3. Similar redirect except instead of a shared volume, we use a floating ip.
4. Load balancers are floating ips. The default state is the load balancers
   redirect 80 to 443. We provision new load balancers that point 443 to old
   servers, and 80 to new ones. The app servers have similar redirect rules as
   above, but can be provisioned with let's encrypt.

Advantages

1. Easy as fuck, provision multiple at a time
2. Repo, Medium as heck, Provision multiple at a time
3. Repo, Medium as heck, no shared volume
4. Repo

Disadvantages

1. Hard for others to reproduce
2. Costs more (shared volume) 10 cents though
3. We can only provision one server at a time
4. Harder

https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nfs-mount-on-centos-6