- Setup let's encrypt via a script
- How do we have a consistent salt on the servers?
Servers need to be created in this order:
- master database
- replica database [skippable]
- app server
- load balancer
- provision server
- switch floating ips to new loadbalancers
apt-get update
apt-get install nginx
[copy ./lb.nginx.conf to /etc/nginx/nginx.conf]
restart nginx
apt-get update
apt-get install nginx
[copy ./app.nginx.conf to /etc/nginx/nginx.conf]
restart nginx
apt-get install git
git clone cloakedpost ~/www/current
install node (http://do.co/2gW07gf)
install pm2
start pm2
I don't even remember
disallow ssh login (http://bit.ly/2gW0h7k)
disable ssh/ports (ufw?)
Options:
/.well-known/acme-challenge
which is pointing to the shared volume.redirect 80 to 443. We provision new load balancers that point 443 to old
servers, and 80 to new ones. The app servers have similar redirect rules as
above, but can be provisioned with let's encrypt.
Advantages
Disadvantages