Last active
December 18, 2020 18:08
-
-
Save rydurham/41904723ab07d8d60fa8295ee6f64822 to your computer and use it in GitHub Desktop.
Forge Deployment Script for Elixir Applications
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cd /home/forge/www.example.com | |
# Fetch the latest version of the code | |
git pull origin deploy | |
# Ensure we have access to mix | |
if ! [ -x "$(command -v mix)" ]; then | |
echo 'Error: Elixir is not installed.' >&2 | |
exit 1 | |
fi | |
if ! [ -d /home/forge/site_logs ]; then | |
mkdir -p /home/forge/site_logs | |
fi | |
# Ensure we have access to hex and rebar | |
mix local.hex --force | |
mix local.rebar --force | |
# Install dependencies | |
mix deps.get --only prod | |
git checkout mix.lock | |
MIX_ENV=prod mix compile | |
# Compile assets | |
npm install --no-save --prefix ./apps/site_web/assets | |
npm run deploy --prefix ./apps/site_web/assets | |
MIX_ENV=prod mix phx.digest /home/forge/www.example.com/apps/site_web/priv/static | |
# Run the migrations | |
# MIX_ENV=prod mix ecto.migrate | |
# Generate the release | |
MIX_ENV=prod mix release production --overwrite | |
# Stop the existing process if it exists | |
_build/prod/rel/production/bin/production stop | |
# Start the release as a daemon process | |
RELEASE_TMP=/home/forge/site_logs _build/prod/rel/production/bin/production daemon | |
# Log the new OS PID | |
_build/prod/rel/production/bin/production pid |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream rcd { | |
server localhost:4000; | |
} | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name www.example.com; | |
server_tokens off; | |
root /home/forge/www.example.com/; | |
# FORGE SSL (DO NOT REMOVE!) | |
ssl_certificate /etc/nginx/ssl/www.example.com/123456/server.crt; | |
ssl_certificate_key /etc/nginx/ssl/www.ryandurham.com/123456/server.key; | |
ssl_protocols TLSv1.2; | |
ssl_ciphers ECDH-ECDSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; | |
ssl_prefer_server_ciphers on; | |
ssl_dhparam /etc/nginx/dhparams.pem; | |
add_header X-Frame-Options "SAMEORIGIN"; | |
add_header X-XSS-Protection "1; mode=block"; | |
add_header X-Content-Type-Options "nosniff"; | |
index index.html index.htm index.php; | |
charset utf-8; | |
# FORGE CONFIG (DO NOT REMOVE!) | |
include forge-conf/www.example.com/server/*; | |
location = /favicon.ico { access_log off; log_not_found off; } | |
location = /robots.txt { access_log off; log_not_found off; } | |
access_log off; | |
error_log /var/log/nginx/www.example.com-error.log error; | |
error_page 404 /index.php; | |
location / { | |
proxy_http_version 1.1; # Required for phoenix channel websocket negotiation | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_redirect off; | |
proxy_pass http://site; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
} | |
location ~ /\.(?!well-known).* { | |
deny all; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment