Skip to content

Instantly share code, notes, and snippets.

@rydurham
Last active December 18, 2020 18:08
Show Gist options
  • Save rydurham/41904723ab07d8d60fa8295ee6f64822 to your computer and use it in GitHub Desktop.
Save rydurham/41904723ab07d8d60fa8295ee6f64822 to your computer and use it in GitHub Desktop.
Forge Deployment Script for Elixir Applications
cd /home/forge/www.example.com
# Fetch the latest version of the code
git pull origin deploy
# Ensure we have access to mix
if ! [ -x "$(command -v mix)" ]; then
echo 'Error: Elixir is not installed.' >&2
exit 1
fi
if ! [ -d /home/forge/site_logs ]; then
mkdir -p /home/forge/site_logs
fi
# Ensure we have access to hex and rebar
mix local.hex --force
mix local.rebar --force
# Install dependencies
mix deps.get --only prod
git checkout mix.lock
MIX_ENV=prod mix compile
# Compile assets
npm install --no-save --prefix ./apps/site_web/assets
npm run deploy --prefix ./apps/site_web/assets
MIX_ENV=prod mix phx.digest /home/forge/www.example.com/apps/site_web/priv/static
# Run the migrations
# MIX_ENV=prod mix ecto.migrate
# Generate the release
MIX_ENV=prod mix release production --overwrite
# Stop the existing process if it exists
_build/prod/rel/production/bin/production stop
# Start the release as a daemon process
RELEASE_TMP=/home/forge/site_logs _build/prod/rel/production/bin/production daemon
# Log the new OS PID
_build/prod/rel/production/bin/production pid
upstream rcd {
server localhost:4000;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.example.com;
server_tokens off;
root /home/forge/www.example.com/;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/123456/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.ryandurham.com/123456/server.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDH-ECDSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/www.example.com/server/*;
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location / {
proxy_http_version 1.1; # Required for phoenix channel websocket negotiation
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://site;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /\.(?!well-known).* {
deny all;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment