Forge Deployment Script for Elixir Applications
cd /home/forge/www.example.com | |
# Fetch the latest version of the code | |
git pull origin deploy | |
# Ensure we have access to mix | |
if ! [ -x "$(command -v mix)" ]; then | |
echo 'Error: Elixir is not installed.' >&2 | |
exit 1 | |
fi | |
if ! [ -d /home/forge/site_logs ]; then | |
mkdir -p /home/forge/site_logs | |
fi | |
# Ensure we have access to hex and rebar | |
mix local.hex --force | |
mix local.rebar --force | |
# Install dependencies | |
mix deps.get --only prod | |
git checkout mix.lock | |
MIX_ENV=prod mix compile | |
# Compile assets | |
npm install --no-save --prefix ./apps/site_web/assets | |
npm run deploy --prefix ./apps/site_web/assets | |
MIX_ENV=prod mix phx.digest /home/forge/www.example.com/apps/site_web/priv/static | |
# Run the migrations | |
# MIX_ENV=prod mix ecto.migrate | |
# Generate the release | |
MIX_ENV=prod mix release production --overwrite | |
# Stop the existing process if it exists | |
_build/prod/rel/production/bin/production stop | |
# Start the release as a daemon process | |
RELEASE_TMP=/home/forge/site_logs _build/prod/rel/production/bin/production daemon | |
# Log the new OS PID | |
_build/prod/rel/production/bin/production pid |
upstream rcd { | |
server localhost:4000; | |
} | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name www.example.com; | |
server_tokens off; | |
root /home/forge/www.example.com/; | |
# FORGE SSL (DO NOT REMOVE!) | |
ssl_certificate /etc/nginx/ssl/www.example.com/123456/server.crt; | |
ssl_certificate_key /etc/nginx/ssl/www.ryandurham.com/123456/server.key; | |
ssl_protocols TLSv1.2; | |
ssl_ciphers ECDH-ECDSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; | |
ssl_prefer_server_ciphers on; | |
ssl_dhparam /etc/nginx/dhparams.pem; | |
add_header X-Frame-Options "SAMEORIGIN"; | |
add_header X-XSS-Protection "1; mode=block"; | |
add_header X-Content-Type-Options "nosniff"; | |
index index.html index.htm index.php; | |
charset utf-8; | |
# FORGE CONFIG (DO NOT REMOVE!) | |
include forge-conf/www.example.com/server/*; | |
location = /favicon.ico { access_log off; log_not_found off; } | |
location = /robots.txt { access_log off; log_not_found off; } | |
access_log off; | |
error_log /var/log/nginx/www.example.com-error.log error; | |
error_page 404 /index.php; | |
location / { | |
proxy_http_version 1.1; # Required for phoenix channel websocket negotiation | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_redirect off; | |
proxy_pass http://site; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
} | |
location ~ /\.(?!well-known).* { | |
deny all; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment