rydurham/deployment.sh

## deployment.sh
cd /home/forge/www.example.com
# Fetch the latest version of the code
git pull origin deploy

# Ensure we have access to mix
if ! [ -x "$(command -v mix)" ]; then
  echo 'Error: Elixir is not installed.' >&2
  exit 1
fi

if ! [ -d /home/forge/site_logs ]; then
  mkdir -p /home/forge/site_logs
fi

# Ensure we have access to hex and rebar
mix local.hex --force
mix local.rebar --force

# Install dependencies
mix deps.get --only prod
git checkout mix.lock
MIX_ENV=prod mix compile

# Compile assets
npm install --no-save --prefix ./apps/site_web/assets
npm run deploy --prefix ./apps/site_web/assets
MIX_ENV=prod mix phx.digest /home/forge/www.example.com/apps/site_web/priv/static

# Run the migrations
# MIX_ENV=prod mix ecto.migrate

# Generate the release
MIX_ENV=prod mix release production --overwrite

# Stop the existing process if it exists
_build/prod/rel/production/bin/production stop

# Start the release as a daemon process
RELEASE_TMP=/home/forge/site_logs _build/prod/rel/production/bin/production daemon

# Log the new OS PID
_build/prod/rel/production/bin/production pid

## nginx configuration
upstream rcd {
  server localhost:4000;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.example.com;
    server_tokens off;
    root /home/forge/www.example.com/;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/www.example.com/123456/server.crt;
    ssl_certificate_key /etc/nginx/ssl/www.ryandurham.com/123456/server.key;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDH-ECDSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DO NOT REMOVE!)
    include forge-conf/www.example.com/server/*;

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/www.example.com-error.log error;

    error_page 404 /index.php;

    location / {
        proxy_http_version 1.1; # Required for phoenix channel websocket negotiation
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_pass http://site;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}
	cd /home/forge/www.example.com
	# Fetch the latest version of the code
	git pull origin deploy

	# Ensure we have access to mix
	if ! [ -x "$(command -v mix)" ]; then
	echo 'Error: Elixir is not installed.' >&2
	exit 1
	fi

	if ! [ -d /home/forge/site_logs ]; then
	mkdir -p /home/forge/site_logs
	fi

	# Ensure we have access to hex and rebar
	mix local.hex --force
	mix local.rebar --force

	# Install dependencies
	mix deps.get --only prod
	git checkout mix.lock
	MIX_ENV=prod mix compile

	# Compile assets
	npm install --no-save --prefix ./apps/site_web/assets
	npm run deploy --prefix ./apps/site_web/assets
	MIX_ENV=prod mix phx.digest /home/forge/www.example.com/apps/site_web/priv/static

	# Run the migrations
	# MIX_ENV=prod mix ecto.migrate

	# Generate the release
	MIX_ENV=prod mix release production --overwrite

	# Stop the existing process if it exists
	_build/prod/rel/production/bin/production stop

	# Start the release as a daemon process
	RELEASE_TMP=/home/forge/site_logs _build/prod/rel/production/bin/production daemon

	# Log the new OS PID
	_build/prod/rel/production/bin/production pid
	upstream rcd {
	server localhost:4000;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;
	server_name www.example.com;
	server_tokens off;
	root /home/forge/www.example.com/;

	# FORGE SSL (DO NOT REMOVE!)
	ssl_certificate /etc/nginx/ssl/www.example.com/123456/server.crt;
	ssl_certificate_key /etc/nginx/ssl/www.ryandurham.com/123456/server.key;

	ssl_protocols TLSv1.2;
	ssl_ciphers ECDH-ECDSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/nginx/dhparams.pem;

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	index index.html index.htm index.php;

	charset utf-8;

	# FORGE CONFIG (DO NOT REMOVE!)
	include forge-conf/www.example.com/server/*;

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	access_log off;
	error_log /var/log/nginx/www.example.com-error.log error;

	error_page 404 /index.php;

	location / {
	proxy_http_version 1.1; # Required for phoenix channel websocket negotiation
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect off;
	proxy_pass http://site;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";
	}

	location ~ /\.(?!well-known).* {
	deny all;
	}
	}