⚠️ Note 2023-01-21
Some things have changed since I originally wrote this in 2016. I have updated a few minor details, and the advice is still broadly the same, but there are some new Cloudflare features you can (and should) take advantage of. In particular, pay attention to Trevor Stevens' comment here from 22 January 2022, and Matt Stenson's useful caching advice. In addition, Backblaze, with whom Cloudflare are a Bandwidth Alliance partner, have published their own guide detailing how to use Cloudflare's Web Workers to cache content from B2 private buckets. That is worth reading,
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--colour | |
-I app |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Idempotent way to build a /etc/hosts file with Ansible using your Ansible hosts inventory for a source. | |
# Will include all hosts the playbook is run on. | |
# Inspired from http://xmeblog.blogspot.com/2013/06/ansible-dynamicaly-update-etchosts.html | |
- name: "Build hosts file" | |
lineinfile: dest=/etc/hosts regexp='.*{{ item }}$' line="{{ hostvars[item].ansible_default_ipv4.address }} {{item}}" state=present | |
when: hostvars[item].ansible_default_ipv4.address is defined | |
with_items: groups['all'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Add this snippet to the top of your playbook. | |
# It will install python2 if missing (but checks first so no expensive repeated apt updates) | |
# gwillem@gmail.com | |
- hosts: all | |
gather_facts: False | |
tasks: | |
- name: install python 2 | |
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function password_encode(password) | |
local bcrypt = require 'bcrypt' | |
return bcrypt.digest(password, 12) | |
end | |
function check_password(password, encoded_password) | |
local bcrypt = require 'bcrypt' | |
return bcrypt.verify(password, encoded_password) | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Rails production setup via SQLite3 made durable by https://litestream.io/ | |
# Copy this to Dockerfile on a fresh rails app. Deploy to fly.io or any other container engine. | |
# | |
# try locally: docker build . -t rails && docker run -p3000:3000 -it rails | |
# | |
# in production you might want to map /data to somewhere on the host, | |
# but you don't have to! | |
# | |
FROM ruby:3.0.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSEBDockerrunVersion": "1", | |
"Image": { | |
"Name": "<AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com/<NAME>:<TAG>", | |
"Update": "true" | |
}, | |
"Ports": [ | |
{ | |
"ContainerPort": "443" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- certain endpoints are always blocked | |
if nginx_uri == "/_access_token" or nginx_uri == "/_me" then | |
ngx.exit(403) | |
end | |
-- import requirements | |
local cjson = require "cjson" | |
-- setup some app-level vars | |
local app_id = "APP_ID" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- layout file --> | |
<% if current_user %> | |
Welcome <%= current_user.username %>. Not you? <%= link_to "Log out", logout_path %> | |
<% else %> | |
<%= link_to "Sign up", signup_path %> or <%= link_to "log in", login_path %>. | |
<% end %> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The only setting we feel strongly about is the fail_timeout=0 | |
# directive in the "upstream" block. max_fails=0 also has the same | |
# effect as fail_timeout=0 for current versions of nginx and may be | |
# used in its place. | |
# you generally only need one nginx worker unless you're serving | |
# large amounts of static files which require blocking disk reads | |
worker_processes 1; | |
# # drop privileges, root is needed on most systems for binding to port 80 |
NewerOlder