This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "Stmt1454490809000", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:ListBucket" | |
| ], | |
| "Resource": [ |
ziazek
/ deploy_phoenix_prod_backup_v2.rb
Last active
June 5, 2017 02:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ... | |
| store_with S3 do |s3| | |
| s3.access_key_id = "AKIAJG7SETLXXZDEL5AQ" | |
| s3.secret_access_key = "u1hNpXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" | |
| # If you've chosen a different region, you should change us-east-1 to | |
| # us-west-1, eu-west-1, ap-southeast-1, ap-northeast-1, etc. | |
| s3.region = "us-east-1" | |
| s3.bucket = "deploy-phoenix" | |
| s3.path = "/prod/#{storage_id}" | |
| s3.keep = keep |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ensure that cron's path is the same as your current one | |
| env :PATH, ENV['PATH'] | |
| every 1.hour do | |
| command "backup perform -t deploy_phoenix_prod_backup" | |
| end |
ziazek
/ deploy_phoenix_prod_backup_v3.rb
Created
June 5, 2017 04:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # database PostgreSQL do |db| | |
| # ... | |
| # end | |
| encrypt_with GPG do |encryption| | |
| encryption.keys = {} | |
| encryption.keys['[email protected]'] = <<-KEY | |
| -----BEGIN PGP PUBLIC KEY BLOCK----- | |
| Version: GnuPG v1 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream deploy_phoenix { | |
| server 127.0.0.1:8888; | |
| } | |
| map $http_upgrade $connection_upgrade { | |
| default upgrade; | |
| '' close; | |
| } | |
| server { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from https://cipherli.st/ | |
| ssl_protocols TLSv1.2; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; | |
| ssl_ecdh_curve secp384r1; | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_session_tickets off; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream deploy_phoenix { | |
| server 127.0.0.1:8888; | |
| } | |
| map $http_upgrade $connection_upgrade { | |
| default upgrade; | |
| '' close; | |
| } | |
| # REDIRECT HTTP www.example.com to HTTPS example.com |
ziazek
/ sudo ufw status
Created
June 10, 2017 05:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| To Action From | |
| -- ------ ---- | |
| OpenSSH ALLOW Anywhere | |
| Nginx Full ALLOW Anywhere | |
| OpenSSH (v6) ALLOW Anywhere (v6) | |
| Nginx Full (v6) ALLOW Anywhere (v6) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # at 3:47am, renew all Let's Encrypt certificates over 60 days old | |
| 47 3 * * * certbot renew --renew-hook "service nginx reload" |