How To Securely Manage Secrets with HashiCorp Vault on Ubuntu 16.04
0

Introduction

Built in the Erlang program coding language, Elixir is a programming that is functional that’s popular because of its consider designer efficiency and easy composing extremely concurrent and scalable applications.

Phoenix is an internet framework constructed on Elixir to permit the creation of extremely web that is performant.

And whenever along with two tools that are additional Distillery and edeliver — it is possible to totally automate the implementation of Phoenix jobs from your own development environment to a manufacturing host.

Distillery compiles Elixir applications into a package that is single you can then deploy elsewhere. It also generates packages that allow for hot-swapping of code, which means you can upgrade applications that are live no downtime. This can be carried out with small to no setup in your component, which sets Distillery aside from other choices.

edeliver automates this create and implementation procedure by firmly taking care of repeated tasks like building the applying, moving the built package towards the host, migrating the database, and starting/updating the host. If required, you can also configure edeliver to permit for an staging that is intermediate, too.

In this guide, you will install Erlang, Elixir, and Phoenix 1.3 on a development that is local and on a production server, you’ll simplify SSH communication between the two locations, and then you’ll create a sample Phoenix project to build and deploy with edeliver. Finally, you’ll secure the production server with an reverse that is nginx and SSL certification.

By the conclusion of this guide, you should have a command that is single can:

  • build a Phoenix launch that’s suitable for your manufacturing environment
  • deploy the production towards manufacturing environment
  • start the application in a manufacturing environment
  • hot-swap the production that is current by deploying a brand new launch without the downtime

Prerequisites

Before beginning, make certain you have actually the ( that is following********************)

  • An ubuntu-based development machine that is local. Although this tutorial’s instructions are written for an ubuntu-based development that is local, one energy with this implementation procedure usually it is totally in addition to the manufacturing environment. For guidelines on establishing development that is local on other systems, begin to see the formal Elixir installation paperwork. Or, to create an Ubuntu-based remote development device, follow this initial host setup guide.

  • A non-root individual account with sudo privileges on an Ubuntu 16.04 manufacturing host with at the least 1GB of RAM, arranged by after the very first four actions inside server setup tutorial that is initial. Since our objective should automate the implementation procedure, do not enter an SSH passphrase whenever after step four of this setup guide. Also, make sure you enable use of slot 4000 in action 7 of this setup guide because of the demand sudo ufw enable 4000. This is the slot we are going to make use of for evaluation Phoenix throughout this guide.

  • Nginx set up in the manufacturing host by third how exactly to Install Nginx on Ubuntu 16.04 guide.

  • A completely registered domain title. This guide shall make use of example.com throughout. You can aquire a domain title on Namecheap, get one at no cost on Freenom, or utilize the domain registrar of the option.

  • Both of this after DNS documents arranged for the host. This hostname can be followed by you guide for information on how exactly to include them.

    • An accurate documentation with example.com pointing towards host’s general public ip.
    • An accurate documentation with www.example.com pointing towards host’s general public ip.
  • Nginx guaranteed with an SSL certification by third establishing let us Encrypt with Nginx host obstructs on Ubuntu 16.04 guide. Make sure to select choice 2, Redirect, in step four of this Nginx setup guide, as this may offer redirects that are automatic HTTPS in the manufacturing host we are producing inside guide.

Step 1 — Installing Elixir and Phoenix in the Development that is local Machine

Because Elixir works on the Erlang VM, we are going to need certainly to install the VM before we are able to install Elixir it self. And since we should make certain that we are utilizing the latest version that is stable of, we are going to install Erlang through the Erlang possibilities repository.

First, down load and include the Erlang possibilities repository towards regional development device.

  • cd ~
  • wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
  • sudo dpkg -i erlang-solutions_1.0_all.deb

Now, improve your package list and install the esl-erlang package which supplies the Erlang program coding language and helpful tools, libraries, and middleware, collectively called the Erlang/OTP platform.

  • sudo apt-get revision
  • sudo apt-get esl-erlang that is install

Then, install Elixir.

  • sudo apt-get install elixir

Next, usage Mix — a create device bundled with Elixir for producing Elixir jobs and dependencies that are managing to set up Elixir’s very own package supervisor, Hex, that you can make use of later on to set up Phoenix.

The local section of this demand informs Mix to set up hex in your area.

whenever prompted to verify the installation, enter Y.

Output

Are you sure you intend to install "https://repo.hex.pm/installs/1.5.0/hex-0.17.1.ez"? [Yn] Y * creating**********************************************************************************************************************************************).1 that are.mix/archives/hex-0

Now, make use of Hex to set up the Phoenix 1.3.0 Mix archive, a Zip file which has all youwill need to create a base that is new task to construct from.

  • mix archive.install https://github.com/phoenixframework/archives/raw/master/phx_new-1.3.0.ez

Again, whenever prompted to verify the installation, enter Y.

Output

Are you sure you intend to install "https://github.com/phoenixframework/archives/raw/master/phx_new-1.3.0.ez"? [Yn] Y * producing .mix/archives/phx_new-1.3.0

Warning: in the event that you install Phoenix through the phx_new.ez Archive, you'll get the version that is latest of Phoenix, which might be unique of usually the one we use within this tutorial — 1.3.0. You will then need certainly to adjust this tutorial towards the form of Phoenix you're utilizing.

With Elixir and Phoenix installed in the development that is local, let us install the pieces we are in need of in the manufacturing host.

Step 2 — Installing Elixir and Phoenix in the manufacturing Server

Because we are in need of our Phoenix task to perform on the development that is local together with manufacturing host, we are going to need certainly to install every one of the exact same languages and tools both in places.

Using the commands that are same 1, down load and include the Erlang possibilities repository towards manufacturing host.

  • cd ~
  • wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb
  • sudo dpkg -i erlang-solutions_1.0_all.deb

Update your package list and install the esl-erlang package.

  • sudo apt-get revision
  • sudo apt-get esl-erlang that is install

Install Elixir.

  • sudo apt-get install elixir

Use Mix to set up Hex.

whenever prompted to verify the installation, enter Y.

Output

Are you sure you intend to install "https://repo.hex.pm/installs/1.5.0/hex-0.17.1.ez"? [Yn] Y * creating**********************************************************************************************************************************************).1 that are.mix/archives/hex-0

Both the development that is local together with manufacturing host are actually willing to run Phoenix, but let us ensure it is simpler to hook up to the manufacturing host through the regional development device by establishing an SSH host alias.

Step 3 — establishing an SSH Host Alias

Because our objective is an entirely automatic implementation procedure, we created an SSH key set through the production that is initial setup it doesn't prompt for a passphrase.

Right now, we are able to link through the development that is local towards the manufacturing host because of the demand ssh -i ~/.ssh/private_key_file sammy@example.com.

right here, we are linking to example.com since the individual sammy. The -i banner informs SSH to utilize the personal key file positioned at ~/.ssh/private_key_file the connection.

We could make this demand — together with implementation procedure it self — also easier, however, by establishing an SSH host alias that immediately understands which key that is private individual, and domain to utilize whenever linking towards the manufacturing host.

Open ~/.ssh/config in the regional development device for modifying.

And, content within the lines that are following

~/.ssh/config

Host example.com 
    HostName example.com
    Consumer sammy
    IdentityFile ~/.ssh/private_key_file

Note: If for example the config file currently has one thing inside it, consist of another line that is empty this brand new setup from any existing people.

The Host line provides an alias that identifies this configuration that is particular. To make it easier to remember, we're using our domain name. The HostName line tells SSH the host to connect to. The User line lets SSH know which user to connect as, and the IdentityFile tells SSH which key that is private to utilize.

Save your modifications and shut the file.

Finally, test the setup by linking towards the manufacturing host.

You need had the oppertunity to help make the connection without indicating a person, personal key file, or domain. The previous steps to resolve the problem.( if you weren't able to connect, follow the on-screen messages and retrace********************)

Now we've simplified linking towards the manufacturing host, we are able to produce an example Phoenix task for implementation.

Step 4 — Creating a Test venture

By standard, once you create a brand new Phoenix task, it is configured with a PostgreSQL database adapter and Brunch, a web that is javaScript-based build tool. To avoid this complexity that is additional we are going to produce an easy Phoenix task known as myproject without a database adapter and without Brunch by moving within the --no-ecto and --no-brunch flags correspondingly.

Change to your residence directory and produce the project that is new

  • cd ~
  • mix phx.new --no-ecto --no-brunch myproject

The production includes the directories and files that Phoenix created since the scaffolding the myproject task, a prompt to verify that you would like to set up the mandatory dependencies, and guidelines on how to begin Phoenix's integral host.

Enter Y whenever prompted to verify the installation.

Output

* producing myproject/config/config.exs * producing myproject/config/dev.exs * producing exs that are myproject/config/prod ... Fetch and install dependencies? [Yn] Y * operating mix deps.get * operating mix deps.compile Many of us are set! Enter the application by operating: $ myproject that is cd Begin your Phoenix software with: $ mix phx.server You may want to run your software inside IEx (Interactive Elixir) since: $ iex mix phx.server that is-S

Now, let us see if our test task is working.

Go in to the myproject directory and run the mix phx.server demand to compile the task and begin the host.

  • cd ~/myproject
  • mix phx.server

The production informs you the amount and kinds of files Phoenix put together, offers you warnings about dilemmas it went into as you go along, and, if effective, shows you where you should achieve the task.

The very first time you compile an Elixir-based application in your regional development device, you will be prompted to set up Rebar, a create and dependency device for Erlang that Mix utilizes. Enter Y at prompt.

Output

==> file_system Compiling 6 files (.ex) Generated file_system software ... Cannot find "rebar3", that will be had a need to build dependency :ranch I will install a copy that is local is simply employed by Mix Shall We install rebar3? (if operating non-interactively, usage "mix local.rebar --force") [Yn] Y ... Compiling 11 files (.ex) Generated app that is myproject [info] operating MyprojectWeb.Endpoint with Cowboy utilizing http://0.0.0.0:4000

To test the setup that is current point your web browser to http://localhost:4000. You should see the default Phoenix Framework homepage welcoming you to Phoenix. Then review your terminal output for further instructions.( if you don't, make sure that your firewall is allowing connections on port 4000 and********************)

Once you have confirmed that every thing's working, press CTRL+C two times to avoid the host such that it's prepared for further setup in action 5.

Now it to use Distillery and edeliver.( that you have a fully-functional, local Phoenix project, let's configure********************)

Step 5 — Configuring the venture to utilize Distillery and edeliver

Phoenix jobs shop setup details just like the slot the task operates on together with task's host URL in config/prod.exs, therefore we are going to start with modifying that file to share with Phoenix how exactly to achieve the task within the manufacturing environment.

Open config/prod.exs in your regional development device for modifying.

  • nano ~/myproject/config/prod.exs

Find the block that is following of:

config/prod.exs

...
config :myproject, MyprojectWeb.Endpoint,
  load_from_system_env: real,
  url: [host: "example.com", port: 80],
  cache_static_manifest: "priv/static/cache_manifest.json"
...

whenever load_from_system_env is scheduled to true, Phoenix gets the slot the task should operate on through the PORT environment adjustable automagically. That is called the HTTP slot.

The url: [host] and url: [port] are acclimatized to create links in the task. This distinction between HTTP and Address is specially helpful whenever establishing proxies where in actuality the proxy endpoint is exposed on a port that is different the Phoenix task.

For ease's benefit, we are going to hardcode within the HTTP slot your myproject operates on. This may reduce steadily the range going components, which, subsequently, increase the dependability of our automatic implementation procedure.

In addition towards the standard choices we are going to be changing, we are going to additionally be incorporating two options that are new

The server choice informs Distillery to configure the task on top of that the HTTP host on begin, that will be that which we want in a totally automatic implementation procedure.

The code_reloader choice informs the task to recharge all web that is connected whenever the project's code changes. While this can be a very feature that is helpful development, it is not designed for manufacturing surroundings, therefore we are going to transform it down.

Now, alter the standard setup.

config/prod.exs

...
config :myproject, MyprojectWeb.Endpoint,
  http: [port: 4000],
  url: [host: "example.com", port: 80],
  cache_static_manifest: "priv/static/manifest.json",
  server: real,
  code_reloader: false
...

Note: in order to avoid possible setup issues, double-check that you have added a , towards the end of this cache_static_manifest line before continuing.

Save and close config/prod.exs once you have made your modifications.

As soon as we created the myproject task in step four, Phoenix immediately created a .gitignore file wewill need in action 6 as soon as we push rule modifications towards the create host with edeliver.

By standard, that .gitignore file informs Git to ignore dependencies and build files so your repository does not be needlessly big. Also, that file informs Git to ignore prod.secret.exs, a file within the config directory of most Phoenix jobs that holds really delicate information, like manufacturing database passwords and application secrets for signing tokens.

Since the myproject task requires prod.secret.exs in the manufacturing host to work precisely and now we cannot go it here with Git, we are going to need certainly to move it towards the host by hand.

In your property directory in the manufacturing host, create a directory that is new app_config. This is how you will keep prod.secret.exs.

Now, usage scp to duplicate prod.secret.exs towards the app_config directory in the manufacturing host.

  • scp ~/myproject/config/prod.exs that are.secret example.com:/home/sammy/app_config/prod.secret.exs

Finally, verify your transfer occurred by detailing the articles of app_config in the manufacturing host.

If you do not see prod.secret.exs within the production, review the terminal in your regional development device for extra information.

With prod.secret.exs in the manufacturing host, we are willing to install Distillery the create procedure and edeliver for implementation by including them both in mix.exs, the primary setup apply for the myproject task.

Open mix.exs in your regional development device.

Now, discover the block that is following of:

Dependencies in mix.exs

  ...
  defp deps do
    [
      {:phoenix, "~> 1.3.0"},
      {:phoenix_pubsub, "~> 1.0"},
      {:phoenix_html, "~> 2.10"},
      {:phoenix_live_reload, "~> 1.0", only: :dev},
      {:gettext, "~> 0.11"},
      {:cowboy, "~> 1.0"}
    ]
  end
  ...

deps is a function that is private clearly describes our myproject task's dependencies. Whilst it's maybe not strictly needed, it can help in keeping the task setup arranged.

Add edeliver and distillery towards the variety of dependencies.

Dependencies in mix.exs

  ...
  defp deps do
    [
      {:phoenix, "~> 1.3.0"},
      {:phoenix_pubsub, "~> 1.0"},
      {:phoenix_html, "~> 2.10"},
      {:phoenix_live_reload, "~> 1.0", only: :dev},
      {:gettext, "~> 0.11"},
      {:cowboy, "~> 1.0"},
      {:edeliver, "~> 1.4.3"},
      {:distillery, "~> 1.4"}
    ]
  end
  ...

Note: in order to avoid possible setup issues, double-check that you have added a , towards the end of this line preceding the brand new edeliver entry.

Save your modifications and close mix.exs.

Now, tell mix to fetch the dependencies that are new that they truly are offered at runtime.

  • cd ~/myproject/
  • mix deps.get

The production informs united states that edeliver and distillery have actually effectively been included with our task.

Output

Resolving Hex dependencies... Dependency quality finished: ... * Getting edeliver (Hex package) Checking package (https://repo.hex.pm/tarballs/edeliver-1.4.4.tar) Fetched package * Getting distillery (Hex package) Checking package (https://repo.hex.pm/tarballs/distillery-1.5.2.tar) Fetched package

Finally, restart Phoenix's host in the development that is local to check the existing setup.

Point your web browser to http://localhost:4000. you ought to begin to see the exact same standard Phoenix website if you don't, re-trace the previous steps and review your local development machine's terminal for additional information.( that you saw in Step 4.********************)

before you go to keep, press CTRL+C two times to avoid the host such that it's prepared for further setup within the next step.

With Distillery and edeliver set up, we are willing to configure them for implementation.

Step 6 — Configuring Edeliver and Distillery

Distillery calls for a create setup file that's not created automagically. But we are able to create a standard setup by operating mix launch.init.

Go in to the myproject directory in your regional development device and create the setup file.

  • cd ~/myproject
  • mix launch.init

The production confirms your file is made and includes instructions that are further how exactly to modify and build the production.

Output

An instance config file was put into rel/config.exs, review it, make edits as needed/desired, then run `mix release` to construct the production

edeliver will appear for releases within the rel/myproject directory whenever doing upgrades that are hot but Distillery puts releases in the _build directory by default. So, let's modify Distillery's default configuration file, rel/config.exs, to put production releases in the place that is right

Open rel/config.exs for modifying.

Find the ( that is following********************)

rel/config.exs

...
environment :prod do
  set include_erts: real
  set include_src: false
  set cookie: :"f3a1[Q^31~]3~N=|T|T=0NvN;h7OHK!%%c.}$)iP9!X|TS[[email protected]=m`yBYVt4/`:"
end
...

This block informs Distillery exactly how we need it to construct production that is self-contained packages. include_erts shows whether we should bundle the Erlang Runtime System, that will be helpful once the target system doesn't always have Erlang or Elixir installed. include_src shows whether we should are the supply rule files. And, the cookie value can be used for authenticating Erlang nodes to talk to each other.

Add the output_dir choice to this block to share with Distillery in which we wish it to place manufacturing releases.

rel/config.exs

...
environment :prod do
  set include_erts: real
  set include_src: false
  set cookie: :"f3a1[Q^31~]3~N=|T|T=0NvN;h7OHK!%%c.}$)iP9!X|TS[[email protected]=m`yBYVt4/`:"
  set output_dir: "rel/myproject"
end
...

Save and close the file.

We're now ready to configure edeliver, but we'll have to create its configuration file manually.

Go into the myproject directory on your local development machine and create a new directory called .deliver, then open a new file at .deliver/config for editing.

  • cd ~/myproject
  • mkdir .deliver
  • nano .deliver/config

In this file, we'll specify the build and production servers' details. Since we're using the same server for both building and production, our host and user are the same across build and production. Additionally, we'll perform the build in the app_build directory and place the compiled production files in the app_release directory.

Copy the following into the file.

.deliver/config

APP="myproject"

BUILD_HOST="example.com"
BUILD_USER="sammy"
BUILD_AT="/home/sammy/app_build"

PRODUCTION_HOSTS="example.com" 
PRODUCTION_USER="sammy" 
DELIVER_TO="/home/sammy/app_release" 

Next, we'll create a symlink in the build folder to prod.secret.exs, the file we transferred to the app_config directory on the production server in Step 5. This symlink is created inside an edeliver hook. At each point in the build, stage, and deployment process, a specific hook is called by edeliver. For our automated deployment setup, we're listening to the pre_erlang_get_and_update_deps hook that's called before edeliver gets our dependencies and begins compilation.

Append the following to .deliver/config.

.deliver/config

pre_erlang_get_and_update_deps() {
  local _prod_secret_path="/home/sammy/app_config/prod.secret.exs"
  if [ "$TARGET_MIX_ENV" = "prod" ]; then
    __sync_remote "
      ln -sfn '$_prod_secret_path' '$BUILD_AT/config/prod.secret.exs'
    "
  fi
}

Save and shut the file if you are done modifying.

Because edeliver utilizes Git to push the rule through the latest agree to the create host for further action, the ultimate action before implementation should produce a Git repository for the task.

In the myproject directory in your regional development device, utilize the git init demand to generate a clear Git repository.

(we need to add the directory containing our release tarballs to the .gitignore

Before we add our files to the Git index,******************************) file, too. Otherwise, the Git repository would become very large in size after a releases that are few

  • echo ".deliver/releases/" >> .gitignore

Next, include the entire group of files through the myproject task towards the Git staging area in order that they'll be within the next commit.

Now, set the identification that Git should keep company with this repository. This may allow you to monitor in which modifications towards task originated in.

Finally, commit the files towards the repository utilizing the -m choice to explain the cause of the commit.

  • git commit -m "Setting up automated deployment"

The production repeats right back your message that is commit and states the amount of files changed, the amount of lines placed, together with names of this files that have been included with the repository.

Output

  • [master (root-commit) e58b766] establishing automatic implementation
  • 39 files changed, 2344 insertions(+)
  • generate mode 100644 .deliver/config
  • ...

With our task now dedicated to Git and Distillery and edeliver completely configured, we are prepared for the very first implementation.

Step 7 — Deploying the venture

One good thing about this implementation procedure usually you will do every little thing in the development that is local, hardly ever ever having to touch the manufacturing host.

Let's myproject every thing out now by pressing the myproject task towards the manufacturing host.

First, usage mix in your regional development device to construct a launch of the task and move it towards the create host with edeliver.

  • cd ~/myproject
  • mix edeliver build launch

The production updates you about each step of the process of this process that is build realtime and, if every thing works not surprisingly, informs you your create ended up being effective.

Output

BUILDING LAUNCH OF MYPROJECT APP ON DEVELOP HOST -----> Authorizing hosts -----> Ensuring hosts are prepared to accept pushes that are git -----> pushing commits that are new git to: [email protected] -----> Resetting remote hosts to****************************************************************************************************************************************)f that is fc(***********************************************************************************************************************************)d96... -----> Cleaning created files from final create -----> Fetching / Updating dependencies -----> Compiling sources -----> Generating launch -----> Copying launch 0.0.1 to release store that is local -----> Copying myproject.tar.gz to discharge shop LAUNCH DEVELOP OF MYPROJECT is EFFECTIVE!

If your create was not effective, edeliver will suggest the distinct rule it absolutely was attempting to perform with regards to encountered the situation. You can make use of that given information to troubleshoot the problem.

Once the create is complete, move the production towards the manufacturing host.

  • mix edeliver deploy launch to manufacturing

Once once more, the production updates you about each step of the process of this procedure in realtime and, if every thing works, informs you the create was launched to manufacturing.

Output

DEPLOYING LAUNCH OF MYPROJECT APP TO MANUFACTURING HOSTS -----> Authorizing hosts -----> Uploading archive of launch 0.0.1 from regional launch shop -----> Extracting archive myproject.0.1.tar.gz DEPLOYED LAUNCH TO MANUFACTURING!

If you come across a challenge deploying, examine the production within terminal for extra information.

Finally, begin the myproject task in the manufacturing host.

  • mix edeliver begin manufacturing

The production informs you an individual your task is operating since, the host it is operating on, together with way to the production it is utilizing in the manufacturing host. The reaction shall be START COMPLETE!.

Output

EDELIVER MYPROJECT WITH BEGIN COMMAND -----> beginning manufacturing servers manufacturing node: individual : sammy host : example.com course : /home/sammy/app_release reaction: BEGIN COMPLETE!

Test the implementation procedure by pointing your web browser to http://example.com:4000. You need to yet again begin to see the standard Phoenix Framework website. Then consult the local development machine's terminal for additional information.( if you don't, double-check that port 4000 is open on the production server and********************)

Now we've confirmed the build that is complete deploy procedure, let us simply take our setup one action further by doing a rule revision without the downtime in the manufacturing host.

Step 8 — updating the task Without manufacturing Downtime

One function of our create and implementation procedure could be the capacity to hot-swap the rule, upgrading the task in the manufacturing host without the downtime. Let us earn some noticeable modifications towards the task to test this out.

Open the task's website apply for modifying.

  • nano ~/myproject/lib/myproject_web/templates/page/index.html.eex

Find the line that is following********************)

~/myproject/web/templates/page/index.html.eex

...
<h2><per cent= gettext "Welcome to %{name}", title: "Phoenix!" %></h2>
...

Now, change that line because of the ( that is following********************)

<h2>Hello, World!</h2>

Save and shut the file.

Now we've updated the codebase, we must also increment the applying variation. The variation quantity causes it to be simpler to monitor releases and rollback to versions that are previous necessary.

Open mix.exs in your regional development device.

Find the block that is following********************)

mix.exs

  • ...
  • def task do
  • [app: :myproject,
  • version: "0.0.1",
  • elixir: "~> 1.2",
  • elixirc_paths: elixirc_paths(Mix.env),
  • compilers: [:phoenix, :gettext] ++ Mix.compilers,
  • build_embedded: Mix.env == :prod,
  • start_permanent: Mix.env == :prod,
  • deps: deps()]
  • end
  • ...

Increment the variation from 0.0.1 to 0.0.2.

mix.exs

  • ...
  • def task do
  • [app: :myproject,
  • version: "0.0.2",
  • elixir: "~> 1.2",
  • elixirc_paths: elixirc_paths(Mix.env),
  • compilers: [:phoenix, :gettext] ++ Mix.compilers,
  • build_embedded: Mix.env == :prod,
  • start_permanent: Mix.env == :prod,
  • deps: deps()]
  • end
  • ...

Then, save yourself and shut the file.

Now we have to include and commit our modifications to Git in order that edeliver understands it will push them towards the create host.

  • git add .
  • git commit -m "Changed welcome message"

Finally, we are willing to hot-swap our modifications. These times, we now have a command that is single's comparable to the 3 relevant commands we utilized in action 7.

With one demand, build, deploy, and re-start the applying in the manufacturing host.

  • mix edeliver update manufacturing

Once once more, the production takes united states through each step of the process of this procedure in realtime and, if effective, concludes with, UPGRADE COMPLETE!.

Output

EDELIVER MYPROJECT WITH UPGRADE COMMAND -----> updating to modification 2fc28b6 from branch master -----> Detecting launch variations on manufacturing hosts -----> Deploying improvements to at least one hosts that are online -----> Checking whether set up variation 0.0.1 is in launch shop -----> Building the update from variation 0.0.1 -----> Authorizing hosts -----> Validating * variation 0.0.1 is in regional launch shop -----> Ensuring hosts are prepared to accept pushes that are git -----> pushing commits that are new git to: [email protected] -----> resetting hosts that are remote 2fc28b6... -----> Cleaning created files from final create -----> looking into 2fc28b6... -----> Fetching / Updating dependencies -----> Compiling sources -----> Checking form of era -----> Uploading archive of launch 0.0.1 from regional launch shop -----> Extracting archive myproject_0.0.1.tar.gz -----> Generating launch -----> getting rid of built launch 0.0.1 from remote launch directory -----> Copying launch 0.0.2 to release store that is local -----> Copying myproject.tar.gz to discharge shop -----> updating manufacturing hosts to variation 0.0.2 -----> Authorizing hosts -----> Uploading archive of launch 0.0.2 from regional launch shop -----> updating launch to 0.0.2 UPGRADE COMPLETE!

To verify that every thing worked, reload http://example.com:4000 within web browser. You need to begin to see the message that is new. The previous steps and check your terminal for additional error and warning messages.( if you don't, re-trace********************)

The implementation procedure has been paid down to simply a command that is single and we're also making use of one of Erlang's most famous features — code hot-swapping. As a touch that is final let us fortify our application in manufacturing by placing it behind an Nginx proxy.

Step 9 — establishing a Reverse Proxy in the manufacturing Server

Although we are able to straight expose our application towards the Web, a reverse proxy will give you better safety. For easy setup, help for SSL, together with capacity to set customized HTTP reaction headers, we are going to make use of Nginx for the proxy.

(you should have already created a separate Nginx server block on the production server just for our project.

If you followed the setting up Let's Encrypt with Nginx server blocks on Ubuntu 16.04 tutorial in the prerequisites,********************)

Open that host block's setup apply for modifying.

  • sudo nano*******************************)example.com( that is/etc/nginx/sites-available/(********************************)

First, we have to inform Nginx in which our Phoenix task resides and which slot it listens on. Since we are serving our task on slot 4000 in your area, we are telling Nginx our proxy endpoint reaches 127.0.0.1:4000.

Copy the code that is following the setup file over the standard host setup block.

/etc/nginx/sites-available/example.com

upstream phoenix {
    host 127.0.0.1:4000;
}

Now, within the file that is same discover the after rule block:

/etc/nginx/sites-available/example.com

    ...
        location / {
                # very first try to provide demand as file, then
                # as directory, then fall back again to showing a 404.
                try_files $uri $uri/ =404;
        }
    ...

For the proxy working, we have to inform Nginx to redirect all connections towards the internet host to your Phoenix task, like the demand header, the ip of this host your customer was proxied through, together with ip of this customer it self.

We'll additionally configure Nginx to forward inbound needs through WebSockets, a protocol for messaging between internet servers and consumers that improvements the conventional HTTP that is stateless connection a persistent one.

Phoenix has an element called stations we did not explore inside guide, but stations need help for WebSockets. Without this setup, Channels will not work because WebSocket needs will not ensure it is towards the host.

Replace the prior location block because of the ( that is following********************)

/etc/nginx/sites-available/example.com

  location / {
    enable all;

    # Proxy Headers
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Cluster-Client-Ip $remote_addr;

    # WebSockets
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";

    proxy_pass http://phoenix;
  }

Save and shut the file to keep.

Now, validate the brand new Nginx setup.

Nginx should report your syntax is fine which the test ended up being effective. Or even, stick to the messages that are on-screen resolve the situation.

Restart Nginx to propagate the modifications.

  • sudo systemctl restart nginx

Lastly, for safety purposes, disallow use of the application via HTTP on slot 4000.

  • sudo ufw delete allow 4000

Then, always check UFW's status.

The firewall should just enable SSH and Nginx access now.

Output

Status: active To Action From -- ------ ---- OpenSSH ENABLE Anywhere Nginx Comprehensive ENABLE Anywhere OpenSSH (v6) ENABLE Anywhere (v6) Nginx(v6 that are full ENABLE Anywhere (v6)

Finally, test that every thing's working by pointing your web browser to https://example.com.

You are in possession of a totally automatic create and deploy procedure and a manufacturing host guaranteed both by a reverse proxy and an SSL certification.

Conclusion

Even though we have arranged edeliver to construct and deploy our Phoenix task to a manufacturing host with a command that is single there is nevertheless much more you can certainly do.

If your manufacturing infrastructure consists of a group of Phoenix nodes, you need to use edeliver to deploy to and perform hot-swapping on every one of the nodes at the same time.

Or, you can create a full-blown staging infrastructure and use edeliver to manage the process of staging and deploying.( if you want a setup with greater reliability,********************)

To learn more about either of the subjects or even to find out more about expanding your edeliver that is current installation basic, go to the task's formal house on GitHub.

Develop and Setup OpenVPN Server On Ubuntu VPS

Previous article

A Perfect Server Setup with Nginx, ISPConfig, BIND and Dovecot

Next article

You may also like

Comments

Leave a reply

Your email address will not be published. Required fields are marked *