search

dat-ecosystem-archive / datproject-discussions

a repo for discussions and other non-code organizing stuff [ DEPRECATED - More info on active projects and modules at https://dat-ecosystem.org/ ]
65 stars 6 forks source link

Project: SSL Deployment #39

Closed max-mapper closed 8 years ago

max-mapper commented 8 years ago

what we do now

We currently use https://github.com/mafintosh/taco-nginx to deploy node processes on Ubuntu servers. This is for deploying node services at subdomains, e.g. signalhub.dathub.org. We point *.dathub.org and dathub.org DNS at a server, and then use taco-nginx to deploy new subdomains on that server.

Our typical setup right now is to have a file called services.sh in the home folder of the server that has entries like this:

psy start -n signalhub -l /home/admin/logs/signalhub.log -- taco-nginx --name signalhub signalhub listen
psy start -n bootstrap -l /home/admin/logs/bootstrap.log -- dht-bootstrap 45.55.78.106
psy start -n dats --cwd /home/admin/src/dat-server -l /home/admin/logs/dats -- taco-nginx --name dats node cli.js

We currently use the psy process monitor. This shell script is idempotent and starts any non-started processes when executed. psy ls lists running processes.

admin@publicbits:~$ psy ls
signalhub      running  1676   3 months ago  taco-nginx --name signalhub signalhub listen
bootstrap      running  29147  3 months ago  dht-bootstrap 45.55.78.106
dats           running  20546  2 months ago  taco-nginx --name dats node cli.js

Executing taco-nginx --name dats node cli.js creates this file:

admin@publicbits:~$ cat /etc/nginx/conf.d/dats.conf 
upstream dats {
  server 127.0.0.1:48012;
}
server {
  listen 443;
  listen 80;
  server_name dats.*;
  location / {
    proxy_pass http://dats;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_buffering off;
    proxy_request_buffering off;
    proxy_http_version 1.1;
    client_max_body_size 0;

  }

}

It also reloads nginx and runs the process (node cli.js)

This is currently useful for dynamic services, but lacks two features:

Building on the above workflow, ideally youd be able to do npm run deploy and it would build the static site, push it up to a server and deploy it as e.g. docs.myserver.org using SSL from certbot/letcencrypt. One issue we have with github pages is you cant do custom domains with SSL. We can do that via cloudflare insecurely, or use surge.sh premium. Or roll our own :D If we can come up with a single workflow that works for static + dynamic processes it would probably be worth it roll our own.

Maybe we can add certbot integration to taco-nginx and a static file serving mode (e.g. just serve this folder full of html). Another fun thing is maybe we can use dat as the deployment tool :D

mafintosh commented 8 years ago

I use a wildcart ssl on my own domain to easily get ssl across all services. it costs a bit of money (100-200 usd per year) but its extremely easy to setup / use.

okdistribute commented 8 years ago

im going to move this issue to datproject/projects