scripts/setup currently handles the initial Nginx config, obtaining TLS certificates, updating Nginx to a secure config, and then proceeding with the rest of the setup. In my testing this particular combination is brittle and, although it works, I think there's a better way to arrange these tasks.
Perhaps create a scripts/prep_production script which can handle:
obtaining TLS certificates from Let's Encrypt
updating Nginx to a secure config
adding a cert renewal task to cron
configuring backups
This would enable a typical deploy to achieve full operability easily (i.e. the way scripts/setup was before implementing #10) and then the few remaining production-preparation activities can take place afterwards. The follow-on script could be manually invoked by the user, it could be executed automatically once the primary initialization completes, or it could be tied to an argument the user gives scripts/setup.
scripts/setupcurrently handles the initial Nginx config, obtaining TLS certificates, updating Nginx to a secure config, and then proceeding with the rest of the setup. In my testing this particular combination is brittle and, although it works, I think there's a better way to arrange these tasks.Perhaps create a
scripts/prep_productionscript which can handle:This would enable a typical deploy to achieve full operability easily (i.e. the way
scripts/setupwas before implementing #10) and then the few remaining production-preparation activities can take place afterwards. The follow-on script could be manually invoked by the user, it could be executed automatically once the primary initialization completes, or it could be tied to an argument the user givesscripts/setup.