As of December 2018 we’re in the process of moving to deploying everything through ansible. For now we have done the basics for https://dev.trustroots.org/ and https://staging.trustroots.org/.


Trustroots runs on DigitalOcean (referral link) Ubuntu 14.04 droplet.

This is how to configure production server.

Nginx

Make sure /etc/nginx/nginx.conf has these:

passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
# passenger_ruby /usr/bin/passenger_free_ruby;
passenger_nodejs /usr/local/bin/node;
passenger_show_version_in_header off;

Make sure you have configuration file at /etc/nginx/sites-available/trustroots_org.conf and equivalent symlink pointing to it from sites-enabled: ln -s ../sites-available/trustroots_org.conf trustroots_org.conf.

Test configuration by running sudo nginx -t and start/stop/restart nginx by sudo service nginx {start|stop|restart|reload|force-reload|status|configtest|rotate|upgrade}

SSL

Backups

Configure backups

  1. Install AWS CLI
  2. Make sure you have bucket trustroots-backups at S3 and give user access to that bucket
  3. Create a config file with user’s access keys /srv/configs/aws.conf:
    [default]
    aws_access_key_id=ACCESS_KEY
    aws_secret_access_key=SECRET_KEY
    # Optional, to define default region for this profile.
    region=eu-west-1
    
  4. Add backup scripts for the DB and files by typing sudo crontab -e and add these lines: ```

    Backup Trustroots.org DB, once per hour (at x:00)

    0 * * * * /srv/trustroots/scripts/backup-db.sh >/dev/null 2>&1

Sync backup directory to AWS S3, once per hour (at x:10)

10 * * * * /srv/trustroots/scripts/s3backup.sh >/dev/null 2>&1


If your deployment runs DB migration scripts, create a backup prior to that by running `sudo bash /srv/trustroots/scripts/backup-db.sh`

#### Updating AWS client ([via](https://trepmal.com/2014/03/12/automating-backups-to-amazon-s3/))
- As in; it's not installed via python pip
- Test you have the latest; `aws --version`
- Update:

wget https://s3.amazonaws.com/aws-cli/awscli-bundle.zip unzip awscli-bundle.zip sudo ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws ```

Database

Swap

Logs

People with rights to access the server, databases and statistics

Kasper, Mikael. Abel. https://github.com/orgs/Trustroots/teams/ops