Mercurial > hg > soundsoftware-site

changeset 1605:18643ab36008 deploy

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixes, doc updates
author Chris Cannam
date Thu, 24 Aug 2017 15:56:50 +0100
parents 2162f6ff8580
children 16325d2ab2dd
files deploy/README deploy/any/prepare.sh deploy/any/run-provisioning.sh deploy/config/code-ssl.conf.in deploy/provision.d/030-webapp-dir.sh deploy/provision.d/100-apache-config.sh
diffstat 6 files changed, 17 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/deploy/README	Thu Aug 24 14:47:04 2017 +0100
+++ b/deploy/README	Thu Aug 24 15:56:50 2017 +0100
@@ -16,9 +16,10 @@
  * A database dump to load. This should be left in a file called
    postgres-dumpall in the soundsoftware-site root
 
- * The database password and /sys API key for the target site. (The
-   API key can be changed in the admin UI - "grep API config/*.in" to
-   see the files you'll need to update if you change it)
+ * The database password and /sys API key for the target site. (This
+   can be queried from the db: settings table, name "sys_api_key". You
+   can change it in the admin UI; grep API config/*.in to see the
+   files you'll need to update if you change it)
 
  * The (copyrighted) web font files used in our deployment. Leave
    these in /public/themes/soundsoftware/stylesheets/fonts/
--- a/deploy/any/prepare.sh	Thu Aug 24 14:47:04 2017 +0100
+++ b/deploy/any/prepare.sh	Thu Aug 24 15:56:50 2017 +0100
@@ -46,7 +46,7 @@
 fi
 
 if [ ! -f "$rootdir/postgres-dumpall" ]; then
-    echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall"
+    echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall. Create an empty file there if you don't want to load a database."
     exit 2
 fi
 
--- a/deploy/any/run-provisioning.sh	Thu Aug 24 14:47:04 2017 +0100
+++ b/deploy/any/run-provisioning.sh	Thu Aug 24 15:56:50 2017 +0100
@@ -20,7 +20,7 @@
     case "$f" in
         *~) ;;
         *) echo "Running provisioning script: $f"
-           /bin/bash "$f";;
+           /bin/bash "$f" </dev/null ;; # close stdin to avoid interactivity
     esac
 done
 
--- a/deploy/config/code-ssl.conf.in	Thu Aug 24 14:47:04 2017 +0100
+++ b/deploy/config/code-ssl.conf.in	Thu Aug 24 15:56:50 2017 +0100
@@ -46,10 +46,18 @@
         ServerSignature Off
 </VirtualHost>
 
-<VirtualHost *:80>
+<VirtualHost *:443>
         ServerName code.soundsoftware.ac.uk
         ServerAdmin chris.cannam@soundsoftware.ac.uk
 
+        SSLEngine on
+	SSLCertificateFile /etc/apache2/certs/code.soundsoftware.ac.uk.crt
+	SSLCertificateKeyFile /etc/apache2/certs/code.soundsoftware.ac.uk.key
+	SSLCertificateChainFile /etc/apache2/certs/code.soundsoftware.ac.uk.ca-bundle
+	SSLVerifyClient none
+	SSLProtocol all -SSLv2 -SSLv3
+	SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW	
+
         DocumentRoot /var/www/code/public
         PassengerRestartDir restart_files
         PassengerHighPerformance on
--- a/deploy/provision.d/030-webapp-dir.sh	Thu Aug 24 14:47:04 2017 +0100
+++ b/deploy/provision.d/030-webapp-dir.sh	Thu Aug 24 15:56:50 2017 +0100
@@ -24,6 +24,6 @@
 fi
 
 chown -R code.www-data /var/www/code
+chmod 755 /var/www/code
 find /var/www/code -type d -exec chmod g+s \{\} \;
 
-
--- a/deploy/provision.d/100-apache-config.sh	Thu Aug 24 14:47:04 2017 +0100
+++ b/deploy/provision.d/100-apache-config.sh	Thu Aug 24 15:56:50 2017 +0100
@@ -28,6 +28,7 @@
     ln -s ../mods-available/expires.load    /etc/apache2/mods-enabled/
     ln -s ../mods-available/rewrite.load    /etc/apache2/mods-enabled/
     ln -s ../mods-available/cgi.load        /etc/apache2/mods-enabled/
+    ln -s ../mods-available/ssl.load        /etc/apache2/mods-enabled/
 
     cp "$codeconf" /etc/apache2/sites-available/code.conf
     cp "$codeconfssl" /etc/apache2/sites-available/code-ssl.conf