https://wiki.exphosted.com/doku.php/production_platform_monitoring
Using Monit for additional monitoring
All the API request should send with SSL Enabled
Eg: http.use_ssl = true
Important: When we deploy LRS SSL(HTTPS) enabled code E1 environments should be HTTPS mode and Expertusone Application should send the request with SSL(HTTPS) enabled
1. Create the custom domain folder structure
cd /opt/nginx/conf
sudo mkdir sites-available
sudo mkdir sites-enabled
2. Remove default server block from nginx.conf and create it as a default template and include the template in the nginx.conf
a. cut the below server block from nginx.conf based on the environments
server {
listen 80;
server_name dev01.recordexa.com;
rewrite ^/?(.*) https://$host/$1 redirect;
}
server {
listen 443 ssl;
server_name dev01.recordexa.com;
ssl_certificate /opt/nginx/conf/ssl/recordexa/server.crt;
ssl_certificate_key /opt/nginx/conf/ssl/recordexa/server.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/pki/tls/private/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
root /deploy/tincan/current/public;
passenger_enabled on;
passenger_app_env development;
passenger_min_instances 12;
client_max_body_size 8M;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
b. Add the below code 'include /opt/nginx/conf/sites-enabled/*;' in nginx.conf inside the http block
include /opt/nginx/conf/sites-enabled/*;
c. cd sites-available
sudo vi default - add the above removed server block here(Make sure to update server_name based on the environment eg: dev01.recordexa.com)
server {
listen 80;
server_name dev01.recordexa.com;
rewrite ^/?(.*) https://$host/$1 redirect;
}
server {
listen 443 ssl;
server_name dev01.recordexa.com;
ssl_certificate /opt/nginx/conf/ssl/recordexa/server.crt;
ssl_certificate_key /opt/nginx/conf/ssl/recordexa/server.key;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/pki/tls/private/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
root /deploy/tincan/current/public;
passenger_enabled on;
passenger_app_env development;
passenger_min_instances 12;
client_max_body_size 8M;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
d. Create symlink from sites-available to sites-enabled
cd ..
sudo ln -s /opt/nginx/conf/sites-available/default /opt/nginx/conf/sites-enabled/default
3. Reload the nginx configuration changes
sudo /etc/init.d/nginx reload
4. Create the shared 'ssl_settings.yml' config file in /deploy/tincan/shared/config/ssl_settings.yml
cd /deploy/tincan/shared/config/
vi ssl_settings.yml
Paste the below code (Make sure update the top key based on the environment and also make sure the indentation)
staging:
enable_own_domain: true
auto_run_script: true
#Rails root directory will be appended with "/bin/enable_or_disable_ssl.sh"
ssl_script_path: "/bin/enable_or_disable_ssl.sh"
web_server_path: "/opt/nginx/conf"
notify_admin: true
ssl_script_process_timeout: 150
5. Add the file in the deploy.rb file under linked_files array
cd /home/expdev01/tincan/config
vi deploy.rb
Existing: set :linked_files, %w{config/application.yml config/database.yml config/sunspot.yml}
Modified: set :linked_files, %w{config/application.yml config/database.yml config/sunspot.yml config/ssl_settings.yml}
Social Links: 1. Twitter Link 2. LinkedIn link 3. Facebook link 4. Google+ link 5. YouTube link
Mail: 1. mail: 'info@recordexa.com' 2. support_mail: 'support@recordexa.com'