Merge pull request #212 from YACS-RCOS/staging

Improved Speed, Security, and Recovery
YACS-RCOS · Feb 21, 2017 · 557247c · 557247c
2 parents 720dbfd + 04786c5
commit 557247c
Show file tree

Hide file tree

Showing 8 changed files with 170 additions and 129 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 FROM ruby:2.2.3
 
-MAINTAINER Richie Young <[email protected]> a
+MAINTAINER Richie Young <[email protected]>
 
 RUN apt-get update && apt-get install -qq -y build-essential nodejs wget --fix-missing --no-install-recommends
 

diff --git a/bin/yacs-generate-cert b/bin/yacs-generate-cert
@@ -1,4 +1,7 @@
 #!/bin/bash
-cd $(dirname `readlink -f "$0"`)/../
+cd $(dirname `readlink -f "$0"`)/../nginx/ssl
 
-openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx/ssl/yacs.key -out nginx/ssl/yacs.cer -subj "/C=US/ST=New York/L=Troy/O=RPI/OU=RCOS/CN=yacs.cs.rpi.edu"
+openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout privkey.pem -out cert.pem -subj '/CN=localhost'
+
+cp cert.pem chain.pem
+cp chain.pem fullchain.pem
diff --git a/config/environments/production.rb b/config/environments/production.rb
@@ -27,7 +27,11 @@
   config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present?
 
   # Compress JavaScripts and CSS.
+  config.assets.compress = true
+
+  # Choose the compressors to use
   config.assets.js_compressor = :uglifier
+  # config.assets.css_compressor = :yui
 
   # Do not fallback to assets pipeline if a precompiled asset is missed.
   config.assets.compile = false
@@ -43,7 +47,7 @@
   config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
+  config.force_ssl = true
 
   # Use the lowest log level to ensure availability of diagnostic information
   # when problems arise.

diff --git a/config/puma.rb b/config/puma.rb
@@ -10,8 +10,8 @@
 environment ENV['RAILS_ENV'] || 'development'
 
 ssl_bind '0.0.0.0', '3000', {
-  key: "/etc/puma/ssl/yacs.key",
-  cert: "/etc/puma/ssl/yacs.cer"
+    key: "/etc/puma/ssl/privkey.pem",
+    cert: "/etc/puma/ssl/cert.pem"
 }
 
 pidfile "/var/run/puma/puma.pid"

diff --git a/config/secrets.yml b/config/secrets.yml
@@ -11,10 +11,10 @@
 # if you're sharing your code publicly.
 
 development:
-  secret_key_base: b0fc69091c512cae698ae9de98349b8f6fb4544c463afa7f17af359ddcdcef4dccb9a8d325ee41e4687b9df112ee6ba213fb631ab9cc800b69582c79aca4805f
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
 
 test:
-  secret_key_base: 69005fa5977d1ac05ae1ffbbcc59e50094fdb52067f090fa0c6960fc1f905fd93f82abef05aa23dbf291c4405497f666a554cc15221535e784af95f02453f04f
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
 
 # Do not keep production secrets in the repository,
 # instead read values from the environment.

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,22 +2,25 @@ version: '2'
 
 services:
   postgres:
-    image: postgres:9.5
+    image: postgres:9.5.6
+    restart: unless-stopped
     expose:
       - "5432"
     volumes:
       - ./data/postgres:/var/lib/postgresql/data
 
   redis:
     image: redis
+    restart: unless-stopped
     expose:
       - "6379"
     volumes:
       - ./data/redis/:/var/lib/redis/data/
 
   nginx:
     build: ./nginx
-    image: nginx:mainline
+    image: nginx:1.11.9
+    restart: unless-stopped
     ports:
       - "80:80"
       - "443:443"
@@ -28,6 +31,7 @@ services:
 
   web:
     build: .
+    restart: unless-stopped
     environment:
       - RAILS_ENV=${RAILS_ENV}
       - SECRET_KEY_BASE=${SECRET_KEY_BASE}
@@ -45,6 +49,7 @@ services:
 
   worker:
     build: .
+    restart: unless-stopped
     environment:
       - RAILS_ENV=${RAILS_ENV}
     volumes:

diff --git a/nginx/Dockerfile b/nginx/Dockerfile
@@ -2,7 +2,8 @@ FROM nginx
 
 MAINTAINER Mark Robinson <[email protected]>
 
-RUN rm /etc/nginx/conf.d/default.conf
+RUN rm /etc/nginx/nginx.conf && \
+    rm /etc/nginx/conf.d/default.conf
 
 RUN mkdir /etc/nginx/cache