Beanstalk config #6
Conversation
| content: | | ||
| # update mod_wsgi | ||
| cd /tmp | ||
| wget -q "https://github.com/GrahamDumpleton/mod_wsgi/archive/4.4.21.tar.gz" && \ |
There was a problem hiding this comment.
Is wget from github really the preferred way of doing this? No package management system, no hash checking or anything to ensure that we're getting what we expect to get?
This is kind of YOLO for my tastes, especially with root ownership, but if it's the only option then 🤷♀️ I guess.
There was a problem hiding this comment.
I'm hoping this changes with a newer release and we don't need it. But a lot of people seem to be using it.. https://serverfault.com/questions/884469/mod-wsgi-call-to-site-addsitedir-failed-on-aws-elastic-beanstalk-python-3
There was a problem hiding this comment.
OK. I'll add a comment so future-us isn't confused about that.
| content: | | ||
| RewriteEngine On | ||
| <If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'"> | ||
| RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L] |
| @@ -0,0 +1,6 @@ | |||
| <Directory /opt/python/current/app/{{cookiecutter.project_name}}/staticfiles/> | |||
There was a problem hiding this comment.
Does this actually do what we expect or does the project name need to be filled in here?
There was a problem hiding this comment.
Silly copy and paste will fix
| AddOutputFilterByType DEFLATE text/css | ||
| # Level of compression (Highest 9 - Lowest 1) | ||
| DeflateCompressionLevel 9 | ||
| # Netscape 4.x has some problems. |
There was a problem hiding this comment.
For the record, I don't really care about Netscape support ;)
There was a problem hiding this comment.
OA + DISJ goals we gotta take everyone into consideration
.travis.yml
Outdated
| deploy: | ||
| provider: elasticbeanstalk | ||
| access_key_id: AKIAI4BFBKEXWULNKVGQ | ||
| secret_access_key: |
There was a problem hiding this comment.
I'm guessing we don't want this to be here. Do we have a strategy for having it NOT be here?
There was a problem hiding this comment.
This is potentially okay since secret is encrypted, but I think we can encrypt both. Will double check
There was a problem hiding this comment.
Yeah FYI: https://stackoverflow.com/questions/7678835/how-secure-are-amazon-aws-access-keys
Gonna ignore encrypting access key, and will just stick to secret encryption. Will create a different user with limited rights for deploying from Travis to beanstalk
hamlet/settings/aws.py
Outdated
|
|
||
| # GENERAL CONFIGURATION | ||
| # ----------------------------------------------------------------------------- | ||
| #SET SECRET KEY IN .ebextensions config |
There was a problem hiding this comment.
(Do we actually do that? How/where?)
There was a problem hiding this comment.
Nope, plan is no passes/etc in .ebextensions now will change
| ] | ||
|
|
||
| private_ip = get_linux_ec2_private_ip() | ||
| if private_ip: |
hamlet/settings/aws.py
Outdated
| # STATIC FILE CONFIGURATION | ||
| # ----------------------------------------------------------------------------- | ||
|
|
||
| MIDDLEWARE += ( |
There was a problem hiding this comment.
Whitenoise wants to be before most other middleware (http://whitenoise.evans.io/en/stable/) so this will need to be MIDDLEWARE.insert(1, 'whitenoise.middleware.WhiteNoiseMiddleware').
hamlet/settings/aws.py
Outdated
| COMPRESS_OFFLINE = True | ||
|
|
||
| #MODEL FILES STORED ON S3 | ||
| MODELS_DIR = os.environ.get('MODELS_DIR') |
There was a problem hiding this comment.
Can you make sure docs/docs.md contains info on whatever env needs to be set in order for all of this to work? (The docs file is horribly disorganized right now so you can just put it somewhere in the AWS stuff and I'll sort out the organization later.)
|
I think I got everything? Libraries CI/CD slowly becoming a reality? |
Includes: * test that we can autodeploy the beanstalk branch, then swap config to master * add bucket_name (not included with travis setup) * configure with restricted account for travis * update docs
thatandromeda
force-pushed
the
beanstalk
branch
from
f3aa902
to
27c6402
Compare
Current beanstalk config + Travis Deploy settings.