Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Continuously deploying https served statically compiled sites to S3 with canonical domains

Continuously deploying https served statically compiled sites to S3 with canonical domains

6f44c2cc7923c18417bb5a4126152fb2?s=128

coldclimate

May 05, 2015
Tweet

Transcript

  1. None
  2. Continuously deploying https served statically compiled sites to S3 with

    canonical domains* *all of the things!
  3. Disclaimer 1. Work in progress 2. Lots of room for

    improvement 3. A bit of stuff for stuffs sake (learning)
  4. End goals 1. Static compiled site 2. Testable locally 3.

    Automatically built and deployed 4. Hosted in S3 5. Served only over HTTPS 6. With www Vs non-www canonical domains 7. Achievable in an evening 8. Cheap/free
  5. What is a static site compiler • Write markdown •

    Write rules • Compiles to HTML • Add dynamism with JavaScript • Every language www.staticgen.com • Example github. com/coldclimate/omnomfrickinnom
  6. Why? • Fast • Cachable • More secure • Encapsulated

    • Trivial to host
  7. End goal

  8. Vagrant to build locally • Overkill • Avoids ruby (and

    other) ecosystem hell • My current hammer
  9. Building vagrant up vagrant ssh cd /vagrant bundle install nanoc

    compile / jekyll build
  10. Viewing it from local machine python -m SimpleHTTPServer

  11. Version Control • JFDI • GitHub/BitBucket • Should support web

    hooks and OAuth
  12. S3 buckets: final bucket

  13. S3 buckets: redirect bucket

  14. Future improvements • Get rid of the need for two

    S3 buckets
  15. AWS User

  16. AWS Policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow",

    "Action": "s3:*", "Resource": ["arn:aws:s3:::www.omnomfrickinnom.com", "arn:aws:s3:::www.omnomfrickinnom.com/*"] } ] }
  17. AWS Policy: Sorry • Don’t use * • Cut it

    down to what you need • https://blog.codeship.com/aws-iam-security/
  18. Building with CodeShip • Sign up with GitHub/BitBucket (Oauth) •

    Create Project • Hijack the “test” process to run the build
  19. None
  20. None
  21. Future improvements • Asset chain management (grunt/gulp) • Tests (PhantomJS)

  22. Deploying with CodeShip

  23. None
  24. Why CloudFlare? • DNS management • Attach protection (DDOS etc)

    • Free SSL Cert (limited) • CNAME Flattening! • PageRules!
  25. Bolting on CloudFlare • Sign up • Add your domain

    name • Migrate all your DNS entries • Set your nameservers to CloudFlare • Set your DNS entries • Set up PageRules
  26. Update nameservers

  27. Set DNS entries

  28. Set SSL settings

  29. Set PageRules

  30. Testing it curl -I http://x.com 301 to http://www.x.com curl -I

    https://x.com 301 to https://www.x.com curl -I http://www.x.com 301 to https://www.x.com curl -I https://www.x.com 200
  31. Redirect Worst Case Scenario • 301 non-www. to www. •

    301 http to https • Finally download
  32. Workflow • git branch • code • vagrant • build

    • test • merge • push
  33. Live Demo!