Continuously deploying https served statically compiled sites to S3 with canonical domains

Transcript

1. None

2. Continuously deploying https served statically compiled sites to S3 with

   canonical domains* *all of the things!

3. Disclaimer 1. Work in progress 2. Lots of room for

   improvement 3. A bit of stuff for stuffs sake (learning)

4. End goals 1. Static compiled site 2. Testable locally 3.

   Automatically built and deployed 4. Hosted in S3 5. Served only over HTTPS 6. With www Vs non-www canonical domains 7. Achievable in an evening 8. Cheap/free

5. What is a static site compiler • Write markdown •

   Write rules • Compiles to HTML • Add dynamism with JavaScript • Every language www.staticgen.com • Example github. com/coldclimate/omnomfrickinnom

6. Why? • Fast • Cachable • More secure • Encapsulated

   • Trivial to host

7. End goal

8. Vagrant to build locally • Overkill • Avoids ruby (and

   other) ecosystem hell • My current hammer

9. Building vagrant up vagrant ssh cd /vagrant bundle install nanoc

   compile / jekyll build

10. Viewing it from local machine python -m SimpleHTTPServer

11. Version Control • JFDI • GitHub/BitBucket • Should support web

    hooks and OAuth

12. S3 buckets: final bucket

13. S3 buckets: redirect bucket

14. Future improvements • Get rid of the need for two

    S3 buckets

15. AWS User

16. AWS Policy { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow",

    "Action": "s3:*", "Resource": ["arn:aws:s3:::www.omnomfrickinnom.com", "arn:aws:s3:::www.omnomfrickinnom.com/*"] } ] }

17. AWS Policy: Sorry • Don’t use * • Cut it

    down to what you need • https://blog.codeship.com/aws-iam-security/

18. Building with CodeShip • Sign up with GitHub/BitBucket (Oauth) •

    Create Project • Hijack the “test” process to run the build
19. None
20. None

21. Future improvements • Asset chain management (grunt/gulp) • Tests (PhantomJS)

22. Deploying with CodeShip

23. None

24. Why CloudFlare? • DNS management • Attach protection (DDOS etc)

    • Free SSL Cert (limited) • CNAME Flattening! • PageRules!

25. Bolting on CloudFlare • Sign up • Add your domain

    name • Migrate all your DNS entries • Set your nameservers to CloudFlare • Set your DNS entries • Set up PageRules

26. Update nameservers

27. Set DNS entries

28. Set SSL settings

29. Set PageRules

30. Testing it curl -I http://x.com 301 to http://www.x.com curl -I

    https://x.com 301 to https://www.x.com curl -I http://www.x.com 301 to https://www.x.com curl -I https://www.x.com 200

31. Redirect Worst Case Scenario • 301 non-www. to www. •

    301 http to https • Finally download

32. Workflow • git branch • code • vagrant • build

    • test • merge • push

33. Live Demo!