From 276a701772a975089280b7e807aa439d578a73cb Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Wed, 28 Jul 2021 00:10:43 -0400 Subject: [PATCH] add 2nd website server --- .gitignore | 1 + certbot-replicate | 17 ++++++++ deploy-static | 54 +++++++++++++++---------- replicate.conf | 2 + static/articles/grapheneos-servers.html | 8 ++-- 5 files changed, 57 insertions(+), 25 deletions(-) create mode 100755 certbot-replicate create mode 100644 replicate.conf diff --git a/.gitignore b/.gitignore index bc2b8617..44113368 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ nginx.conf.tmp +nginx.conf.root.tmp node_modules static_tmp diff --git a/certbot-replicate b/certbot-replicate new file mode 100755 index 00000000..76398497 --- /dev/null +++ b/certbot-replicate @@ -0,0 +1,17 @@ +#!/bin/bash + +set -o errexit -o nounset -o pipefail + +replicas=( + replica1.grapheneos.org +) + +for replica in ${replicas[@]}; do + echo + echo Deploying to $replica + echo + + rsync -rptvl --progress --delete /etc/letsencrypt/ $replica:/etc/letsencrypt + rsync -rptvl --progress --delete /etc/nginx/ocsp-cache/ $replica:/etc/nginx/ocsp-cache + ssh root@$replica nginx -s reload +done diff --git a/deploy-static b/deploy-static index 3cadcf6f..0eb5628c 100755 --- a/deploy-static +++ b/deploy-static @@ -5,30 +5,40 @@ set -o errexit -o nounset -o pipefail ./validate-static ./process-static -remote=root@grapheneos.org -active=$(ssh $remote readlink /srv/grapheneos.org) +servers=( + primary.grapheneos.org + replica1.grapheneos.org +) -if [[ $active = /srv/grapheneos.org_a ]]; then - target=/srv/grapheneos.org_b -else - target=/srv/grapheneos.org_a -fi +for server in ${servers[@]}; do + echo $server -echo active is $active -echo target is $target -echo + remote=root@$server + active=$(ssh $remote readlink /srv/grapheneos.org) -ssh $remote rm -rf $target -ssh $remote cp -a $active $target -rsync -rpcv --chmod=D755,F644 --delete static_tmp/ $remote:$target -ssh $remote sync -f $target -ssh $remote ln -snf $target /srv/grapheneos.org -ssh $remote sync /srv/grapheneos.org + if [[ $active = /srv/grapheneos.org_a ]]; then + target=/srv/grapheneos.org_b + else + target=/srv/grapheneos.org_a + fi -sed -i "s|/srv/grapheneos.org|$target|" nginx.conf.tmp -rsync -rpcv --chmod=D755,F644 --delete nginx.conf.tmp $remote:/etc/nginx/nginx.conf -ssh $remote sync -f /etc/nginx/nginx.conf -ssh $remote nginx -s reload + echo active is $active + echo target is $target + echo -echo -echo active is now $target + ssh $remote rm -rf $target + ssh $remote cp -a $active $target + rsync -rpcv --chmod=D755,F644 --delete static_tmp/ $remote:$target + ssh $remote sync -f $target + ssh $remote ln -snf $target /srv/grapheneos.org + ssh $remote sync /srv/grapheneos.org + + cp nginx.conf.tmp nginx.conf.root.tmp + sed -i "s|/srv/grapheneos.org|$target|" nginx.conf.root.tmp + rsync -rpcv --chmod=D755,F644 --delete nginx.conf.root.tmp $remote:/etc/nginx/nginx.conf + ssh $remote sync -f /etc/nginx/nginx.conf + ssh $remote nginx -s reload + + echo + echo active is now $target +done diff --git a/replicate.conf b/replicate.conf new file mode 100644 index 00000000..5b7c5829 --- /dev/null +++ b/replicate.conf @@ -0,0 +1,2 @@ +[Service] +ExecStartPost=/usr/local/bin/certbot-replicate diff --git a/static/articles/grapheneos-servers.html b/static/articles/grapheneos-servers.html index 881d1d13..4a08572e 100644 --- a/static/articles/grapheneos-servers.html +++ b/static/articles/grapheneos-servers.html @@ -80,7 +80,7 @@

Specs: