-
Notifications
You must be signed in to change notification settings - Fork 41
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
fedb123
commit 7e27aa7
Showing
3 changed files
with
122 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,116 @@ | ||
| # Name of your application. Used to uniquely configure containers. | ||
| service: webauthn-rails-demo | ||
|
|
||
| # Name of the container image. | ||
| image: webauthn-rails-demo | ||
|
|
||
| # Deploy to these servers. | ||
| servers: | ||
| web: | ||
| hosts: | ||
| - 3.233.189.168 | ||
| labels: | ||
| traefik.http.routers.webauth-rails-demo.rule: Host(`webauthn.cedarcode.com`) | ||
| traefik.http.routers.webauth-rails-demo.tls: true | ||
| traefik.http.routers.webauth-rails-demo.tls.certresolver: letsencrypt | ||
| options: | ||
| memory: 200MiB | ||
|
|
||
| # Credentials for your image host. | ||
| registry: | ||
| # Specify the registry server, if you're not using Docker Hub | ||
| # server: registry.digitalocean.com / ghcr.io / ... | ||
| server: 864100757851.dkr.ecr.us-east-1.amazonaws.com | ||
| username: AWS | ||
| password: <%= %x(aws ecr get-login-password) %> | ||
|
|
||
| # Inject ENV variables into containers (secrets come from .env). | ||
| # Remember to run `kamal env push` after making changes! | ||
| env: | ||
| clear: | ||
| RACK_ENV: production | ||
| RAILS_ENV: production | ||
| RAILS_LOG_TO_STDOUT: enabled | ||
| RAILS_SERVE_STATIC_FILES: enabled | ||
| LANG: en_US.UTF-8 | ||
| secret: | ||
| - SECRET_KEY_BASE | ||
| - ROLLBAR_POST_CLIENT_ITEM_ACCESS_TOKEN | ||
| - ROLLBAR_POST_SERVER_ITEM_ACCESS_TOKEN | ||
| - DATABASE_URL | ||
|
|
||
| # Use a different ssh user than root | ||
| ssh: | ||
| user: ubuntu | ||
|
|
||
| # Configure builder setup. | ||
| builder: | ||
| multiarch: false | ||
| # args: | ||
| # RUBY_VERSION: 3.2.0 | ||
| # secrets: | ||
| # - GITHUB_TOKEN | ||
| # remote: | ||
| # arch: amd64 | ||
| # host: ssh://[email protected] | ||
|
|
||
| # Use accessory services (secrets come from .env). | ||
| accessories: | ||
| db_webauthn: | ||
| image: postgres:15.4 | ||
| host: 54.145.40.246 | ||
| port: 5435:5432 | ||
| env: | ||
| clear: | ||
| POSTGRES_USER: 'webauthn' | ||
| POSTGRES_DB: 'webauthn_production' | ||
| secret: | ||
| - POSTGRES_PASSWORD | ||
| directories: | ||
| - data:/var/lib/postgresql/data | ||
|
|
||
| # Configure custom arguments for Traefik | ||
| traefik: | ||
| options: | ||
| publish: | ||
| - "443:443" | ||
| volume: | ||
| - "/home/ubuntu/letsencrypt/acme.json:/letsencrypt/acme.json" | ||
| args: | ||
| accesslog: true | ||
| entryPoints.web.address: ":80" | ||
| entryPoints.websecure.address: ":443" | ||
| entryPoints.web.http.redirections.entryPoint.to: websecure | ||
| entryPoints.web.http.redirections.entryPoint.scheme: https | ||
| entryPoints.web.http.redirections.entrypoint.permanent: true | ||
| certificatesResolvers.letsencrypt.acme.email: "[email protected]" | ||
| certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json" | ||
| certificatesResolvers.letsencrypt.acme.httpchallenge: true | ||
| certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web | ||
|
|
||
| # Configure a custom healthcheck (default is /up on port 3000) | ||
| # healthcheck: | ||
| # path: /healthz | ||
| # port: 4000 | ||
|
|
||
| # Bridge fingerprinted assets, like JS and CSS, between versions to avoid | ||
| # hitting 404 on in-flight requests. Combines all files from new and old | ||
| # version inside the asset_path. | ||
| # asset_path: /rails/public/assets | ||
|
|
||
| # Configure rolling deploys by setting a wait time between batches of restarts. | ||
| # boot: | ||
| # limit: 10 # Can also specify as a percentage of total hosts, such as "25%" | ||
| # wait: 2 | ||
|
|
||
| # Configure the role used to determine the primary_host. This host takes | ||
| # deploy locks, runs health checks during the deploy, and follow logs, etc. | ||
| # | ||
| # Caution: there's no support for role renaming yet, so be careful to cleanup | ||
| # the previous role on the deployed hosts. | ||
| # primary_role: web | ||
|
|
||
| # Controls if we abort when see a role with no hosts. Disabling this may be | ||
| # useful for more complex deploy configurations. | ||
| # | ||
| # allow_empty_roles: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters