Spinning up a server is easy enough, just go to Digital Ocean and push a button. But now you are responsible for your server. What does that mean?
The security principle of "least privilege" means that apps should only have the permissions that they need to do their job, nothing more. If an attacker compromises your app, then they can't do anything outside of what the app would normally do. They may be able to break the application …
This is a gentle introduction to getting your Phoenix app up and running on a $5/month server at Digital Ocean. It starts from zero, assuming minimal experience with servers.
I have been using Linux since 1993, so I will give a bit of a history lesson to explain the motivation behind the popular distributions. There are two main families, RedHat and Debian. RedHat traditionally comes from the corporate world, and Debian from the free software community.
Figuring out how to deploy your Elixir app can be confusing, as it's a bit different from other languages. This post describes how we deploy apps with the reasons behind our decisions.
We have created a working example template which puts all the pieces together to get you started quickly …
Database migrations are used to automatically keep the database in sync with the code that uses it. Elixir apps should be deployed as releases, supervised by systemd. Here is an example of how to run migrations when deploying Elixir releases.
It's tempting to automatically run database migrations when the app …
After we have deployed the new release, we restart the app to make it live:
sudo /bin/systemctl restart foo
The user account needs sufficient permissions to restart the app, though. Instead of giving the deploy account full sudo permissions …
When your app is running behind a proxy like Nginx, then the request will look
like it's coming from Nginx, i.e. the IP will be
127.0.0.1. Similarly, If
Nginx is behind a CDN, then all the requests will come from the IP of the CDN.
Normally, in order to listen on a port less than 1024, an app needs to be running as root or have elevated capabilities. That's a security problem waiting to happen, though. We run the app on a normal port, e.g. 4000, and redirect traffic in the firewall from port …
- db migrations
- functional programming
- graphical design
- know your customer
- rate limiting
- static assets
- user experience
- user stories