209a Deployment Defaults

For a all details about the makandra hosting environment, see the opscomplete documentation.

General

• We set specific environment variables to disable telemetry for various tools and libraries. See details.
• We enable jemalloc Show archive.org snapshot for improved memory management.

Ruby on Rails specific defaults

• Ruby and Node.js versions can be managed by the project itself. See capistrano-opscomplete Show archive.org snapshot for details.

• The following directories are linked to the shared filesystem:

  Copyroot@server:/var/www/acme_p# tree -d -L 2
  ...
  └── shared
      ...
      ├── public
      │   └── system -> /gluster/shared/acme_p/shared/public/system
      ├── storage -> /gluster/shared/acme_p/shared/storage
      └── system -> /gluster/shared/acme_p/shared/system
  

• Secrets

  • config/secrets.yml is created once and includes a randomly generated secret_key_base.
  • Rails credentials: For each environment, we automatically generate config/credentials/$RAILS_ENV.key These keys are managed by us.

Load balancer

• All domains are served via SSL. By default, we use certificates provided by Let's Encrypt.
• HTTP traffic is automatically redirected to HTTPS.
• HSTS Show archive.org snapshot is enabled.
• Passive health checks are configured by default. Active health checks can be added on request. See details.
• The response header Cache-Control: public, max-age=31560000 (1 year) is applied to:
  • Paths starting with /assets/
  • Paths starting with /packs/
  • Requests for static assets (*.(css|eot|flv|gif|ico|jpe?g|js|otf|png|svg|swf|tiff|ttf|woff|woff2)) if the query string contains at least one digit, e.g. ?v=123.