Commit ca6b38c5 authored by jz143's avatar jz143

open port 444

parent 8d1a89b4
...@@ -13,6 +13,10 @@ cap production deploy ...@@ -13,6 +13,10 @@ cap production deploy
### Run worker on signing server ### Run worker on signing server
1. Git clone this repository 1. Git clone this repository
2. Gather config files. Most files should be identical to production web app server, except that the MySQL username is `'appstore_sign'@'152.3.124.119'`, which allows remote usage but with fewer privileges. 2. Gather config files. Most files should be identical to production web app server, except that the MySQL username is `'appstore_sign'@'152.3.124.119'`, which allows remote usage but with fewer privileges.
```
scp config/database.yml config/secrets.yml config/settings.local.yml appstore@appstore-mac.colab.managed.jiehan.org:~/appstore_sign/config/
# be sure to edit config/database.yml on signing server to use the remote MySQL user
```
3. Set up a crontab: 3. Set up a crontab:
``` ```
@reboot @reboot
...@@ -30,7 +34,7 @@ unix:///home/appstore/appstore/shared/tmp/sockets/puma.sock ...@@ -30,7 +34,7 @@ unix:///home/appstore/appstore/shared/tmp/sockets/puma.sock
``` ```
## TODO ## TODO
* Logrotate * Logrotate (seems like Logger has rotation capability)
* Only keep most recent 3 app versions * Only keep most recent 3 app versions
* Add ability for app owner to test the app, app version before marking them as 'Published' * Add ability for app owner to test the app, app version before marking them as 'Published'
* API for app authors to get latest version info from Duke App Store and prompt users to update their apps * API for app authors to get latest version info from Duke App Store and prompt users to update their apps
......
...@@ -42,6 +42,9 @@ ip6tables -A OUTPUT -p ipv6-icmp --icmpv6-type echo-reply -j ACCEPT ...@@ -42,6 +42,9 @@ ip6tables -A OUTPUT -p ipv6-icmp --icmpv6-type echo-reply -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT iptables -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT
# Open 444 for staging access
iptables -A INPUT -p tcp --dport 444 -m conntrack --ctstate NEW -j ACCEPT
# (IPv4-only) Allow access to MySQL and Redis from Mac worker # (IPv4-only) Allow access to MySQL and Redis from Mac worker
ALLOW_IP_ADDRESS=152.3.124.119 ALLOW_IP_ADDRESS=152.3.124.119
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment