created: 20171106135117587
creator: user
modified: 20171113115745353
modifier: user
tags: 
title: new monolith
type: text/vnd.tiddlywiki

! Configure forward.bjoola.com
edit `/etc/stunnel.conf`

```
[ssldevX]
connect = 213.125.205.3:PPP
accept = 127.0.0.1:PPP
```
edit or create `/etc/nginx/site-enabled/devX.vrendly.nl`

`certbot certonly -d devX.vrendly.bjoola.com -d devX.auth.bjoola.com -d devX.genifer.bjoola.com -d devX.vrendly-api.bjoola.com`

! Create monolith on server2
```sh
ssh server2
lxc-copy -n docker-default -N monolith-devX
lxc-start -n monolith-devX
lxc-attach -n monolith-devX 
  ifconfig |grep 192
  # inet addr:192.168.Y.Z  Bcast:192.168.255.255  Mask:255.255.0.0
  vi /home/www/.ssh/authorized_keys
  # add your id_rsa.pub
  vi /root/provision.sh
  # insert provision script 
```
  [[provision monolith]]

```
  bash /root/provision.sh
```
!! stunnel
```
  mkdir /etc/stunnel/keys
  vi /etc/stunnel/keys/stunnel.pem
```
paste pem from other monolith (or from server2)

```
  vi /etc/stunnel/stunnel.conf
```
```
cert = /etc/stunnel/keys/stunnel.pem
[ssl]
accept = 192.168.Y.Z:PPP
connect = 127.0.0.1:80  
```
```
  vi /etc/default/stunnel4
```
```
ENABLED=1
```
!! iptables
```
  vi /etc/iptables/rules.v4
```
```
# Generated by iptables-save v1.4.21 on Tue Oct 17 11:39:15 2017
*filter
:INPUT DROP [5:676]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18:1232]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport PPP -j ACCEPT
COMMIT
# Completed on Tue Oct 17 11:39:15 2017
```
```
  exit
exit
```

! configure local machine

edit `~/.ssh/config`

```
Host devX-monolith
	Hostname 192.168.Y.Z
	User www-data
```

! configure docker registry
```
ssh devX-monolith
docker login docker-registry.bjoola.nl
```

!Install proxy

```
# ~/Development/ci-operations from https://github.com/kantoor-f12/ci-operations.git
$ ./operations/deployment/sync.proxy.sh devX-monolith
```
Done.. devX should now be ready to get deployed to.