• Github, AWS S3, CloudFront purge pipeline
• AWS Load Balancer, SSL, EC2

Mount a volume xvdf to folder /newvolume

lsblk
sudo mkfs -t ext4 /dev/xvdf
sudo mkdir /newvolume
sudo mount /dev/xvdf /newvolume/

Starting node server with pm2

sudo npm install pm2 -g
pm2 start npm -- start
pm2 status

Handling a session SESSION_NAME

tmux new -sSESSION_NAME
tmux attach -tSESSION_NAME
tmux ls
tmux kill-server

When dealing with commands on Linux or Mac the prefix is typically ctrl+b

• <prefix> d - detach from session
• <prefix> c - create new window
• <prefix> 0-9 - change between created windows
• <prefix> , - change current window name
• <prefix> & - kill current window
• <prefix> % - split panel left/right
• <prefix> “ - split panel top/bottom'
• <prefix> ↓ - move to different split screen
• <prefix> s - shows list of all windows

docker image ls
docker image rm ID
docker image build -t bulletinboard:1.0 .
docker container ls --all
docker container rm --force bb
docker container run --publish 8000:8080 --detach --name bb bulletinboard:1.0
docker exec -it emma-nest_web_1 bash

docker-compose up --detach
docker-compose down
docker-compose logs

docker_compose.yml

version: "3.7"
services:
  db:
    image: postgres
    environment:
      POSTGRES_PASSWORD: postgres
      POSTGRES_USER: postgres
      POSTGRES_DB: emmadb
    ports:
      - "5433:5432"
  web:
    image: emma-nest
    depends_on:
      - db
    ports:
      - "3000:3000"

• terraform init - initialises the configuration file
• terraform validate - checks the validity of the configuration file
• terraform apply - executes configuration file (create and update)
• terraform show - inspect current state
• terraform destroy - deletes instance resources

Change root password

sudo -u postgres psql
ALTER USER postgres PASSWORD 'postgres';

List users

\du

Find data directory

sudo -u postgres psql
SHOW data_directory;

Change data directory

sudo systemctl stop postgresql
sudo systemctl status postgresql
sudo rsync -av /var/lib/postgresql /mnt/new_volume
sudo mv /var/lib/postgresql/10/main /var/lib/postgresql/10/main.bak
sudo nano /etc/postgresql/9.5/main/postgresql.conf # change data_directory here
sudo systemctl start postgresql

• Database is only accessible by the web servers, or a bastion server. The latter is entirely restricted by IP address.
• Only ports 80 and 443 are available to the public on web servers. All other ports closed.
• The web servers (i.e. Nginx/Apache) don't have permission to write to any directories except for the upload directory, and it can't execute anything from that directory (Or, better yet, uploads go directly to S3 via Lambda).
• No logging in as root, and the only method to access the server file system is by SSH, with no passwords; keys only.
• Never use your root AWS account. Create an IAM user with admin access, and never use root unless a specific account change calls for it (like signed cookied for CloudFront).
• Multi-factor authentication for all accounts.

Uber Stack