My own topics
Ansible role for deploying and running a Golang binary as a systemd service
- Copy the files into your playbook and set the service_name and base_path to your application.
- The service uses rsyslog to create error.log and access.log.
- Logrotate config included.
- Handles Beego framework logging.
This is an alternative to native SendMail() function that requires authentication in Golang. The function is part of Go Helpers library available on github.
Recently I posted about Varnish with secure AWS S3 bucket as backend and I wanted to have the “always online” enabled, meaning you can take the backend offline while serving from Varnish cache.
Using https://github.com/geerlingguy/ansible-role-solr will install solr with a init.d file which will work well as a service but will not restart on crash. So this ansible script should install solr as a service using systemd:
tasks/service.yml
Serving static contents from S3 is common, but using Varnish in front is a bit tricky. Especially if you want to keep the bucket secure and only serve from Varnish, here is a simple Varnish file to solve this problem.
First secure your bucket via IP policy:
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example.bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"5.6.7.8/32" //varnish ip
]
}
}
},
{
"Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example.bucket/*",
"Condition": {
"StringNotLike": {
"aws:Referer": [
"https://example.com/*"
]
}
}
}
]
}