Make sure your personal or organizational user exists. Copy the username and password to Travis, so that it can log in.
Connect your personal or organizational Travis CI user to your GitHub account. Add any required encorinment variables. Setup periodic builds using Cron jobs in case dependencies or parent images are updated.
The recommended way secure sensitive data.
Login and logout with travis login --com and travis logout.
Encrypt environment variable values: The value can be an arbitrary string, but is commonly an environment variable value pair.
- Run
travis encrypt --com -r <user>/<repo> <envvar>=<value>. - Copy the output text to the
env.globallist in.travis.ymlwith a comment for the variable name.
Encrypt file: Only one file can be encrypted. To encrypt multiple files, add them to an archive.
- Run
travis encrypt-file --com -r <user>/<repo> <file>. - Add the output command in
.travis.yml. - Copy the encrypted file to the repo.
- Optionally delete the unencrypted file.
- (Optional) Create a non-admin user which can login with pubkey alone (if deploying with CI/CD).
- Create a Django local settings file. Remember to add a randomly generated secret and disable debug mode.
- Create a Docker Compose file with appropriate volume bindings and network settings.
- Setup a database or use the built-in SQLite database or suggested PostgreSQL database.
- For PostgreSQL, use the sample
recreate-db.shscript to setup or recreate the DB. - Setup an Nginx reverse proxy to serve the site over TLS.
- Setup TLS certs with automatic renewal (Let's Encrypt).
- Test TLS: Qualys' SSL Server Test
- Setup a mail relay (Mailgun).
- Setup backup.
- Fix permissions to make sure unrelated users cannot read secret configs, and to prevent privilege escalation by replacing sudoable/setuided scripts.
- Test both IPv4 and IPv6 reachability for the web server.
- To test Stripe, get your pair of testing (not live) keys from your Stripe account, and try to pay with a testing card