Configuration files

Here’s a quick run-through the conf files available in this AMIs.

  • autorun.sh - This script will be executed at every boot, using the admin user. Keep in mind that the AMI will make read-only the file on every boot, and it will chown it to admin. You’ll find this script useful if you want to execute some extra tasks after booting, such as collecting static files or maybe running migrations.

  • cron/* - This folder contains the usual /etc/cron.* folders structure you’d expect to have. Scripts inside these folders (d, daily, hourly, monthly, weekly) will be copied to the corresponding folder in /etc/cron.*. Note that file names should be LANANA-assigned namespace, aka run-parts(8) compliant, aka only upper- and lower-case letters, digits, underscores and hyphens. They also must end with a new empty line.

  • global/hostname - Sets the hostname. Use any of the available variables:

    • KERNEL_NAME

    • NODENAME

    • KERNEL_RELEASE

    • KERNEL_VERSION

    • MACHINE

    • PROCESSOR

    • HARDWARE_PLATFORM

    • OS

    • IP_ADDR

      Keep in mind that the value of the resulting string will be slugified according to **RFC 1123**, which means that only letters, digits and hyphens are allowed.
  • global/timezone - Sets the timezone. Use whatever you’d normally put in your /etc/timezone file. Check /usr/share/zoneinfo/.

  • mail/msmtprc - You can configure an SMTP server which will be used to send alerts from Auditd, RKHunter, Fail2ban, etc…​

  • mail/notifications - Write a single line containing a valid email address to which the alerts should be sent.

  • netdata/password - This is the file you’ll want to edit in order to change Netdata’s basic auth user/password. Use the usual command to generate a valid NGINX username and hash: openssl passwd -apr1 netdata. The user/password in the demo AMI is netdata/netdata

  • nginx/web.conf - This is the NGINX’s website configuration. It will listen by default on port 80, but there is a commented section in the configuration that will enable HTTPS using your certificates (nginx/helloworld.crt and nginx/helloworld.key).

  • celery/celery.conf - You can tweak the logs path, the node’s names, the concurrency, and any other usual stuff you’d expect to be able to configure in Celery. Make sure to change Flower's default user/password: flower:flower.

  • uwsgi/uwsgi.ini - The uWSGI server configuration. Keep in mind that it will load the HelloWorld Django app, so you’ll have to change this.