We've introduced a new Firewall Rules tab on servers that you can use to customize the firewall rules for your servers.
Screenshot 2023-06-01 at 10.55.03 AM.png320 KB Hatchbox generates firewall rules automatically for your servers based upon their roles. For example, if you give a server the PostgreSQL role, we will automatically add a firewall rule to only allow port 5432 on the private subnet. This lets other servers in your cluster talk to Postgres, but nothing from the public internet to keep things secure.
Firewall rules are handled by UFW on your servers which denies all incoming traffic by default.
For load balanced applications, you can now add a Health Check path to enable active health checks. 🎉
When enabled, Caddy will make an HTTP request every 30 seconds to determine if your application is healthy or not. If your application does not respond with a 200 OK, Caddy will remove the server from the load balancer until the next check that succeeds.
Plus, Rails 7.1 will ship with an /up route specifically for health checks like these out of the box!
You now use our GitHub App for Hatchbox.io deployments! 🎉
This allows you to fine-tune access to your repositories that Hatchbox has access to and it can be configured separately for each organization.
To get started, click the "Connect GitHub" button on your App or Connected Accounts page. Install the Hatchbox GitHub App on your organization and update your app to use the GitHub app for deployments on the Repositories tab.
Existing applications will continue using GitHub OAuth for deployments, but we highly recommend switching to the GitHub Apps integration.
A new version of Ruby has shipped. Just bugfixes, no security vulnerabilities. See the release on Ruby's website: https://www.ruby-lang.org/en/news/2023/02/08/ruby-3-2-1-released/
Hatchbox now runs "bundle check" before installing gems and if all the gems are installed, it will skip the "bundle install" command. Yay for speed improvements!
We've updated our Postgres backup script to now use the "custom" format. This format is compressed and makes it easier to restore backups using pg_restore, TablePlus, Postico, or your favorite Postgres GUI.
Ubuntu has released a patch for OpenSSL for the recent CVEs. Rather than upgrading OpenSSL versions, they patch the current version to prevent bugs and regressions in LTS releases.
We've also recompiled all Ruby versions that use OpenSSL 1.1 against OpenSSL 1.1.1s so they also receive the patches. To update your apps, deploy a new version and the updated version of Ruby and OpenSSL will be installed.
You can now upload custom SSL certificates for your applications. We'll upload these to your web servers & load balancers and configure Caddy to use them for serving requests to your app. If you don't want to use LetsEncrypt for some reason, this will make it easy for you to still use SSL.
We now use the AWS API to look up Regions and Instance Types available to your account. The regions and instance types will always be accurate and list what's available for you to use.