Philipp Küng

Guy behind @bitfondue

Deploy a Phoenix Application on Heroku

Since I heard of Phoenix, the Elixir framework on The Changelog Podcast, I’ve spent some time getting familiar with the framework. However when time came to deploy the application onto Heroku there were a couple of things that weren’t initially obvious to me, like how to run brunch to compile the assets or how to parse the DATABASE_URL environment variable.


First we have to change the currently used buildpack to the multi buildpack which makes it possible to run the Node.js besides the Elixir buildpack.

heroku config:add BUILDPACK_URL=

Then add the file .buildpacks with the contents below which will pull in the buildpacks and run their compile script. The buildpack listed last will hereby be used to run the application.

# .buildpacks

Compile the assets

Now that we have multiple buildpacks we need to tell the Node.js one to run the postinstall hook after all the dependencies are installed. Just add the scripts part to your package.json and you’re all set for Heroku to run the brunch build command.

# package.json
  "dependencies": {
  "engines": {
    "node": "~ 0.12.1"
  "scripts": {
    "postinstall": "node_modules/.bin/brunch build"  

Parse the environment variable

When deploying the application to Heroku, the configuration variables will be exposed to the application via environment variables. For the database that means there will be a single String from which the username, password, host, etc. will have to be extracted. You could theoretically do that by hand defining those variables individually, however what happens if your database provider has an issue and suddenly decides to change the value behind your environment variable? - in order to avoid that, just put the code below in your prod.secret.exs file to help you split the configuration variable for the database.

# config/prod.secret.exs
defmodule Heroku do
  def database_config(uri) do
    parsed_uri = URI.parse(uri)
    [username, password] = parsed_uri.userinfo
                           |> String.split(":")
    [_, database] = parsed_uri.path
                    |> String.split("/")

    [{:username, username},
     {:password, password},
     {:database, database},
     {:port, parsed_uri.port},
     {:adapter, Ecto.Adapters.Postgres}]

Then instead of defining the arguments for your app separately, call the database_config function and you’re all set.

# config/prod.secret.exs
config :yourapplication, Yourapplication.Repo,
  |> System.get_env
  |> Heroku.database_config

Run the database migrations

heroku run mix ecto.migrate

Since I’m pretty new to Elixir and even newer to the Phoenix Framework, this tutorial might lack some best practices, in which case please let me know so this post can be updated to reflect them.

Automatically deploy to Heroku from Github

While starting on a new project the other day I decided to automate as much as possible. One of those tasks was deploying to Heroku when pushing the master branch to Github. It took me some time to figure certain parts out, even though the documentation is quite extensive; guess it being a beta feature didn’t help.

  1. Start by going into the Settings > Webhooks & Services view and add the HerokuBeta Service.
  2. Create the app on Heroku via the command line heroku create myapp
  3. Fill in myapp as the Name in the HerokuBeta settings view and leave Github api url empty.
  4. Then for the Heroku token, you’ll need your Heroku api token, which you get via heroku auth:token (eg. token123) and your email address you’re using to login to Heroku (eg. [email protected]). Then convert the two into a base64 hash for the Authorization header by issuing this command on a Unix system echo "[email protected]:token123" | base64 (eg. base64-123).

     curl -X POST \
     -H "Accept: application/vnd.heroku+json; version=3" \
     -H "Authorization: Basic base64-123" \
     -H "Content-Type: application/json" \
     -d "{\"description\":\"direct token description (preferably meaningful)\"}"
  5. For the Github token follow the instructions and head to where you can click Create new token, then give it a name and leave the default settings before hitting Generate token. Then copy this token and fill it into the form.
  6. Save the configuration with Add service.
  7. I first thought the hook is already working, however it’s only working with Github deployment events, which you can add by adding another service called Github Auto-Deployment.
  8. Repeat step 5 to acquire a new Github token and add it there, save and from now on your automatic Heroku deployment should be fully working.

Reset your Synology NAS after a SynoLocker attack

Encrypted Data

Personal NAS-es are quite handy, however their wide spread usage and the fact that people don’t often check their system via the web dashboard makes it a perfect target for crackers trying to extort you for money or just using your machine to mine bitcoins for them.

In this case I had a DS213j delivered to me with SynoLocker on it. A malicious piece of code that encrypts all your files and holds them hostage until you give in and pay them what they ask for. Please don’t ever give in. Just accept that your data is lost forever and you hopefully have a backup of it somewhere else, if not, now would be a good time to start thinking about one.

So on that basis, the fix is fairly trivial.

  1. Open the lid and take out all of the drives.
  2. Put one into a desktop computer or use a S-ATA to USB docking station to connect it to a working machine so you can format the drive with FAT.
  3. Put the one drive back into the NAS and boot it up.
  4. As soon as it’s booted, reset it by taking a paperclip and pressing the reset button on the back for 4 seconds until it beeps. Release. Press again for 4 seconds until it beeps again for 3 times. This will initiate a restart.
  5. Download the Synology Assistant and install it on your computer, then start it up.
  6. If your NAS isn’t already showing up, give it some time to finish the booting process and then click the search button in the Synology Assistant.
  7. Double click on the entry for your NAS which will open a browser window.
  8. Download the latest Diskstation Firmware (DSM) from the Synology Download Center and go through the questions in the browser.
  9. Upload your firmware and let the NAS re-format your disk, then give it some time for it to re-install.
  10. When all is done, format all the other drives with the same process you used for the first drive. Shutdown the NAS and put them back in. Restart and go into the Storage Manager > Volume where you can add the newly inserted drives to your volume. Once added it will take a while for them to be added and re-index, partitiend, etc., you can safely use your NAS from now on however.
  11. Now you might want to re-add your video, music and photo folders. That’s it.

On a further note, since crackers were able to get into your NAS once, I’d ask yourself whether you really need external access to it and otherwise make sure there are no ports being forwarded by your router. Also I recommend changing your router password, especially in case it’s still the factory default one. If you really do need remote access, at least change the ports which are used externally, eg. map 3001 to 5000 internally.

Lastly, I’ve used automatic DNS updating services quite a bit too, however they could have been the enabling party for the attack. Once such a provider is compromised, crackers can check their attacks against all your ports which makes the previous advice in-effective. Since routers nowadays don’t change their ip addresses that much I usually look up my home address via the GMail login history and use the naked IP. Less convenient, but more secure.

Hope this short summary helped during your reset and it’s the last time something like that happened.