Index: bootstrap/chewbranca_com.sh
==================================================================
--- bootstrap/chewbranca_com.sh
+++ bootstrap/chewbranca_com.sh
@@ -9,25 +9,50 @@
 
 # Remove undesirable side effects of CDPATH variable
 unset CDPATH
 # Change current working directory to the directory contains this script
 cd "$( dirname "${BASH_SOURCE[0]}" )"
+
+# thanks to http://redsymbol.net/articles/unofficial-bash-strict-mode/
+#set -euo pipefail
+#IFS=$'\n\t'
+
+#set -x
+
+# Trap exit of script for cleanup/debug/etc purposes
+#function finish {
+#    echo "***EXITING***"
+#}
+#trap finish EXIT
+
 
 # Initialize Bash Booster
+#set +u
 source ../vendor/bashbooster-0.6/bashbooster.sh
+#set -u
+
+set -e
+#set -euo pipefail
+#IFS=$'\n\t'
 
 bb-log-info "Bootstrapping chewbranca.com"
 
 mkdir -p /opt/bin
 mkdir -p /opt/log
 mkdir -p /opt/etc
 mkdir -p /opt/service
 mkdir -p /opt/museum
+
+if ! id -u fossil > /dev/null 2>&1; then
+    adduser --disabled-password --gecos "" chewbranca
+    chown fossil:fossil /opt/museum
+fi
 
 if ! id -u chewbranca > /dev/null 2>&1; then
     adduser --disabled-password --gecos "" chewbranca
     adduser chewbranca sudo
+    adduser chewbranca fossil
     CSDIR=/home/chewbranca/.ssh
     CSAK=$CSDIR/authorized_keys
     mkdir -p $CSDIR
     if [[ -e $CSAK ]]; then
         if ! grep -q chewbranca $CSAK; then
@@ -38,15 +63,10 @@
         chown chewbranca:chewbranca $CSAK
     fi
     chmod 0600 $CSAK
 fi
 
-if ! id -u fossil > /dev/null 2>&1; then
-    adduser fossil --system
-    chown fossil:fossil /opt/museum
-fi
-
 CHEWBRANCA_COM_FOSSIL=/opt/museum/chewbranca_com.fossil
 if [[ ! -e "$CHEWBRANCA_COM_FOSSIL" ]]; then
     cp $CHEWBRANCA_SRC_REPO $CHEWBRANCA_COM_FOSSIL
     chown fossil:fossil $CHEWBRANCA_COM_FOSSIL
 
@@ -118,13 +138,19 @@
 bb-sync-file "$CBFDIR/run" "files/chewbranca_com_run" restart-chewbranca-fossil
 
 bb-event-on restart-openresty "service openresty restart"
 bb-sync-file "/etc/openresty/nginx.conf" "files/chewbranca_com_nginx.conf" restart-openresty
 
-bb-log-info "Setup SSL"
+bb-log-info "Setup SSL ($?)"
 if ! bb-apt-package? certbot; then
+    bb-log-info "Installing certbot"
     bb-apt-install certbot
     systemctl disable certbot.timer
     if [ "$CWB_ENABLE_SSL" = true ]; then
-        cerbot certonly --webroot --dry-run --webroot-path /usr/local/openresty/nginx/html -d chewbranca.com -d www.chewbranca.com -d www2.chewbranca.com
+        certbot certonly --webroot --dry-run --webroot-path /usr/local/openresty/nginx/html -d chewbranca.com -d www.chewbranca.com -d www2.chewbranca.com -d couchdb.chewbranca.com
     fi
+else
+    echo "SKIPPING SSL SETUP ($?)"
 fi
+bb-log-info "Exiting..."
+
+exit 0

Index: bootstrap/files/chewbranca_com_nginx.conf
==================================================================
--- bootstrap/files/chewbranca_com_nginx.conf
+++ bootstrap/files/chewbranca_com_nginx.conf
@@ -60,11 +60,12 @@
         #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
         ssl_stapling on;
         ssl_stapling_verify on;
 
-        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_protocols TLSv1.2;
         #ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256”;
         ssl_session_cache shared:le_nginx_SSL:1m;
         ssl_prefer_server_ciphers on;
         #ssl_session_timeout 1440m;
 
@@ -73,11 +74,11 @@
         #rewrite ^(/.well-known/acme-challenge/.*) $1 break;
 
         # Force everything else to HTTPS with a permanent redirect.
         #return 301 https://$host$request_uri;
 
-        server_name  localhost chewbranca.com www.chewbranca.com www2.chewbranca.com dev.chewbranca.com;
+        server_name chewbranca.com localhost www.chewbranca.com www2.chewbranca.com dev.chewbranca.com couchdb.chewbranca.com;
 
 #charset koi8-r;
 
 #access_log  logs/host.access.log  main;
         access_log /opt/log/nginx/chewbranca.com-http-access.log;
@@ -157,14 +158,19 @@
             break;
         }
 
 # Redirect everything else to the Fossil instance
         #location /code {
-        location /{
+        location / {
+            root html;
+            try_files $uri @chewbranca_fossil;
+        }
+
+        location @chewbranca_fossil {
             include scgi_params;
             #scgi_param SCRIPT_NAME "/code";
             scgi_param SCRIPT_NAME "";
             scgi_pass 127.0.0.1:7890;
         }
     }
 }
 

Index: vendor/bashbooster-0.6/bashbooster.sh
==================================================================
--- vendor/bashbooster-0.6/bashbooster.sh
+++ vendor/bashbooster-0.6/bashbooster.sh
@@ -411,10 +411,11 @@
     [[ -n "$@" ]] || return 0
 
     local EVENT="$1"
     shift
 
+    echo "FIRING EVENT: $EVENT"
     BB_EVENT_DEPTH["$EVENT"]=$(( ${BB_EVENT_DEPTH["$EVENT"]} + 1 ))
     if (( ${BB_EVENT_DEPTH["$EVENT"]} >= $BB_EVENT_MAX_DEPTH ))
     then
         bb-exit \
             $BB_ERROR_EVENT_MAX_DEPTH_REACHED \
@@ -1456,20 +1457,22 @@
 bb-download-init
 bb-flag-init
 
 
 bb-cleanup-update-exit-code() {
+    echo "In bb-cleanup-update-exit-code"
     if bb-error? && (( $BB_EXIT_CODE == 0 ))
     then
         BB_EXIT_CODE=$BB_ERROR
     fi
 }
 
 bb-cleanup() {
+    echo "[bb-cleanup]..."
     bb-cleanup-update-exit-code
 
-    bb-event-fire bb-cleanup        ; bb-cleanup-update-exit-code
+    #bb-event-fire bb-cleanup        ; bb-cleanup-update-exit-code
 
     bb-flag-cleanup                 ; bb-cleanup-update-exit-code
     bb-event-cleanup                ; bb-cleanup-update-exit-code
     bb-tmp-cleanup                  ; bb-cleanup-update-exit-code
     bb-workspace-cleanup            ; bb-cleanup-update-exit-code