capistrano-pumaio 0.0.7 → 0.0.8

data/README.md

@@ -1,6 +1,6 @@
 # Capistrano Recipes for Puma
 
-This gem provides recipes for [Puma](http://puma.io) to setup runit and monit
+This gem provides recipes for [Puma](http://puma.io) to setup [runit](smarden.org/runit/), [monit](http://mmonit.com/monit) and [nginx](http://nginx.org) for both running and monitoring puma and a nginx site connected to a puma socket
 
 ## Usage
 
@@ -60,7 +60,7 @@ cap puma:runit:stop             # Stop Puma runit-service
 To use runit to start/stop/restart services instead of monit, use the example below.
 
 ```ruby
-# stop before deployment 
+# stop before deployment
 # (must be done after monit has stopped monitoring the task. If not, the service will be restarted by monit)
 before "monit:unmonitor", "puma:runit:stop"
 # start before enabling monitor
@@ -69,7 +69,44 @@ before  "monit:monitor",   "puma:runit:start"
 before  "monit:monitor",   "puma:runit:restart"
 ```
 
-## Configuration
+### nginx
+
+#### Specific to puma and nginx for the application:
+
+```ruby
+cap puma:nginx:disable          # Disable nginx site for the application
+cap puma:nginx:enable           # Enable nginx site for the application
+cap puma:nginx:purge            # Purge nginx site config for the application
+cap puma:nginx:setup            # Parses and uploads nginx configuration for this app.
+```
+
+#### Global nginx commands
+
+```ruby
+cap nginx:restart               # Restart nginx
+cap nginx:start                 # Start nginx
+cap nginx:status                # Show nginx status
+cap nginx:stop                  # Stop nginx
+```
+
+#### Configuration for nginx
+
+See nginx.rb for configuration options.
+
+#### Notes when using nginx
+
+
+puma:nginx:setup is setup to run automatically after deploy:setup, and you will be asked if you want to enable the site.
+
+If you do not enable the site during setup, be sure to run the following two commands when you want to enable your site:
+
+```ruby
+cap puma:nginx:enable
+cap nginx:restart
+```
+
+
+## Configuration of Monit/Runit
 
 See puma/config.rb for default options, and ovveride any in your deploy.rb file.
 

data/VERSION

@@ -1 +1 @@
-0.0.7
+0.0.8

data/capistrano-pumaio.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "capistrano-pumaio"
-  s.version = "0.0.7"
+  s.version = "0.0.8"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Leif Ringstad"]
-  s.date = "2013-07-29"
+  s.date = "2013-07-31"
   s.description = "Capistrano recipes for puma using runit and monit."
   s.email = "leifcr@gmail.com"
   s.extra_rdoc_files = [
@@ -27,8 +27,11 @@ Gem::Specification.new do |s|
     "lib/capistrano/puma.rb",
     "lib/capistrano/puma/config.rb",
     "lib/capistrano/puma/monit.rb",
+    "lib/capistrano/puma/nginx.rb",
     "lib/capistrano/puma/runit.rb",
     "templates/monit/puma.conf.erb",
+    "templates/nginx/application.conf.erb",
+    "templates/nginx/htpasswd.erb",
     "templates/runit/config.rb.erb",
     "templates/runit/control-q.erb",
     "templates/runit/finish.erb",

data/lib/capistrano/puma/nginx.rb

@@ -0,0 +1,125 @@
+Capistrano::Configuration.instance.load do
+
+  # Where your nginx lives. Usually /opt/nginx or /usr/local/nginx for source compiled.
+  _cset :nginx_sites_enabled_path, "/etc/nginx/sites-enabled"
+
+  # simple authorization in nginx recipe
+  # Remember NOT to share your deployment file in case you have sensitive passwords stored in it...
+  # This is added to make it easier to deploy staging sites with a simple htpasswd.
+
+  _cset :nginx_use_simple_auth, false
+  _cset :nginx_simple_auth_message, "Restricted site"
+  _cset :nginx_simple_auth_user, "user"
+  _cset :nginx_simple_auth_password, "password"
+  _cset :nginx_simple_auth_salt, (0...8).map{ ('a'..'z').to_a[rand(26)] }.join
+
+  # Server names. Defaults to application name.
+  _cset :server_names, "#{application}_#{Capistrano::BaseHelper.environment}" unless exists?(:server_names)
+
+  # Path to the nginx erb template to be parsed before uploading to remote
+  _cset :nginx_local_config, File.join(File.expand_path(File.join(File.dirname(__FILE__),"../../../templates", "nginx", )), "application.conf.erb")
+
+  # Path to where your remote config will reside (I use a directory sites inside conf)
+  _cset :nginx_remote_config, defer {File.join("#{fetch(:shared_path)}", "config", "nginx_#{fetch(:application)}_#{Capistrano::BaseHelper.environment}.conf")}
+
+  # Path to local htpasswd template file
+  _cset :nginx_local_htpasswd, defer {File.join(File.expand_path(File.join(File.dirname(__FILE__),"../../../templates", "nginx", )), "htpasswd.erb")}
+
+  # Path to remote htpasswd file
+  _cset :nginx_remote_htpasswd, defer {File.join("#{fetch(:shared_path)}", "config", ".htpasswd")}
+
+  _cset :nginx_sites_enabled_symlink, defer {File.join(nginx_sites_enabled_path, "#{fetch(:application)}_#{Capistrano::BaseHelper.environment}")}
+
+  _cset :nginx_uses_http, true
+  _cset :nginx_uses_ssl, false
+  _cset :nginx_port, 80
+
+  _cset :nginx_log_path, File.join("/var", "log", "nginx", "#{fetch(:application)}")
+
+  _cset :nginx_client_max_body_size, "10M"
+
+  _cset :nginx_ssl_port, 443
+  _cset :nginx_ssl_use_simple_auth, false
+  _cset :nginx_ssl_client_max_body_size, "10M"
+  _cset :nginx_ssl_public_crt, File.join("/etc", "certs", "server.crt")
+  _cset :nginx_ssl_private_key, File.join("/etc", "certs", "server.key")
+
+  # Nginx tasks are not *nix agnostic, they assume you're using Debian/Ubuntu.
+  # Override them as needed.
+  namespace :puma do
+    namespace :nginx do
+      desc "Parses and uploads nginx configuration for this app."
+      task :setup, :roles => :app , :except => { :no_release => true } do
+
+        Capistrano::BaseHelper.generate_and_upload_config(fetch(:nginx_local_config), fetch(:nginx_remote_config))
+
+        # if auth is enabled, upload htpasswd file
+        # Since passwords are stored in plaintext in the deployment file, you should use simple auth with care.
+        # It is generally better to implement a full authorization stack like oauth, use devise on rails, or other login/auth system
+        if fetch(:nginx_use_simple_auth) or fetch(:nginx_ssl_use_simple_auth)
+          if Capistrano::CLI.ui.agree("Create .htpasswd configuration file? [Yn]")
+            Capistrano::BaseHelper.generate_and_upload_config(fetch(:nginx_local_htpasswd), fetch(:nginx_remote_htpasswd))
+          else
+            set :nginx_use_simple_auth, false
+            set :nginx_ssl_use_simple_auth, false
+          end
+        end
+
+        # create log path, must sudo since path can have root-only permissions
+        run "#{sudo} mkdir -p /var/log/nginx/#{fetch(:application)} && #{sudo} chown root:www-data /var/log/nginx/#{fetch(:application)}"
+      end
+
+      desc "Enable nginx site for the application"
+      task :enable, :roles => :app , :except => { :no_release => true } do
+        # symlink to nginx site configuration file
+        run("[ -h #{fetch(:nginx_sites_enabled_symlink)} ] || #{sudo} ln -sf #{fetch(:nginx_remote_config)} #{fetch(:nginx_sites_enabled_symlink)}")
+      end
+
+      desc "Disable nginx site for the application"
+      task :disable, :roles => :app , :except => { :no_release => true } do
+        run("[ ! -h #{fetch(:nginx_sites_enabled_symlink)} ] || #{sudo} rm -f #{fetch(:nginx_sites_enabled_symlink)}")
+      end
+
+      desc "Purge nginx site config for the application"
+      task :purge, :roles => :app , :except => { :no_release => true } do
+        run("[ ! -h #{fetch(:nginx_sites_enabled_symlink)} ] || #{sudo} rm -f #{fetch(:nginx_sites_enabled_symlink)}")
+        # must restart nginx to make sure site is disabled when config is purge
+        run "#{sudo} service nginx restart"
+        run "rm -f #{fetch(:nginx_remote_htpasswd)} && rm -f #{fetch(:nginx_remote_config)}"
+      end
+
+    end
+  end
+
+  namespace :nginx do
+    desc "Restart nginx"
+    task :restart, :roles => :app , :except => { :no_release => true } do
+      run "#{sudo} service nginx restart"
+    end
+
+    desc "Stop nginx"
+    task :stop, :roles => :app , :except => { :no_release => true } do
+      run "#{sudo} service nginx stop"
+    end
+
+    desc "Start nginx"
+    task :start, :roles => :app , :except => { :no_release => true } do
+      run "#{sudo} service nginx start"
+    end
+
+    desc "Show nginx status"
+    task :status, :roles => :app , :except => { :no_release => true } do
+      run "#{sudo} service nginx status"
+    end
+
+  end
+
+  after 'deploy:setup' do
+    puma.nginx.setup if Capistrano::CLI.ui.agree("Create nginx configuration file? [Yn]")
+    if Capistrano::CLI.ui.agree("Enable site in nginx? [Yn]")
+      puma.nginx.enable
+      nginx.restart # must restart after enable for nginx to pickup new site
+    end
+  end
+
+end

data/templates/nginx/application.conf.erb

@@ -0,0 +1,220 @@
+# Nginx configuration
+# <% c = Capistrano::BaseHelper::get_capistrano_instance %>
+# <%= "#{c.fetch(:application)} running as #{c.fetch(:user)} in environment #{Capistrano::BaseHelper.environment}" %>
+# <% 
+  upstream_name     = "#{c.fetch(:application)}_#{Capistrano::BaseHelper.environment}_app_server"
+  upstream_name_ssl = "#{c.fetch(:application)}_#{Capistrano::BaseHelper.environment}_app_server_ssl"
+  %>
+#
+
+upstream <%= upstream_name %> {
+  server unix:<%= File.join("#{c.fetch(:shared_path)}","sockets", "puma.sock") %> fail_timeout=0;
+}
+
+<% if c.fetch(:nginx_uses_http) %>
+#
+# HTTP server configuration
+#
+server {
+  listen <%= c.fetch(:nginx_port) %>;
+  client_max_body_size <%= c.fetch(:nginx_client_max_body_size) %>;
+  server_name <%= c.fetch(:server_names) %>;
+
+  # ~2 seconds is often enough for most folks to parse HTML/CSS and
+  # retrieve needed images/icons/frames, connections are cheap in
+  # nginx so increasing this is generally safe...
+  # 8 seconds might be needed for some mobile devs
+  keepalive_timeout 8; 
+
+  # path for static files
+  root <%= c.fetch(:deploy_to) %>/current/public;
+  access_log <%= c.fetch(:nginx_log_path) %>/<%= Capistrano::BaseHelper.environment %>.access.log;
+  error_log  <%= c.fetch(:nginx_log_path) %>/<%= Capistrano::BaseHelper.environment %>.error.log info;
+
+  # this rewrites all the requests to the maintenance.html
+  # page if it exists in the doc root. This is for capistrano's
+  # disable web task
+  if (-f $document_root/system/maintenance.html) {
+    rewrite  ^(.*)$  /system/maintenance.html last;
+    break;
+  }
+
+  location / {
+  <% if c.fetch(:nginx_use_simple_auth) %>
+    auth_basic "<%= c.fetch(:nginx_simple_auth_message) %>";
+    auth_basic_user_file <%= c.fetch(:nginx_remote_htpasswd) %>;
+  <% end %>
+
+    # needed to forward user's IP address to rails
+    proxy_set_header  X-Real-IP  $remote_addr;
+
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+
+    # if the request is for a static resource, nginx should serve it directly
+    # and add a far future expires header to it, making the browser
+    # cache the resource and navigate faster over the website.
+    location ~ ^/(assets)/.+-([0-9a-zA-Z])+\. {
+      gzip_static on;
+      expires max;
+      add_header Cache-Control public;
+    }        
+
+    # Serve images outside the asset path
+    # Now this supposedly should work as it gets the filenames with querystrings that Rails provides.
+    # BUT there's a chance it could break the ajax calls.
+    location ~* \.(ico|css|gif|jpe?g|png)(\?[0-9]+)?$ {
+       expires max;
+    }
+
+    # Serve javascript outside the asset path
+    location ~ ^/javascripts/.*\.js(\?[0-9]+)?$ {
+       expires max;
+    }
+
+    # If the file exists as a static file serve it directly without
+    # running all the other rewrite tests on it
+    if (-f $request_filename) {
+      break;
+    }
+
+    # check for index.html for directory index
+    # if its there on the filesystem then rewite
+    # the url to add /index.html to the end of it
+    # and then break to send it to the next config rules.
+    if (-f $request_filename/index.html) {
+      rewrite (.*) $1/index.html break;
+    }
+
+    # this is the meat of the rails page caching config
+    # it adds .html to the end of the url and then checks
+    # the filesystem for that file. If it exists, then we
+    # rewite the url to have explicit .html on the end
+    # and then send it on its way to the next config rule.
+    # if there is no file on the fs then it sets all the
+    # necessary headers and proxies to our upstream mongrels
+    if (-f $request_filename.html) {
+      rewrite (.*) $1.html break;
+    }
+
+    if (!-f $request_filename) {
+      proxy_pass http://<%= upstream_name %>;
+      break;
+    }
+  }
+
+  # Rails error pages
+  error_page 500 502 503 504 /500.html;
+  location = /500.html {
+    root   <%= c.fetch(:deploy_to) %>/current/public;
+  }
+}
+<% end %>
+
+<% if c.fetch(:nginx_uses_ssl) %>
+#
+# HTTPs server configuration
+#
+upstream <%= upstream_name_ssl %> {
+  server unix:<%= File.join("#{c.fetch(:shared_path)}","sockets", "puma.sock") %> fail_timeout=0;
+}
+
+# This server is setup for ssl. Uncomment if
+# you are using ssl as well as port 80.
+server {
+  listen <%= c.fetch(:nginx_ssl_port) %>;
+  client_max_body_size 500M;
+  server_name <%= c.fetch(:server_names) %>;
+  ssl                     on;
+  ssl_certificate         <%= c.fetch(:nginx_ssl_public_crt) %>;
+  ssl_certificate_key     <%= c.fetch(:nginx_ssl_private_key) %>;
+  ssl_session_timeout     5m;
+  client_max_body_size <%= c.fetch(:nginx_ssl_client_max_body_size) %>;
+
+  root <%= c.fetch(:deploy_to) %>/current/public;
+  access_log <%= c.fetch(:nginx_log_path) %>/<%= Capistrano::BaseHelper.environment %>_ssl.access.log;
+  error_log  <%= c.fetch(:nginx_log_path) %>/<%= Capistrano::BaseHelper.environment %>_ssl.error.log info;
+
+  # this rewrites all the requests to the maintenance.html
+  # page if it exists in the doc root. This is for capistrano's
+  # disable web task
+  if (-f $document_root/system/maintenance.html) {
+      rewrite  ^(.*)$  /system/maintenance.html last;
+      break;
+  }
+
+  location / {
+  <% if c.fetch(:nginx_ssl_use_simple_auth) %>
+    auth_basic "<%= c.fetch(:nginx_simple_auth_message) %>";
+    auth_basic_user_file <%= c.fetch(:nginx_remote_htpasswd) %>;
+  <% end %>
+
+    # needed to forward user's IP address to rails
+    proxy_set_header  X-Real-IP  $remote_addr;
+
+    # needed for HTTPS
+    proxy_set_header X_FORWARDED_PROTO https;
+
+    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+    proxy_redirect off;
+    proxy_max_temp_file_size 0;
+
+    # if the request is for a static resource, nginx should serve it directly
+    # and add a far future expires header to it, making the browser
+    # cache the resource and navigate faster over the website.
+    location ~ ^/(assets)/.+-([0-9a-zA-Z])+\. {
+      gzip_static on;
+      expires max;
+      add_header Cache-Control public;
+    }        
+
+    # Serve images outside the asset path
+    # Now this supposedly should work as it gets the filenames with querystrings that Rails provides.
+    # BUT there's a chance it could break the ajax calls.
+    location ~* \.(ico|css|gif|jpe?g|png)(\?[0-9]+)?$ {
+       expires max;
+    }
+
+    # Serve javascript outside the asset path
+    location ~ ^/javascripts/.*\.js(\?[0-9]+)?$ {
+       expires max;
+    }
+
+    # If the file exists as a static file serve it directly without
+    # running all the other rewite tests on it
+    if (-f $request_filename) {
+      break;
+    }
+
+    # check for index.html for directory index
+    # if its there on the filesystem then rewite
+    # the url to add /index.html to the end of it
+    # and then break to send it to the next config rules.
+    if (-f $request_filename/index.html) {
+      rewrite (.*) $1/index.html break;
+    }
+
+    # this is the meat of the rails page caching config
+    # it adds .html to the end of the url and then checks
+    # the filesystem for that file. If it exists, then we
+    # rewite the url to have explicit .html on the end
+    # and then send it on its way to the next config rule.
+    # if there is no file on the fs then it sets all the
+    # necessary headers and proxies to our upstream mongrels
+    if (-f $request_filename.html) {
+      rewrite (.*) $1.html break;
+    }
+
+    if (!-f $request_filename) {
+      proxy_pass http://<%= upstream_name_ssl %>;
+      break;
+    }
+  }
+
+  error_page   500 502 503 504  /500.html;
+  location = /500.html {
+    root   <%= c.fetch(:deploy_to) %>/current/public;
+  }
+}
+<% end %>

data/templates/nginx/htpasswd.erb

@@ -0,0 +1,7 @@
+# Capistrano deployed htpasswd file
+# <% c = Capistrano::BaseHelper::get_capistrano_instance %>
+#
+# Remember NOT to share your deployment file in case you have sensitive passwords stored in it.
+# You probably shouldn't use this in production in case your deploy.rb is visible on public sites.
+
+<%= c.fetch(:nginx_simple_auth_user) %>:<%= c.fetch(:nginx_simple_auth_password).crypt(c.fetch(:nginx_simple_auth_salt)) %>:Autogenerated user from capistrano deployment

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: capistrano-pumaio
 version: !ruby/object:Gem::Version
-  version: 0.0.7
+  version: 0.0.8
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-29 00:00:00.000000000 Z
+date: 2013-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: capistrano
@@ -93,8 +93,11 @@ files:
 - lib/capistrano/puma.rb
 - lib/capistrano/puma/config.rb
 - lib/capistrano/puma/monit.rb
+- lib/capistrano/puma/nginx.rb
 - lib/capistrano/puma/runit.rb
 - templates/monit/puma.conf.erb
+- templates/nginx/application.conf.erb
+- templates/nginx/htpasswd.erb
 - templates/runit/config.rb.erb
 - templates/runit/control-q.erb
 - templates/runit/finish.erb
@@ -115,7 +118,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 4539601094556942037
+      hash: -3189334886428706099
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: