capistrano-unicorn-nginx 3.2.0 → 3.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d338e6cf90be28136a666c1cd81bde3964041b8f
-  data.tar.gz: 49e5e4c661736f12baf904006836cc128324dc72
+  metadata.gz: c8ddad3cf564b9cfbcff371c0e13737733c5965c
+  data.tar.gz: 79441091d32be807205469f230f08bc98f9cd27b
 SHA512:
-  metadata.gz: 8b68d6673f4be841b5193aa8303e2b664d31afd8cc8d0b2e633abfad1a641428f30da785a155c84fbcfb7a5ba4d6a1e47d08dec91b34f7f711b1f4ca2fccf6b6
-  data.tar.gz: 0f8ac54bddedbefcb1fd1f5282bde5f8874e405696013e96e6f56082d91cc9df349b4906fb035ad4447492a1a924d3bb33d811a9342297fdc3c693cc17531912
+  metadata.gz: f63dc9207ae9e2fade717e5105354d718cc88added1954ea7015e73ff529aaa511d92634c4a6db2ab526e4e47301aca9bbd885a8f61e4c52962520bb803c9274
+  data.tar.gz: 50e42a13d0fdeed608e30d4d03eea961344ad05d1ec51522cbbf07352663902c57634541d6f53a91b89eff988d5e91efa4279279a31ae652fb11de038e110149

data/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ### master
 
+### v3.3.0, 2015-02-09
+- added client SSL authentication (@rhomeister)
+- make unicorn timeout configurable (@vicentllongo)
+
 ### v3.2.0, 2015-01-28
 - allow 'PATCH' HTTP method in nginx_conf (@lonre)
 - added SPDY support (@rhomeister)

data/capistrano-unicorn-nginx.gemspec

@@ -6,8 +6,8 @@ require 'capistrano/unicorn_nginx/version'
 Gem::Specification.new do |gem|
   gem.name          = "capistrano-unicorn-nginx"
   gem.version       = Capistrano::UnicornNginx::VERSION
-  gem.authors       = ["Bruno Sutic"]
-  gem.email         = ["bruno.sutic@gmail.com"]
+  gem.authors       = ["Ruben Stranders", "Bruno Sutic"]
+  gem.email         = ["r.stranders@gmail.com", "bruno.sutic@gmail.com"]
   gem.description   = <<-EOF.gsub(/^\s+/, '')
     Capistrano tasks for automatic  and sensible unicorn + nginx configuraion.
 

data/lib/capistrano/tasks/nginx.rake

@@ -13,6 +13,9 @@ namespace :load do
     # ssl options
     set :nginx_location, '/etc/nginx'
     set :nginx_use_ssl, false
+    set :nginx_use_spdy, false
+    # if true, passes the SSL client certificate to the application server for consumption in Ruby code
+    set :nginx_pass_ssl_client_cert, false
     set :nginx_ssl_cert, -> { nginx_default_ssl_cert_file_name }
     set :nginx_ssl_cert_key, -> { nginx_default_ssl_cert_key_file_name }
     set :nginx_upload_local_cert, true

data/lib/capistrano/tasks/unicorn.rake

@@ -11,6 +11,7 @@ namespace :load do
     set :unicorn_pid, -> { unicorn_default_pid_file }
     set :unicorn_config, -> { unicorn_default_config_file }
     set :unicorn_workers, 2
+    set :unicorn_worker_timeout, 30
     set :unicorn_tcp_listen_port, 8080
     set :unicorn_use_tcp, -> { roles(:app, :web).count > 1 } # use tcp if web and app nodes are on different servers
     set :unicorn_app_env, -> { fetch(:rails_env) || fetch(:stage) }

data/lib/capistrano/unicorn_nginx/helpers.rb

@@ -8,13 +8,21 @@ module Capistrano
         SSHKit::Command.new(:bundle, :exec, :unicorn, args).to_command
       end
 
-      def template(template_name)
+      # renders the ERB template specified by template_name to string. Use the locals variable to pass locals to the
+      # ERB template
+      def template_to_s(template_name, locals = {})
         config_file = "#{fetch(:templates_path)}/#{template_name}"
         # if no customized file, proceed with default
         unless File.exists?(config_file)
           config_file = File.join(File.dirname(__FILE__), "../../generators/capistrano/unicorn_nginx/templates/#{template_name}")
         end
-        StringIO.new(ERB.new(File.read(config_file)).result(binding))
+
+        ERB.new(File.read(config_file)).result(ERBNamespace.new(locals).get_binding)
+      end
+
+      # renders the ERB template specified by template_name to a StringIO buffer
+      def template(template_name, locals = {})
+        StringIO.new(template_to_s(template_name, locals))
       end
 
       def file_exists?(path)
@@ -33,6 +41,18 @@ module Capistrano
         sudo :mv, tmp_file, to_dir
       end
 
+      # Helper class to pass local variables to an ERB template
+      class ERBNamespace
+        def initialize(hash)
+          hash.each do |key, value|
+            singleton_class.send(:define_method, key) { value }
+          end
+        end
+
+        def get_binding
+          binding
+        end
+      end
     end
   end
 end

data/lib/capistrano/unicorn_nginx/version.rb

@@ -1,5 +1,5 @@
 module Capistrano
   module UnicornNginx
-    VERSION = "3.2.0"
+    VERSION = "3.3.0"
   end
 end

data/lib/generators/capistrano/unicorn_nginx/templates/_default_server_directive.erb

@@ -0,0 +1,83 @@
+<% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert %>
+# source: http://forum.nginx.org/read.php?2,236546,236596
+map $ssl_client_raw_cert $a {
+    "~^(-.*-\n)(?<1st>[^\n]+)\n((?<b>[^\n]+)\n)?((?<c>[^\n]+)\n)?((?<d>[^\n]+)\n)?((?<e>[^\n]+)\n)?((?<f>[^\n]+)\n)?((?<g>[^\n]+)\n)?((?<h>[^\n]+)\n)?((?<i>[^\n]+)\n)?((?<j>[^\n]+)\n)?((?<k>[^\n]+)\n)?((?<l>[^\n]+)\n)?((?<m>[^\n]+)\n)?((?<n>[^\n]+)\n)?((?<o>[^\n]+)\n)?((?<p>[^\n]+)\n)?((?<q>[^\n]+)\n)?((?<r>[^\n]+)\n)?((?<s>[^\n]+)\n)?((?<t>[^\n]+)\n)?((?<v>[^\n]+)\n)?((?<u>[^\n]+)\n)?((?<w>[^\n]+)\n)?((?<x>[^\n]+)\n)?((?<y>[^\n]+)\n)?((?<z>[^\n]+)\n)?(-.*-)$" $1st;
+}
+<% end %>
+
+server {
+<% if fetch(:nginx_use_ssl) %>
+    <% if fetch(:nginx_use_spdy) %>
+    listen <%= ssl_port %> spdy;
+    <% else %>
+    listen <%= ssl_port %>;
+    <% end %>
+    ssl on;
+    ssl_certificate <%= nginx_ssl_cert_file %>;
+    ssl_certificate_key <%= nginx_ssl_cert_key_file %>;
+<% else %>
+    listen 80;
+<% end %>
+
+<% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert %>
+    ssl_verify_client optional_no_ca;
+<% end %>
+
+    client_max_body_size 4G;
+    keepalive_timeout 10;
+
+    error_page 500 502 504 /500.html;
+    error_page 503 @503;
+
+    server_name <%= fetch(:nginx_server_name) %>;
+    root <%= current_path %>/public;
+    try_files $uri/index.html $uri @unicorn_<%= fetch(:nginx_config_name) %>;
+
+    location @unicorn_<%= fetch(:nginx_config_name) %> {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $http_host;
+        proxy_redirect off;
+        <% if fetch(:nginx_use_ssl) %>
+        proxy_set_header X-Forwarded-Proto https;
+        <% end %>
+        <% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert %>
+        # source: http://forum.nginx.org/read.php?2,236546,236596
+        proxy_set_header X-Client-Cert $a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$v$u$w$x$y$z;
+        <% end %>
+
+        proxy_pass http://unicorn_<%= fetch(:nginx_config_name) %>;
+        # limit_req zone=one;
+        access_log <%= nginx_access_log_file %>;
+        error_log <%= nginx_error_log_file %>;
+    }
+
+    location ^~ /assets/ {
+        gzip_static on;
+        expires max;
+        add_header Cache-Control public;
+    }
+
+    location = /50x.html {
+        root html;
+    }
+
+    location = /404.html {
+        root html;
+    }
+
+    location @503 {
+        error_page 405 = /system/maintenance.html;
+        if (-f $document_root/system/maintenance.html) {
+            rewrite ^(.*)$ /system/maintenance.html break;
+        }
+        rewrite ^(.*)$ /503.html break;
+    }
+
+    if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
+        return 405;
+    }
+
+    if (-f $document_root/system/maintenance.html) {
+        return 503;
+    }
+}

data/lib/generators/capistrano/unicorn_nginx/templates/nginx_conf.erb

@@ -16,71 +16,10 @@ server {
 }
 <% end %>
 
-server {
-<% if fetch(:nginx_use_ssl) %>
-  <% if fetch(:nginx_use_spdy) %>
-  listen 443 spdy;
-  <% else %>
-  listen 443;
-  <% end %>
-  ssl on;
-  ssl_certificate <%= nginx_ssl_cert_file %>;
-  ssl_certificate_key <%= nginx_ssl_cert_key_file %>;
-<% else %>
-  listen 80;
-<% end %>
-
-  client_max_body_size 4G;
-  keepalive_timeout 10;
-
-  error_page 500 502 504 /500.html;
-  error_page 503 @503;
-
-  server_name <%= fetch(:nginx_server_name) %>;
-  root <%= current_path %>/public;
-  try_files $uri/index.html $uri @unicorn_<%= fetch(:nginx_config_name) %>;
+<% # render the default server directive. If SSL is enabled, port 443 is used %>
+<%= template_to_s("_default_server_directive.erb", ssl_port: 443, nginx_pass_ssl_client_cert: false).to_s %>
 
-  location @unicorn_<%= fetch(:nginx_config_name) %> {
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_redirect off;
-<% if fetch(:nginx_use_ssl) %>
-    proxy_set_header X-Forwarded-Proto https;
+<% if fetch(:nginx_pass_ssl_client_cert) %>
+<% # render the server directive with SSL client certificate authentication enabled on port 444 %>
+<%= template_to_s("_default_server_directive.erb", ssl_port: 444, nginx_pass_ssl_client_cert: true).to_s %>
 <% end %>
-    proxy_pass http://unicorn_<%= fetch(:nginx_config_name) %>;
-    # limit_req zone=one;
-    access_log <%= nginx_access_log_file %>;
-    error_log <%= nginx_error_log_file %>;
-  }
-
-  location ^~ /assets/ {
-    gzip_static on;
-    expires max;
-    add_header Cache-Control public;
-  }
-
-  location = /50x.html {
-    root html;
-  }
-
-  location = /404.html {
-    root html;
-  }
-
-  location @503 {
-    error_page 405 = /system/maintenance.html;
-    if (-f $document_root/system/maintenance.html) {
-      rewrite ^(.*)$ /system/maintenance.html break;
-    }
-    rewrite ^(.*)$ /503.html break;
-  }
-
-  if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
-    return 405;
-  }
-
-  if (-f $document_root/system/maintenance.html) {
-    return 503;
-  }
-
-}

data/lib/generators/capistrano/unicorn_nginx/templates/unicorn.rb.erb

@@ -10,7 +10,7 @@ listen "/tmp/unicorn.<%= fetch(:nginx_config_name) %>.sock"
 <% end %>
 
 worker_processes <%= fetch(:unicorn_workers) %>
-timeout 30
+timeout <%= fetch(:unicorn_worker_timeout) %>
 
 preload_app true
 

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: capistrano-unicorn-nginx
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 3.3.0
 platform: ruby
 authors:
+- Ruben Stranders
 - Bruno Sutic
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-27 00:00:00.000000000 Z
+date: 2015-02-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: capistrano
@@ -59,6 +60,7 @@ description: |
   Works *only* with Capistrano 3+. For Capistrano 2 try version 0.0.8 of this
   gem: http://rubygems.org/gems/capistrano-nginx-unicorn
 email:
+- r.stranders@gmail.com
 - bruno.sutic@gmail.com
 executables: []
 extensions: []
@@ -81,6 +83,7 @@ files:
 - lib/capistrano/unicorn_nginx/version.rb
 - lib/generators/capistrano/unicorn_nginx/USAGE.md
 - lib/generators/capistrano/unicorn_nginx/config_generator.rb
+- lib/generators/capistrano/unicorn_nginx/templates/_default_server_directive.erb
 - lib/generators/capistrano/unicorn_nginx/templates/nginx_conf.erb
 - lib/generators/capistrano/unicorn_nginx/templates/unicorn.rb.erb
 - lib/generators/capistrano/unicorn_nginx/templates/unicorn_init.erb
@@ -103,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.0
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Capistrano tasks for automatic and sensible unicorn + nginx configuraion.