capistrano-unicorn-nginx 3.2.0 → 3.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d338e6cf90be28136a666c1cd81bde3964041b8f
4
- data.tar.gz: 49e5e4c661736f12baf904006836cc128324dc72
3
+ metadata.gz: c8ddad3cf564b9cfbcff371c0e13737733c5965c
4
+ data.tar.gz: 79441091d32be807205469f230f08bc98f9cd27b
5
5
  SHA512:
6
- metadata.gz: 8b68d6673f4be841b5193aa8303e2b664d31afd8cc8d0b2e633abfad1a641428f30da785a155c84fbcfb7a5ba4d6a1e47d08dec91b34f7f711b1f4ca2fccf6b6
7
- data.tar.gz: 0f8ac54bddedbefcb1fd1f5282bde5f8874e405696013e96e6f56082d91cc9df349b4906fb035ad4447492a1a924d3bb33d811a9342297fdc3c693cc17531912
6
+ metadata.gz: f63dc9207ae9e2fade717e5105354d718cc88added1954ea7015e73ff529aaa511d92634c4a6db2ab526e4e47301aca9bbd885a8f61e4c52962520bb803c9274
7
+ data.tar.gz: 50e42a13d0fdeed608e30d4d03eea961344ad05d1ec51522cbbf07352663902c57634541d6f53a91b89eff988d5e91efa4279279a31ae652fb11de038e110149
@@ -2,6 +2,10 @@
2
2
 
3
3
  ### master
4
4
 
5
+ ### v3.3.0, 2015-02-09
6
+ - added client SSL authentication (@rhomeister)
7
+ - make unicorn timeout configurable (@vicentllongo)
8
+
5
9
  ### v3.2.0, 2015-01-28
6
10
  - allow 'PATCH' HTTP method in nginx_conf (@lonre)
7
11
  - added SPDY support (@rhomeister)
@@ -6,8 +6,8 @@ require 'capistrano/unicorn_nginx/version'
6
6
  Gem::Specification.new do |gem|
7
7
  gem.name = "capistrano-unicorn-nginx"
8
8
  gem.version = Capistrano::UnicornNginx::VERSION
9
- gem.authors = ["Bruno Sutic"]
10
- gem.email = ["bruno.sutic@gmail.com"]
9
+ gem.authors = ["Ruben Stranders", "Bruno Sutic"]
10
+ gem.email = ["r.stranders@gmail.com", "bruno.sutic@gmail.com"]
11
11
  gem.description = <<-EOF.gsub(/^\s+/, '')
12
12
  Capistrano tasks for automatic and sensible unicorn + nginx configuraion.
13
13
 
@@ -13,6 +13,9 @@ namespace :load do
13
13
  # ssl options
14
14
  set :nginx_location, '/etc/nginx'
15
15
  set :nginx_use_ssl, false
16
+ set :nginx_use_spdy, false
17
+ # if true, passes the SSL client certificate to the application server for consumption in Ruby code
18
+ set :nginx_pass_ssl_client_cert, false
16
19
  set :nginx_ssl_cert, -> { nginx_default_ssl_cert_file_name }
17
20
  set :nginx_ssl_cert_key, -> { nginx_default_ssl_cert_key_file_name }
18
21
  set :nginx_upload_local_cert, true
@@ -11,6 +11,7 @@ namespace :load do
11
11
  set :unicorn_pid, -> { unicorn_default_pid_file }
12
12
  set :unicorn_config, -> { unicorn_default_config_file }
13
13
  set :unicorn_workers, 2
14
+ set :unicorn_worker_timeout, 30
14
15
  set :unicorn_tcp_listen_port, 8080
15
16
  set :unicorn_use_tcp, -> { roles(:app, :web).count > 1 } # use tcp if web and app nodes are on different servers
16
17
  set :unicorn_app_env, -> { fetch(:rails_env) || fetch(:stage) }
@@ -8,13 +8,21 @@ module Capistrano
8
8
  SSHKit::Command.new(:bundle, :exec, :unicorn, args).to_command
9
9
  end
10
10
 
11
- def template(template_name)
11
+ # renders the ERB template specified by template_name to string. Use the locals variable to pass locals to the
12
+ # ERB template
13
+ def template_to_s(template_name, locals = {})
12
14
  config_file = "#{fetch(:templates_path)}/#{template_name}"
13
15
  # if no customized file, proceed with default
14
16
  unless File.exists?(config_file)
15
17
  config_file = File.join(File.dirname(__FILE__), "../../generators/capistrano/unicorn_nginx/templates/#{template_name}")
16
18
  end
17
- StringIO.new(ERB.new(File.read(config_file)).result(binding))
19
+
20
+ ERB.new(File.read(config_file)).result(ERBNamespace.new(locals).get_binding)
21
+ end
22
+
23
+ # renders the ERB template specified by template_name to a StringIO buffer
24
+ def template(template_name, locals = {})
25
+ StringIO.new(template_to_s(template_name, locals))
18
26
  end
19
27
 
20
28
  def file_exists?(path)
@@ -33,6 +41,18 @@ module Capistrano
33
41
  sudo :mv, tmp_file, to_dir
34
42
  end
35
43
 
44
+ # Helper class to pass local variables to an ERB template
45
+ class ERBNamespace
46
+ def initialize(hash)
47
+ hash.each do |key, value|
48
+ singleton_class.send(:define_method, key) { value }
49
+ end
50
+ end
51
+
52
+ def get_binding
53
+ binding
54
+ end
55
+ end
36
56
  end
37
57
  end
38
58
  end
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module UnicornNginx
3
- VERSION = "3.2.0"
3
+ VERSION = "3.3.0"
4
4
  end
5
5
  end
@@ -0,0 +1,83 @@
1
+ <% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert %>
2
+ # source: http://forum.nginx.org/read.php?2,236546,236596
3
+ map $ssl_client_raw_cert $a {
4
+ "~^(-.*-\n)(?<1st>[^\n]+)\n((?<b>[^\n]+)\n)?((?<c>[^\n]+)\n)?((?<d>[^\n]+)\n)?((?<e>[^\n]+)\n)?((?<f>[^\n]+)\n)?((?<g>[^\n]+)\n)?((?<h>[^\n]+)\n)?((?<i>[^\n]+)\n)?((?<j>[^\n]+)\n)?((?<k>[^\n]+)\n)?((?<l>[^\n]+)\n)?((?<m>[^\n]+)\n)?((?<n>[^\n]+)\n)?((?<o>[^\n]+)\n)?((?<p>[^\n]+)\n)?((?<q>[^\n]+)\n)?((?<r>[^\n]+)\n)?((?<s>[^\n]+)\n)?((?<t>[^\n]+)\n)?((?<v>[^\n]+)\n)?((?<u>[^\n]+)\n)?((?<w>[^\n]+)\n)?((?<x>[^\n]+)\n)?((?<y>[^\n]+)\n)?((?<z>[^\n]+)\n)?(-.*-)$" $1st;
5
+ }
6
+ <% end %>
7
+
8
+ server {
9
+ <% if fetch(:nginx_use_ssl) %>
10
+ <% if fetch(:nginx_use_spdy) %>
11
+ listen <%= ssl_port %> spdy;
12
+ <% else %>
13
+ listen <%= ssl_port %>;
14
+ <% end %>
15
+ ssl on;
16
+ ssl_certificate <%= nginx_ssl_cert_file %>;
17
+ ssl_certificate_key <%= nginx_ssl_cert_key_file %>;
18
+ <% else %>
19
+ listen 80;
20
+ <% end %>
21
+
22
+ <% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert %>
23
+ ssl_verify_client optional_no_ca;
24
+ <% end %>
25
+
26
+ client_max_body_size 4G;
27
+ keepalive_timeout 10;
28
+
29
+ error_page 500 502 504 /500.html;
30
+ error_page 503 @503;
31
+
32
+ server_name <%= fetch(:nginx_server_name) %>;
33
+ root <%= current_path %>/public;
34
+ try_files $uri/index.html $uri @unicorn_<%= fetch(:nginx_config_name) %>;
35
+
36
+ location @unicorn_<%= fetch(:nginx_config_name) %> {
37
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
38
+ proxy_set_header Host $http_host;
39
+ proxy_redirect off;
40
+ <% if fetch(:nginx_use_ssl) %>
41
+ proxy_set_header X-Forwarded-Proto https;
42
+ <% end %>
43
+ <% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert %>
44
+ # source: http://forum.nginx.org/read.php?2,236546,236596
45
+ proxy_set_header X-Client-Cert $a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$v$u$w$x$y$z;
46
+ <% end %>
47
+
48
+ proxy_pass http://unicorn_<%= fetch(:nginx_config_name) %>;
49
+ # limit_req zone=one;
50
+ access_log <%= nginx_access_log_file %>;
51
+ error_log <%= nginx_error_log_file %>;
52
+ }
53
+
54
+ location ^~ /assets/ {
55
+ gzip_static on;
56
+ expires max;
57
+ add_header Cache-Control public;
58
+ }
59
+
60
+ location = /50x.html {
61
+ root html;
62
+ }
63
+
64
+ location = /404.html {
65
+ root html;
66
+ }
67
+
68
+ location @503 {
69
+ error_page 405 = /system/maintenance.html;
70
+ if (-f $document_root/system/maintenance.html) {
71
+ rewrite ^(.*)$ /system/maintenance.html break;
72
+ }
73
+ rewrite ^(.*)$ /503.html break;
74
+ }
75
+
76
+ if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
77
+ return 405;
78
+ }
79
+
80
+ if (-f $document_root/system/maintenance.html) {
81
+ return 503;
82
+ }
83
+ }
@@ -16,71 +16,10 @@ server {
16
16
  }
17
17
  <% end %>
18
18
 
19
- server {
20
- <% if fetch(:nginx_use_ssl) %>
21
- <% if fetch(:nginx_use_spdy) %>
22
- listen 443 spdy;
23
- <% else %>
24
- listen 443;
25
- <% end %>
26
- ssl on;
27
- ssl_certificate <%= nginx_ssl_cert_file %>;
28
- ssl_certificate_key <%= nginx_ssl_cert_key_file %>;
29
- <% else %>
30
- listen 80;
31
- <% end %>
32
-
33
- client_max_body_size 4G;
34
- keepalive_timeout 10;
35
-
36
- error_page 500 502 504 /500.html;
37
- error_page 503 @503;
38
-
39
- server_name <%= fetch(:nginx_server_name) %>;
40
- root <%= current_path %>/public;
41
- try_files $uri/index.html $uri @unicorn_<%= fetch(:nginx_config_name) %>;
19
+ <% # render the default server directive. If SSL is enabled, port 443 is used %>
20
+ <%= template_to_s("_default_server_directive.erb", ssl_port: 443, nginx_pass_ssl_client_cert: false).to_s %>
42
21
 
43
- location @unicorn_<%= fetch(:nginx_config_name) %> {
44
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
45
- proxy_set_header Host $http_host;
46
- proxy_redirect off;
47
- <% if fetch(:nginx_use_ssl) %>
48
- proxy_set_header X-Forwarded-Proto https;
22
+ <% if fetch(:nginx_pass_ssl_client_cert) %>
23
+ <% # render the server directive with SSL client certificate authentication enabled on port 444 %>
24
+ <%= template_to_s("_default_server_directive.erb", ssl_port: 444, nginx_pass_ssl_client_cert: true).to_s %>
49
25
  <% end %>
50
- proxy_pass http://unicorn_<%= fetch(:nginx_config_name) %>;
51
- # limit_req zone=one;
52
- access_log <%= nginx_access_log_file %>;
53
- error_log <%= nginx_error_log_file %>;
54
- }
55
-
56
- location ^~ /assets/ {
57
- gzip_static on;
58
- expires max;
59
- add_header Cache-Control public;
60
- }
61
-
62
- location = /50x.html {
63
- root html;
64
- }
65
-
66
- location = /404.html {
67
- root html;
68
- }
69
-
70
- location @503 {
71
- error_page 405 = /system/maintenance.html;
72
- if (-f $document_root/system/maintenance.html) {
73
- rewrite ^(.*)$ /system/maintenance.html break;
74
- }
75
- rewrite ^(.*)$ /503.html break;
76
- }
77
-
78
- if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
79
- return 405;
80
- }
81
-
82
- if (-f $document_root/system/maintenance.html) {
83
- return 503;
84
- }
85
-
86
- }
@@ -10,7 +10,7 @@ listen "/tmp/unicorn.<%= fetch(:nginx_config_name) %>.sock"
10
10
  <% end %>
11
11
 
12
12
  worker_processes <%= fetch(:unicorn_workers) %>
13
- timeout 30
13
+ timeout <%= fetch(:unicorn_worker_timeout) %>
14
14
 
15
15
  preload_app true
16
16
 
metadata CHANGED
@@ -1,14 +1,15 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-unicorn-nginx
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.0
4
+ version: 3.3.0
5
5
  platform: ruby
6
6
  authors:
7
+ - Ruben Stranders
7
8
  - Bruno Sutic
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2015-01-27 00:00:00.000000000 Z
12
+ date: 2015-02-09 00:00:00.000000000 Z
12
13
  dependencies:
13
14
  - !ruby/object:Gem::Dependency
14
15
  name: capistrano
@@ -59,6 +60,7 @@ description: |
59
60
  Works *only* with Capistrano 3+. For Capistrano 2 try version 0.0.8 of this
60
61
  gem: http://rubygems.org/gems/capistrano-nginx-unicorn
61
62
  email:
63
+ - r.stranders@gmail.com
62
64
  - bruno.sutic@gmail.com
63
65
  executables: []
64
66
  extensions: []
@@ -81,6 +83,7 @@ files:
81
83
  - lib/capistrano/unicorn_nginx/version.rb
82
84
  - lib/generators/capistrano/unicorn_nginx/USAGE.md
83
85
  - lib/generators/capistrano/unicorn_nginx/config_generator.rb
86
+ - lib/generators/capistrano/unicorn_nginx/templates/_default_server_directive.erb
84
87
  - lib/generators/capistrano/unicorn_nginx/templates/nginx_conf.erb
85
88
  - lib/generators/capistrano/unicorn_nginx/templates/unicorn.rb.erb
86
89
  - lib/generators/capistrano/unicorn_nginx/templates/unicorn_init.erb
@@ -103,7 +106,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
103
106
  version: '0'
104
107
  requirements: []
105
108
  rubyforge_project:
106
- rubygems_version: 2.2.0
109
+ rubygems_version: 2.2.2
107
110
  signing_key:
108
111
  specification_version: 4
109
112
  summary: Capistrano tasks for automatic and sensible unicorn + nginx configuraion.