capistrano-unicorn-nginx 3.4.0 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -1
- data/README.md +8 -0
- data/lib/capistrano/tasks/nginx.rake +2 -0
- data/lib/capistrano/unicorn_nginx/version.rb +1 -1
- data/lib/generators/capistrano/unicorn_nginx/templates/_default_server_directive.erb +20 -3
- data/lib/generators/capistrano/unicorn_nginx/templates/nginx_conf.erb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a37970a3480eb781d0d40b6792d9627e50b24714
|
|
4
|
+
data.tar.gz: 0f5787d26ca17a85ac5c79b46b89d6520e8982a5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4652fe755d073511d294dadf8afd41c6064cbe96a1d5beb338a122c7dee89f61654e442b48cbb5663c20d7a6253369177096659b8dc83e42c7ce0685796577fc
|
|
7
|
+
data.tar.gz: 6400973df6b4490ad2968455106bf71a3cce73c9b28c68df5966c03f574f1ea87bb196410d0d3a1f16846354ec3196800abd296439bb6b66687228b2805619b9
|
data/CHANGELOG.md
CHANGED
|
@@ -2,12 +2,15 @@
|
|
|
2
2
|
|
|
3
3
|
### master
|
|
4
4
|
|
|
5
|
+
### v4.0.0, 2016-03-29
|
|
6
|
+
- Improves SSL security and performance. Breaking changes with 3.4.0. Please
|
|
7
|
+
read README.md
|
|
8
|
+
|
|
5
9
|
### v3.4.0, 2015-09-17
|
|
6
10
|
- Allow customizing paths for SSL certificate and key
|
|
7
11
|
- Use sudo to restart services
|
|
8
12
|
- Remove whitespace in template ERB files
|
|
9
13
|
|
|
10
|
-
|
|
11
14
|
### v3.3.3, 2015-05-05
|
|
12
15
|
- add `unicorn_env` option for passing environmental variables to unicorn (@rhomeister)
|
|
13
16
|
|
data/README.md
CHANGED
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
# Capistrano::UnicornNginx
|
|
2
2
|
|
|
3
|
+
> IMPORTANT NOTE. When upgrading to 4.0.0, please ensure you have
|
|
4
|
+
> generated a new 2048 bits Diffie-Hellman group. Run the following command
|
|
5
|
+
> on your server before installing this gem:
|
|
6
|
+
>
|
|
7
|
+
> `openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048`
|
|
8
|
+
>
|
|
9
|
+
> See <https://weakdh.org/sysadmin.html> for more details.
|
|
10
|
+
|
|
3
11
|
Capistrano tasks for automatic and sensible unicorn + nginx configuraion.
|
|
4
12
|
|
|
5
13
|
Goals of this plugin:
|
|
@@ -24,6 +24,7 @@ namespace :load do
|
|
|
24
24
|
set :nginx_ssl_cert_local_path, -> { ask(:nginx_ssl_cert_local_path, 'Local path to ssl certificate: ') }
|
|
25
25
|
set :nginx_ssl_cert_key_local_path, -> { ask(:nginx_ssl_cert_key_local_path, 'Local path to ssl certificate key: ') }
|
|
26
26
|
set :nginx_fail_timeout, 0 # see http://nginx.org/en/docs/http/ngx_http_upstream_module.html#fail_timeout
|
|
27
|
+
set :nginx_read_timeout, nil
|
|
27
28
|
|
|
28
29
|
set :linked_dirs, fetch(:linked_dirs, []).push('log')
|
|
29
30
|
end
|
|
@@ -34,6 +35,7 @@ namespace :nginx do
|
|
|
34
35
|
task :defaults do
|
|
35
36
|
on roles :web do
|
|
36
37
|
set :nginx_server_name, fetch(:nginx_server_name, host.to_s)
|
|
38
|
+
set :nginx_server_port, fetch(:nginx_server_port, 80)
|
|
37
39
|
end
|
|
38
40
|
end
|
|
39
41
|
|
|
@@ -9,16 +9,30 @@ server {
|
|
|
9
9
|
<% if fetch(:nginx_use_ssl) -%>
|
|
10
10
|
<% if fetch(:nginx_use_spdy) -%>
|
|
11
11
|
listen <%= ssl_port %> spdy;
|
|
12
|
-
<% else
|
|
12
|
+
<% else -%>
|
|
13
13
|
listen <%= ssl_port %>;
|
|
14
|
-
<% end
|
|
14
|
+
<% end -%>
|
|
15
15
|
ssl on;
|
|
16
16
|
ssl_certificate <%= nginx_ssl_cert_file %>;
|
|
17
17
|
ssl_certificate_key <%= nginx_ssl_cert_key_file %>;
|
|
18
|
+
|
|
19
|
+
ssl_session_cache shared:SSL:10m;
|
|
20
|
+
ssl_session_timeout 10m;
|
|
21
|
+
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
22
|
+
ssl_prefer_server_ciphers on;
|
|
23
|
+
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
|
24
|
+
|
|
25
|
+
ssl_stapling on;
|
|
26
|
+
ssl_stapling_verify on;
|
|
27
|
+
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
|
18
28
|
<% else -%>
|
|
19
|
-
listen
|
|
29
|
+
listen <%= fetch(:nginx_server_port) %>;
|
|
20
30
|
<% end -%>
|
|
21
31
|
|
|
32
|
+
server_tokens off;
|
|
33
|
+
|
|
34
|
+
add_header X-Content-Type-Options nosniff;
|
|
35
|
+
|
|
22
36
|
<% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert -%>
|
|
23
37
|
ssl_verify_client optional_no_ca;
|
|
24
38
|
<% end -%>
|
|
@@ -37,6 +51,9 @@ server {
|
|
|
37
51
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
38
52
|
proxy_set_header Host $http_host;
|
|
39
53
|
proxy_redirect off;
|
|
54
|
+
<% if fetch(:nginx_read_timeout) -%>
|
|
55
|
+
proxy_read_timeout <%= fetch(:nginx_read_timeout) %>;
|
|
56
|
+
<% end -%>
|
|
40
57
|
<% if fetch(:nginx_use_ssl) -%>
|
|
41
58
|
proxy_set_header X-Forwarded-Proto https;
|
|
42
59
|
<% end -%>
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: capistrano-unicorn-nginx
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 4.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ruben Stranders
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2016-03-29 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: capistrano
|
|
@@ -107,7 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
107
107
|
version: '0'
|
|
108
108
|
requirements: []
|
|
109
109
|
rubyforge_project:
|
|
110
|
-
rubygems_version: 2.
|
|
110
|
+
rubygems_version: 2.2.2
|
|
111
111
|
signing_key:
|
|
112
112
|
specification_version: 4
|
|
113
113
|
summary: Capistrano tasks for automatic and sensible unicorn + nginx configuraion.
|