capistrano-unicorn-nginx 4.0.0 → 4.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +15 -2
- data/lib/capistrano/dsl/nginx_paths.rb +5 -1
- data/lib/capistrano/tasks/nginx.rake +14 -1
- data/lib/capistrano/tasks/unicorn.rake +12 -1
- data/lib/capistrano/unicorn_nginx/version.rb +1 -1
- data/lib/generators/capistrano/unicorn_nginx/templates/_default_server_directive.erb +4 -2
- data/lib/generators/capistrano/unicorn_nginx/templates/unicorn.rb.erb +2 -1
- data/lib/generators/capistrano/unicorn_nginx/templates/unicorn_init.erb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9fe00dbabd4665ed0ccb5d10829f8e717cc5c2d7
|
4
|
+
data.tar.gz: 34dc0d1bc6cb2b731e536389382693981f09d83b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c8dfbf17556637f0cbc88c29a7a8d52d4524b9bb87a83028216e12aaa7e0972d104cafb7cb89629527d3b49c28e13724ebae74a91c1fae8d2b752d9b2f7ed208
|
7
|
+
data.tar.gz: 776ac431b05d7db9f967f7294371a60228dbd9ea5dece3faac483a520d80b4ec5a17ee118e0a86aebb5c0eba3489ea838cac366f60259cad97fdbdbca92d4954
|
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,12 @@
|
|
2
2
|
|
3
3
|
### master
|
4
4
|
|
5
|
+
|
6
|
+
### v4.1.0, 2017-06-21
|
7
|
+
- Auto-generate dhparams.pem if missing
|
8
|
+
- Add support for http2
|
9
|
+
- Fix unicorn:restart
|
10
|
+
|
5
11
|
### v4.0.0, 2016-03-29
|
6
12
|
- Improves SSL security and performance. Breaking changes with 3.4.0. Please
|
7
13
|
read README.md
|
data/README.md
CHANGED
@@ -1,5 +1,8 @@
|
|
1
1
|
# Capistrano::UnicornNginx
|
2
2
|
|
3
|
+
> NOTE: The instructions below are no longer necessary from version 4.1.0.
|
4
|
+
> The dhparam file will be automatically generated if missing.
|
5
|
+
>
|
3
6
|
> IMPORTANT NOTE. When upgrading to 4.0.0, please ensure you have
|
4
7
|
> generated a new 2048 bits Diffie-Hellman group. Run the following command
|
5
8
|
> on your server before installing this gem:
|
@@ -7,6 +10,7 @@
|
|
7
10
|
> `openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048`
|
8
11
|
>
|
9
12
|
> See <https://weakdh.org/sysadmin.html> for more details.
|
13
|
+
>
|
10
14
|
|
11
15
|
Capistrano tasks for automatic and sensible unicorn + nginx configuraion.
|
12
16
|
|
@@ -33,8 +37,8 @@ see below for all available tasks
|
|
33
37
|
Add this to `Gemfile`:
|
34
38
|
|
35
39
|
group :development do
|
36
|
-
gem 'capistrano', '~> 3.
|
37
|
-
gem 'capistrano-unicorn-nginx', '~>
|
40
|
+
gem 'capistrano', '~> 3.6.1'
|
41
|
+
gem 'capistrano-unicorn-nginx', '~> 4.1.0'
|
38
42
|
end
|
39
43
|
|
40
44
|
And then:
|
@@ -50,6 +54,15 @@ Depending on your needs 2 general scenarios are covered:
|
|
50
54
|
(unicorn) on the same node.
|
51
55
|
- [multiple server setup](https://github.com/capistrano-plugins/capistrano-unicorn-nginx/wiki/Multiple-server-setup)<br/>
|
52
56
|
Webserver (nginx) and application server (unicorn) run on different nodes.
|
57
|
+
|
58
|
+
### Ubuntu 16.04 ###
|
59
|
+
In order for current version to work you need upstart installed instead of systemd.
|
60
|
+
|
61
|
+
`sudo apt-get install upstart-sysv package`
|
62
|
+
|
63
|
+
This commando should remove `ubuntu-standard` and `systemd-sysv`.
|
64
|
+
|
65
|
+
After that go ahead and run `sudo update-initramfs -u`.
|
53
66
|
|
54
67
|
### Default log file directories
|
55
68
|
|
@@ -6,12 +6,16 @@ module Capistrano
|
|
6
6
|
"#{fetch(:nginx_location)}/sites-available/#{fetch(:nginx_config_name)}"
|
7
7
|
end
|
8
8
|
|
9
|
+
def nginx_dh_params_file
|
10
|
+
"/etc/nginx/ssl/dhparam.pem"
|
11
|
+
end
|
12
|
+
|
9
13
|
def nginx_sites_enabled_file
|
10
14
|
"#{fetch(:nginx_location)}/sites-enabled/#{fetch(:nginx_config_name)}"
|
11
15
|
end
|
12
16
|
|
13
17
|
def nginx_service_path
|
14
|
-
|
18
|
+
"#{fetch(:nginx_service_path)}"
|
15
19
|
end
|
16
20
|
|
17
21
|
def nginx_default_pid_file
|
@@ -9,11 +9,13 @@ namespace :load do
|
|
9
9
|
set :templates_path, 'config/deploy/templates'
|
10
10
|
set :nginx_config_name, -> { "#{fetch(:application)}_#{fetch(:stage)}" }
|
11
11
|
set :nginx_pid, nginx_default_pid_file
|
12
|
+
set :nginx_service_path, '/etc/init.d/nginx'
|
12
13
|
# set :nginx_server_name # default set in the `nginx:defaults` task
|
13
14
|
# ssl options
|
14
15
|
set :nginx_location, '/etc/nginx'
|
15
16
|
set :nginx_use_ssl, false
|
16
17
|
set :nginx_use_spdy, false
|
18
|
+
set :nginx_use_http2, false
|
17
19
|
# if true, passes the SSL client certificate to the application server for consumption in Ruby code
|
18
20
|
set :nginx_pass_ssl_client_cert, false
|
19
21
|
set :nginx_ssl_cert, -> { nginx_default_ssl_cert_file_name }
|
@@ -47,6 +49,16 @@ namespace :nginx do
|
|
47
49
|
end
|
48
50
|
end
|
49
51
|
|
52
|
+
desc 'Setup nginx Diffie-Hellman parameters'
|
53
|
+
task :setup_dh_params do
|
54
|
+
next unless fetch(:nginx_use_ssl)
|
55
|
+
on roles :web do
|
56
|
+
next if file_exists?(nginx_dh_params_file) && file_exists?(nginx_dh_params_file)
|
57
|
+
sudo :mkdir, '-p', File.dirname(nginx_dh_params_file)
|
58
|
+
sudo :openssl, 'dhparam -out', nginx_dh_params_file, '2048'
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
50
62
|
desc 'Setup nginx ssl certs'
|
51
63
|
task :setup_ssl do
|
52
64
|
next unless fetch(:nginx_use_ssl)
|
@@ -69,8 +81,8 @@ namespace :nginx do
|
|
69
81
|
end
|
70
82
|
|
71
83
|
before :setup, :defaults
|
84
|
+
before :setup_dh_params, :defaults
|
72
85
|
before :setup_ssl, :defaults
|
73
|
-
|
74
86
|
end
|
75
87
|
|
76
88
|
namespace :deploy do
|
@@ -80,5 +92,6 @@ end
|
|
80
92
|
desc 'Server setup tasks'
|
81
93
|
task :setup do
|
82
94
|
invoke 'nginx:setup'
|
95
|
+
invoke 'nginx:setup_dh_params'
|
83
96
|
invoke 'nginx:setup_ssl'
|
84
97
|
end
|
@@ -59,7 +59,7 @@ namespace :unicorn do
|
|
59
59
|
end
|
60
60
|
end
|
61
61
|
|
62
|
-
%w[start stop
|
62
|
+
%w[start stop reload upgrade].each do |command|
|
63
63
|
desc "#{command} unicorn"
|
64
64
|
task command do
|
65
65
|
on roles :app do
|
@@ -68,6 +68,17 @@ namespace :unicorn do
|
|
68
68
|
end
|
69
69
|
end
|
70
70
|
|
71
|
+
desc 'restart unicorn'
|
72
|
+
task 'restart' do
|
73
|
+
on roles :app do
|
74
|
+
if test "[ -f #{fetch(:unicorn_pid)} ]"
|
75
|
+
sudo 'service', fetch(:unicorn_service), 'upgrade'
|
76
|
+
else
|
77
|
+
sudo 'service', fetch(:unicorn_service), 'start'
|
78
|
+
end
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
71
82
|
before :setup_initializer, :defaults
|
72
83
|
before :setup_logrotate, :defaults
|
73
84
|
|
@@ -7,7 +7,9 @@ map $ssl_client_raw_cert $a {
|
|
7
7
|
|
8
8
|
server {
|
9
9
|
<% if fetch(:nginx_use_ssl) -%>
|
10
|
-
<% if fetch(:
|
10
|
+
<% if fetch(:nginx_use_http2) -%>
|
11
|
+
listen <%= ssl_port %> http2;
|
12
|
+
<% elsif fetch(:nginx_use_spdy) -%>
|
11
13
|
listen <%= ssl_port %> spdy;
|
12
14
|
<% else -%>
|
13
15
|
listen <%= ssl_port %>;
|
@@ -24,7 +26,7 @@ server {
|
|
24
26
|
|
25
27
|
ssl_stapling on;
|
26
28
|
ssl_stapling_verify on;
|
27
|
-
ssl_dhparam
|
29
|
+
ssl_dhparam <%= nginx_dh_params_file %>;
|
28
30
|
<% else -%>
|
29
31
|
listen <%= fetch(:nginx_server_port) %>;
|
30
32
|
<% end -%>
|
@@ -28,7 +28,8 @@ before_fork do |server, worker|
|
|
28
28
|
old_pid = "#{server.config[:pid]}.oldbin"
|
29
29
|
if File.exists?(old_pid) && server.pid != old_pid
|
30
30
|
begin
|
31
|
-
|
31
|
+
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
|
32
|
+
Process.kill(sig, File.read(old_pid).to_i)
|
32
33
|
rescue Errno::ENOENT, Errno::ESRCH
|
33
34
|
# someone else did our job for us
|
34
35
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: capistrano-unicorn-nginx
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ruben Stranders
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2017-06-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: capistrano
|
@@ -107,8 +107,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
107
107
|
version: '0'
|
108
108
|
requirements: []
|
109
109
|
rubyforge_project:
|
110
|
-
rubygems_version: 2.
|
110
|
+
rubygems_version: 2.6.10
|
111
111
|
signing_key:
|
112
112
|
specification_version: 4
|
113
113
|
summary: Capistrano tasks for automatic and sensible unicorn + nginx configuraion.
|
114
114
|
test_files: []
|
115
|
+
has_rdoc:
|