capistrano-unicorn-nginx 4.1.0 → 4.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/capistrano/dsl/nginx_paths.rb +8 -6
- data/lib/capistrano/unicorn_nginx/version.rb +1 -1
- data/lib/generators/capistrano/unicorn_nginx/templates/_default_server_directive.erb +10 -1
- data/lib/generators/capistrano/unicorn_nginx/templates/nginx_conf.erb +2 -2
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8f0337593e08e19cab15ce29f6ccb7455e37df5e
|
|
4
|
+
data.tar.gz: 8eba038b8b6e113d3e8be52f8838c14e3232fea4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 207b3ae7e01925fb55b881e18188b4c8c8b939cf874d2c1b6f2228c1957f975d97d95a926e637e10bcf2b563c804492b507f5dc9691c7ac5ebfd647b61c2d636
|
|
7
|
+
data.tar.gz: b801c70fc857c355b81444fbac9e5206719444107acf0aa0840a1bc68bd00f011c40e86885241e5b0660bc856c00f653cd84ce32d6ae87ef22063452e0c008d1
|
data/CHANGELOG.md
CHANGED
|
@@ -1,13 +1,12 @@
|
|
|
1
1
|
module Capistrano
|
|
2
2
|
module DSL
|
|
3
3
|
module NginxPaths
|
|
4
|
-
|
|
5
4
|
def nginx_sites_available_file
|
|
6
5
|
"#{fetch(:nginx_location)}/sites-available/#{fetch(:nginx_config_name)}"
|
|
7
6
|
end
|
|
8
7
|
|
|
9
8
|
def nginx_dh_params_file
|
|
10
|
-
|
|
9
|
+
'/etc/nginx/ssl/dhparam.pem'
|
|
11
10
|
end
|
|
12
11
|
|
|
13
12
|
def nginx_sites_enabled_file
|
|
@@ -15,7 +14,7 @@ module Capistrano
|
|
|
15
14
|
end
|
|
16
15
|
|
|
17
16
|
def nginx_service_path
|
|
18
|
-
|
|
17
|
+
fetch(:nginx_service_path).to_s
|
|
19
18
|
end
|
|
20
19
|
|
|
21
20
|
def nginx_default_pid_file
|
|
@@ -32,11 +31,11 @@ module Capistrano
|
|
|
32
31
|
end
|
|
33
32
|
|
|
34
33
|
def nginx_default_ssl_cert_file_path
|
|
35
|
-
|
|
34
|
+
'/etc/ssl/certs/'
|
|
36
35
|
end
|
|
37
36
|
|
|
38
37
|
def nginx_default_ssl_cert_key_file_path
|
|
39
|
-
|
|
38
|
+
'/etc/ssl/private/'
|
|
40
39
|
end
|
|
41
40
|
|
|
42
41
|
def nginx_ssl_cert_file
|
|
@@ -47,6 +46,10 @@ module Capistrano
|
|
|
47
46
|
"#{fetch(:nginx_ssl_cert_key_path)}#{fetch(:nginx_ssl_cert_key)}"
|
|
48
47
|
end
|
|
49
48
|
|
|
49
|
+
def nginx_ssl_client_ca
|
|
50
|
+
fetch(:nginx_ssl_client_ca)
|
|
51
|
+
end
|
|
52
|
+
|
|
50
53
|
# log files
|
|
51
54
|
def nginx_access_log_file
|
|
52
55
|
"/var/log/nginx/#{fetch(:nginx_config_name)}.access.log"
|
|
@@ -55,7 +58,6 @@ module Capistrano
|
|
|
55
58
|
def nginx_error_log_file
|
|
56
59
|
"/var/log/nginx/#{fetch(:nginx_config_name)}.error.log"
|
|
57
60
|
end
|
|
58
|
-
|
|
59
61
|
end
|
|
60
62
|
end
|
|
61
63
|
end
|
|
@@ -17,6 +17,9 @@ server {
|
|
|
17
17
|
ssl on;
|
|
18
18
|
ssl_certificate <%= nginx_ssl_cert_file %>;
|
|
19
19
|
ssl_certificate_key <%= nginx_ssl_cert_key_file %>;
|
|
20
|
+
<% if fetch(:nginx_use_client_ssl) -%>
|
|
21
|
+
ssl_trusted_certificate <%= nginx_ssl_client_ca %>;
|
|
22
|
+
<% end -%>
|
|
20
23
|
|
|
21
24
|
ssl_session_cache shared:SSL:10m;
|
|
22
25
|
ssl_session_timeout 10m;
|
|
@@ -35,7 +38,7 @@ server {
|
|
|
35
38
|
|
|
36
39
|
add_header X-Content-Type-Options nosniff;
|
|
37
40
|
|
|
38
|
-
<% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert -%>
|
|
41
|
+
<% if fetch(:nginx_use_ssl) && (nginx_pass_ssl_client_cert || fetch(:nginx_use_client_ssl)) -%>
|
|
39
42
|
ssl_verify_client optional_no_ca;
|
|
40
43
|
<% end -%>
|
|
41
44
|
|
|
@@ -59,6 +62,12 @@ server {
|
|
|
59
62
|
<% if fetch(:nginx_use_ssl) -%>
|
|
60
63
|
proxy_set_header X-Forwarded-Proto https;
|
|
61
64
|
<% end -%>
|
|
65
|
+
<% if fetch(:nginx_use_client_ssl) -%>
|
|
66
|
+
proxy_set_header X-Client-Dn $ssl_client_s_dn;
|
|
67
|
+
proxy_set_header X-Client-Serial $ssl_client_serial;
|
|
68
|
+
proxy_set_header X-Client-Verify $ssl_client_verify;
|
|
69
|
+
<% end -%>
|
|
70
|
+
|
|
62
71
|
<% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert -%>
|
|
63
72
|
# source: http://forum.nginx.org/read.php?2,236546,236596
|
|
64
73
|
proxy_set_header X-Client-Cert $a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$v$u$w$x$y$z;
|
|
@@ -16,10 +16,10 @@ server {
|
|
|
16
16
|
}
|
|
17
17
|
<% end -%>
|
|
18
18
|
|
|
19
|
-
|
|
19
|
+
<%# render the default server directive. If SSL is enabled, port 443 is used %>
|
|
20
20
|
<%= template_to_s("_default_server_directive.erb", ssl_port: 443, nginx_pass_ssl_client_cert: false).to_s %>
|
|
21
21
|
|
|
22
22
|
<% if fetch(:nginx_pass_ssl_client_cert) -%>
|
|
23
|
-
|
|
23
|
+
<%# render the server directive with SSL client certificate authentication enabled on port 444 %>
|
|
24
24
|
<%= template_to_s("_default_server_directive.erb", ssl_port: 444, nginx_pass_ssl_client_cert: true).to_s %>
|
|
25
25
|
<% end -%>
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: capistrano-unicorn-nginx
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ruben Stranders
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2018-02-08 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: capistrano
|
|
@@ -107,9 +107,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
107
107
|
version: '0'
|
|
108
108
|
requirements: []
|
|
109
109
|
rubyforge_project:
|
|
110
|
-
rubygems_version: 2.6.
|
|
110
|
+
rubygems_version: 2.6.14
|
|
111
111
|
signing_key:
|
|
112
112
|
specification_version: 4
|
|
113
113
|
summary: Capistrano tasks for automatic and sensible unicorn + nginx configuraion.
|
|
114
114
|
test_files: []
|
|
115
|
-
has_rdoc:
|