conjure 0.2.7 → 0.2.8

data/History.md

@@ -1,3 +1,10 @@
+### Version 0.2.8
+2014-10-31
+
+* Add SSL configuration when provisioning
+* Support configurable rubygems version
+* Upgrade to latest Phusion base image
+
 ### Version 0.2.7
 2014-10-23
 

data/lib/conjure/provision/passenger.rb

@@ -12,6 +12,7 @@ module Conjure
         @rails_env = rails_env
         @nginx_directives = options[:nginx_directives] || {}
         @system_packages = options[:system_packages] || []
+        @rubygems_version = options[:rubygems_version]
       end
 
       def start 
@@ -21,19 +22,22 @@ module Conjure
       private
 
       def start_options
-        {:run_options => "-p 80:80 -p 2222:22"}
+        {:run_options => "-p 80:80 -p 443:443 -p 2222:22"}
       end
 
       def dockerfile
         public_key = File.expand_path("~/.ssh/id_rsa.pub")
         raise "Error: ~/.ssh/id_rsa.pub must exist." unless File.exist?(public_key)
-        file = Docker::Template.new("conjure/passenger-ruby21:1.0.1")
+        file = Docker::Template.new("conjure/passenger-ruby21:1.0.2")
         file.run apt_command if apt_command
+        file.run rubygems_command if rubygems_command
         file.add_file public_key, "/root/.ssh/authorized_keys"
         file.add_file public_key, "/home/app/.ssh/authorized_keys"
         file.run "chown app.app /home/app/.ssh/authorized_keys"
         file.run "chown root.root /root/.ssh/authorized_keys"
-        file.add_file_data nginx_conf, "/etc/nginx/sites-enabled/application.conf"
+        file.add_file_data nginx_conf, "/etc/nginx/sites-available/application-no-ssl.conf"
+        file.add_file_data nginx_ssl_conf, "/etc/nginx/sites-available/application-ssl.conf"
+        file.run "ln -s /etc/nginx/sites-available/application-no-ssl.conf /etc/nginx/sites-enabled/application.conf"
         file.add_file_data database_yml, "/home/app/application/shared/config/database.yml"
         file.add_file_data secrets_yml, "/home/app/application/shared/config/secrets.yml"
         file
@@ -45,6 +49,13 @@ module Conjure
         end
       end
 
+      def rubygems_command
+        if @rubygems_version
+          target_source = "/usr/lib/ruby/vendor_ruby/rubygems/defaults/operating_system.rb"
+          "sed -i '23d' #{target_source} && gem update --system #{@rubygems_version}"
+        end
+      end
+
       def database_yml
         {@rails_env => @database.rails_config}.to_yaml
       end
@@ -54,15 +65,17 @@ module Conjure
       end
 
       def nginx_conf
-        options = {
-          :listen => "80",
-          :root => "/home/app/application/current/public",
-          :passenger_enabled => "on",
-          :passenger_user => "app",
-          :passenger_ruby => "/usr/bin/ruby2.1",
-          :passenger_app_env => @rails_env,
-        }.merge @nginx_directives
-        "server {\n" + options.map{|k, v| "  #{k} #{v};"}.join("\n") + "\n}\n"
+        render_template "application-no-ssl.conf"
+      end
+
+      def nginx_ssl_conf
+        render_template "application-ssl.conf"
+      end
+
+      def render_template(name)
+        template_path = File.join File.dirname(__FILE__), "templates", "#{name}.erb"
+        template_data = File.read template_path
+        Erubis::Eruby.new(template_data).result :rails_env => @rails_env
       end
     end
   end

data/lib/conjure/provision/templates/application-no-ssl.conf.erb

@@ -0,0 +1,8 @@
+server {
+  listen 80;
+  root /home/app/application/current/public;
+  passenger_enabled on;
+  passenger_user app;
+  passenger_ruby /usr/bin/ruby2.1;
+  passenger_app_env <%= rails_env %>;
+}

data/lib/conjure/provision/templates/application-ssl.conf.erb

@@ -0,0 +1,27 @@
+server {
+  listen 80;
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  root /home/app/application/current/public;
+  passenger_enabled on;
+  passenger_user app;
+  passenger_ruby /usr/bin/ruby2.1;
+  passenger_app_env <%= rails_env %>;
+
+  ssl_certificate /etc/ssl/certs/application.crt;
+  ssl_certificate_key /etc/ssl/private/application.key;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
+  ssl_prefer_server_ciphers on;
+
+  proxy_set_header X-SSL-Subject $ssl_client_s_dn;
+  proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
+  proxy_set_header X-Forwarded-Proto https;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header Host $http_host;
+  proxy_redirect off;
+}

data/lib/conjure/version.rb

@@ -1,3 +1,3 @@
 module Conjure
-  VERSION = "0.2.7" unless defined?(VERSION)
+  VERSION = "0.2.8" unless defined?(VERSION)
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: conjure
 version: !ruby/object:Gem::Version
-  version: 0.2.7
+  version: 0.2.8
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-23 00:00:00.000000000 Z
+date: 2014-10-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fog
@@ -59,6 +59,22 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: erubis
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: guard-rspec
   requirement: !ruby/object:Gem::Requirement
@@ -164,6 +180,8 @@ files:
 - lib/conjure/provision/docker/host.rb
 - lib/conjure/provision/docker/template.rb
 - lib/conjure/provision/docker/image.rb
+- lib/conjure/provision/templates/application-ssl.conf.erb
+- lib/conjure/provision/templates/application-no-ssl.conf.erb
 - lib/conjure/provision/local_docker.rb
 - lib/conjure/command.rb
 - lib/conjure/data_set.rb