errorstudio_capistrano_recipes 0.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +10 -0
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/CODE_OF_CONDUCT.md +13 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +29 -0
- data/Rakefile +1 -0
- data/bin/console +14 -0
- data/bin/setup +7 -0
- data/errorstudio_capistrano_recipes.gemspec +34 -0
- data/lib/capistrano/errorstudio.rb +5 -0
- data/lib/capistrano/errorstudio/composer.rb +3 -0
- data/lib/capistrano/errorstudio/cron.rb +2 -0
- data/lib/capistrano/errorstudio/nginx.rb +2 -0
- data/lib/capistrano/errorstudio/ownership.rb +1 -0
- data/lib/capistrano/errorstudio/passenger.rb +2 -0
- data/lib/capistrano/errorstudio/prompts.rb +1 -0
- data/lib/capistrano/errorstudio/rails.rb +13 -0
- data/lib/capistrano/errorstudio/rvm.rb +4 -0
- data/lib/capistrano/errorstudio/static.rb +4 -0
- data/lib/capistrano/errorstudio/tasks/composer.rake +12 -0
- data/lib/capistrano/errorstudio/tasks/cron.rake +15 -0
- data/lib/capistrano/errorstudio/tasks/nginx.rake +198 -0
- data/lib/capistrano/errorstudio/tasks/ownership.rake +11 -0
- data/lib/capistrano/errorstudio/tasks/passenger.rake +76 -0
- data/lib/capistrano/errorstudio/tasks/prompts.rake +18 -0
- data/lib/capistrano/errorstudio/tasks/rails.rake +80 -0
- data/lib/capistrano/errorstudio/tasks/rvm.rake +49 -0
- data/lib/capistrano/errorstudio/tasks/static.rake +0 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/basic_auth.erb +8 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/cloudflare_real_ips.erb +4 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/cors.erb +34 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/custom_aliases.erb +5 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/custom_rules.erb +3 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/location_proxy_cache.erb +6 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/nginx_vhost.conf.erb +84 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/path_redirects.erb +5 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/php.erb +27 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/proxy_cache_path.erb +1 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/redirects.erb +10 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/rewrites.erb +7 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/ssl_settings.erb +24 -0
- data/lib/capistrano/errorstudio/tasks/templates/nginx/upstream_proxy.erb +11 -0
- data/lib/capistrano/errorstudio/tasks/templates/passenger/passenger_init.erb +27 -0
- data/lib/capistrano/errorstudio/tasks/templates/rails/database.yml.erb +8 -0
- data/lib/capistrano/errorstudio/tasks/templates/rails/secrets.yml.erb +5 -0
- data/lib/capistrano/errorstudio/tasks/templates/wordpress/env.erb +23 -0
- data/lib/capistrano/errorstudio/tasks/wordpress.rake +158 -0
- data/lib/capistrano/errorstudio/wordpress.rb +12 -0
- data/lib/version.rb +3 -0
- metadata +209 -0
@@ -0,0 +1,11 @@
|
|
1
|
+
namespace :deploy do
|
2
|
+
desc "Sets the owner to www-data and the group to deployers"
|
3
|
+
task :set_ownership do
|
4
|
+
on roles([:web, :app]) do
|
5
|
+
execute "sudo chown -R www-data:deployers #{deploy_to}"
|
6
|
+
execute "sudo chmod -R 775 #{deploy_to}"
|
7
|
+
end
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
before "deploy:cleanup", "deploy:set_ownership"
|
@@ -0,0 +1,76 @@
|
|
1
|
+
namespace :passenger do
|
2
|
+
# This task with bounce the standalone passenger server.
|
3
|
+
# The rails_env and passenger_port are specified in the deploy environment files, ex: "config/deploy/staging.rb"
|
4
|
+
desc "Restart Passenger server"
|
5
|
+
task :restart do
|
6
|
+
on roles(:web) do
|
7
|
+
execute "sudo invoke-rc.d #{fetch(:application)}_#{fetch(:rails_env)}_passenger restart"
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
desc "Generate the init script for passenger"
|
12
|
+
task :generate_init_script do
|
13
|
+
# on roles(:web) do
|
14
|
+
# memory_available_kb = `cat /proc/meminfo | grep MemTotal | awk '{print $2}'`.to_i
|
15
|
+
# thread_use_kb = 175000
|
16
|
+
# set :default_pool_size, ((memory_available_kb * 0.75) / thread_use_kb).to_i
|
17
|
+
# end
|
18
|
+
|
19
|
+
# create the shell script that upstart will exec
|
20
|
+
file = File.join(File.dirname(__FILE__), "templates", "passenger", "passenger_init.erb")
|
21
|
+
buffer = ERB.new(File.read(file)).result(binding)
|
22
|
+
filename = "#{fetch(:application)}_#{fetch(:rails_env)}_passenger"
|
23
|
+
on roles(:web) do
|
24
|
+
unless test("[ -f /etc/init.d/#{filename} ]")
|
25
|
+
upload! StringIO.new(buffer), "/tmp/#{filename}"
|
26
|
+
execute "sudo mv /tmp/#{filename} /etc/init.d/#{filename}"
|
27
|
+
execute "sudo chmod +x /etc/init.d/#{filename}"
|
28
|
+
execute "sudo update-rc.d #{filename} defaults"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def passenger_path
|
34
|
+
if fetch(:use_system_passenger, false)
|
35
|
+
|
36
|
+
on roles(fetch(:rvm1_roles, :all)) do
|
37
|
+
within release_path do
|
38
|
+
set :ruby_version, capture(:rvm, "current")
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
"RACK_ENV=#{fetch(:rails_env)} && /usr/local/rvm/gems/#{fetch(:ruby_version)}/wrappers/ruby /usr/bin/passenger"
|
43
|
+
else
|
44
|
+
"RACK_ENV=#{fetch(:rails_env)} && #{fetch(:rvm1_auto_script_path)}/rvm-auto.sh . bundle exec passenger"
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
|
49
|
+
def stop_passenger_command
|
50
|
+
return <<-CMD
|
51
|
+
if [ -f #{current_path}/tmp/pids/passenger.#{fetch(:passenger_port)}.pid ];
|
52
|
+
then
|
53
|
+
cd #{current_path} && (#{passenger_path} stop --pid-file #{current_path}/tmp/pids/passenger.#{fetch(:passenger_port)}.pid)
|
54
|
+
fi
|
55
|
+
CMD
|
56
|
+
end
|
57
|
+
|
58
|
+
def start_passenger_command
|
59
|
+
default_pool_size = 6
|
60
|
+
return <<-CMD
|
61
|
+
# VERSION #{fetch(:rvm1_alias_name)}
|
62
|
+
rm -f #{current_path}/tmp/pids/passenger.#{fetch(:passenger_port)}.pid;
|
63
|
+
cd #{current_path} && (#{passenger_path} start --max-pool-size=#{fetch(:passenger_max_pool_size,default_pool_size)} --min-instances=#{fetch(:passenger_min_instances,default_pool_size)} -e #{fetch(:rails_env)} -p #{fetch(:passenger_port)} -d)
|
64
|
+
CMD
|
65
|
+
end
|
66
|
+
|
67
|
+
def restart_passenger_command
|
68
|
+
return <<-CMD
|
69
|
+
#{stop_passenger_command}
|
70
|
+
#{start_passenger_command}
|
71
|
+
CMD
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
after "deploy:published", "passenger:generate_init_script"
|
76
|
+
after "deploy:finished", "passenger:restart"
|
@@ -0,0 +1,18 @@
|
|
1
|
+
def confirm(message)
|
2
|
+
puts <<-WARN
|
3
|
+
|
4
|
+
========================================================================
|
5
|
+
#{message}
|
6
|
+
========================================================================
|
7
|
+
|
8
|
+
WARN
|
9
|
+
set :answer, ask("Continue? y/n",'n')
|
10
|
+
if fetch(:answer)== 'y' then true else false end
|
11
|
+
end
|
12
|
+
|
13
|
+
def prompt_for_login
|
14
|
+
unless fetch(:server_admin_username,false) && fetch(:server_admin_password, false)
|
15
|
+
set :server_admin_username, ask("Server MySQL Username:",nil)
|
16
|
+
set :server_admin_password, ask("Server DB Password:", nil, echo: false)
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# namespace :deploy do
|
2
|
+
# desc "Precompile assets"
|
3
|
+
# task :precompile do
|
4
|
+
# on roles(:app) do
|
5
|
+
# execute "cd #{release_path}/ && bundle exec rake assets:precompile"
|
6
|
+
# end
|
7
|
+
# end
|
8
|
+
# end
|
9
|
+
|
10
|
+
namespace :rails do
|
11
|
+
|
12
|
+
namespace :secrets do
|
13
|
+
desc "Create Rails secrets file using random secret key base"
|
14
|
+
task :create_config do
|
15
|
+
on roles(:app) do
|
16
|
+
unless test("[ -f #{shared_path}/config/secrets.yml ]")
|
17
|
+
set :secret_key_base, SecureRandom.hex(64)
|
18
|
+
# get common secrets: we need to find a way to encrypt these really.
|
19
|
+
local_secrets = YAML.load_file(File.join(fetch(:repo_tree,""),"config/secrets.yml"))
|
20
|
+
if local_secrets.has_key?("common")
|
21
|
+
set :common_secrets, local_secrets["common"]
|
22
|
+
end
|
23
|
+
file = File.join(File.dirname(__FILE__), "templates", "rails", "secrets.yml.erb")
|
24
|
+
buffer = ERB.new(File.read(file), nil, '-').result(binding)
|
25
|
+
upload! StringIO.new(buffer), "#{shared_path}/config/secrets.yml"
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
# The order of tasks here is: rails:db:create_config [check the config doesn't exist] => rails:db:create => rails:db:grant
|
32
|
+
|
33
|
+
namespace :db do
|
34
|
+
set :db_password, (0...20).map{ [('0'..'9'),('A'..'Z'),('a'..'z')].map {|range| range.to_a}.flatten[rand(64)] }.join
|
35
|
+
set :db_username, -> {"#{fetch(:application).gsub(/[^A-z]/,"").to_s[0..7]}_#{fetch(:stage).to_s[0..3]}"}
|
36
|
+
set :db_name, -> {"#{fetch(:application).gsub(/[^A-z]/,"").to_s[0..53]}_#{fetch(:db_suffix, fetch(:stage).to_s[0..9])}"}
|
37
|
+
|
38
|
+
desc "Create database.yml"
|
39
|
+
task :create_config do
|
40
|
+
on roles(:app) do
|
41
|
+
unless test("[ -f #{File.join(shared_path, "config", "database.yml")} ]")
|
42
|
+
file = File.join(File.dirname(__FILE__), "templates", "rails", "database.yml.erb")
|
43
|
+
buffer = ERB.new(File.read(file)).result(binding)
|
44
|
+
upload! StringIO.new(buffer), "#{shared_path}/config/database.yml"
|
45
|
+
invoke "rails:db:create"
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
desc "Create database"
|
51
|
+
task :create do
|
52
|
+
on roles(:db) do
|
53
|
+
prompt_for_login
|
54
|
+
db_sql = "CREATE DATABASE IF NOT EXISTS #{fetch(:db_name)};"
|
55
|
+
execute "mysql --user=#{fetch(:server_admin_username)} --password=#{fetch(:server_admin_password)} --execute=\"#{db_sql}\""
|
56
|
+
end
|
57
|
+
invoke "rails:db:grant"
|
58
|
+
end
|
59
|
+
|
60
|
+
desc "Grant db rights"
|
61
|
+
task :grant do
|
62
|
+
puts "Creating user"
|
63
|
+
on roles(:db) do |server|
|
64
|
+
prompt_for_login
|
65
|
+
[%w{10.% 127.% localhost},[server.hostname]].flatten.each do |ip|
|
66
|
+
puts "#{ip}"
|
67
|
+
user_sql = "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES on #{fetch(:db_name)}.* TO '#{fetch(:db_username)}'@'#{ip}' IDENTIFIED BY '#{fetch(:db_password)}';"
|
68
|
+
execute "mysql --user=#{fetch(:server_admin_username)} --password=#{fetch(:server_admin_password)} --execute=\"#{user_sql}\""
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
after "deploy:check:make_linked_dirs", "rails:secrets:create_config"
|
78
|
+
after "deploy:check:make_linked_dirs", "rails:db:create_config"
|
79
|
+
# after "rails:db:create_config", "rails:db:create"
|
80
|
+
after "deploy:check", "nginx:check_config"
|
@@ -0,0 +1,49 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
namespace :rvm1 do
|
4
|
+
namespace :install do
|
5
|
+
desc 'Install bundler'
|
6
|
+
task :bundler do
|
7
|
+
on roles(fetch(:rvm1_roles, :all)) do
|
8
|
+
within release_path do
|
9
|
+
execute :rvm, fetch(:rvm1_ruby_version), 'do', 'gem install bundler --no-ri'
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
desc "install RVM, but only after checking it's not already installed"
|
15
|
+
task :if_necessary do
|
16
|
+
on roles(fetch(:rvm1_roles, :all)) do
|
17
|
+
if test("[ -f /usr/local/rvm/bin/rvm ]")
|
18
|
+
puts "RVM already exists - no need to install"
|
19
|
+
else
|
20
|
+
invoke 'rvm1:install:rvm'
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
|
27
|
+
desc "Add / update the RVM key from the keyserver unless it already exists"
|
28
|
+
task :update_rvm_key do
|
29
|
+
on roles(fetch(:rvm1_roles, :all)) do
|
30
|
+
unless execute :gpg, "--list-keys | grep D39DC0E3" , raise_on_non_zero_exit: false
|
31
|
+
execute :gpg, " --keyserver hkp://keyserver.ubuntu.com --recv-keys D39DC0E3"
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
desc "Set the owner of the rvm1script directory to deploy, not www-data"
|
37
|
+
task :set_ownership do
|
38
|
+
on roles(fetch(:rvm1_roles, :all)) do
|
39
|
+
execute "sudo chown -R `whoami | xargs echo -n`:deployers #{fetch(:rvm1_auto_script_path)}"
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
|
45
|
+
before "rvm1:install:rvm", "rvm1:update_rvm_key"
|
46
|
+
before 'deploy', 'rvm1:install:if_necessary' # install/update RVM
|
47
|
+
before 'deploy', 'rvm1:install:ruby' # install/update Ruby
|
48
|
+
after 'rvm1:install:ruby', 'rvm1:install:bundler'
|
49
|
+
after "deploy:set_ownership", "rvm1:set_ownership"
|
File without changes
|
@@ -0,0 +1,34 @@
|
|
1
|
+
#
|
2
|
+
# Wide-open CORS config for nginx
|
3
|
+
#
|
4
|
+
if ($request_method = 'OPTIONS') {
|
5
|
+
add_header 'Access-Control-Allow-Origin' '*';
|
6
|
+
#
|
7
|
+
# Om nom nom cookies
|
8
|
+
#
|
9
|
+
add_header 'Access-Control-Allow-Credentials' 'true';
|
10
|
+
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
11
|
+
#
|
12
|
+
# Custom headers and headers various browsers *should* be OK with but aren't
|
13
|
+
#
|
14
|
+
add_header 'Access-Control-Allow-Headers' 'DNT,api-token,preview,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
15
|
+
#
|
16
|
+
# Tell client that this pre-flight info is valid for 20 days
|
17
|
+
#
|
18
|
+
add_header 'Access-Control-Max-Age' 1728000;
|
19
|
+
add_header 'Content-Type' 'text/plain charset=UTF-8';
|
20
|
+
add_header 'Content-Length' 0;
|
21
|
+
return 204;
|
22
|
+
}
|
23
|
+
if ($request_method = 'POST') {
|
24
|
+
add_header 'Access-Control-Allow-Origin' '*';
|
25
|
+
add_header 'Access-Control-Allow-Credentials' 'true';
|
26
|
+
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
27
|
+
add_header 'Access-Control-Allow-Headers' 'DNT,api-token,Keep-Alive User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
28
|
+
}
|
29
|
+
if ($request_method = 'GET') {
|
30
|
+
add_header 'Access-Control-Allow-Origin' '*';
|
31
|
+
add_header 'Access-Control-Allow-Credentials' 'true';
|
32
|
+
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
33
|
+
add_header 'Access-Control-Allow-Headers' 'DNT,api-token,Keep-Alive User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
|
34
|
+
}
|
@@ -0,0 +1,6 @@
|
|
1
|
+
proxy_cache <%= fetch(:cache_zone) %>;
|
2
|
+
proxy_cache_lock on;
|
3
|
+
proxy_cache_valid 200 <%= fetch(:nginx_cache_validity, "10s") %>;
|
4
|
+
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504 http_403 http_404;
|
5
|
+
add_header X-Proxy-Cache-Status $upstream_cache_status;
|
6
|
+
proxy_cache_bypass $http_cache_control;
|
@@ -0,0 +1,84 @@
|
|
1
|
+
<%= fetch(:nginx_custom_http_context, "") %>
|
2
|
+
|
3
|
+
<%= fetch(:nginx_configuration,{})[:proxy_cache_path] %>
|
4
|
+
|
5
|
+
<%= fetch(:nginx_configuration, {})[:url_rewrites] %>
|
6
|
+
|
7
|
+
<%= fetch(:nginx_configuration, {})[:domain_redirects] %>
|
8
|
+
|
9
|
+
<% fetch(:log_formats, {}).each do |name, format| %>
|
10
|
+
log_format <%= name %> '<%= format %>';
|
11
|
+
<% end %>
|
12
|
+
|
13
|
+
server {
|
14
|
+
<%= fetch(:nginx_configuration,{})[:cloudflare_real_ips] %>
|
15
|
+
server_name <%= fetch(:site_domains).join(" ") %>;
|
16
|
+
#listen 80;
|
17
|
+
|
18
|
+
location /nginx_status {
|
19
|
+
stub_status on;
|
20
|
+
|
21
|
+
access_log off;
|
22
|
+
allow 127.0.0.1;
|
23
|
+
deny all;
|
24
|
+
}
|
25
|
+
|
26
|
+
<%= fetch(:nginx_custom_server_context, "") %>
|
27
|
+
|
28
|
+
access_log <%= fetch(:access_log,"/var/log/nginx/#{fetch(:deploy_domain)}.access.log") %>;
|
29
|
+
error_log <%= fetch(:error_log,"/var/log/nginx/#{fetch(:deploy_domain)}.error.log") %>;
|
30
|
+
<% if fetch(:nginx_custom_root,nil).nil? %>
|
31
|
+
root <%= fetch(:deploy_to) %><%= fetch(:http_root,"/current/public") %>;
|
32
|
+
<% else %>
|
33
|
+
root <%= fetch(:nginx_custom_root) %>;
|
34
|
+
<% end %>
|
35
|
+
|
36
|
+
<%= fetch(:nginx_configuration, {})[:basic_auth] %>
|
37
|
+
|
38
|
+
<%= fetch(:nginx_configuration,{})[:path_redirects] %>
|
39
|
+
|
40
|
+
<%= fetch(:nginx_configuration, {})[:custom_rules] %>
|
41
|
+
|
42
|
+
<%= fetch(:nginx_configuration, {})[:custom_aliases] %>
|
43
|
+
|
44
|
+
|
45
|
+
# enable gzip compression
|
46
|
+
gzip on;
|
47
|
+
gzip_http_version 1.1;
|
48
|
+
gzip_vary on;
|
49
|
+
gzip_comp_level 1;
|
50
|
+
gzip_proxied any;
|
51
|
+
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
52
|
+
gzip_min_length 1100;
|
53
|
+
|
54
|
+
# make sure gzip does not lose large gzipped js or css files - see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl
|
55
|
+
gzip_buffers 16 8k;
|
56
|
+
|
57
|
+
# Disable gzip for older browsers that don't support it
|
58
|
+
gzip_disable “MSIE [1-6].(?!.*SV1)”;
|
59
|
+
|
60
|
+
|
61
|
+
<%= fetch(:nginx_configuration,{})[:ssl_settings] %>
|
62
|
+
|
63
|
+
location = /favicon.ico {
|
64
|
+
log_not_found off;
|
65
|
+
access_log off;
|
66
|
+
}
|
67
|
+
|
68
|
+
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
|
69
|
+
location ~ /\. {
|
70
|
+
deny all;
|
71
|
+
access_log off;
|
72
|
+
log_not_found off;
|
73
|
+
}
|
74
|
+
|
75
|
+
<%= fetch(:nginx_configuration, {})[:location_proxy_cache] %>
|
76
|
+
|
77
|
+
<%= fetch(:nginx_configuration, {})[:php] %>
|
78
|
+
|
79
|
+
<%= fetch(:nginx_configuration, {})[:upstream] %>
|
80
|
+
|
81
|
+
<% if fetch(:requires_static, false) %>
|
82
|
+
index index.html index.htm;
|
83
|
+
<% end %>
|
84
|
+
}
|
@@ -0,0 +1,27 @@
|
|
1
|
+
location / {
|
2
|
+
<%= fetch(:nginx_configuration,{})[:cors] %>
|
3
|
+
try_files $uri $uri/ /index.php?$args;
|
4
|
+
}
|
5
|
+
|
6
|
+
index index.php index.html index.htm;
|
7
|
+
location ~ \.php$ {
|
8
|
+
try_files $uri =404;
|
9
|
+
include fastcgi_params;
|
10
|
+
<% if fetch(:ssl_required,false) %>
|
11
|
+
#this isn't ideal because it'll report HTTPS on when it isn't.
|
12
|
+
#need to check port too.
|
13
|
+
fastcgi_param HTTPS on;
|
14
|
+
fastcgi_param SSL_PROTOCOL $ssl_protocol;
|
15
|
+
fastcgi_param SSL_CIPHER $ssl_cipher;
|
16
|
+
fastcgi_param SSL_SESSION_ID $ssl_session_id;
|
17
|
+
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
|
18
|
+
<% end %>
|
19
|
+
fastcgi_pass unix:/var/run/php5-www.sock;
|
20
|
+
fastcgi_index index.php;
|
21
|
+
fastcgi_buffer_size 128k;
|
22
|
+
fastcgi_buffers 4 256k;
|
23
|
+
fastcgi_busy_buffers_size 256k;
|
24
|
+
<% fetch(:php_fastcgi_parameters, []).each do |param| %>
|
25
|
+
<%= param %>
|
26
|
+
<% end %>
|
27
|
+
}
|
@@ -0,0 +1 @@
|
|
1
|
+
proxy_cache_path /tmp/<%= fetch(:cache_zone) %>_cache levels=1:2 keys_zone=<%= fetch(:cache_zone) %>:10m inactive=600s max_size=1000m;
|
@@ -0,0 +1,10 @@
|
|
1
|
+
<% fetch(:domain_redirects,[]).each do |site_alias|%>
|
2
|
+
server {
|
3
|
+
<%= fetch(:nginx_configuration,{})[:cloudflare_real_ips] %>
|
4
|
+
server_name <%= site_alias %>;
|
5
|
+
<% if fetch(:deploy_domain) =~ %r{#{site_alias}}%>
|
6
|
+
<%= fetch(:nginx_configuration,{})[:ssl_settings] %>
|
7
|
+
<% end %>
|
8
|
+
return 301 $scheme://<%= fetch(:deploy_domain) %>$request_uri;
|
9
|
+
}
|
10
|
+
<% end %>
|