mdh-ec2onrails 0.9.10

data/server/files/etc/init.d/set_roles

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/usr/local/ec2onrails/bin/set_roles.rb

data/server/files/etc/logrotate.d/apache2

@@ -0,0 +1,16 @@
+/mnt/log/apache2/*.log {
+  daily
+  missingok
+  dateext
+  create 640 root app
+  compress
+  notifempty
+  sharedscripts
+  extension gz
+  copytruncate
+  postrotate
+    if [ -f /var/run/apache2.pid ]; then
+      /etc/init.d/apache2 reload > /dev/null
+    fi    
+  endscript
+}

data/server/files/etc/logrotate.d/mongrel

@@ -0,0 +1,11 @@
+/mnt/app/current/log/*/*.log /mnt/app/current/log/*.log {
+  daily
+  missingok
+  dateext
+  rotate 365
+  compress
+  notifempty
+  sharedscripts
+  extension gz
+  copytruncate
+}

data/server/files/etc/logrotate.d/nginx

@@ -0,0 +1,11 @@
+/mnt/log/nginx/*.log {
+  daily
+  missingok
+  dateext
+  compress
+  create 640 root app
+  notifempty
+  sharedscripts
+  extension gz
+  copytruncate
+}

data/server/files/etc/memcached.conf

@@ -0,0 +1,47 @@
+# memcached default config file
+# 2003 - Jay Bonci <jaybonci@debian.org>
+# This configuration file is read by the start-memcached script provided as
+# part of the Debian GNU/Linux distribution. 
+
+# Run memcached as a daemon. This command is implied, and is not needed for the
+# daemon to run. See the README.Debian that comes with this package for more
+# information.
+-d
+
+# Log memcached's output to /var/log/memcached
+logfile /mnt/log/memcached.log
+
+# Be verbose
+# -v
+
+# Be even more verbose (print client commands as well)
+# -vv
+
+# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
+# Note that the daemon will grow to this size, but does not start out holding this much
+# memory
+-m 128
+
+# Default connection port is 11211
+-p 11211 
+
+# Run the daemon as root. The start-memcached will default to running as root if no
+# -u command is present in this config file
+-u nobody
+
+# Specify which IP address to listen on. The default is to listen on all IP addresses
+# This parameter is one of the only security measures that memcached has, so make sure
+# it's listening on a firewalled interface.
+#-l 127.0.0.1
+
+# Limit the number of simultaneous incoming connections. The daemon default is 1024
+# -c 1024
+
+# Lock down all paged memory. Consult with the README and homepage before you do this
+# -k
+
+# Return error when memory is exhausted (rather than removing items)
+# -M
+
+# Maximize core file limit
+# -r

data/server/files/etc/mongrel_cluster/app.yml

@@ -0,0 +1,9 @@
+--- 
+cwd: /mnt/app/current
+port: "8000"
+environment: production
+pid_file: log/mongrel.pid
+servers: 6
+daemon: true
+user: app
+group: app

data/server/files/etc/motd.tail

@@ -0,0 +1,13 @@
+
+EC2 on Rails
+!!VERSION!!
+http://rubyforge.org/projects/ec2onrails/
+
+Copyright 2008 Paul Dowman, http://pauldowman.com/
+
+Base AMI built using Eric Hammond's EC2 Ubuntu script: 
+http://alestic.com/
+
+This is free software, and you are welcome to redistribute it under 
+certain conditions. This software comes with ABSOLUTELY NO WARRANTY.
+See /usr/local/ec2onrails/COPYING for details.

data/server/files/etc/mysql/my.cnf

@@ -0,0 +1,152 @@
+#
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+user            = mysql
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = /mnt/mysql_data
+tmpdir          = /mnt/mysql_data/tmp
+language        = /usr/share/mysql/english
+skip-external-locking
+default-storage-engine = InnoDB
+character-set-server   = utf8
+collation-server       = utf8_general_ci
+
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+#bind-address            = 127.0.0.1
+#
+# * Fine Tuning
+#
+key_buffer_size         = 16M
+max_allowed_packet      = 16M
+thread_stack            = 128K
+thread_cache_size       = 8
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 1M
+query_cache_size        = 64M
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+#log            = /var/log/mysql/mysql.log
+#
+# Error logging goes to syslog. This is a Debian improvement :)
+#
+# Here you can see queries with especially long duration
+log_slow_queries        = /mnt/log/mysql/mysql-slow.log
+long_query_time = 2
+log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+#server-id              = 1
+log_bin                 = /mnt/log/mysql/mysql-bin.log
+# WARNING: Using expire_logs_days without bin_log crashes the server! See README.Debian!
+expire_logs_days        = 10
+max_binlog_size         = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = include_database_name
+#
+# * BerkeleyDB
+#
+# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
+skip-bdb
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
+#skip-innodb
+innodb_data_file_path=ibdata1:100M:autoextend
+innodb_buffer_pool_size=200M
+innodb_additional_mem_pool_size=20M
+innodb_log_file_size=128M
+innodb_log_buffer_size=8M
+innodb_flush_log_at_trx_commit=1
+innodb_lock_wait_timeout=20
+# innodb_flush_method=O_DIRECT
+innodb_file_per_table
+
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+default-character-set   = utf8
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer              = 16M
+
+#
+# * NDB Cluster
+#
+# See /usr/share/doc/mysql-server-*/README.Debian for more information.
+#
+# The following configuration is read by the NDB Data Nodes (ndbd processes)
+# not from the NDB Management Nodes (ndb_mgmd processes).
+#
+# [MYSQL_CLUSTER]
+# ndb-connectstring=127.0.0.1
+
+
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#
+!includedir /etc/mysql/conf.d/

data/server/files/etc/nginx/nginx.conf

@@ -0,0 +1,296 @@
+# user and group to run as
+user  app app;
+
+# number of nginx workers
+worker_processes  6;
+
+# pid of nginx master process
+pid /var/run/nginx.pid;
+
+# Number of worker connections. 1024 is a good default
+events {
+  worker_connections  1024;
+  use epoll; # linux only!
+}
+
+# start the http module where we config http access.
+http {
+  # pull in mime-types. You can break out your config 
+  # into as many include's as you want to make it cleaner
+  include /etc/nginx/mime.types;
+  
+  # set a default type for the rare situation that
+  # nothing matches from the mimie-type include
+  default_type  application/octet-stream;
+
+  # configure log format
+  log_format main '$remote_addr [$time_local] '
+                  '"$scheme $host $request" $status $body_bytes_sent "$http_referer" '
+                  '"$http_user_agent" "$http_x_forwarded_for" '
+                  '($request_time');
+  
+  # main access log
+  access_log  /mnt/log/nginx/access.log  main;
+
+  # main error log - Do not comment out. If you do not want the log file set this to /dev/null
+  # use debug instead of notice if you want additional information
+  error_log  /mnt/log/nginx/error.log notice;
+
+  # no sendfile on OSX
+  sendfile on;
+
+  # These are good default values.
+  tcp_nopush        on;
+  tcp_nodelay       on;
+  # output compression saves bandwidth 
+  gzip              on;
+  gzip_http_version 1.0;
+  gzip_comp_level   5;
+  gzip_proxied      any;
+  gzip_types        text/plain \
+                    text/html \
+                    text/css \
+                    application/x-javascript \
+                    text/xml \
+                    application/xml \
+                    application/xml+rss \
+                    text/javascript;
+  
+
+  # this is where you define your mongrel clusters. 
+  # you need one of these blocks for each cluster
+  # and each one needs its own name to refer to it later.
+  include /etc/ec2onrails/nginx_upstream_members;
+  
+  
+  # the server directive is nginx's virtual host directive.
+  server {
+    # port to listen on. Can also be set to an IP:PORT
+    listen 80;
+    
+    # Set the max size for file uploads to 50Mb
+    client_max_body_size 50M;
+
+    # sets the domain[s] that this vhost server requests for
+    # server_name www.[ec2onrails].com [ec2onrails].com;
+    server_name _;
+
+    # uncomment to force a redirect to www
+    # if ($host ~* "^[ec2onrails].com$"){
+    #   rewrite ^(.*)$ http://www.[ec2onrails].com$1 permanent;
+    #   break;
+    # }
+    
+    # uncomment if you want to allow or force some or all pages to go to http:// instead of https://
+    # if redirecting all to https, you won't need any of the other directives below the rewrite/break
+    # set $sub 'www';
+    # if  ($host ~* "^(.+?)\.[ec2onrails].com$"){
+    #        set $sub $1;
+    # }
+    # 
+    # if ( $uri ~* "^/.+$") {
+    #    rewrite ^(.*)$ https://$sub.[ec2onrails].com$1 permanent;
+    #    break;
+    # }
+
+    # doc root
+    root /mnt/app/current/public;
+
+    # vhost specific access log
+    access_log  /mnt/log/nginx/vhost.access.log  main;
+    error_page   400 /400.html;
+    error_page   500 502 503 504  /500.html;
+    location = /500.html {
+      root /mnt/app/current/public;
+    }
+
+    # this allows people to use images and css in their maintenance.html file
+    if ($request_filename ~* \.(css|jpg|gif|png)$) {
+	    break;
+    }
+		
+    # this rewrites all the requests to the maintenance.html
+    # page if it exists in the doc root. This is for capistrano's
+    # disable web task
+    if (-f $document_root/system/maintenance.html) {
+      rewrite  ^(.*)$  /system/maintenance.html last;
+      break;
+    }
+    
+    # see http://wiki.codemongers.com/NginxHttpStubStatusModule 
+    # for more information
+    location /nginx_status {
+        # copied from http://blog.kovyrin.net/2006/04/29/monitoring-nginx-with-rrdtool/
+        stub_status on;
+        access_log   off;
+        #only allow from localhost
+        allow 127.0.0.1; 
+        deny all;
+    }
+    
+    location / {
+      # FUTURE TODO...enable this and test the hell out of it
+      # if ($request_method = GET) {
+      #    set $memcached_key $uri;
+      #    memcached_pass 127.0.0.1:11211;
+      #    error_page 404 502 = @myapp;
+      #    break;
+      # }
+
+      index  index.html index.htm;
+      
+      # needed to forward user's IP address to rails
+      proxy_set_header  X-Real-IP  $remote_addr;
+      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header  Host $http_host;
+      proxy_redirect    false;
+      proxy_max_temp_file_size 0;
+      proxy_next_upstream      error;  # do not pass along to another mongrel instance if failed or timed out
+      proxy_read_timeout       400;    # give plenty of time for long-running rails processing tasks
+      #the proxy_connect_timeout cannot be more than 75
+      proxy_connect_timeout 70;
+      
+      location ~ ^/(images|javascripts|stylesheets)/ {
+        expires 10y;
+      }
+    
+      if (-f $request_filename) { 
+        break; 
+      }
+
+      # this is the meat of the rails page caching config
+      # it adds .html to the end of the url and then checks
+      # the filesystem for that file. If it exists, then we
+      # rewite the url to have explicit .html on the end 
+      # and then send it on its way to the next config rule.
+      # if there is no file on the fs then it sets all the 
+      # necessary headers and proxies to our upstream mongrels
+      if (-f $request_filename.html) {
+        rewrite (.*) $1.html break;
+      }
+
+      #proxy to mongrel
+      if (!-f $request_filename) {
+        proxy_pass http://mongrel;
+        break;
+      }
+    }
+  }
+  
+  # This server is setup for ssl. Uncomment if 
+  # you are using ssl as well as port 80.
+  # server {
+  #   # port to listen on. Can also be set to an IP:PORT
+  #   listen 443;
+  #   
+  #   # Set the max size for file uploads to 50Mb
+  #   client_max_body_size 50M;
+  # 
+  #   # sets the domain[s] that this vhost server requests for
+  #   # server_name www.[ec2onrails].com [ec2onrails].com;
+  #   server_name _;
+  # 
+  #   # uncomment to force a redirect to www
+  #   # if ($host ~* "^[ec2onrails].com$"){
+  #   #   rewrite ^(.*)$ http://www.[ec2onrails].com$1 permanent;
+  #   #   break;
+  #   # }
+  # 
+  #   ssl                  on;
+  #   ssl_certificate      /etc/nginx/your_cert.crt;
+  #   ssl_certificate_key  /etc/nginx/your_cert.key;
+  #   
+  #   # doc root
+  #   root /mnt/app/current/public;
+  # 
+  #   # vhost specific access log
+  #   access_log  /mnt/log/nginx/vhost.access.log  main;
+  #   error_page   400 /400.html;
+  #   error_page   500 502 503 504  /500.html;
+  #   location = /500.html {
+  #     root /mnt/app/current/public;
+  #   }
+  # 
+  #   # this allows people to use images and css in their maintenance.html file
+  #   if ($request_filename ~* \.(css|jpg|gif|png)$) {
+  #       break;
+  #   }
+  #      
+  #   # this rewrites all the requests to the maintenance.html
+  #   # page if it exists in the doc root. This is for capistrano's
+  #   # disable web task
+  #   if (-f $document_root/system/maintenance.html) {
+  #     rewrite  ^(.*)$  /system/maintenance.html last;
+  #     break;
+  #   }
+  #   
+  #   # see http://wiki.codemongers.com/NginxHttpStubStatusModule 
+  #   # for more information
+  #   location /nginx_status {
+  #       # copied from http://blog.kovyrin.net/2006/04/29/monitoring-nginx-with-rrdtool/
+  #       stub_status on;
+  #       access_log   off;
+  #       #only allow from localhost
+  #       allow 127.0.0.1; 
+  #       deny all;
+  #   }
+  # 
+  #   location / {
+  #      # FUTURE TODO...enable this and test the hell out of it
+  #      # if ($request_method = GET) {
+  #      #    set $memcached_key $uri;
+  #      #    memcached_pass 127.0.0.1:11211;
+  #      #    error_page 404 502 = @myapp;
+  #      #    break;
+  #      # }
+  # 
+  #      index  index.html index.htm;
+  # 
+  #      # needed to forward user's IP address to rails
+  #      proxy_set_header  X-Real-IP  $remote_addr;
+  #      # needed for HTTPS
+  #      proxy_set_header X_FORWARDED_PROTO https;
+  #      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  #      proxy_set_header Host $http_host;
+  #      proxy_redirect   false;
+  #      proxy_max_temp_file_size 0;
+  #      proxy_next_upstream      error;  # do not pass along to another mongrel instance if failed or timed out
+  #      proxy_read_timeout       400;    # give plenty of time for long-running rails processing tasks
+  #      #the proxy_connect_timeout cannot be more than 75
+  #      proxy_connect_timeout 70;
+  # 
+  #      location ~ ^/(images|javascripts|stylesheets)/ {
+  #        expires 10y;
+  #      }
+  # 
+  #     if (-f $request_filename) { 
+  #       break; 
+  #     }
+  # 
+  #     # this is the meat of the rails page caching config
+  #     # it adds .html to the end of the url and then checks
+  #     # the filesystem for that file. If it exists, then we
+  #     # rewite the url to have explicit .html on the end 
+  #     # and then send it on its way to the next config rule.
+  #     # if there is no file on the fs then it sets all the 
+  #     # necessary headers and proxies to our upstream mongrels
+  #     if (-f $request_filename.html) {
+  #       rewrite (.*) $1.html break;
+  #     }
+  #     
+  #     # ok to have this out here because PDF's should never 
+  #     # be fully paged cache anyway
+  #     if ($request_filename ~* \.pdf$) {
+  #        proxy_pass http://mongrel_pdf;
+  #         break;
+  #     }
+  # 
+  #     if (!-f $request_filename) {
+  #       proxy_pass http://mongrel;
+  #       break;
+  #     }
+  #   }
+  # 
+  # }
+}
+