nginxinator 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/nginxinator/check.rb +24 -0
- data/lib/nginxinator/config.rb +1 -4
- data/lib/nginxinator/examples/config/deploy/staging.rb +10 -47
- data/lib/nginxinator/examples/config/deploy.rb +24 -57
- data/lib/nginxinator/examples/nginx.conf.erb +81 -8
- data/lib/nginxinator/nginx.rb +44 -145
- data/lib/nginxinator.rb +2 -1
- metadata +19 -5
- data/lib/nginxinator/examples/config/deploy/staging_nginxinator.rb +0 -58
- data/lib/nginxinator/examples/config/deploy_nginxinator.rb +0 -1
- data/lib/nginxinator/examples/site-enabled.erb +0 -65
@@ -0,0 +1,24 @@
|
|
1
|
+
namespace :nginx do
|
2
|
+
namespace :check do
|
3
|
+
|
4
|
+
desc 'Ensure all nginxinator specific settings are set, and warn and exit if not.'
|
5
|
+
before 'nginx:setup', :settings do
|
6
|
+
{
|
7
|
+
(File.dirname(__FILE__) + "/examples/config/deploy.rb") => 'config/deploy.rb',
|
8
|
+
(File.dirname(__FILE__) + "/examples/config/deploy/staging.rb") => "config/deploy/#{fetch(:stage)}.rb"
|
9
|
+
}.each do |abs, rel|
|
10
|
+
Rake::Task['deployinator:settings'].invoke(abs, rel)
|
11
|
+
Rake::Task['deployinator:settings'].reenable
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
namespace :settings do
|
16
|
+
desc 'Print example nginxinator specific settings for comparison.'
|
17
|
+
task :print do
|
18
|
+
set :print_all, true
|
19
|
+
Rake::Task['nginx:check:settings'].invoke
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|
24
|
+
end
|
data/lib/nginxinator/config.rb
CHANGED
@@ -3,16 +3,13 @@ namespace :nginxinator do
|
|
3
3
|
desc 'Write example config files'
|
4
4
|
task :write_example_configs do
|
5
5
|
run_locally do
|
6
|
-
execute "mkdir", "-p", "config/deploy", "templates/nginx
|
6
|
+
execute "mkdir", "-p", "config/deploy", "templates/nginx"
|
7
7
|
{
|
8
8
|
'examples/Capfile' => 'Capfile_example',
|
9
9
|
'examples/config/deploy.rb' => 'config/deploy_example.rb',
|
10
|
-
'examples/config/deploy_nginxinator.rb' => 'config/deploy_nginxinator_example.rb',
|
11
10
|
'examples/config/deploy/staging.rb' => 'config/deploy/staging_example.rb',
|
12
|
-
'examples/config/deploy/staging_nginxinator.rb' => 'config/deploy/staging_nginxinator_example.rb',
|
13
11
|
'examples/Dockerfile' => 'templates/nginx/Dockerfile_example',
|
14
12
|
'examples/nginx.conf.erb' => 'templates/nginx/nginx_example.conf.erb',
|
15
|
-
'examples/site-enabled.erb' => 'templates/nginx/sites-enabled/client-app_example.erb',
|
16
13
|
'examples/ssl.crt.erb' => 'templates/nginx/ssl.crt_example.erb',
|
17
14
|
'examples/ssl.key.erb' => 'templates/nginx/ssl.key_example.erb',
|
18
15
|
'examples/mime.types.erb' => 'templates/nginx/mime.types_example.erb'
|
@@ -1,50 +1,13 @@
|
|
1
|
-
|
2
|
-
#
|
3
|
-
# Supports bulk-adding hosts to roles, the primary server in each group
|
4
|
-
# is considered to be the first unless any hosts have the primary
|
5
|
-
# property set. Don't declare `role :all`, it's a meta role.
|
1
|
+
set :domain, "my-app.example.com"
|
2
|
+
set :user_host, "#{fetch(:deployment_username)}@#{fetch(:domain)}"
|
6
3
|
|
7
|
-
|
8
|
-
|
9
|
-
|
4
|
+
role :app, fetch(:user_host)
|
5
|
+
role :web, fetch(:user_host)
|
6
|
+
role :db, fetch(:user_host)
|
10
7
|
|
11
|
-
role :app, fetch(:user_host)
|
12
|
-
role :web, fetch(:user_host)
|
13
|
-
role :db, fetch(:user_host)
|
14
8
|
|
15
|
-
#
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
#server 'example.com', user: 'deploy', roles: %w{web app}, my_property: :my_value
|
22
|
-
|
23
|
-
|
24
|
-
# Custom SSH Options
|
25
|
-
# ==================
|
26
|
-
# You may pass any option but keep in mind that net/ssh understands a
|
27
|
-
# limited set of options, consult[net/ssh documentation](http://net-ssh.github.io/net-ssh/classes/Net/SSH.html#method-c-start).
|
28
|
-
#
|
29
|
-
# Global options
|
30
|
-
# --------------
|
31
|
-
# set :ssh_options, {
|
32
|
-
# keys: %w(/home/rlisowski/.ssh/id_rsa),
|
33
|
-
# forward_agent: false,
|
34
|
-
# auth_methods: %w(password)
|
35
|
-
# }
|
36
|
-
#
|
37
|
-
# And/or per server (overrides global)
|
38
|
-
# ------------------------------------
|
39
|
-
# server 'example.com',
|
40
|
-
# user: 'user_name',
|
41
|
-
# roles: %w{web app},
|
42
|
-
# ssh_options: {
|
43
|
-
# user: 'user_name', # overrides user setting above
|
44
|
-
# keys: %w(/home/user_name/.ssh/id_rsa),
|
45
|
-
# forward_agent: false,
|
46
|
-
# auth_methods: %w(publickey password)
|
47
|
-
# # password: 'please use keys'
|
48
|
-
# }
|
49
|
-
|
50
|
-
require './config/deploy/staging_nginxinator.rb'
|
9
|
+
# nginxinator
|
10
|
+
#--------------------------------------------------------------------------
|
11
|
+
set :webserver_publish_ports, ["80", "443"]
|
12
|
+
set :webserver_image_name, "snarlysodboxer/nginx:0.0.0"
|
13
|
+
#--------------------------------------------------------------------------
|
@@ -1,60 +1,27 @@
|
|
1
1
|
# config valid only for Capistrano 3.1
|
2
2
|
lock '3.2.1'
|
3
3
|
|
4
|
-
set :
|
5
|
-
set :
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
#
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
# Default value for linked_dirs is []
|
29
|
-
# set :linked_dirs, %w{bin log tmp/pids tmp/cache tmp/sockets vendor/bundle public/system}
|
30
|
-
|
31
|
-
# Default value for default_env is {}
|
32
|
-
# set :default_env, { path: "/opt/ruby/bin:$PATH" }
|
33
|
-
|
34
|
-
# Default value for keep_releases is 5
|
35
|
-
# set :keep_releases, 5
|
36
|
-
|
37
|
-
namespace :deploy do
|
38
|
-
|
39
|
-
desc 'Restart application'
|
40
|
-
task :restart do
|
41
|
-
on roles(:app), in: :sequence, wait: 5 do
|
42
|
-
# Your restart mechanism here, for example:
|
43
|
-
# execute :touch, release_path.join('tmp/restart.txt')
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
after :publishing, :restart
|
48
|
-
|
49
|
-
after :restart, :clear_cache do
|
50
|
-
on roles(:web), in: :groups, limit: 3, wait: 10 do
|
51
|
-
# Here we can do anything such as:
|
52
|
-
# within release_path do
|
53
|
-
# execute :rake, 'cache:clear'
|
54
|
-
# end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
end
|
59
|
-
|
60
|
-
require './config/deploy_nginxinator.rb'
|
4
|
+
set :preexisting_ssh_user, ENV['USER']
|
5
|
+
set :deployment_username, "deployer"
|
6
|
+
set :webserver_username, "www-data"
|
7
|
+
set :webserver_config_files, ["nginx.conf", "ssl.crt", "ssl.key", "mime.types"]
|
8
|
+
set :webserver_data_path, current_path
|
9
|
+
set :webserver_logs_path, shared_path.join('log')
|
10
|
+
set :webserver_config_path, shared_path.join('nginx')
|
11
|
+
set :webserver_socket_path, shared_path.join('run')
|
12
|
+
set :webserver_writeable_dirs, [shared_path.join('run'), shared_path.join('log')]
|
13
|
+
set :webserver_executable_dirs, [shared_path.join('bundle', 'bin')]
|
14
|
+
set :ignore_permissions_dirs, [shared_path.join('postgres'), shared_path.join('nginx')]
|
15
|
+
set :webserver_container_name, -> { "#{fetch(:domain)}-nginx-#{fetch(:webserver_publish_ports).join('-')}" }
|
16
|
+
set :webserver_ports_options, -> { fetch(:webserver_publish_ports).collect { |p| ["--publish", "0.0.0.0:#{p}:#{p}"] }.flatten }
|
17
|
+
set :webserver_docker_run_command, -> { [
|
18
|
+
"--detach", "--tty",
|
19
|
+
"--name", fetch(:webserver_container_name),
|
20
|
+
"--volume", "#{fetch(:deploy_to)}:#{fetch(:deploy_to)}:rw",
|
21
|
+
"--entrypoint", "/usr/sbin/nginx",
|
22
|
+
"--restart", "always",
|
23
|
+
fetch(:webserver_ports_options),
|
24
|
+
fetch(:webserver_image_name),
|
25
|
+
"-c", shared_path.join('nginx', 'nginx.conf')
|
26
|
+
].flatten }
|
27
|
+
set :local_templates_path, "templates/nginx"
|
@@ -1,21 +1,21 @@
|
|
1
1
|
# deamon off is imporant to keep the docker container running
|
2
2
|
daemon off;
|
3
3
|
|
4
|
-
user
|
4
|
+
user <%= fetch(:webserver_username) %>;
|
5
5
|
worker_processes 4;
|
6
6
|
|
7
|
-
error_log <%=
|
8
|
-
pid
|
7
|
+
error_log <%= fetch(:webserver_logs_path) %>/error.log warn;
|
8
|
+
pid <%= fetch(:webserver_socket_path) %>/nginx.pid;
|
9
9
|
|
10
10
|
events {
|
11
11
|
worker_connections 2048;
|
12
12
|
}
|
13
13
|
|
14
14
|
http {
|
15
|
-
include <%=
|
15
|
+
include <%= fetch(:webserver_config_path) %>/mime.types;
|
16
16
|
default_type application/octet-stream;
|
17
17
|
|
18
|
-
access_log <%=
|
18
|
+
access_log <%= fetch(:webserver_logs_path) %>/access.log;
|
19
19
|
|
20
20
|
sendfile on;
|
21
21
|
tcp_nopush on;
|
@@ -27,13 +27,86 @@ http {
|
|
27
27
|
gzip_http_version 1.0;
|
28
28
|
gzip_comp_level 2;
|
29
29
|
gzip_proxied any;
|
30
|
-
gzip_types text/plain text/
|
30
|
+
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
31
31
|
|
32
32
|
server_names_hash_bucket_size 64;
|
33
33
|
types_hash_max_size 2048;
|
34
34
|
types_hash_bucket_size 64;
|
35
35
|
|
36
36
|
|
37
|
-
|
38
|
-
|
37
|
+
upstream unicorn {
|
38
|
+
server unix:<%= fetch(:webserver_socket_path) %>/unicorn.socket fail_timeout=0;
|
39
|
+
}
|
40
|
+
|
41
|
+
server {
|
42
|
+
listen 80;
|
43
|
+
location / {
|
44
|
+
rewrite ^/(.*)$ https://<%= fetch(:domain) %>/$1 redirect;
|
45
|
+
}
|
46
|
+
}
|
47
|
+
|
48
|
+
server {
|
49
|
+
listen 443;
|
50
|
+
set $public_root <%= fetch(:webserver_data_path) %>/public;
|
51
|
+
set $rails_root <%= fetch(:webserver_data_path) %>;
|
52
|
+
|
53
|
+
root $public_root;
|
54
|
+
|
55
|
+
ssl on;
|
56
|
+
ssl_certificate <%= fetch(:webserver_config_path) %>/ssl.crt;
|
57
|
+
ssl_certificate_key <%= fetch(:webserver_config_path) %>/ssl.key;
|
58
|
+
ssl_ciphers HIGH;
|
59
|
+
ssl_protocols SSLv3 TLSv1;
|
60
|
+
ssl_prefer_server_ciphers on;
|
61
|
+
|
62
|
+
if (-f $document_root/system/maintenance.html) {
|
63
|
+
rewrite ^(.*)$ /system/maintenance.html last;
|
64
|
+
break;
|
65
|
+
}
|
66
|
+
|
67
|
+
location / {
|
68
|
+
client_max_body_size 4096M;
|
69
|
+
proxy_read_timeout 900;
|
70
|
+
proxy_set_header X-Real-IP $remote_addr;
|
71
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
72
|
+
proxy_set_header X-Forwarded-Proto https;
|
73
|
+
proxy_set_header Host $http_host;
|
74
|
+
proxy_redirect off;
|
75
|
+
proxy_max_temp_file_size 0;
|
76
|
+
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
|
77
|
+
proxy_set_header X-Accel-Remote-Mapping webdav_redirect;
|
78
|
+
proxy_set_header X-Accel-Mapping $rails_root=$rails_root;
|
79
|
+
|
80
|
+
if (-f $request_filename) {
|
81
|
+
expires max;
|
82
|
+
break;
|
83
|
+
}
|
84
|
+
|
85
|
+
if (!-f $request_filename) {
|
86
|
+
proxy_pass http://unicorn;
|
87
|
+
break;
|
88
|
+
}
|
89
|
+
}
|
90
|
+
|
91
|
+
location ~ /files/(.*) {
|
92
|
+
alias $rails_root/$1;
|
93
|
+
internal;
|
94
|
+
}
|
95
|
+
|
96
|
+
location ~* /webdav_redirect {
|
97
|
+
internal;
|
98
|
+
resolver 127.0.0.1;
|
99
|
+
set $r_host $upstream_http_redirect_host;
|
100
|
+
set $r_url $upstream_http_redirect_url;
|
101
|
+
proxy_set_header Authorization '';
|
102
|
+
proxy_set_header Host $r_host;
|
103
|
+
proxy_max_temp_file_size 0;
|
104
|
+
proxy_pass $r_url;
|
105
|
+
}
|
106
|
+
|
107
|
+
error_page 500 502 503 504 /500.html;
|
108
|
+
location = /500.html {
|
109
|
+
root $public_root;
|
110
|
+
}
|
111
|
+
}
|
39
112
|
}
|
data/lib/nginxinator/nginx.rb
CHANGED
@@ -1,49 +1,25 @@
|
|
1
|
-
require 'erb'
|
2
|
-
|
3
|
-
## NOTES:
|
4
|
-
# tasks without 'desc' description lines are for manual debugging of this
|
5
|
-
# deployment code.
|
6
|
-
#
|
7
|
-
# we've choosen to only pass strings (if anything) to tasks. this allows tasks to be
|
8
|
-
# debugged individually. only private methods take ruby objects.
|
9
|
-
|
10
1
|
namespace :nginx do
|
11
2
|
|
12
|
-
desc "Idempotently setup an Nginx instance
|
13
|
-
task :setup do
|
14
|
-
Rake::Task['nginx:ensure_access_docker'].invoke
|
3
|
+
desc "Idempotently setup an Nginx instance."
|
4
|
+
task :setup => ['deployinator:deployment_user', 'deployinator:webserver_user', 'deployinator:sshkit_umask'] do
|
15
5
|
Rake::Task['nginx:open_firewall'].invoke
|
16
6
|
# 'on', 'run_locally', 'as', 'execute', 'info', 'warn', and 'fatal' are from SSHKit
|
17
7
|
on roles(:app) do
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
config_file_changed = true
|
25
|
-
end
|
26
|
-
end
|
27
|
-
fetch(:sites_enabled).each do |config_file|
|
28
|
-
if nginx_config_file_differs?(fetch(:local_site_templates_path), fetch(:external_sites_enabled_path), config_file)
|
29
|
-
warn "Config file #{config_file} on #{fetch(:domain)} is being updated."
|
30
|
-
Rake::Task['nginx:install_config_file'].invoke(fetch(:local_site_templates_path), fetch(:external_sites_enabled_path), config_file)
|
31
|
-
Rake::Task['nginx:install_config_file'].reenable
|
32
|
-
config_file_changed = true
|
33
|
-
end
|
34
|
-
end
|
35
|
-
execute "sudo", "mkdir", "-p", fetch(:external_sock_path)
|
36
|
-
execute "sudo", "chown", "-R", "www-data:www-data", fetch(:external_sock_path)
|
37
|
-
unless nginx_container_exists?
|
38
|
-
Rake::Task['nginx:create_container'].invoke
|
39
|
-
else
|
40
|
-
unless nginx_container_is_running?
|
41
|
-
Rake::Task['nginx:start_container'].invoke
|
8
|
+
as :root do
|
9
|
+
set :config_file_changed, false
|
10
|
+
Rake::Task['nginx:install_config_files'].invoke
|
11
|
+
Rake::Task['deployinator:file_permissions'].invoke
|
12
|
+
unless container_exists?(fetch(:webserver_container_name))
|
13
|
+
create_container(fetch(:webserver_container_name), fetch(:webserver_docker_run_command))
|
42
14
|
else
|
43
|
-
|
44
|
-
|
15
|
+
unless container_is_running?(fetch(:webserver_container_name))
|
16
|
+
start_container(fetch(:webserver_container_name))
|
45
17
|
else
|
46
|
-
|
18
|
+
if fetch(:config_file_changed)
|
19
|
+
restart_container(fetch(:webserver_container_name))
|
20
|
+
else
|
21
|
+
info "No config file changes for #{fetch(:webserver_container_name)} and it is already running; we're setup!"
|
22
|
+
end
|
47
23
|
end
|
48
24
|
end
|
49
25
|
end
|
@@ -51,73 +27,48 @@ namespace :nginx do
|
|
51
27
|
end
|
52
28
|
|
53
29
|
desc "Check the status of the Nginx instance."
|
54
|
-
task :status do
|
30
|
+
task :status => ['deployinator:deployment_user'] do
|
55
31
|
on roles(:app) do
|
56
32
|
info ""
|
57
|
-
if
|
58
|
-
info "#{fetch(:
|
33
|
+
if container_exists?(fetch(:webserver_container_name))
|
34
|
+
info "#{fetch(:webserver_container_name)} exists on #{fetch(:domain)}"
|
59
35
|
info ""
|
60
|
-
if
|
61
|
-
info "#{fetch(:
|
36
|
+
if container_is_running?(fetch(:webserver_container_name))
|
37
|
+
info "#{fetch(:webserver_container_name)} is running on #{fetch(:domain)}"
|
62
38
|
info ""
|
63
39
|
else
|
64
|
-
info "#{fetch(:
|
40
|
+
info "#{fetch(:webserver_container_name)} is not running on #{fetch(:domain)}"
|
65
41
|
info ""
|
66
42
|
end
|
67
43
|
else
|
68
|
-
info "#{fetch(:
|
44
|
+
info "#{fetch(:webserver_container_name)} does not exist on #{fetch(:domain)}"
|
69
45
|
info ""
|
70
46
|
end
|
71
47
|
end
|
72
48
|
end
|
73
49
|
|
74
|
-
task :
|
75
|
-
|
76
|
-
warn "Starting a new container named #{fetch(:nginx_container_name)} on #{fetch(:domain)}"
|
77
|
-
execute("docker", "run", fetch(:docker_run_command))
|
78
|
-
sleep 2
|
79
|
-
fatal nginx_stay_running_message and raise unless nginx_container_is_running?
|
80
|
-
end
|
81
|
-
end
|
82
|
-
|
83
|
-
task :start_container do
|
84
|
-
on roles(:app) do
|
85
|
-
warn "Starting an existing but non-running container named #{fetch(:nginx_container_name)}"
|
86
|
-
execute("docker", "start", fetch(:nginx_container_name))
|
87
|
-
sleep 2
|
88
|
-
fatal nginx_stay_running_message and raise unless nginx_container_is_running?
|
89
|
-
end
|
90
|
-
end
|
91
|
-
|
92
|
-
task :restart_container do
|
93
|
-
on roles(:app) do
|
94
|
-
warn "Restarting a running container named #{fetch(:nginx_container_name)}"
|
95
|
-
execute("docker", "restart", fetch(:nginx_container_name))
|
96
|
-
sleep 2
|
97
|
-
fatal nginx_stay_running_message and raise unless nginx_container_is_running?
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
task :ensure_access_docker do
|
102
|
-
on roles(:app) do
|
103
|
-
as fetch(:ssh_user) do
|
104
|
-
unless test("bash", "-c", "\"docker", "ps", "&>", "/dev/null\"")
|
105
|
-
execute("sudo", "usermod", "-a", "-G", "docker", fetch(:ssh_user))
|
106
|
-
fatal "Newly added to docker group, this run will fail, next run will succeed. Simply try again."
|
107
|
-
end
|
108
|
-
end
|
109
|
-
end
|
110
|
-
end
|
111
|
-
|
112
|
-
task :install_config_file, [:template_path, :config_path, :config_file] do |t, args|
|
50
|
+
task :install_config_files => ['deployinator:deployment_user', 'deployinator:webserver_user', 'deployinator:sshkit_umask'] do
|
51
|
+
require 'erb'
|
113
52
|
on roles(:app) do
|
114
53
|
as 'root' do
|
115
|
-
execute
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
54
|
+
execute "mkdir", "-p", fetch(:webserver_socket_path),
|
55
|
+
fetch(:webserver_logs_path), fetch(:webserver_config_path)
|
56
|
+
fetch(:webserver_config_files).each do |config_file|
|
57
|
+
template_path = File.expand_path("#{fetch(:local_templates_path)}/#{config_file}.erb")
|
58
|
+
generated_config_file = ERB.new(File.new(template_path).read).result(binding)
|
59
|
+
upload! StringIO.new(generated_config_file), "/tmp/#{config_file}.file"
|
60
|
+
unless test "diff", "-q", "/tmp/#{config_file}.file", "#{fetch(:webserver_config_path)}/#{config_file}"
|
61
|
+
warn "Config file #{config_file} on #{fetch(:domain)} is being updated."
|
62
|
+
execute("mv", "/tmp/#{config_file}.file", "#{fetch(:webserver_config_path)}/#{config_file}")
|
63
|
+
set :config_file_changed, true
|
64
|
+
else
|
65
|
+
execute "rm", "/tmp/#{config_file}.file"
|
66
|
+
end
|
67
|
+
end
|
68
|
+
#execute("chown", "-R", "#{fetch(:deployment_user_id)}:#{fetch(:webserver_user_id)}", fetch(:webserver_config_path))
|
69
|
+
execute("chown", "-R", "root:root", fetch(:webserver_config_path))
|
70
|
+
execute "find", fetch(:webserver_config_path), "-type", "d", "-exec", "chmod", "2775", "{}", "+"
|
71
|
+
execute "find", fetch(:webserver_config_path), "-type", "f", "-exec", "chmod", "0600", "{}", "+"
|
121
72
|
end
|
122
73
|
end
|
123
74
|
end
|
@@ -125,8 +76,8 @@ namespace :nginx do
|
|
125
76
|
task :open_firewall do
|
126
77
|
on roles(:app) do
|
127
78
|
as "root" do
|
128
|
-
if test "ufw", "status"
|
129
|
-
fetch(:
|
79
|
+
if test "bash", "-c", "\"ufw", "status", "&>" "/dev/null\""
|
80
|
+
fetch(:webserver_publish_ports).each do |port|
|
130
81
|
raise "Error during opening UFW firewall" unless test("ufw", "allow", "#{port}/tcp")
|
131
82
|
end
|
132
83
|
end
|
@@ -134,56 +85,4 @@ namespace :nginx do
|
|
134
85
|
end
|
135
86
|
end
|
136
87
|
|
137
|
-
private
|
138
|
-
|
139
|
-
# Temporarily added 'nginx_' to the beginning of each of these methods to avoid
|
140
|
-
# getting them overwritten by other gems with methods with the same names, (E.G. postgresinator.)
|
141
|
-
## TODO Figure out how to do this the right or better way.
|
142
|
-
def nginx_stay_running_message
|
143
|
-
"Container #{fetch(:nginx_container_name)} on #{fetch(:domain)} did not stay running more than 2 seconds"
|
144
|
-
end
|
145
|
-
|
146
|
-
def nginx_config_file_differs?(local_templates_path, external_config_path, config_file)
|
147
|
-
generated_config_file = nginx_generate_config_file("#{local_templates_path}/#{config_file}.erb")
|
148
|
-
as 'root' do
|
149
|
-
config_file_path = "#{external_config_path}/#{config_file}"
|
150
|
-
if nginx_file_exists?(config_file_path)
|
151
|
-
capture("cat", config_file_path).chomp != generated_config_file.chomp
|
152
|
-
else
|
153
|
-
true
|
154
|
-
end
|
155
|
-
end
|
156
|
-
end
|
157
|
-
|
158
|
-
def nginx_generate_config_file(template_file_path)
|
159
|
-
set :logs_path, -> { fetch(:internal_logs_path) }
|
160
|
-
set :conf_path, -> { fetch(:internal_conf_path) }
|
161
|
-
set :sock_path, -> { fetch(:internal_sock_path) }
|
162
|
-
set :data_path, -> { fetch(:internal_data_path) }
|
163
|
-
set :sites_path, -> { fetch(:internal_sites_enabled_path) }
|
164
|
-
set :cdomain, -> { fetch(:domain) }
|
165
|
-
@internal_logs_path = fetch(:logs_path)
|
166
|
-
@internal_conf_path = fetch(:conf_path)
|
167
|
-
@internal_sock_path = fetch(:sock_path)
|
168
|
-
@internal_data_path = fetch(:data_path)
|
169
|
-
@internal_sites_enabled_path = fetch(:sites_path)
|
170
|
-
@domain = fetch(:cdomain)
|
171
|
-
template_path = File.expand_path(template_file_path)
|
172
|
-
ERB.new(File.new(template_path).read).result(binding)
|
173
|
-
end
|
174
|
-
|
175
|
-
def nginx_container_exists?
|
176
|
-
test "docker", "inspect", fetch(:nginx_container_name), ">", "/dev/null"
|
177
|
-
end
|
178
|
-
|
179
|
-
def nginx_container_is_running?
|
180
|
-
(capture "docker", "inspect",
|
181
|
-
"--format='{{.State.Running}}'",
|
182
|
-
fetch(:nginx_container_name)).strip == "true"
|
183
|
-
end
|
184
|
-
|
185
|
-
def nginx_file_exists?(file_name_path)
|
186
|
-
test "[", "-f", file_name_path, "]"
|
187
|
-
end
|
188
|
-
|
189
88
|
end
|
data/lib/nginxinator.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nginxinator
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-
|
12
|
+
date: 2014-12-29 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: capistrano
|
@@ -27,6 +27,22 @@ dependencies:
|
|
27
27
|
- - '='
|
28
28
|
- !ruby/object:Gem::Version
|
29
29
|
version: 3.2.1
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: deployinator
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ~>
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: 0.1.0
|
38
|
+
type: :runtime
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ~>
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: 0.1.0
|
30
46
|
- !ruby/object:Gem::Dependency
|
31
47
|
name: rake
|
32
48
|
requirement: !ruby/object:Gem::Requirement
|
@@ -68,13 +84,11 @@ files:
|
|
68
84
|
- lib/nginxinator.rb
|
69
85
|
- lib/nginxinator/nginx.rb
|
70
86
|
- lib/nginxinator/config.rb
|
87
|
+
- lib/nginxinator/check.rb
|
71
88
|
- lib/nginxinator/examples/Capfile
|
72
89
|
- lib/nginxinator/examples/config/deploy.rb
|
73
|
-
- lib/nginxinator/examples/config/deploy_nginxinator.rb
|
74
90
|
- lib/nginxinator/examples/config/deploy/staging.rb
|
75
|
-
- lib/nginxinator/examples/config/deploy/staging_nginxinator.rb
|
76
91
|
- lib/nginxinator/examples/nginx.conf.erb
|
77
|
-
- lib/nginxinator/examples/site-enabled.erb
|
78
92
|
- lib/nginxinator/examples/ssl.crt.erb
|
79
93
|
- lib/nginxinator/examples/ssl.key.erb
|
80
94
|
- lib/nginxinator/examples/mime.types.erb
|
@@ -1,58 +0,0 @@
|
|
1
|
-
## For a standard Ubuntu 12.04 Nginx Docker image you should only
|
2
|
-
## need to change the following values to get started:
|
3
|
-
set :domain, "client.example.com"
|
4
|
-
set :sites_enabled, ['client-app']
|
5
|
-
set :publish_ports, [
|
6
|
-
{
|
7
|
-
"external" => "80",
|
8
|
-
"internal" => "80"
|
9
|
-
},
|
10
|
-
{
|
11
|
-
"external" => "443",
|
12
|
-
"internal" => "443"
|
13
|
-
}
|
14
|
-
]
|
15
|
-
set :image_name, "snarlysodboxer/nginx:0.0.0"
|
16
|
-
set :external_data_path, "/var/www/client-app/current"
|
17
|
-
set :external_logs_path, "/var/www/client-app/shared/log/nginx"
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
## The values below may be commonly changed to match specifics
|
22
|
-
## relating to a particular Docker image or setup:
|
23
|
-
set :config_files, ["nginx.conf", "ssl.crt", "ssl.key", "mime.types"]
|
24
|
-
set :internal_data_path, -> { fetch(:external_data_path) }
|
25
|
-
set :internal_conf_path, "/etc/nginx"
|
26
|
-
set :internal_sites_enabled_path, "/etc/nginx/sites-enabled"
|
27
|
-
set :internal_logs_path, "/var/log/nginx"
|
28
|
-
set :internal_sock_path, "/var/run/unicorn"
|
29
|
-
set :ssh_user, -> { ENV["USER"] }
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
## The values below are not meant to be changed and shouldn't
|
34
|
-
## need to be under the majority of circumstances:
|
35
|
-
set :nginx_container_name, -> { "#{fetch(:domain)}-nginx-#{fetch(:publish_ports).collect { |p| p['external'] }.join('-')}" }
|
36
|
-
set :external_conf_path, -> { "/#{fetch(:nginx_container_name)}-conf" }
|
37
|
-
set :external_sites_enabled_path, -> { "#{fetch(:external_conf_path)}/sites-enabled" }
|
38
|
-
set :external_sock_path, -> { "#{fetch(:external_conf_path)}/run" }
|
39
|
-
set :ports_options, -> {
|
40
|
-
options = []
|
41
|
-
fetch(:publish_ports).each do |port_set|
|
42
|
-
options += ["--publish", "0.0.0.0:#{port_set['external']}:#{port_set['internal']}"]
|
43
|
-
end
|
44
|
-
options
|
45
|
-
}
|
46
|
-
set :docker_run_command, -> { [
|
47
|
-
"--detach", "--tty",
|
48
|
-
"--name", fetch(:nginx_container_name),
|
49
|
-
"--volume", "#{fetch(:external_data_path)}:#{fetch(:internal_data_path)}:rw",
|
50
|
-
"--volume", "#{fetch(:external_conf_path)}:#{fetch(:internal_conf_path)}:rw",
|
51
|
-
"--volume", "#{fetch(:external_sock_path)}:#{fetch(:internal_sock_path)}:rw",
|
52
|
-
"--volume", "#{fetch(:external_logs_path)}:#{fetch(:internal_logs_path)}:rw",
|
53
|
-
"--restart", "always",
|
54
|
-
fetch(:ports_options),
|
55
|
-
fetch(:image_name)
|
56
|
-
].flatten }
|
57
|
-
set :local_templates_path, "templates/nginx"
|
58
|
-
set :local_site_templates_path, -> { "#{fetch(:local_templates_path)}/sites-enabled" }
|
@@ -1 +0,0 @@
|
|
1
|
-
# Only stage-specific nginxinator config options are needed.
|
@@ -1,65 +0,0 @@
|
|
1
|
-
upstream unicorn {
|
2
|
-
server unix:<%= @internal_sock_path %>/unicorn.socket fail_timeout=0;
|
3
|
-
}
|
4
|
-
|
5
|
-
|
6
|
-
server {
|
7
|
-
listen 80;
|
8
|
-
location / {
|
9
|
-
rewrite ^/(.*)$ https://<%= @domain %>/$1 redirect;
|
10
|
-
}
|
11
|
-
}
|
12
|
-
|
13
|
-
server {
|
14
|
-
listen 443;
|
15
|
-
set $public_root <%= @internal_data_path %>/public;
|
16
|
-
set $rails_root <%= @internal_data_path %>;
|
17
|
-
|
18
|
-
root $public_root;
|
19
|
-
|
20
|
-
ssl on;
|
21
|
-
ssl_certificate <%= @internal_conf_path %>/ssl.crt;
|
22
|
-
ssl_certificate_key <%= @internal_conf_path %>/ssl.key;
|
23
|
-
ssl_ciphers HIGH;
|
24
|
-
ssl_protocols SSLv3 TLSv1;
|
25
|
-
ssl_prefer_server_ciphers on;
|
26
|
-
|
27
|
-
if (-f $document_root/system/maintenance.html) {
|
28
|
-
rewrite ^(.*)$ /system/maintenance.html last;
|
29
|
-
break;
|
30
|
-
}
|
31
|
-
|
32
|
-
location / {
|
33
|
-
client_max_body_size 4096M;
|
34
|
-
proxy_read_timeout 900;
|
35
|
-
proxy_set_header X-Real-IP $remote_addr;
|
36
|
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
37
|
-
proxy_set_header X-Forwarded-Proto https;
|
38
|
-
proxy_set_header Host $http_host;
|
39
|
-
proxy_redirect off;
|
40
|
-
proxy_max_temp_file_size 0;
|
41
|
-
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
|
42
|
-
proxy_set_header X-Accel-Remote-Mapping webdav_redirect;
|
43
|
-
proxy_set_header X-Accel-Mapping $rails_root=$rails_root;
|
44
|
-
|
45
|
-
if (-f $request_filename) {
|
46
|
-
expires max;
|
47
|
-
break;
|
48
|
-
}
|
49
|
-
|
50
|
-
if (!-f $request_filename) {
|
51
|
-
proxy_pass http://unicorn;
|
52
|
-
break;
|
53
|
-
}
|
54
|
-
}
|
55
|
-
|
56
|
-
location ~ /files/(.*) {
|
57
|
-
alias $rails_root/$1;
|
58
|
-
internal;
|
59
|
-
}
|
60
|
-
|
61
|
-
error_page 500 502 503 504 /500.html;
|
62
|
-
location = /500.html {
|
63
|
-
root $public_root;
|
64
|
-
}
|
65
|
-
}
|