winton-cookbook 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/README.markdown +134 -0
- data/config/debian/bash_profile.erb +9 -0
- data/config/debian/iptables.rules.erb +47 -0
- data/config/debian/locale.gen.erb +1 -0
- data/config/debian/sshd_config.erb +78 -0
- data/config/log/rotate.conf.erb +9 -0
- data/config/mongrel/mongrel.yml.erb +10 -0
- data/config/mongrel/nginx.vhost.erb +177 -0
- data/config/monit/mongrel.erb +12 -0
- data/config/monit/monit.erb +11 -0
- data/config/monit/monitrc.erb +32 -0
- data/config/monit/nginx.vhost.erb +26 -0
- data/config/mysql/my.cnf.erb +137 -0
- data/config/nginx/nginx.conf.erb +30 -0
- data/config/nginx/nginx.erb +57 -0
- data/config/php/init-fastcgi.erb +26 -0
- data/config/php/nginx.vhost.erb +27 -0
- data/config/php/php-fastcgi.erb +2 -0
- data/config/rails/database.yml.erb +13 -0
- data/cookbook.rb +66 -0
- data/cookbook_helpers.rb +119 -0
- data/deploy.rb.example +45 -0
- data/recipes/debian.rb +200 -0
- data/recipes/deploy.rb +50 -0
- data/recipes/gems.rb +77 -0
- data/recipes/log.rb +47 -0
- data/recipes/mongrel.rb +48 -0
- data/recipes/monit.rb +47 -0
- data/recipes/mysql.rb +106 -0
- data/recipes/nginx.rb +79 -0
- data/recipes/php.rb +17 -0
- data/recipes/rails.rb +65 -0
- data/recipes/ssh.rb +64 -0
- data/recipes/stage.rb +34 -0
- metadata +95 -0
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2008 Winton Welsh <mail@wintoni.us>
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.markdown
ADDED
@@ -0,0 +1,134 @@
|
|
1
|
+
Cookbook
|
2
|
+
========
|
3
|
+
|
4
|
+
Cookbook takes you from a fresh Debian/Ubuntu server to a complete Nginx/Rails/PHP stack using purely Capistrano. It also takes care of app deployment and pretty much writes your **config/deploy.rb** file for you.
|
5
|
+
|
6
|
+
|
7
|
+
The stack
|
8
|
+
---------
|
9
|
+
|
10
|
+
* Git
|
11
|
+
* Nginx
|
12
|
+
* Mongrel cluster
|
13
|
+
* Monit
|
14
|
+
* MySQL
|
15
|
+
* PHP (Nginx w/ spawn-fcgi)
|
16
|
+
* Rails
|
17
|
+
* Ruby
|
18
|
+
* RubyGems
|
19
|
+
* Sphinx
|
20
|
+
|
21
|
+
|
22
|
+
Install
|
23
|
+
-------
|
24
|
+
|
25
|
+
(Goto **Set up a PHP app** if deploying a PHP project)
|
26
|
+
|
27
|
+
### Capify your project
|
28
|
+
|
29
|
+
capify .
|
30
|
+
|
31
|
+
### Add cookbook as a Git submodule
|
32
|
+
|
33
|
+
git submodule add git://github.com:winton/cookbook.git config/cookbook
|
34
|
+
|
35
|
+
### Copy deploy.rb
|
36
|
+
|
37
|
+
Copy **config/cookbook/deploy.rb.example** to **config/deploy.rb**
|
38
|
+
|
39
|
+
Edit **config/deploy.rb** to your liking. Run `cap -T` to check out your new tasks.
|
40
|
+
|
41
|
+
|
42
|
+
Create the deploy user
|
43
|
+
----------------------
|
44
|
+
|
45
|
+
### Log in remotely as root
|
46
|
+
|
47
|
+
If you can't log in as root directly, but have the password (ServerBeach):
|
48
|
+
|
49
|
+
su
|
50
|
+
|
51
|
+
### Change root's password if you already haven't
|
52
|
+
|
53
|
+
passwd
|
54
|
+
|
55
|
+
### Add a deploy user
|
56
|
+
|
57
|
+
adduser deploy
|
58
|
+
|
59
|
+
### Edit /etc/sudoers
|
60
|
+
|
61
|
+
visudo
|
62
|
+
|
63
|
+
Add this line to the end of the file. This gives the deploy user "sudo without password" privileges:
|
64
|
+
|
65
|
+
deploy ALL=NOPASSWD: ALL
|
66
|
+
|
67
|
+
### Upload your SSH keys
|
68
|
+
|
69
|
+
cap ssh:setup
|
70
|
+
|
71
|
+
(Just answer no to the first question if you already have local keys generated.)
|
72
|
+
|
73
|
+
|
74
|
+
Set up your fresh Debian server
|
75
|
+
-------------------------------
|
76
|
+
|
77
|
+
### On your machine
|
78
|
+
|
79
|
+
cap debian:setup
|
80
|
+
|
81
|
+
(See **config/cookbook/recipes/debian.rb**. You might want to run the tasks individually to know what's going on.)
|
82
|
+
|
83
|
+
### On the server
|
84
|
+
|
85
|
+
Its probably a good idea to restart the server after all that:
|
86
|
+
|
87
|
+
sudo shutdown -r now
|
88
|
+
|
89
|
+
|
90
|
+
Deploy your app
|
91
|
+
---------------
|
92
|
+
|
93
|
+
### First deploy
|
94
|
+
|
95
|
+
cap deploy:create
|
96
|
+
|
97
|
+
(See **config/cookbook/recipes/deploy.rb** to know what's going on here.)
|
98
|
+
|
99
|
+
Optionally set up log rotation and a monit entry for your mongrels:
|
100
|
+
|
101
|
+
cap log:rotate
|
102
|
+
cap monit:config:mongrel
|
103
|
+
|
104
|
+
### Subsequent deploys
|
105
|
+
|
106
|
+
cap deploy
|
107
|
+
|
108
|
+
|
109
|
+
Deploy staging
|
110
|
+
--------------
|
111
|
+
|
112
|
+
See *Deploy your app*, but replace `cap` with `cap staging`.
|
113
|
+
|
114
|
+
Example:
|
115
|
+
|
116
|
+
cap staging deploy:create
|
117
|
+
|
118
|
+
|
119
|
+
Set up a PHP app
|
120
|
+
----------------
|
121
|
+
|
122
|
+
### Create directories
|
123
|
+
|
124
|
+
config/
|
125
|
+
public/
|
126
|
+
|
127
|
+
Move your site contents into the public directory. Follow instructions in the *Install* section.
|
128
|
+
|
129
|
+
Uncomment this line in deploy.rb:
|
130
|
+
|
131
|
+
#:platform => :php,
|
132
|
+
|
133
|
+
|
134
|
+
##### Copyright (c) 2008 Winton Welsh, released under the MIT license
|
@@ -0,0 +1,9 @@
|
|
1
|
+
export PS1='\e[01;30m\h \e[33m\u \e[01;34m\w\e[00m: '
|
2
|
+
|
3
|
+
alias free="free -m"
|
4
|
+
|
5
|
+
alias aptitude="sudo aptitude"
|
6
|
+
alias update="sudo aptitude update"
|
7
|
+
alias upgrade="sudo aptitude upgrade"
|
8
|
+
alias install="sudo aptitude install"
|
9
|
+
alias remove="sudo aptitude remove"
|
@@ -0,0 +1,47 @@
|
|
1
|
+
*filter
|
2
|
+
|
3
|
+
|
4
|
+
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
|
5
|
+
-A INPUT -i lo -j ACCEPT
|
6
|
+
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
|
7
|
+
|
8
|
+
|
9
|
+
# Accepts all established inbound connections
|
10
|
+
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
11
|
+
|
12
|
+
|
13
|
+
# Allows all outbound traffic
|
14
|
+
# You can modify this to only allow certain traffic
|
15
|
+
-A OUTPUT -j ACCEPT
|
16
|
+
|
17
|
+
|
18
|
+
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
|
19
|
+
-A INPUT -p tcp --dport 80 -j ACCEPT
|
20
|
+
-A INPUT -p tcp --dport 443 -j ACCEPT
|
21
|
+
|
22
|
+
|
23
|
+
# Allows IMAP
|
24
|
+
-A INPUT -p tcp --dport 143 -j ACCEPT
|
25
|
+
|
26
|
+
|
27
|
+
# Allows SSH connections
|
28
|
+
#
|
29
|
+
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
|
30
|
+
#
|
31
|
+
-A INPUT -p tcp -m state --state NEW --dport <%= ssh_port %> -j ACCEPT
|
32
|
+
|
33
|
+
|
34
|
+
# Allow ping
|
35
|
+
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
|
36
|
+
|
37
|
+
|
38
|
+
# log iptables denied calls
|
39
|
+
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
|
40
|
+
|
41
|
+
|
42
|
+
# Reject all other inbound - default deny unless explicitly allowed policy
|
43
|
+
-A INPUT -j REJECT
|
44
|
+
-A FORWARD -j REJECT
|
45
|
+
|
46
|
+
COMMIT
|
47
|
+
# There MUST be a new line after this line!
|
@@ -0,0 +1 @@
|
|
1
|
+
en_US.UTF-8 UTF-8
|
@@ -0,0 +1,78 @@
|
|
1
|
+
# Package generated configuration file
|
2
|
+
# See the sshd(8) manpage for details
|
3
|
+
|
4
|
+
# What ports, IPs and protocols we listen for
|
5
|
+
Port <%= ssh_port %>
|
6
|
+
# Use these options to restrict which interfaces/protocols sshd will bind to
|
7
|
+
#ListenAddress ::
|
8
|
+
#ListenAddress 0.0.0.0
|
9
|
+
Protocol 2
|
10
|
+
# HostKeys for protocol version 2
|
11
|
+
HostKey /etc/ssh/ssh_host_rsa_key
|
12
|
+
HostKey /etc/ssh/ssh_host_dsa_key
|
13
|
+
#Privilege Separation is turned on for security
|
14
|
+
UsePrivilegeSeparation yes
|
15
|
+
|
16
|
+
# Lifetime and size of ephemeral version 1 server key
|
17
|
+
KeyRegenerationInterval 3600
|
18
|
+
ServerKeyBits 768
|
19
|
+
|
20
|
+
# Logging
|
21
|
+
SyslogFacility AUTH
|
22
|
+
LogLevel INFO
|
23
|
+
|
24
|
+
# Authentication:
|
25
|
+
LoginGraceTime 120
|
26
|
+
PermitRootLogin no
|
27
|
+
StrictModes yes
|
28
|
+
|
29
|
+
RSAAuthentication yes
|
30
|
+
PubkeyAuthentication yes
|
31
|
+
#AuthorizedKeysFile %h/.ssh/authorized_keys
|
32
|
+
|
33
|
+
# Don't read the user's ~/.rhosts and ~/.shosts files
|
34
|
+
IgnoreRhosts yes
|
35
|
+
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
36
|
+
RhostsRSAAuthentication no
|
37
|
+
# similar for protocol version 2
|
38
|
+
HostbasedAuthentication no
|
39
|
+
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
40
|
+
#IgnoreUserKnownHosts yes
|
41
|
+
|
42
|
+
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
43
|
+
PermitEmptyPasswords no
|
44
|
+
|
45
|
+
# Change to yes to enable challenge-response passwords (beware issues with
|
46
|
+
# some PAM modules and threads)
|
47
|
+
ChallengeResponseAuthentication no
|
48
|
+
|
49
|
+
# Change to no to disable tunnelled clear text passwords
|
50
|
+
#PasswordAuthentication yes
|
51
|
+
|
52
|
+
# Kerberos options
|
53
|
+
#KerberosAuthentication no
|
54
|
+
#KerberosGetAFSToken no
|
55
|
+
#KerberosOrLocalPasswd yes
|
56
|
+
#KerberosTicketCleanup yes
|
57
|
+
|
58
|
+
# GSSAPI options
|
59
|
+
#GSSAPIAuthentication no
|
60
|
+
#GSSAPICleanupCredentials yes
|
61
|
+
|
62
|
+
X11Forwarding no
|
63
|
+
X11DisplayOffset 10
|
64
|
+
PrintMotd no
|
65
|
+
PrintLastLog yes
|
66
|
+
TCPKeepAlive yes
|
67
|
+
#UseLogin no
|
68
|
+
|
69
|
+
#MaxStartups 10:30:60
|
70
|
+
#Banner /etc/issue.net
|
71
|
+
|
72
|
+
# Allow client to pass locale environment variables
|
73
|
+
AcceptEnv LANG LC_*
|
74
|
+
|
75
|
+
Subsystem sftp /usr/lib/openssh/sftp-server
|
76
|
+
|
77
|
+
UsePAM no
|
78
|
+
UseDNS no
|
@@ -0,0 +1,10 @@
|
|
1
|
+
---
|
2
|
+
user: <%= user %>
|
3
|
+
group: <%= user %>
|
4
|
+
log_file: <%= deploy_to %>/shared/log/mongrel.log
|
5
|
+
cwd: <%= deploy_to %>/current
|
6
|
+
port: <%= mongrel_port %>
|
7
|
+
environment: production
|
8
|
+
pid_file: <%= deploy_to %>/shared/pids/mongrel.pid
|
9
|
+
address: 127.0.0.1
|
10
|
+
servers: <%= mongrels %>
|
@@ -0,0 +1,177 @@
|
|
1
|
+
<% if mongrels > 1 %>
|
2
|
+
upstream mongrel_<%= application %>_<%= stage %> {
|
3
|
+
<% mongrels.times do |x| %>
|
4
|
+
server 127.0.0.1:<%= mongrel_port + x %>;
|
5
|
+
<% end %>
|
6
|
+
}
|
7
|
+
<% end %>
|
8
|
+
|
9
|
+
server {
|
10
|
+
listen 80;
|
11
|
+
|
12
|
+
# Set the max size for file uploads to 50Mb
|
13
|
+
client_max_body_size 50M;
|
14
|
+
|
15
|
+
# sets the domain[s] that this vhost server requests for
|
16
|
+
server_name <%= domains.join ' ' %>;
|
17
|
+
|
18
|
+
# doc root
|
19
|
+
root <%= deploy_to %>/current/public;
|
20
|
+
|
21
|
+
# vhost specific access log
|
22
|
+
access_log <%= deploy_to %>/shared/log/nginx.log main;
|
23
|
+
|
24
|
+
# this rewrites all the requests to the maintenance.html
|
25
|
+
# page if it exists in the doc root. This is for capistrano's
|
26
|
+
# disable web task
|
27
|
+
if (-f $document_root/system/maintenance.html) {
|
28
|
+
rewrite ^(.*)$ /system/maintenance.html last;
|
29
|
+
break;
|
30
|
+
}
|
31
|
+
|
32
|
+
location / {
|
33
|
+
<% if auth_user %>
|
34
|
+
auth_basic "Restricted";
|
35
|
+
auth_basic_user_file <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
|
36
|
+
<% end %>
|
37
|
+
|
38
|
+
# needed to forward user's IP address to rails
|
39
|
+
proxy_set_header X-Real-IP $remote_addr;
|
40
|
+
|
41
|
+
# needed for HTTPS
|
42
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
43
|
+
proxy_set_header Host $http_host;
|
44
|
+
proxy_redirect false;
|
45
|
+
proxy_max_temp_file_size 0;
|
46
|
+
|
47
|
+
# If the file exists as a static file serve it directly without
|
48
|
+
# running all the other rewite tests on it
|
49
|
+
if (-f $request_filename) {
|
50
|
+
break;
|
51
|
+
}
|
52
|
+
|
53
|
+
# check for index.html for directory index
|
54
|
+
# if its there on the filesystem then rewite
|
55
|
+
# the url to add /index.html to the end of it
|
56
|
+
# and then break to send it to the next config rules.
|
57
|
+
if (-f $request_filename/index.html) {
|
58
|
+
rewrite (.*) $1/index.html break;
|
59
|
+
}
|
60
|
+
|
61
|
+
# this is the meat of the rails page caching config
|
62
|
+
# it adds .html to the end of the url and then checks
|
63
|
+
# the filesystem for that file. If it exists, then we
|
64
|
+
# rewite the url to have explicit .html on the end
|
65
|
+
# and then send it on its way to the next config rule.
|
66
|
+
# if there is no file on the fs then it sets all the
|
67
|
+
# necessary headers and proxies to our upstream mongrels
|
68
|
+
if (-f $request_filename.html) {
|
69
|
+
rewrite (.*) $1.html break;
|
70
|
+
}
|
71
|
+
|
72
|
+
if (!-f $request_filename) {
|
73
|
+
# Use other cluster name here if you are running multiple
|
74
|
+
# virtual hosts.
|
75
|
+
<% if mongrels == 1 %>
|
76
|
+
proxy_pass http://127.0.0.1:<%= mongrel_port %>;
|
77
|
+
<% else %>
|
78
|
+
proxy_pass http://mongrel_<%= application %>_<%= stage %>;
|
79
|
+
<% end %>
|
80
|
+
break;
|
81
|
+
}
|
82
|
+
}
|
83
|
+
|
84
|
+
error_page 500 502 503 504 /500.html;
|
85
|
+
location = /500.html {
|
86
|
+
root <%= deploy_to %>/current/public;
|
87
|
+
}
|
88
|
+
}
|
89
|
+
|
90
|
+
<% if ssl_cert %>
|
91
|
+
server {
|
92
|
+
# port to listen on. Can also be set to an IP:PORT
|
93
|
+
listen 443;
|
94
|
+
|
95
|
+
ssl on;
|
96
|
+
ssl_certificate <%= deploy_to %>/current/cert/cert;
|
97
|
+
ssl_certificate_key <%= deploy_to %>/current/cert/key;
|
98
|
+
|
99
|
+
# Set the max size for file uploads to 50Mb
|
100
|
+
client_max_body_size 50M;
|
101
|
+
|
102
|
+
# sets the domain[s] that this vhost server requests for
|
103
|
+
server_name <%= domains.join ' ' %>;
|
104
|
+
|
105
|
+
# doc root
|
106
|
+
root <%= deploy_to %>/current/public;
|
107
|
+
|
108
|
+
# vhost specific access log
|
109
|
+
access_log <%= deploy_to %>/shared/log/nginx.log main;
|
110
|
+
|
111
|
+
# this rewrites all the requests to the maintenance.html
|
112
|
+
# page if it exists in the doc root. This is for capistrano's
|
113
|
+
# disable web task
|
114
|
+
if (-f $document_root/system/maintenance.html) {
|
115
|
+
rewrite ^(.*)$ /system/maintenance.html last;
|
116
|
+
break;
|
117
|
+
}
|
118
|
+
|
119
|
+
location / {
|
120
|
+
<% if auth_user %>
|
121
|
+
auth_basic "Restricted";
|
122
|
+
auth_basic_user_file <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
|
123
|
+
<% end %>
|
124
|
+
|
125
|
+
# needed to forward user's IP address to rails
|
126
|
+
proxy_set_header X-Real-IP $remote_addr;
|
127
|
+
|
128
|
+
# needed for HTTPS
|
129
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
130
|
+
proxy_set_header X-FORWARDED_PROTO https;
|
131
|
+
proxy_set_header Host $http_host;
|
132
|
+
proxy_redirect false;
|
133
|
+
proxy_max_temp_file_size 0;
|
134
|
+
|
135
|
+
# If the file exists as a static file serve it directly without
|
136
|
+
# running all the other rewite tests on it
|
137
|
+
if (-f $request_filename) {
|
138
|
+
break;
|
139
|
+
}
|
140
|
+
|
141
|
+
# check for index.html for directory index
|
142
|
+
# if its there on the filesystem then rewite
|
143
|
+
# the url to add /index.html to the end of it
|
144
|
+
# and then break to send it to the next config rules.
|
145
|
+
if (-f $request_filename/index.html) {
|
146
|
+
rewrite (.*) $1/index.html break;
|
147
|
+
}
|
148
|
+
|
149
|
+
# this is the meat of the rails page caching config
|
150
|
+
# it adds .html to the end of the url and then checks
|
151
|
+
# the filesystem for that file. If it exists, then we
|
152
|
+
# rewite the url to have explicit .html on the end
|
153
|
+
# and then send it on its way to the next config rule.
|
154
|
+
# if there is no file on the fs then it sets all the
|
155
|
+
# necessary headers and proxies to our upstream mongrels
|
156
|
+
if (-f $request_filename.html) {
|
157
|
+
rewrite (.*) $1.html break;
|
158
|
+
}
|
159
|
+
|
160
|
+
if (!-f $request_filename) {
|
161
|
+
# Use other cluster name here if you are running multiple
|
162
|
+
# virtual hosts.
|
163
|
+
<% if mongrels == 1 %>
|
164
|
+
proxy_pass http://127.0.0.1:<%= mongrel_port %>;
|
165
|
+
<% else %>
|
166
|
+
proxy_pass http://mongrel_<%= application %>_<%= stage %>;
|
167
|
+
<% end %>
|
168
|
+
break;
|
169
|
+
}
|
170
|
+
}
|
171
|
+
|
172
|
+
error_page 500 502 503 504 /500.html;
|
173
|
+
location = /500.html {
|
174
|
+
root <%= deploy_to %>/current/public;
|
175
|
+
}
|
176
|
+
}
|
177
|
+
<% end %>
|
@@ -0,0 +1,12 @@
|
|
1
|
+
<% mongrels.times do |x| %>
|
2
|
+
check process mongrel_<%= application %>_<%= mongrel_port + x %> with pidfile <%= deploy_to %>/shared/pids/mongrel.<%= mongrel_port + x %>.pid
|
3
|
+
group mongrel
|
4
|
+
start program = "mongrel_rails cluster::start -C <%= "#{mongrel_etc_dir}/#{application}_#{stage}.yml" %> --clean --only <%= mongrel_port + x %>"
|
5
|
+
stop program = "mongrel_rails cluster::stop -C <%= "#{mongrel_etc_dir}/#{application}_#{stage}.yml" %> --clean --only <%= mongrel_port + x %>"
|
6
|
+
if failed host 127.0.0.1 port <%= mongrel_port + x %> protocol http with timeout 10 seconds then restart
|
7
|
+
if totalmem is greater than 110.0 MB for 4 cycles then restart # eating up memory?
|
8
|
+
if cpu is greater than 50% for 2 cycles then alert # send an email to admin
|
9
|
+
if cpu is greater than 80% for 3 cycles then restart # hung process?
|
10
|
+
if loadavg(5min) greater than 10 for 8 cycles then restart # bad, bad, bad
|
11
|
+
if 20 restarts within 20 cycles then timeout # something is wrong, call the sys-admin
|
12
|
+
<% end %>
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# Defaults for monit initscript
|
2
|
+
# sourced by /etc/init.d/monit
|
3
|
+
# installed at /etc/default/monit by maintainer scripts
|
4
|
+
# Fredrik Steen <stone@debian.org>
|
5
|
+
|
6
|
+
# You must set this variable to for monit to start
|
7
|
+
startup=1
|
8
|
+
|
9
|
+
# To change the intervals which monit should run uncomment
|
10
|
+
# and change this variable.
|
11
|
+
# CHECK_INTERVALS=180
|
@@ -0,0 +1,32 @@
|
|
1
|
+
set daemon 60
|
2
|
+
set logfile /var/log/monit.log
|
3
|
+
set mailserver localhost
|
4
|
+
set mail-format { from: <%= monit_from %> }
|
5
|
+
set alert <%= monit_to %>
|
6
|
+
set httpd port <%= monit_port %> and allow <%= monit_auth_user %>:<%= monit_auth_pass %>
|
7
|
+
|
8
|
+
check process sshd with pidfile /var/run/sshd.pid
|
9
|
+
start program "/etc/init.d/ssh start"
|
10
|
+
stop program "/etc/init.d/ssh stop"
|
11
|
+
if failed port <%= ssh_port %> protocol ssh then restart
|
12
|
+
if 5 restarts within 5 cycles then timeout
|
13
|
+
|
14
|
+
check process mysql with pidfile /var/run/mysqld/mysqld.pid
|
15
|
+
group database
|
16
|
+
start program = "/etc/init.d/mysql start"
|
17
|
+
stop program = "/etc/init.d/mysql stop"
|
18
|
+
if failed host 127.0.0.1 port 3306 then restart
|
19
|
+
if 5 restarts within 5 cycles then timeout
|
20
|
+
|
21
|
+
check process nginx with pidfile /usr/local/nginx/logs/nginx.pid
|
22
|
+
group www
|
23
|
+
start program = "/etc/init.d/nginx start"
|
24
|
+
stop program = "/etc/init.d/nginx stop"
|
25
|
+
if 5 restarts with 5 cycles then timeout
|
26
|
+
|
27
|
+
check process spawn-fcgi with pidfile /var/run/spawn-fcgi.pid
|
28
|
+
group php
|
29
|
+
start program = "/etc/init.d/init-fastcgi start"
|
30
|
+
stop program = "/etc/init.d/init-fastcgi stop"
|
31
|
+
if failed host 127.0.0.1 port 9000 then restart
|
32
|
+
if 5 restarts within 5 cycles then timeout
|
@@ -0,0 +1,26 @@
|
|
1
|
+
upstream monit_httpd {
|
2
|
+
server 127.0.0.1:<%= monit_port %>;
|
3
|
+
}
|
4
|
+
|
5
|
+
server {
|
6
|
+
listen 80;
|
7
|
+
|
8
|
+
# sets the domain[s] that this vhost server requests for
|
9
|
+
server_name <%= monit_domain %>;
|
10
|
+
|
11
|
+
# vhost specific access log
|
12
|
+
access_log /var/log/monit.nginx.log main;
|
13
|
+
|
14
|
+
location / {
|
15
|
+
# needed to forward user's IP address
|
16
|
+
proxy_set_header X-Real-IP $remote_addr;
|
17
|
+
|
18
|
+
# needed for HTTPS
|
19
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
20
|
+
proxy_set_header Host $http_host;
|
21
|
+
proxy_redirect false;
|
22
|
+
proxy_max_temp_file_size 0;
|
23
|
+
|
24
|
+
proxy_pass http://monit_httpd;
|
25
|
+
}
|
26
|
+
}
|