winton-cookbook 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- metadata +1 -41
- data/config/debian/bash_profile.erb +0 -9
- data/config/debian/iptables.rules.erb +0 -47
- data/config/debian/locale.gen.erb +0 -1
- data/config/debian/sshd_config.erb +0 -78
- data/config/log/rotate.conf.erb +0 -9
- data/config/mongrel/mongrel.yml.erb +0 -10
- data/config/mongrel/nginx.vhost.erb +0 -177
- data/config/monit/mongrel.erb +0 -12
- data/config/monit/monit.erb +0 -11
- data/config/monit/monitrc.erb +0 -32
- data/config/monit/nginx.vhost.erb +0 -26
- data/config/mysql/my.cnf.erb +0 -137
- data/config/nginx/nginx.conf.erb +0 -30
- data/config/nginx/nginx.erb +0 -57
- data/config/php/init-fastcgi.erb +0 -26
- data/config/php/nginx.vhost.erb +0 -27
- data/config/php/php-fastcgi.erb +0 -2
- data/config/rails/database.yml.erb +0 -13
- data/cookbook.rb +0 -66
- data/cookbook_helpers.rb +0 -119
- data/recipes/debian.rb +0 -200
- data/recipes/deploy.rb +0 -50
- data/recipes/gems.rb +0 -77
- data/recipes/log.rb +0 -47
- data/recipes/mongrel.rb +0 -48
- data/recipes/monit.rb +0 -47
- data/recipes/mysql.rb +0 -106
- data/recipes/nginx.rb +0 -79
- data/recipes/php.rb +0 -17
- data/recipes/rails.rb +0 -65
- data/recipes/ssh.rb +0 -64
- data/recipes/stage.rb +0 -34
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: winton-cookbook
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Winton Welsh
|
@@ -22,49 +22,9 @@ extensions: []
|
|
22
22
|
extra_rdoc_files: []
|
23
23
|
|
24
24
|
files:
|
25
|
-
- config/log
|
26
|
-
- config/log/rotate.conf.erb
|
27
|
-
- config/php
|
28
|
-
- config/php/php-fastcgi.erb
|
29
|
-
- config/php/init-fastcgi.erb
|
30
|
-
- config/php/nginx.vhost.erb
|
31
|
-
- config/monit
|
32
|
-
- config/monit/nginx.vhost.erb
|
33
|
-
- config/monit/monitrc.erb
|
34
|
-
- config/monit/mongrel.erb
|
35
|
-
- config/monit/monit.erb
|
36
|
-
- config/nginx
|
37
|
-
- config/nginx/nginx.erb
|
38
|
-
- config/nginx/nginx.conf.erb
|
39
|
-
- config/mysql
|
40
|
-
- config/mysql/my.cnf.erb
|
41
|
-
- config/rails
|
42
|
-
- config/rails/database.yml.erb
|
43
|
-
- config/debian
|
44
|
-
- config/debian/sshd_config.erb
|
45
|
-
- config/debian/iptables.rules.erb
|
46
|
-
- config/debian/bash_profile.erb
|
47
|
-
- config/debian/locale.gen.erb
|
48
|
-
- config/mongrel
|
49
|
-
- config/mongrel/nginx.vhost.erb
|
50
|
-
- config/mongrel/mongrel.yml.erb
|
51
|
-
- cookbook.rb
|
52
|
-
- cookbook_helpers.rb
|
53
25
|
- deploy.rb.example
|
54
26
|
- MIT-LICENSE
|
55
27
|
- README.markdown
|
56
|
-
- recipes/debian.rb
|
57
|
-
- recipes/mongrel.rb
|
58
|
-
- recipes/deploy.rb
|
59
|
-
- recipes/rails.rb
|
60
|
-
- recipes/monit.rb
|
61
|
-
- recipes/gems.rb
|
62
|
-
- recipes/log.rb
|
63
|
-
- recipes/php.rb
|
64
|
-
- recipes/ssh.rb
|
65
|
-
- recipes/stage.rb
|
66
|
-
- recipes/nginx.rb
|
67
|
-
- recipes/mysql.rb
|
68
28
|
has_rdoc: false
|
69
29
|
homepage: http://github.com/winton/cookbook
|
70
30
|
post_install_message:
|
@@ -1,9 +0,0 @@
|
|
1
|
-
export PS1='\e[01;30m\h \e[33m\u \e[01;34m\w\e[00m: '
|
2
|
-
|
3
|
-
alias free="free -m"
|
4
|
-
|
5
|
-
alias aptitude="sudo aptitude"
|
6
|
-
alias update="sudo aptitude update"
|
7
|
-
alias upgrade="sudo aptitude upgrade"
|
8
|
-
alias install="sudo aptitude install"
|
9
|
-
alias remove="sudo aptitude remove"
|
@@ -1,47 +0,0 @@
|
|
1
|
-
*filter
|
2
|
-
|
3
|
-
|
4
|
-
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
|
5
|
-
-A INPUT -i lo -j ACCEPT
|
6
|
-
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
|
7
|
-
|
8
|
-
|
9
|
-
# Accepts all established inbound connections
|
10
|
-
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
11
|
-
|
12
|
-
|
13
|
-
# Allows all outbound traffic
|
14
|
-
# You can modify this to only allow certain traffic
|
15
|
-
-A OUTPUT -j ACCEPT
|
16
|
-
|
17
|
-
|
18
|
-
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
|
19
|
-
-A INPUT -p tcp --dport 80 -j ACCEPT
|
20
|
-
-A INPUT -p tcp --dport 443 -j ACCEPT
|
21
|
-
|
22
|
-
|
23
|
-
# Allows IMAP
|
24
|
-
-A INPUT -p tcp --dport 143 -j ACCEPT
|
25
|
-
|
26
|
-
|
27
|
-
# Allows SSH connections
|
28
|
-
#
|
29
|
-
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
|
30
|
-
#
|
31
|
-
-A INPUT -p tcp -m state --state NEW --dport <%= ssh_port %> -j ACCEPT
|
32
|
-
|
33
|
-
|
34
|
-
# Allow ping
|
35
|
-
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
|
36
|
-
|
37
|
-
|
38
|
-
# log iptables denied calls
|
39
|
-
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
|
40
|
-
|
41
|
-
|
42
|
-
# Reject all other inbound - default deny unless explicitly allowed policy
|
43
|
-
-A INPUT -j REJECT
|
44
|
-
-A FORWARD -j REJECT
|
45
|
-
|
46
|
-
COMMIT
|
47
|
-
# There MUST be a new line after this line!
|
@@ -1 +0,0 @@
|
|
1
|
-
en_US.UTF-8 UTF-8
|
@@ -1,78 +0,0 @@
|
|
1
|
-
# Package generated configuration file
|
2
|
-
# See the sshd(8) manpage for details
|
3
|
-
|
4
|
-
# What ports, IPs and protocols we listen for
|
5
|
-
Port <%= ssh_port %>
|
6
|
-
# Use these options to restrict which interfaces/protocols sshd will bind to
|
7
|
-
#ListenAddress ::
|
8
|
-
#ListenAddress 0.0.0.0
|
9
|
-
Protocol 2
|
10
|
-
# HostKeys for protocol version 2
|
11
|
-
HostKey /etc/ssh/ssh_host_rsa_key
|
12
|
-
HostKey /etc/ssh/ssh_host_dsa_key
|
13
|
-
#Privilege Separation is turned on for security
|
14
|
-
UsePrivilegeSeparation yes
|
15
|
-
|
16
|
-
# Lifetime and size of ephemeral version 1 server key
|
17
|
-
KeyRegenerationInterval 3600
|
18
|
-
ServerKeyBits 768
|
19
|
-
|
20
|
-
# Logging
|
21
|
-
SyslogFacility AUTH
|
22
|
-
LogLevel INFO
|
23
|
-
|
24
|
-
# Authentication:
|
25
|
-
LoginGraceTime 120
|
26
|
-
PermitRootLogin no
|
27
|
-
StrictModes yes
|
28
|
-
|
29
|
-
RSAAuthentication yes
|
30
|
-
PubkeyAuthentication yes
|
31
|
-
#AuthorizedKeysFile %h/.ssh/authorized_keys
|
32
|
-
|
33
|
-
# Don't read the user's ~/.rhosts and ~/.shosts files
|
34
|
-
IgnoreRhosts yes
|
35
|
-
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
36
|
-
RhostsRSAAuthentication no
|
37
|
-
# similar for protocol version 2
|
38
|
-
HostbasedAuthentication no
|
39
|
-
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
40
|
-
#IgnoreUserKnownHosts yes
|
41
|
-
|
42
|
-
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
43
|
-
PermitEmptyPasswords no
|
44
|
-
|
45
|
-
# Change to yes to enable challenge-response passwords (beware issues with
|
46
|
-
# some PAM modules and threads)
|
47
|
-
ChallengeResponseAuthentication no
|
48
|
-
|
49
|
-
# Change to no to disable tunnelled clear text passwords
|
50
|
-
#PasswordAuthentication yes
|
51
|
-
|
52
|
-
# Kerberos options
|
53
|
-
#KerberosAuthentication no
|
54
|
-
#KerberosGetAFSToken no
|
55
|
-
#KerberosOrLocalPasswd yes
|
56
|
-
#KerberosTicketCleanup yes
|
57
|
-
|
58
|
-
# GSSAPI options
|
59
|
-
#GSSAPIAuthentication no
|
60
|
-
#GSSAPICleanupCredentials yes
|
61
|
-
|
62
|
-
X11Forwarding no
|
63
|
-
X11DisplayOffset 10
|
64
|
-
PrintMotd no
|
65
|
-
PrintLastLog yes
|
66
|
-
TCPKeepAlive yes
|
67
|
-
#UseLogin no
|
68
|
-
|
69
|
-
#MaxStartups 10:30:60
|
70
|
-
#Banner /etc/issue.net
|
71
|
-
|
72
|
-
# Allow client to pass locale environment variables
|
73
|
-
AcceptEnv LANG LC_*
|
74
|
-
|
75
|
-
Subsystem sftp /usr/lib/openssh/sftp-server
|
76
|
-
|
77
|
-
UsePAM no
|
78
|
-
UseDNS no
|
data/config/log/rotate.conf.erb
DELETED
@@ -1,10 +0,0 @@
|
|
1
|
-
---
|
2
|
-
user: <%= user %>
|
3
|
-
group: <%= user %>
|
4
|
-
log_file: <%= deploy_to %>/shared/log/mongrel.log
|
5
|
-
cwd: <%= deploy_to %>/current
|
6
|
-
port: <%= mongrel_port %>
|
7
|
-
environment: production
|
8
|
-
pid_file: <%= deploy_to %>/shared/pids/mongrel.pid
|
9
|
-
address: 127.0.0.1
|
10
|
-
servers: <%= mongrels %>
|
@@ -1,177 +0,0 @@
|
|
1
|
-
<% if mongrels > 1 %>
|
2
|
-
upstream mongrel_<%= application %>_<%= stage %> {
|
3
|
-
<% mongrels.times do |x| %>
|
4
|
-
server 127.0.0.1:<%= mongrel_port + x %>;
|
5
|
-
<% end %>
|
6
|
-
}
|
7
|
-
<% end %>
|
8
|
-
|
9
|
-
server {
|
10
|
-
listen 80;
|
11
|
-
|
12
|
-
# Set the max size for file uploads to 50Mb
|
13
|
-
client_max_body_size 50M;
|
14
|
-
|
15
|
-
# sets the domain[s] that this vhost server requests for
|
16
|
-
server_name <%= domains.join ' ' %>;
|
17
|
-
|
18
|
-
# doc root
|
19
|
-
root <%= deploy_to %>/current/public;
|
20
|
-
|
21
|
-
# vhost specific access log
|
22
|
-
access_log <%= deploy_to %>/shared/log/nginx.log main;
|
23
|
-
|
24
|
-
# this rewrites all the requests to the maintenance.html
|
25
|
-
# page if it exists in the doc root. This is for capistrano's
|
26
|
-
# disable web task
|
27
|
-
if (-f $document_root/system/maintenance.html) {
|
28
|
-
rewrite ^(.*)$ /system/maintenance.html last;
|
29
|
-
break;
|
30
|
-
}
|
31
|
-
|
32
|
-
location / {
|
33
|
-
<% if auth_user %>
|
34
|
-
auth_basic "Restricted";
|
35
|
-
auth_basic_user_file <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
|
36
|
-
<% end %>
|
37
|
-
|
38
|
-
# needed to forward user's IP address to rails
|
39
|
-
proxy_set_header X-Real-IP $remote_addr;
|
40
|
-
|
41
|
-
# needed for HTTPS
|
42
|
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
43
|
-
proxy_set_header Host $http_host;
|
44
|
-
proxy_redirect false;
|
45
|
-
proxy_max_temp_file_size 0;
|
46
|
-
|
47
|
-
# If the file exists as a static file serve it directly without
|
48
|
-
# running all the other rewite tests on it
|
49
|
-
if (-f $request_filename) {
|
50
|
-
break;
|
51
|
-
}
|
52
|
-
|
53
|
-
# check for index.html for directory index
|
54
|
-
# if its there on the filesystem then rewite
|
55
|
-
# the url to add /index.html to the end of it
|
56
|
-
# and then break to send it to the next config rules.
|
57
|
-
if (-f $request_filename/index.html) {
|
58
|
-
rewrite (.*) $1/index.html break;
|
59
|
-
}
|
60
|
-
|
61
|
-
# this is the meat of the rails page caching config
|
62
|
-
# it adds .html to the end of the url and then checks
|
63
|
-
# the filesystem for that file. If it exists, then we
|
64
|
-
# rewite the url to have explicit .html on the end
|
65
|
-
# and then send it on its way to the next config rule.
|
66
|
-
# if there is no file on the fs then it sets all the
|
67
|
-
# necessary headers and proxies to our upstream mongrels
|
68
|
-
if (-f $request_filename.html) {
|
69
|
-
rewrite (.*) $1.html break;
|
70
|
-
}
|
71
|
-
|
72
|
-
if (!-f $request_filename) {
|
73
|
-
# Use other cluster name here if you are running multiple
|
74
|
-
# virtual hosts.
|
75
|
-
<% if mongrels == 1 %>
|
76
|
-
proxy_pass http://127.0.0.1:<%= mongrel_port %>;
|
77
|
-
<% else %>
|
78
|
-
proxy_pass http://mongrel_<%= application %>_<%= stage %>;
|
79
|
-
<% end %>
|
80
|
-
break;
|
81
|
-
}
|
82
|
-
}
|
83
|
-
|
84
|
-
error_page 500 502 503 504 /500.html;
|
85
|
-
location = /500.html {
|
86
|
-
root <%= deploy_to %>/current/public;
|
87
|
-
}
|
88
|
-
}
|
89
|
-
|
90
|
-
<% if ssl_cert %>
|
91
|
-
server {
|
92
|
-
# port to listen on. Can also be set to an IP:PORT
|
93
|
-
listen 443;
|
94
|
-
|
95
|
-
ssl on;
|
96
|
-
ssl_certificate <%= deploy_to %>/current/cert/cert;
|
97
|
-
ssl_certificate_key <%= deploy_to %>/current/cert/key;
|
98
|
-
|
99
|
-
# Set the max size for file uploads to 50Mb
|
100
|
-
client_max_body_size 50M;
|
101
|
-
|
102
|
-
# sets the domain[s] that this vhost server requests for
|
103
|
-
server_name <%= domains.join ' ' %>;
|
104
|
-
|
105
|
-
# doc root
|
106
|
-
root <%= deploy_to %>/current/public;
|
107
|
-
|
108
|
-
# vhost specific access log
|
109
|
-
access_log <%= deploy_to %>/shared/log/nginx.log main;
|
110
|
-
|
111
|
-
# this rewrites all the requests to the maintenance.html
|
112
|
-
# page if it exists in the doc root. This is for capistrano's
|
113
|
-
# disable web task
|
114
|
-
if (-f $document_root/system/maintenance.html) {
|
115
|
-
rewrite ^(.*)$ /system/maintenance.html last;
|
116
|
-
break;
|
117
|
-
}
|
118
|
-
|
119
|
-
location / {
|
120
|
-
<% if auth_user %>
|
121
|
-
auth_basic "Restricted";
|
122
|
-
auth_basic_user_file <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
|
123
|
-
<% end %>
|
124
|
-
|
125
|
-
# needed to forward user's IP address to rails
|
126
|
-
proxy_set_header X-Real-IP $remote_addr;
|
127
|
-
|
128
|
-
# needed for HTTPS
|
129
|
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
130
|
-
proxy_set_header X-FORWARDED_PROTO https;
|
131
|
-
proxy_set_header Host $http_host;
|
132
|
-
proxy_redirect false;
|
133
|
-
proxy_max_temp_file_size 0;
|
134
|
-
|
135
|
-
# If the file exists as a static file serve it directly without
|
136
|
-
# running all the other rewite tests on it
|
137
|
-
if (-f $request_filename) {
|
138
|
-
break;
|
139
|
-
}
|
140
|
-
|
141
|
-
# check for index.html for directory index
|
142
|
-
# if its there on the filesystem then rewite
|
143
|
-
# the url to add /index.html to the end of it
|
144
|
-
# and then break to send it to the next config rules.
|
145
|
-
if (-f $request_filename/index.html) {
|
146
|
-
rewrite (.*) $1/index.html break;
|
147
|
-
}
|
148
|
-
|
149
|
-
# this is the meat of the rails page caching config
|
150
|
-
# it adds .html to the end of the url and then checks
|
151
|
-
# the filesystem for that file. If it exists, then we
|
152
|
-
# rewite the url to have explicit .html on the end
|
153
|
-
# and then send it on its way to the next config rule.
|
154
|
-
# if there is no file on the fs then it sets all the
|
155
|
-
# necessary headers and proxies to our upstream mongrels
|
156
|
-
if (-f $request_filename.html) {
|
157
|
-
rewrite (.*) $1.html break;
|
158
|
-
}
|
159
|
-
|
160
|
-
if (!-f $request_filename) {
|
161
|
-
# Use other cluster name here if you are running multiple
|
162
|
-
# virtual hosts.
|
163
|
-
<% if mongrels == 1 %>
|
164
|
-
proxy_pass http://127.0.0.1:<%= mongrel_port %>;
|
165
|
-
<% else %>
|
166
|
-
proxy_pass http://mongrel_<%= application %>_<%= stage %>;
|
167
|
-
<% end %>
|
168
|
-
break;
|
169
|
-
}
|
170
|
-
}
|
171
|
-
|
172
|
-
error_page 500 502 503 504 /500.html;
|
173
|
-
location = /500.html {
|
174
|
-
root <%= deploy_to %>/current/public;
|
175
|
-
}
|
176
|
-
}
|
177
|
-
<% end %>
|
data/config/monit/mongrel.erb
DELETED
@@ -1,12 +0,0 @@
|
|
1
|
-
<% mongrels.times do |x| %>
|
2
|
-
check process mongrel_<%= application %>_<%= mongrel_port + x %> with pidfile <%= deploy_to %>/shared/pids/mongrel.<%= mongrel_port + x %>.pid
|
3
|
-
group mongrel
|
4
|
-
start program = "mongrel_rails cluster::start -C <%= "#{mongrel_etc_dir}/#{application}_#{stage}.yml" %> --clean --only <%= mongrel_port + x %>"
|
5
|
-
stop program = "mongrel_rails cluster::stop -C <%= "#{mongrel_etc_dir}/#{application}_#{stage}.yml" %> --clean --only <%= mongrel_port + x %>"
|
6
|
-
if failed host 127.0.0.1 port <%= mongrel_port + x %> protocol http with timeout 10 seconds then restart
|
7
|
-
if totalmem is greater than 110.0 MB for 4 cycles then restart # eating up memory?
|
8
|
-
if cpu is greater than 50% for 2 cycles then alert # send an email to admin
|
9
|
-
if cpu is greater than 80% for 3 cycles then restart # hung process?
|
10
|
-
if loadavg(5min) greater than 10 for 8 cycles then restart # bad, bad, bad
|
11
|
-
if 20 restarts within 20 cycles then timeout # something is wrong, call the sys-admin
|
12
|
-
<% end %>
|
data/config/monit/monit.erb
DELETED
@@ -1,11 +0,0 @@
|
|
1
|
-
# Defaults for monit initscript
|
2
|
-
# sourced by /etc/init.d/monit
|
3
|
-
# installed at /etc/default/monit by maintainer scripts
|
4
|
-
# Fredrik Steen <stone@debian.org>
|
5
|
-
|
6
|
-
# You must set this variable to for monit to start
|
7
|
-
startup=1
|
8
|
-
|
9
|
-
# To change the intervals which monit should run uncomment
|
10
|
-
# and change this variable.
|
11
|
-
# CHECK_INTERVALS=180
|
data/config/monit/monitrc.erb
DELETED
@@ -1,32 +0,0 @@
|
|
1
|
-
set daemon 60
|
2
|
-
set logfile /var/log/monit.log
|
3
|
-
set mailserver localhost
|
4
|
-
set mail-format { from: <%= monit_from %> }
|
5
|
-
set alert <%= monit_to %>
|
6
|
-
set httpd port <%= monit_port %> and allow <%= monit_auth_user %>:<%= monit_auth_pass %>
|
7
|
-
|
8
|
-
check process sshd with pidfile /var/run/sshd.pid
|
9
|
-
start program "/etc/init.d/ssh start"
|
10
|
-
stop program "/etc/init.d/ssh stop"
|
11
|
-
if failed port <%= ssh_port %> protocol ssh then restart
|
12
|
-
if 5 restarts within 5 cycles then timeout
|
13
|
-
|
14
|
-
check process mysql with pidfile /var/run/mysqld/mysqld.pid
|
15
|
-
group database
|
16
|
-
start program = "/etc/init.d/mysql start"
|
17
|
-
stop program = "/etc/init.d/mysql stop"
|
18
|
-
if failed host 127.0.0.1 port 3306 then restart
|
19
|
-
if 5 restarts within 5 cycles then timeout
|
20
|
-
|
21
|
-
check process nginx with pidfile /usr/local/nginx/logs/nginx.pid
|
22
|
-
group www
|
23
|
-
start program = "/etc/init.d/nginx start"
|
24
|
-
stop program = "/etc/init.d/nginx stop"
|
25
|
-
if 5 restarts with 5 cycles then timeout
|
26
|
-
|
27
|
-
check process spawn-fcgi with pidfile /var/run/spawn-fcgi.pid
|
28
|
-
group php
|
29
|
-
start program = "/etc/init.d/init-fastcgi start"
|
30
|
-
stop program = "/etc/init.d/init-fastcgi stop"
|
31
|
-
if failed host 127.0.0.1 port 9000 then restart
|
32
|
-
if 5 restarts within 5 cycles then timeout
|
@@ -1,26 +0,0 @@
|
|
1
|
-
upstream monit_httpd {
|
2
|
-
server 127.0.0.1:<%= monit_port %>;
|
3
|
-
}
|
4
|
-
|
5
|
-
server {
|
6
|
-
listen 80;
|
7
|
-
|
8
|
-
# sets the domain[s] that this vhost server requests for
|
9
|
-
server_name <%= monit_domain %>;
|
10
|
-
|
11
|
-
# vhost specific access log
|
12
|
-
access_log /var/log/monit.nginx.log main;
|
13
|
-
|
14
|
-
location / {
|
15
|
-
# needed to forward user's IP address
|
16
|
-
proxy_set_header X-Real-IP $remote_addr;
|
17
|
-
|
18
|
-
# needed for HTTPS
|
19
|
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
20
|
-
proxy_set_header Host $http_host;
|
21
|
-
proxy_redirect false;
|
22
|
-
proxy_max_temp_file_size 0;
|
23
|
-
|
24
|
-
proxy_pass http://monit_httpd;
|
25
|
-
}
|
26
|
-
}
|
data/config/mysql/my.cnf.erb
DELETED
@@ -1,137 +0,0 @@
|
|
1
|
-
#
|
2
|
-
# The MySQL database server configuration file.
|
3
|
-
#
|
4
|
-
# You can copy this to one of:
|
5
|
-
# - "/etc/mysql/my.cnf" to set global options,
|
6
|
-
# - "~/.my.cnf" to set user-specific options.
|
7
|
-
#
|
8
|
-
# One can use all long options that the program supports.
|
9
|
-
# Run program with --help to get a list of available options and with
|
10
|
-
# --print-defaults to see which it would actually understand and use.
|
11
|
-
#
|
12
|
-
# For explanations see
|
13
|
-
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
|
14
|
-
|
15
|
-
# This will be passed to all mysql clients
|
16
|
-
# It has been reported that passwords should be enclosed with ticks/quotes
|
17
|
-
# escpecially if they contain "#" chars...
|
18
|
-
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
|
19
|
-
[client]
|
20
|
-
port = 3306
|
21
|
-
socket = /var/run/mysqld/mysqld.sock
|
22
|
-
|
23
|
-
# Here is entries for some specific programs
|
24
|
-
# The following values assume you have at least 32M ram
|
25
|
-
|
26
|
-
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
|
27
|
-
[mysqld_safe]
|
28
|
-
socket = /var/run/mysqld/mysqld.sock
|
29
|
-
nice = 0
|
30
|
-
|
31
|
-
[mysqld]
|
32
|
-
#
|
33
|
-
# * Basic Settings
|
34
|
-
#
|
35
|
-
user = mysql
|
36
|
-
pid-file = /var/run/mysqld/mysqld.pid
|
37
|
-
socket = /var/run/mysqld/mysqld.sock
|
38
|
-
port = 3306
|
39
|
-
basedir = /usr
|
40
|
-
datadir = /var/lib/mysql
|
41
|
-
tmpdir = /tmp
|
42
|
-
language = /usr/share/mysql/english
|
43
|
-
skip-external-locking
|
44
|
-
#
|
45
|
-
# Instead of skip-networking the default is now to listen only on
|
46
|
-
# localhost which is more compatible and is not less secure.
|
47
|
-
bind-address = 127.0.0.1
|
48
|
-
#
|
49
|
-
# * Fine Tuning
|
50
|
-
#
|
51
|
-
key_buffer = 256M
|
52
|
-
max_allowed_packet = 16M
|
53
|
-
thread_stack = 128K
|
54
|
-
thread_cache_size = 8
|
55
|
-
max_connections = 500
|
56
|
-
table_cache = 1536
|
57
|
-
#thread_concurrency = 10
|
58
|
-
#
|
59
|
-
# * Query Cache Configuration
|
60
|
-
#
|
61
|
-
query_cache_limit = 1M
|
62
|
-
query_cache_size = 16M
|
63
|
-
#
|
64
|
-
# * Logging and Replication
|
65
|
-
#
|
66
|
-
# Both location gets rotated by the cronjob.
|
67
|
-
# Be aware that this log type is a performance killer.
|
68
|
-
#log = /var/log/mysql/mysql.log
|
69
|
-
#
|
70
|
-
# Error logging goes to syslog. This is a Debian improvement :)
|
71
|
-
#
|
72
|
-
# Here you can see queries with especially long duration
|
73
|
-
#log_slow_queries = /var/log/mysql/mysql-slow.log
|
74
|
-
#long_query_time = 2
|
75
|
-
#log-queries-not-using-indexes
|
76
|
-
#
|
77
|
-
# The following can be used as easy to replay backup logs or for replication.
|
78
|
-
#server-id = 1
|
79
|
-
log_bin = /var/log/mysql/mysql-bin.log
|
80
|
-
# WARNING: Using expire_logs_days without bin_log crashes the server! See README.Debian!
|
81
|
-
expire_logs_days = 10
|
82
|
-
max_binlog_size = 100M
|
83
|
-
#binlog_do_db = include_database_name
|
84
|
-
#binlog_ignore_db = include_database_name
|
85
|
-
#
|
86
|
-
# * BerkeleyDB
|
87
|
-
#
|
88
|
-
# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
|
89
|
-
skip-bdb
|
90
|
-
#
|
91
|
-
# * InnoDB
|
92
|
-
#
|
93
|
-
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
|
94
|
-
# Read the manual for more InnoDB related options. There are many!
|
95
|
-
# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
|
96
|
-
skip-innodb
|
97
|
-
#
|
98
|
-
# * Security Features
|
99
|
-
#
|
100
|
-
# Read the manual, too, if you want chroot!
|
101
|
-
# chroot = /var/lib/mysql/
|
102
|
-
#
|
103
|
-
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
|
104
|
-
#
|
105
|
-
# ssl-ca=/etc/mysql/cacert.pem
|
106
|
-
# ssl-cert=/etc/mysql/server-cert.pem
|
107
|
-
# ssl-key=/etc/mysql/server-key.pem
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
[mysqldump]
|
112
|
-
quick
|
113
|
-
quote-names
|
114
|
-
max_allowed_packet = 16M
|
115
|
-
|
116
|
-
[mysql]
|
117
|
-
#no-auto-rehash # faster start of mysql but no tab completition
|
118
|
-
|
119
|
-
[isamchk]
|
120
|
-
key_buffer = 16M
|
121
|
-
|
122
|
-
#
|
123
|
-
# * NDB Cluster
|
124
|
-
#
|
125
|
-
# See /usr/share/doc/mysql-server-*/README.Debian for more information.
|
126
|
-
#
|
127
|
-
# The following configuration is read by the NDB Data Nodes (ndbd processes)
|
128
|
-
# not from the NDB Management Nodes (ndb_mgmd processes).
|
129
|
-
#
|
130
|
-
# [MYSQL_CLUSTER]
|
131
|
-
# ndb-connectstring=127.0.0.1
|
132
|
-
|
133
|
-
|
134
|
-
#
|
135
|
-
# * IMPORTANT: Additional settings that can override those from this file!
|
136
|
-
#
|
137
|
-
!includedir /etc/mysql/conf.d/
|
data/config/nginx/nginx.conf.erb
DELETED
@@ -1,30 +0,0 @@
|
|
1
|
-
worker_processes 3;
|
2
|
-
|
3
|
-
events {
|
4
|
-
worker_connections 1024;
|
5
|
-
}
|
6
|
-
|
7
|
-
http {
|
8
|
-
default_type application/octet-stream;
|
9
|
-
|
10
|
-
sendfile on;
|
11
|
-
tcp_nopush on;
|
12
|
-
tcp_nodelay off;
|
13
|
-
|
14
|
-
keepalive_timeout 65;
|
15
|
-
|
16
|
-
gzip on;
|
17
|
-
gzip_http_version 1.0;
|
18
|
-
gzip_comp_level 2;
|
19
|
-
gzip_proxied any;
|
20
|
-
gzip_types text/plain text/html text/css application/x-javascript text/xml
|
21
|
-
application/xml application/xml+rss text/javascript;
|
22
|
-
|
23
|
-
log_format main '$remote_addr - $remote_user [$time_local] $request '
|
24
|
-
'"$status" $body_bytes_sent "$http_referer" '
|
25
|
-
'"$http_user_agent" "$http_x_forwarded_for"';
|
26
|
-
|
27
|
-
include mime.types;
|
28
|
-
include fastcgi_params;
|
29
|
-
include vhosts/*.conf;
|
30
|
-
}
|