1. Alan Stevens
  2. Nginx Vhost

Commits

Alan Stevens  committed 6425e26

renamed variables and simplified .skel folder

  • Participants
  • Parent commits 75af060
  • Branches default

Comments (0)

Files changed (13)

File .skel/backup/.empty

Empty file added.

File .skel/config/_common.conf

View file
+client_max_body_size 4G;
+
+## Wildcard is for accepting all requests to DOMAIN_NAME
+#server_name DOMAIN_NAME *.DOMAIN_NAME;
+server_name DOMAIN_NAME;
+
+## ~2 seconds is often enough for most folks to parse HTML/CSS and
+## retrieve needed images/icons/frames, connections are cheap in
+## nginx so increasing this is generally safe...
+keepalive_timeout 5;
+
+## path for static files
+root   WWW_ROOT/DOMAIN_NAME/current/public/;   # <--- be sure to point to 'public'!
+
+## Uncomment this line to serve rails with Passenger
+#passenger_enabled on;
+
+if ($request_method !~ ^(GET|HEAD|PUT|POST|PATCH|DELETE|OPTIONS)$ ){
+	return 405;
+}
+
+## Prefer to serve static files directly from nginx to avoid unnecessary
+## data copies from the application server.
+##
+## try_files directive appeared in in nginx 0.7.27 and has stabilized
+## over time.  Older versions of nginx (e.g. 0.6.x) requires
+## "if (!-f $request_filename)" which was less efficient:
+## http://bogomips.org/unicorn.git/tree/examples/nginx.conf?id=v3.3.1#n127
+try_files $uri/index.html $uri/index.htm $uri.html $uri @app;
+
+# Rails error pages
+error_page 500 502 503 504 /500.html;
+location = /500.html {
+  root /WWW_ROOT/DOMAIN_NAME/current/public/;
+}
+
+error_page 404              /404.html;
+location = /404.html {
+  root /WWW_ROOT/DOMAIN_NAME/current/public/;
+}
+
+error_page 422              /422.html;
+location = /422.html {
+  root /WWW_ROOT/DOMAIN_NAME/current/public/;
+}
+
+location @DOMAIN_NAME.app {
+  ## an HTTP header important enough to have its own Wikipedia entry:
+  ##   http://en.wikipedia.org/wiki/X-Forwarded-For
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+  ## enable this if and only if you use HTTPS, this helps Rack
+  ## set the proper protocol for doing redirects:
+  ## proxy_set_header X-Forwarded-Proto https;
+
+  ## pass the Host: header from the client right along so redirects
+  ## can be set properly within the Rack application
+  proxy_set_header Host $http_host;
+
+  ## we don't want nginx trying to do something clever with
+  ## redirects, we set the Host: header above already.
+  proxy_redirect off;
+
+  ## set "proxy_buffering off" *only* for Rainbows! when doing
+  ## Comet/long-poll/streaming.  It's also safe to set if you're using
+  ## only serving fast clients with Unicorn + nginx, but not slow
+  ## clients.  You normally want nginx to buffer responses to slow
+  ## clients, even with Rails 3.1 streaming because otherwise a slow
+  ## client can become a bottleneck of Unicorn.
+  ##
+  ## The Rack application may also set "X-Accel-Buffering (yes|no)"
+  ## in the response headers to disable/enable buffering on a
+  ## per-response basis.
+  # proxy_buffering off;
+
+  proxy_pass http://DOMAIN_NAME.app;
+}
+
+location ~ ^/(assets)/  {
+	gzip_static on;
+	expires     max;
+	add_header  Cache-Control public;
+}
+
+location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+  expires max;
+	add_header  Cache-Control public;
+}
+
+location = /favicon.ico {
+	expires    max;
+	add_header Cache-Control public;
+  access_log off;
+}
+
+## THIS IS RAILS!
+location ~ \.php$ {
+	deny  all;
+}
+
+## BLOCKS ACCESS TO . FILES (.svn, .htaccess, ...)
+location ~ /\. {
+   deny  all;
+}
+
+location = /robots.txt {
+   allow all;
+   log_not_found off;
+   access_log off;
+}
+
+## Very rarely should these ever be accessed outside of your lan
+location ~* \.(txt|log)$ {
+   allow 192.168.0.0/16;
+   deny all;
+}

File .skel/config/nginx.conf

View file
+## Uncomment to use nginx as a reverse proxy to a backend server like Unicorn
+## this can be any application server, not just Unicorn/Rainbows!
+#upstream DOMAIN_NAME.app {
+  ## fail_timeout=0 means we always retry an upstream even if it failed
+  ## to return a good HTTP response (in case the Unicorn master nukes a
+  ## single worker for timing out).
+  #server unix:WWW_ROOT/DOMAIN_NAME/config/DOMAIN.sock fail_timeout=0;
+#}
+
+## Redirects www.DOMAIN to DOMAIN
+server {
+  listen default_server 80;
+  listen 443 ssl;
+  server_name  www.DOMAIN_NAME;
+  rewrite ^/(.*) http://DOMAIN_NAME/$1 permanent;
+}
+
+server {
+  ## enable one of the following if you're on Linux or FreeBSD
+  listen 80 default deferred; # for Linux
+  # listen 80 default accept_filter=httpready; # for FreeBSD
+
+  ## If you have IPv6, you'll likely want to have two separate listeners.
+  ## One on IPv4 only (the default), and another on IPv6 only instead
+  ## of a single dual-stack listener.  A dual-stack listener will make
+  ## for ugly IPv4 addresses in $remote_addr (e.g ":ffff:10.0.0.1"
+  ## instead of just "10.0.0.1") and potentially trigger bugs in
+  ## some software.
+  # listen [::]:80 ipv6only=on deferred; # deferred or accept_filter recommended
+
+  access_log WWW_ROOT/DOMAIN_NAME/log/nginx.access.log;
+  error_log WWW_ROOT/DOMAIN_NAME/log/nginx.error.log warn;
+	#access_log  off;
+	#error_log off;
+  include WWW_ROOT/DOMAIN_NAME/config/_common.config;
+}
+
+## HTTPS is disabled by default, as an SSL cert is required
+#server {
+  #listen 443 deferred;
+  #listen [::]:443 ipv6only=on deferred; # deferred or accept_filter recommended
+
+  #ssl	on;
+  ## The ssl/ folder here would be relative to nginx config dir
+  #ssl_certificate     ssl/DOMAIN.pem;
+  #ssl_certificate_key ssl/DOMAIN.key;
+
+  #access_log WWW_ROOT/DOMAIN_NAME/log/access_ssl.log;
+  #error_log WWW_ROOT/DOMAIN_NAME/log/error_ssl.log warn;
+  #include WWW_ROOT/DOMAIN_NAME/config/_common.config;
+#}

File .skel/config/unicorn.rb

View file
+# Use at least one worker per core if you're on a dedicated server,
+# more will usually help for _short_ waits on databases/caches.
+worker_processes 4
+
+# Since Unicorn is never exposed to outside clients, it does not need to
+# run on the standard HTTP port (80), there is no reason to start Unicorn
+# as root unless it's from system init scripts.
+# If running the master process as root and the workers as an unprivileged
+# user, do this to switch euid/egid in the workers (also chowns logs):
+user www-data, www-data
+
+# Help ensure your application will always spawn in the symlinked
+# "current" directory that Capistrano sets up.
+#current = File.expand_path(File.join(File.dirname(__FILE__), '../current'))
+working_directory "WWW_ROOT/DOMAIN_NAME/current" # available in 0.94.0+
+
+# listen on both a Unix domain socket and a TCP port,
+# we use a shorter backlog for quicker failover when busy
+listen "WWW_ROOT/DOMAIN_NAME/config/DOMAIN_NAME.sock", :backlog => 64
+#listen 8080, :tcp_nopush => true
+
+# nuke workers after 30 seconds instead of 60 seconds (the default)
+timeout 30
+
+# feel free to point this anywhere accessible on the filesystem
+pid "WWW_ROOT/DOMAIN_NAME/tmp/pids/unicorn.pid"
+
+# By default, the Unicorn logger will write to stderr.
+# Additionally, ome applications/frameworks log to stderr or stdout,
+# so prevent them from going to /dev/null when daemonized here:
+stderr_path "WWW_ROOT/DOMAIN_NAME/log/unicorn.stderr.log"
+stdout_path "WWW_ROOT/DOMAIN_NAME/log/unicorn.stdout.log"
+
+# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
+# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
+preload_app true
+GC.respond_to?(:copy_on_write_friendly=) and
+  GC.copy_on_write_friendly = true
+
+before_fork do |server, worker|
+  # the following is highly recomended for Rails + "preload_app true"
+  # as there's no need for the master process to hold a connection
+  defined?(ActiveRecord::Base) and
+    ActiveRecord::Base.connection.disconnect!
+
+  # The following is only recommended for memory/DB-constrained
+  # installations.  It is not needed if your system can house
+  # twice as many worker_processes as you have configured.
+  #
+  # # This allows a new master process to incrementally
+  # # phase out the old master process with SIGTTOU to avoid a
+  # # thundering herd (especially in the "preload_app false" case)
+  # # when doing a transparent upgrade.  The last worker spawned
+  # # will then kill off the old master process with a SIGQUIT.
+  # old_pid = "#{server.config[:pid]}.oldbin"
+  # if old_pid != server.pid
+  #   begin
+  #     sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
+  #     Process.kill(sig, File.read(old_pid).to_i)
+  #   rescue Errno::ENOENT, Errno::ESRCH
+  #   end
+  # end
+  #
+  # Throttle the master from forking too quickly by sleeping.  Due
+  # to the implementation of standard Unix signal handlers, this
+  # helps (but does not completely) prevent identical, repeated signals
+  # from being lost when the receiving process is busy.
+  # sleep 1
+end
+
+after_fork do |server, worker|
+  # per-process listener ports for debugging/admin/migrations
+  # addr = "127.0.0.1:#{9293 + worker.nr}"
+  # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
+
+  # the following is *required* for Rails + "preload_app true",
+  defined?(ActiveRecord::Base) and
+    ActiveRecord::Base.establish_connection
+
+  # if preload_app is true, then you may also want to check and
+  # restart any other shared sockets/descriptors such as Memcached,
+  # and Redis.  TokyoCabinet file handles are safe to reuse
+  # between any number of forked children (assuming your kernel
+  # correctly implements pread()/pwrite() system calls)
+end

File .skel/log/.empty

Empty file added.

File .skel/site/.empty

Empty file added.

File .skel/vhost-default/backup/.empty

Empty file removed.

File .skel/vhost-default/config/_common.conf

-client_max_body_size 4G;
-
-## Wildcard is for accepting all requests to DOMAIN
-#server_name DOMAIN *.DOMAIN;
-server_name DOMAIN;
-
-## ~2 seconds is often enough for most folks to parse HTML/CSS and
-## retrieve needed images/icons/frames, connections are cheap in
-## nginx so increasing this is generally safe...
-keepalive_timeout 5;
-
-## path for static files
-root   VHOSTDIR/DOMAIN/site/public/;   # <--- be sure to point to 'public'!
-
-## Uncomment this line to serve rails with Passenger
-#passenger_enabled on;
-
-if ($request_method !~ ^(GET|HEAD|PUT|POST|PATCH|DELETE|OPTIONS)$ ){
-	return 405;
-}
-
-## Prefer to serve static files directly from nginx to avoid unnecessary
-## data copies from the application server.
-##
-## try_files directive appeared in in nginx 0.7.27 and has stabilized
-## over time.  Older versions of nginx (e.g. 0.6.x) requires
-## "if (!-f $request_filename)" which was less efficient:
-## http://bogomips.org/unicorn.git/tree/examples/nginx.conf?id=v3.3.1#n127
-try_files $$uri/index.html uri/index.htm $uri.html $uri @app;
-
-# Rails error pages
-error_page 500 502 503 504 /500.html;
-location = /500.html {
-  root /VHOSTDIR/DOMAIN/site/public/;
-}
-
-error_page 404              /404.html;
-location = /404.html {
-  root /VHOSTDIR/DOMAIN/site/public/;
-}
-
-error_page 422              /422.html;
-location = /422.html {
-  root /VHOSTDIR/DOMAIN/site/public/;
-}
-
-location @DOMAIN.app {
-  ## an HTTP header important enough to have its own Wikipedia entry:
-  ##   http://en.wikipedia.org/wiki/X-Forwarded-For
-  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-  ## enable this if and only if you use HTTPS, this helps Rack
-  ## set the proper protocol for doing redirects:
-  ## proxy_set_header X-Forwarded-Proto https;
-
-  ## pass the Host: header from the client right along so redirects
-  ## can be set properly within the Rack application
-  proxy_set_header Host $http_host;
-
-  ## we don't want nginx trying to do something clever with
-  ## redirects, we set the Host: header above already.
-  proxy_redirect off;
-
-  ## set "proxy_buffering off" *only* for Rainbows! when doing
-  ## Comet/long-poll/streaming.  It's also safe to set if you're using
-  ## only serving fast clients with Unicorn + nginx, but not slow
-  ## clients.  You normally want nginx to buffer responses to slow
-  ## clients, even with Rails 3.1 streaming because otherwise a slow
-  ## client can become a bottleneck of Unicorn.
-  ##
-  ## The Rack application may also set "X-Accel-Buffering (yes|no)"
-  ## in the response headers to disable/enable buffering on a
-  ## per-response basis.
-  # proxy_buffering off;
-
-  proxy_pass http://DOMAIN.app;
-}
-
-location ~ ^/(assets)/  {
-	gzip_static on;
-	expires     max;
-	add_header  Cache-Control public;
-}
-
-location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
-  expires max;
-	add_header  Cache-Control public;
-}
-
-location = /favicon.ico {
-	expires    max;
-	add_header Cache-Control public;
-  access_log off;
-}
-
-location ~ \.php$ {
-	deny  all;
-}
-
-## BLOCKS ACCESS TO . FILES (.svn, .htaccess, ...)
-location ~ /\. {
-   deny  all;
-}
-
-location = /robots.txt {
-   allow all;
-   log_not_found off;
-   access_log off;
-}
-
-## Very rarely should these ever be accessed outside of your lan
-location ~* \.(txt|log)$ {
-   allow 192.168.0.0/16;
-   deny all;
-}
-
-## Uncomment the appropriate config file below
-#include VHOSTDIR/DOMAIN/config/apps/drupal6.config;
-#include VHOSTDIR/DOMAIN/config/apps/yiiframework.config;

File .skel/vhost-default/config/nginx.conf

-## Uncomment to use nginx as a reverse proxy to a backend server like Unicorn
-## this can be any application server, not just Unicorn/Rainbows!
-#upstream DOMAIN.app {
-  ## fail_timeout=0 means we always retry an upstream even if it failed
-  ## to return a good HTTP response (in case the Unicorn master nukes a
-  ## single worker for timing out).
-  #server unix:VHOSTDIR/DOMAIN/config/DOMAIN.sock fail_timeout=0;
-#}
-
-## Redirects www.DOMAIN to DOMAIN
-server {
-  listen default_server 80;
-  listen 443 ssl;
-  server_name  www.DOMAIN;
-  rewrite ^/(.*) http://DOMAIN/$1 permanent;
-}
-
-server {
-  ## enable one of the following if you're on Linux or FreeBSD
-  listen 80 default deferred; # for Linux
-  # listen 80 default accept_filter=httpready; # for FreeBSD
-
-  ## If you have IPv6, you'll likely want to have two separate listeners.
-  ## One on IPv4 only (the default), and another on IPv6 only instead
-  ## of a single dual-stack listener.  A dual-stack listener will make
-  ## for ugly IPv4 addresses in $remote_addr (e.g ":ffff:10.0.0.1"
-  ## instead of just "10.0.0.1") and potentially trigger bugs in
-  ## some software.
-  # listen [::]:80 ipv6only=on deferred; # deferred or accept_filter recommended
-
-  access_log VHOSTDIR/DOMAIN/log/nginx.access.log;
-  error_log VHOSTDIR/DOMAIN/log/nginx.error.log warn;
-	#access_log  off;
-	#error_log off;
-  include VHOSTDIR/DOMAIN/config/_common.config;
-}
-
-## HTTPS is disabled by default, as an SSL cert is required
-#server {
-  #listen 443 deferred;
-  #listen [::]:443 ipv6only=on deferred; # deferred or accept_filter recommended
-
-  #ssl	on;
-  ## The ssl/ folder here would be relative to nginx config dir
-  #ssl_certificate     ssl/DOMAIN.pem;
-  #ssl_certificate_key ssl/DOMAIN.key;
-
-  #access_log VHOSTDIR/DOMAIN/log/access_ssl.log;
-  #error_log VHOSTDIR/DOMAIN/log/error_ssl.log warn;
-  #include VHOSTDIR/DOMAIN/config/_common.config;
-#}

File .skel/vhost-default/config/unicorn.rb

-# Use at least one worker per core if you're on a dedicated server,
-# more will usually help for _short_ waits on databases/caches.
-worker_processes 4
-
-# Since Unicorn is never exposed to outside clients, it does not need to
-# run on the standard HTTP port (80), there is no reason to start Unicorn
-# as root unless it's from system init scripts.
-# If running the master process as root and the workers as an unprivileged
-# user, do this to switch euid/egid in the workers (also chowns logs):
-user www-data, www-data
-
-# Help ensure your application will always spawn in the symlinked
-# "current" directory that Capistrano sets up.
-#current = File.expand_path(File.join(File.dirname(__FILE__), '../current'))
-working_directory "VHOSTDIR/DOMAIN/current" # available in 0.94.0+
-
-# listen on both a Unix domain socket and a TCP port,
-# we use a shorter backlog for quicker failover when busy
-listen "VHOSTDIR/DOMAIN/config/DOMAIN.sock", :backlog => 64
-#listen 8080, :tcp_nopush => true
-
-# nuke workers after 30 seconds instead of 60 seconds (the default)
-timeout 30
-
-# feel free to point this anywhere accessible on the filesystem
-pid "VHOSTDIR/DOMAIN/tmp/pids/unicorn.pid"
-
-# By default, the Unicorn logger will write to stderr.
-# Additionally, ome applications/frameworks log to stderr or stdout,
-# so prevent them from going to /dev/null when daemonized here:
-stderr_path "VHOSTDIR/DOMAIN/log/unicorn.stderr.log"
-stdout_path "VHOSTDIR/DOMAIN/log/unicorn.stdout.log"
-
-# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
-# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
-preload_app true
-GC.respond_to?(:copy_on_write_friendly=) and
-  GC.copy_on_write_friendly = true
-
-before_fork do |server, worker|
-  # the following is highly recomended for Rails + "preload_app true"
-  # as there's no need for the master process to hold a connection
-  defined?(ActiveRecord::Base) and
-    ActiveRecord::Base.connection.disconnect!
-
-  # The following is only recommended for memory/DB-constrained
-  # installations.  It is not needed if your system can house
-  # twice as many worker_processes as you have configured.
-  #
-  # # This allows a new master process to incrementally
-  # # phase out the old master process with SIGTTOU to avoid a
-  # # thundering herd (especially in the "preload_app false" case)
-  # # when doing a transparent upgrade.  The last worker spawned
-  # # will then kill off the old master process with a SIGQUIT.
-  # old_pid = "#{server.config[:pid]}.oldbin"
-  # if old_pid != server.pid
-  #   begin
-  #     sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
-  #     Process.kill(sig, File.read(old_pid).to_i)
-  #   rescue Errno::ENOENT, Errno::ESRCH
-  #   end
-  # end
-  #
-  # Throttle the master from forking too quickly by sleeping.  Due
-  # to the implementation of standard Unix signal handlers, this
-  # helps (but does not completely) prevent identical, repeated signals
-  # from being lost when the receiving process is busy.
-  # sleep 1
-end
-
-after_fork do |server, worker|
-  # per-process listener ports for debugging/admin/migrations
-  # addr = "127.0.0.1:#{9293 + worker.nr}"
-  # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
-
-  # the following is *required* for Rails + "preload_app true",
-  defined?(ActiveRecord::Base) and
-    ActiveRecord::Base.establish_connection
-
-  # if preload_app is true, then you may also want to check and
-  # restart any other shared sockets/descriptors such as Memcached,
-  # and Redis.  TokyoCabinet file handles are safe to reuse
-  # between any number of forked children (assuming your kernel
-  # correctly implements pread()/pwrite() system calls)
-end

File .skel/vhost-default/log/.empty

Empty file removed.

File .skel/vhost-default/site/.empty

Empty file removed.

File generate_vhost

View file
 #!/bin/bash
 set -e
-VHOSTDIR=$(dirname $0)
-VHOSTSKEL=$VHOSTDIR/.skel/vhost-default
+www_root=$(dirname $0)
+vhost_skel=$www_root/.skel
 
-VHOST=$1
+domain_name=$1
 
-if [ "$VHOST" = "" ] ; then
+if [ "$domain_name" = "" ] ; then
   echo -e "Specify the vhost domain name:"
-  read VHOST
+  read domain_name
 fi
 
-if [ "$VHOST" = "" ] ; then
+if [ "$domain_name" = "" ] ; then
 	echo "Invalid domain!"
 	exit 1;
 fi
 
-VHOSTPATH="$VHOSTDIR/$VHOST"
+vhost_path="$www_root/$domain_name"
 
-cp -Rf "$VHOSTSKEL/" "$VHOSTPATH"
-ack-grep -l VHOSTDIR $VHOSTPATH/config/* | xargs -t -n 1 sed -i -e "s@VHOSTDIR@$VHOSTDIR@g"
-ack-grep -l DOMAIN $VHOSTPATH/config/* | xargs -t -n 1 sed -i -e "s@DOMAIN@$VHOST@g"
+cp -Rf "$vhost_skel/" "$vhost_path"
 
-ln -sf $VHOSTPATH/site $VHOSTPATH/current
+ack-grep -l WWW_ROOT $vhost_path/config/* | xargs -t -n 1 sed -i -e "s@WWW_ROOT@$www_root@g"
+ack-grep -l DOMAIN_NAME $vhost_path/config/* | xargs -t -n 1 sed -i -e "s@DOMAIN_NAME@$domain_name@g"
 
-cat <<-File > /etc/init/$VHOST.conf
-description "$VHOST rails application"
+ln -sf $vhost_path/site $vhost_path/current
+
+unicorn_bin=`which unicorn`
+
+sudo cat <<-File > /etc/init/$domain_name.conf
+description "$domain_name rails application"
 
 start on runlevel [2]
 stop on runlevel [016]
 
 console owner
 
-exec /usr/local/rvm/bin/r192_unicorn -c $VHOSTPATH/config/unicorn.rb
+exec $unicorn_bin -c $vhost_path/config/unicorn.rb
 
 respawn
 File
 
-echo "Skeleton copied to \"$VHOSTPATH\""
+echo "Skeleton copied to \"$vhost_path\""