ebeigarts/Gemfile

## deploy.rb
# ...

after "deploy:update_code", "deploy:symlink_sockets"

namespace :deploy do
  task :start, :roles => :app do
    run "cd #{current_path} && BUNDLE_GEMFILE=#{current_path}/Gemfile bundle exec unicorn_rails -c config/unicorn.rb -E #{rails_env} -D"
  end

  task :stop,  :roles => :app do
    run "kill -s QUIT `cat #{shared_path}/pids/unicorn.pid`"
  end

  task :restart, :roles => :app do
    run "kill -s USR2 `cat #{shared_path}/pids/unicorn.pid`"
  end

  task :symlink_sockets, :roles => :app do
    run "mkdir -p #{shared_path}/sockets"
    run "rm -rf #{latest_release}/tmp/sockets"
    run "ln -nfs #{shared_path}/sockets #{latest_release}/tmp/sockets"
  end
end

## Gemfile
# ...

gem 'unicorn'

## nginx_full_with_ssl.conf
# you generally only need one nginx worker unless you're serving
# large amounts of static files which require blocking disk reads
worker_processes 1;
user nginx;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

events {
  worker_connections 1024; # increase if you have lots of clients
  accept_mutex off; # "on" if nginx worker_processes > 1
  use epoll; # enable for Linux 2.6+
}

http {
  access_log /var/log/nginx/access.log combined;

  sendfile on;

  tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
  tcp_nodelay off; # on may be better for some Comet/long-poll stuff

  types {
    # Text
    text/html                             html htm;
    text/css                              css;
    text/xml                              xml rss;
    application/x-javascript              js;
    application/atom+xml                  atom;

    # Images
    image/png                             png;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    image/x-icon                          ico;

    # Documents
    application/zip                       zip;
    application/x-rar-compressed          rar;
    application/pdf                       pdf;
    application/msword                    doc;
    application/vnd.ms-excel              xls;
    application/vnd.ms-powerpoint         ppt;

    # Fonts
    application/vnd.ms-fontobject         eot;
    application/x-font-woff               woff;
  }

  gzip on;
  gzip_http_version 1.0;
  gzip_proxied any;
  gzip_min_length 500;
  gzip_disable "MSIE [1-6]\.";
  gzip_types text/plain text/html text/xml text/css text/comma-separated-values text/javascript application/x-javascript application/atom+xml;

  upstream app_server {
    # fail_timeout=0 means we always retry an upstream even if it failed
    # to return a good HTTP response (in case the Unicorn master nukes a
    # single worker for timing out).
    server unix:/var/www/myapp/production/current/tmp/sockets/unicorn.sock fail_timeout=0;
  }

  server {
    listen 80;
    rewrite ^(.*) https://$host$1 permanent;
  }

  server {
    listen 443;

    client_max_body_size 128M;

    # ~2 seconds is often enough for most folks to parse HTML/CSS and
    # retrieve needed images/icons/frames, connections are cheap in
    # nginx so increasing this is generally safe...
    keepalive_timeout 5;

    # SSL
    ssl                  on;
    ssl_certificate      /etc/ssl/certs/server.crt;
    ssl_certificate_key  /etc/ssl/private/server.key;

    # path for static files
    root /var/www/myapp/production/current/public;

    location / {
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      proxy_redirect off;

      # serve static files directly
      if (-f $request_filename) {
        expires max;
        break;
      }

      if (!-f $request_filename) {
        proxy_pass http://app_server;
        break;
      }
    }

    # Rails error pages
    error_page 500 502 503 504 /500.html;
    location = /500.html {
      root /var/www/myapp/production/current/public;
    }
  }
}

## nginx_simple.conf
upstream myapp_production_server {
  # fail_timeout=0 means we always retry an upstream even if it failed
  # to return a good HTTP response (in case the Unicorn master nukes a
  # single worker for timing out).
  server unix:/var/www/myapp/production/current/tmp/sockets/unicorn.sock fail_timeout=0;
}

server {
  listen 80;
  server_name myapp.com;

  root /var/www/myapp/production/current/public;

  # ~2 seconds is often enough for most folks to parse HTML/CSS and
  # retrieve needed images/icons/frames, connections are cheap in
  # nginx so increasing this is generally safe...
  keepalive_timeout 5;

  client_max_body_size 64m;

  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    # serve static files directly
    if (-f $request_filename) {
      expires max;
      break;
    }

    if (!-f $request_filename) {
      proxy_pass http://myapp_production_server;
      break;
    }
  }

  # Rails error pages
  error_page 500 502 503 504 /500.html;
  location = /500.html {
    root /var/www/myapp/production/current/public;
  }
}

## sprinkle.rb
package :nginx do
  description "Nginx Web Server"

  requires :epel

  yum "nginx"
  runner "/sbin/chkconfig nginx on"

  verify do
    has_rpm "nginx"
    has_executable "/usr/sbin/nginx"
  end
end

package :nginx_conf do
  requires :nginx, :ssl_cert, :ssl_key

  src_file = File.join(File.dirname(__FILE__), '..', 'nginx.conf')
  dst_file = "/etc/nginx/nginx.conf"

  transfer src_file, "/tmp/nginx.conf"
  runner "mv -f /tmp/nginx.conf #{dst_file}"
  runner "chown root:root #{dst_file}"
  runner "chmod 644 #{dst_file}"
  runner "/etc/init.d/nginx restart"

  verify do
    has_file dst_file
    matches_local src_file, dst_file
    has_process "nginx"
  end
end

package :ssl_cert do
  src_file = File.join(File.dirname(__FILE__), '..', 'certs', "#{ENV['RAILS_ENV']}.crt")
  dst_file = "/etc/ssl/certs/server.crt"

  transfer src_file, "/tmp/server.crt"
  runner "mv -f /tmp/server.crt #{dst_file}"
  runner "chown root:root #{dst_file}"
  runner "chmod 644 #{dst_file}"

  verify do
    has_file dst_file
    matches_local src_file, dst_file
  end
end

package :ssl_key do
  src_file = File.join(File.dirname(__FILE__), '..', 'certs', "#{ENV['RAILS_ENV']}.key")
  dst_file = "/etc/ssl/private/server.key"

  runner "mkdir -p /etc/ssl/private"
  runner "chmod 700 /etc/ssl/private"

  transfer src_file, "/tmp/server.key"
  runner "mv -f /tmp/server.key #{dst_file}"
  runner "chown root:root #{dst_file}"
  runner "chmod 600 #{dst_file}"

  verify do
    has_file dst_file
    matches_local src_file, dst_file
  end
end

package :epel do
  description "Extra Packages for Enterprise Linux"

  rpm "http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm"

  verify do
    has_rpm "epel"
  end
end

## unicorn.rb
# bundle exec unicorn_rails -c config/unicorn.rb -E production -D

# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete
# documentation.

rails_env = ENV['RAILS_ENV'] || 'production'

case rails_env
when 'production'
  base_path = '/var/www/myapp/production'
  worker_processes 2
else
  base_path = '/var/www/myapp/demo'
  worker_processes 2
end

# Help ensure your application will always spawn in the symlinked
# "current" directory that Capistrano sets up.
working_directory "#{base_path}/current"

# Load rails into the master before forking workers
# for super-fast worker spawn times
preload_app false

# Restart any workers that haven't responded in 60 seconds
timeout 60

# Listen on a Unix data socket
listen "#{base_path}/shared/sockets/unicorn.sock"

# feel free to point this anywhere accessible on the filesystem
pid "#{base_path}/shared/pids/unicorn.pid"

# By default, the Unicorn logger will write to stderr.
# Additionally, ome applications/frameworks log to stderr or stdout,
# so prevent them from going to /dev/null when daemonized here:
stderr_path "#{base_path}/shared/log/unicorn.stderr.log"
stdout_path "#{base_path}/shared/log/unicorn.stdout.log"

before_fork do |server, worker|
  # This allows a new master process to incrementally
  # phase out the old master process with SIGTTOU to avoid a
  # thundering herd (especially in the "preload_app false" case)
  # when doing a transparent upgrade.  The last worker spawned
  # will then kill off the old master process with a SIGQUIT.
  old_pid = "#{server.config[:pid]}.oldbin"
  if old_pid != server.pid
    begin
      sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
      Process.kill(sig, File.read(old_pid).to_i)
    rescue Errno::ENOENT, Errno::ESRCH
      # someone else did our job for us
    end
  end
end

# after_fork do |server, worker|
#   # per-process listener ports for debugging/admin/migrations
#   addr = "127.0.0.1:#{9200 + worker.nr}"
#   server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
# end
	# ...

	after "deploy:update_code", "deploy:symlink_sockets"

	namespace :deploy do
	task :start, :roles => :app do
	run "cd #{current_path} && BUNDLE_GEMFILE=#{current_path}/Gemfile bundle exec unicorn_rails -c config/unicorn.rb -E #{rails_env} -D"
	end

	task :stop, :roles => :app do
	run "kill -s QUIT `cat #{shared_path}/pids/unicorn.pid`"
	end

	task :restart, :roles => :app do
	run "kill -s USR2 `cat #{shared_path}/pids/unicorn.pid`"
	end

	task :symlink_sockets, :roles => :app do
	run "mkdir -p #{shared_path}/sockets"
	run "rm -rf #{latest_release}/tmp/sockets"
	run "ln -nfs #{shared_path}/sockets #{latest_release}/tmp/sockets"
	end
	end
	# you generally only need one nginx worker unless you're serving
	# large amounts of static files which require blocking disk reads
	worker_processes 1;
	user nginx;

	error_log /var/log/nginx/error.log;
	pid /var/run/nginx.pid;

	events {
	worker_connections 1024; # increase if you have lots of clients
	accept_mutex off; # "on" if nginx worker_processes > 1
	use epoll; # enable for Linux 2.6+
	}

	http {
	access_log /var/log/nginx/access.log combined;

	sendfile on;

	tcp_nopush on; # off may be better for some Comet/long-poll stuff
	tcp_nodelay off; # on may be better for some Comet/long-poll stuff

	types {
	# Text
	text/html html htm;
	text/css css;
	text/xml xml rss;
	application/x-javascript js;
	application/atom+xml atom;

	# Images
	image/png png;
	image/gif gif;
	image/jpeg jpeg jpg;
	image/x-icon ico;

	# Documents
	application/zip zip;
	application/x-rar-compressed rar;
	application/pdf pdf;
	application/msword doc;
	application/vnd.ms-excel xls;
	application/vnd.ms-powerpoint ppt;

	# Fonts
	application/vnd.ms-fontobject eot;
	application/x-font-woff woff;
	}

	gzip on;
	gzip_http_version 1.0;
	gzip_proxied any;
	gzip_min_length 500;
	gzip_disable "MSIE [1-6]\.";
	gzip_types text/plain text/html text/xml text/css text/comma-separated-values text/javascript application/x-javascript application/atom+xml;

	upstream app_server {
	# fail_timeout=0 means we always retry an upstream even if it failed
	# to return a good HTTP response (in case the Unicorn master nukes a
	# single worker for timing out).
	server unix:/var/www/myapp/production/current/tmp/sockets/unicorn.sock fail_timeout=0;
	}

	server {
	listen 80;
	rewrite ^(.*) https://$host$1 permanent;
	}

	server {
	listen 443;

	client_max_body_size 128M;

	# ~2 seconds is often enough for most folks to parse HTML/CSS and
	# retrieve needed images/icons/frames, connections are cheap in
	# nginx so increasing this is generally safe...
	keepalive_timeout 5;

	# SSL
	ssl on;
	ssl_certificate /etc/ssl/certs/server.crt;
	ssl_certificate_key /etc/ssl/private/server.key;

	# path for static files
	root /var/www/myapp/production/current/public;

	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $http_host;
	proxy_redirect off;

	# serve static files directly
	if (-f $request_filename) {
	expires max;
	break;
	}

	if (!-f $request_filename) {
	proxy_pass http://app_server;
	break;
	}
	}

	# Rails error pages
	error_page 500 502 503 504 /500.html;
	location = /500.html {
	root /var/www/myapp/production/current/public;
	}
	}
	}
	upstream myapp_production_server {
	# fail_timeout=0 means we always retry an upstream even if it failed
	# to return a good HTTP response (in case the Unicorn master nukes a
	# single worker for timing out).
	server unix:/var/www/myapp/production/current/tmp/sockets/unicorn.sock fail_timeout=0;
	}

	server {
	listen 80;
	server_name myapp.com;

	root /var/www/myapp/production/current/public;

	# ~2 seconds is often enough for most folks to parse HTML/CSS and
	# retrieve needed images/icons/frames, connections are cheap in
	# nginx so increasing this is generally safe...
	keepalive_timeout 5;

	client_max_body_size 64m;

	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Host $http_host;
	proxy_redirect off;

	# serve static files directly
	if (-f $request_filename) {
	expires max;
	break;
	}

	if (!-f $request_filename) {
	proxy_pass http://myapp_production_server;
	break;
	}
	}

	# Rails error pages
	error_page 500 502 503 504 /500.html;
	location = /500.html {
	root /var/www/myapp/production/current/public;
	}
	}
	package :nginx do
	description "Nginx Web Server"

	requires :epel

	yum "nginx"
	runner "/sbin/chkconfig nginx on"

	verify do
	has_rpm "nginx"
	has_executable "/usr/sbin/nginx"
	end
	end

	package :nginx_conf do
	requires :nginx, :ssl_cert, :ssl_key

	src_file = File.join(File.dirname(__FILE__), '..', 'nginx.conf')
	dst_file = "/etc/nginx/nginx.conf"

	transfer src_file, "/tmp/nginx.conf"
	runner "mv -f /tmp/nginx.conf #{dst_file}"
	runner "chown root:root #{dst_file}"
	runner "chmod 644 #{dst_file}"
	runner "/etc/init.d/nginx restart"

	verify do
	has_file dst_file
	matches_local src_file, dst_file
	has_process "nginx"
	end
	end

	package :ssl_cert do
	src_file = File.join(File.dirname(__FILE__), '..', 'certs', "#{ENV['RAILS_ENV']}.crt")
	dst_file = "/etc/ssl/certs/server.crt"

	transfer src_file, "/tmp/server.crt"
	runner "mv -f /tmp/server.crt #{dst_file}"
	runner "chown root:root #{dst_file}"
	runner "chmod 644 #{dst_file}"

	verify do
	has_file dst_file
	matches_local src_file, dst_file
	end
	end

	package :ssl_key do
	src_file = File.join(File.dirname(__FILE__), '..', 'certs', "#{ENV['RAILS_ENV']}.key")
	dst_file = "/etc/ssl/private/server.key"

	runner "mkdir -p /etc/ssl/private"
	runner "chmod 700 /etc/ssl/private"

	transfer src_file, "/tmp/server.key"
	runner "mv -f /tmp/server.key #{dst_file}"
	runner "chown root:root #{dst_file}"
	runner "chmod 600 #{dst_file}"

	verify do
	has_file dst_file
	matches_local src_file, dst_file
	end
	end

	package :epel do
	description "Extra Packages for Enterprise Linux"

	rpm "http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm"

	verify do
	has_rpm "epel"
	end
	end
	# bundle exec unicorn_rails -c config/unicorn.rb -E production -D

	# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete
	# documentation.

	rails_env = ENV['RAILS_ENV'] \|\| 'production'

	case rails_env
	when 'production'
	base_path = '/var/www/myapp/production'
	worker_processes 2
	else
	base_path = '/var/www/myapp/demo'
	worker_processes 2
	end

	# Help ensure your application will always spawn in the symlinked
	# "current" directory that Capistrano sets up.
	working_directory "#{base_path}/current"

	# Load rails into the master before forking workers
	# for super-fast worker spawn times
	preload_app false

	# Restart any workers that haven't responded in 60 seconds
	timeout 60

	# Listen on a Unix data socket
	listen "#{base_path}/shared/sockets/unicorn.sock"

	# feel free to point this anywhere accessible on the filesystem
	pid "#{base_path}/shared/pids/unicorn.pid"

	# By default, the Unicorn logger will write to stderr.
	# Additionally, ome applications/frameworks log to stderr or stdout,
	# so prevent them from going to /dev/null when daemonized here:
	stderr_path "#{base_path}/shared/log/unicorn.stderr.log"
	stdout_path "#{base_path}/shared/log/unicorn.stdout.log"

	before_fork do \|server, worker\|
	# This allows a new master process to incrementally
	# phase out the old master process with SIGTTOU to avoid a
	# thundering herd (especially in the "preload_app false" case)
	# when doing a transparent upgrade. The last worker spawned
	# will then kill off the old master process with a SIGQUIT.
	old_pid = "#{server.config[:pid]}.oldbin"
	if old_pid != server.pid
	begin
	sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
	Process.kill(sig, File.read(old_pid).to_i)
	rescue Errno::ENOENT, Errno::ESRCH
	# someone else did our job for us
	end
	end
	end

	# after_fork do \|server, worker\|
	# # per-process listener ports for debugging/admin/migrations
	# addr = "127.0.0.1:#{9200 + worker.nr}"
	# server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
	# end