Created
January 5, 2012 10:42
-
-
Save ebeigarts/1564674 to your computer and use it in GitHub Desktop.
Capistrano + Unicorn conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ... | |
after "deploy:update_code", "deploy:symlink_sockets" | |
namespace :deploy do | |
task :start, :roles => :app do | |
run "cd #{current_path} && BUNDLE_GEMFILE=#{current_path}/Gemfile bundle exec unicorn_rails -c config/unicorn.rb -E #{rails_env} -D" | |
end | |
task :stop, :roles => :app do | |
run "kill -s QUIT `cat #{shared_path}/pids/unicorn.pid`" | |
end | |
task :restart, :roles => :app do | |
run "kill -s USR2 `cat #{shared_path}/pids/unicorn.pid`" | |
end | |
task :symlink_sockets, :roles => :app do | |
run "mkdir -p #{shared_path}/sockets" | |
run "rm -rf #{latest_release}/tmp/sockets" | |
run "ln -nfs #{shared_path}/sockets #{latest_release}/tmp/sockets" | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ... | |
gem 'unicorn' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# you generally only need one nginx worker unless you're serving | |
# large amounts of static files which require blocking disk reads | |
worker_processes 1; | |
user nginx; | |
error_log /var/log/nginx/error.log; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 1024; # increase if you have lots of clients | |
accept_mutex off; # "on" if nginx worker_processes > 1 | |
use epoll; # enable for Linux 2.6+ | |
} | |
http { | |
access_log /var/log/nginx/access.log combined; | |
sendfile on; | |
tcp_nopush on; # off may be better for *some* Comet/long-poll stuff | |
tcp_nodelay off; # on may be better for some Comet/long-poll stuff | |
types { | |
# Text | |
text/html html htm; | |
text/css css; | |
text/xml xml rss; | |
application/x-javascript js; | |
application/atom+xml atom; | |
# Images | |
image/png png; | |
image/gif gif; | |
image/jpeg jpeg jpg; | |
image/x-icon ico; | |
# Documents | |
application/zip zip; | |
application/x-rar-compressed rar; | |
application/pdf pdf; | |
application/msword doc; | |
application/vnd.ms-excel xls; | |
application/vnd.ms-powerpoint ppt; | |
# Fonts | |
application/vnd.ms-fontobject eot; | |
application/x-font-woff woff; | |
} | |
gzip on; | |
gzip_http_version 1.0; | |
gzip_proxied any; | |
gzip_min_length 500; | |
gzip_disable "MSIE [1-6]\."; | |
gzip_types text/plain text/html text/xml text/css text/comma-separated-values text/javascript application/x-javascript application/atom+xml; | |
upstream app_server { | |
# fail_timeout=0 means we always retry an upstream even if it failed | |
# to return a good HTTP response (in case the Unicorn master nukes a | |
# single worker for timing out). | |
server unix:/var/www/myapp/production/current/tmp/sockets/unicorn.sock fail_timeout=0; | |
} | |
server { | |
listen 80; | |
rewrite ^(.*) https://$host$1 permanent; | |
} | |
server { | |
listen 443; | |
client_max_body_size 128M; | |
# ~2 seconds is often enough for most folks to parse HTML/CSS and | |
# retrieve needed images/icons/frames, connections are cheap in | |
# nginx so increasing this is generally safe... | |
keepalive_timeout 5; | |
# SSL | |
ssl on; | |
ssl_certificate /etc/ssl/certs/server.crt; | |
ssl_certificate_key /etc/ssl/private/server.key; | |
# path for static files | |
root /var/www/myapp/production/current/public; | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header Host $http_host; | |
proxy_redirect off; | |
# serve static files directly | |
if (-f $request_filename) { | |
expires max; | |
break; | |
} | |
if (!-f $request_filename) { | |
proxy_pass http://app_server; | |
break; | |
} | |
} | |
# Rails error pages | |
error_page 500 502 503 504 /500.html; | |
location = /500.html { | |
root /var/www/myapp/production/current/public; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
upstream myapp_production_server { | |
# fail_timeout=0 means we always retry an upstream even if it failed | |
# to return a good HTTP response (in case the Unicorn master nukes a | |
# single worker for timing out). | |
server unix:/var/www/myapp/production/current/tmp/sockets/unicorn.sock fail_timeout=0; | |
} | |
server { | |
listen 80; | |
server_name myapp.com; | |
root /var/www/myapp/production/current/public; | |
# ~2 seconds is often enough for most folks to parse HTML/CSS and | |
# retrieve needed images/icons/frames, connections are cheap in | |
# nginx so increasing this is generally safe... | |
keepalive_timeout 5; | |
client_max_body_size 64m; | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header Host $http_host; | |
proxy_redirect off; | |
# serve static files directly | |
if (-f $request_filename) { | |
expires max; | |
break; | |
} | |
if (!-f $request_filename) { | |
proxy_pass http://myapp_production_server; | |
break; | |
} | |
} | |
# Rails error pages | |
error_page 500 502 503 504 /500.html; | |
location = /500.html { | |
root /var/www/myapp/production/current/public; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package :nginx do | |
description "Nginx Web Server" | |
requires :epel | |
yum "nginx" | |
runner "/sbin/chkconfig nginx on" | |
verify do | |
has_rpm "nginx" | |
has_executable "/usr/sbin/nginx" | |
end | |
end | |
package :nginx_conf do | |
requires :nginx, :ssl_cert, :ssl_key | |
src_file = File.join(File.dirname(__FILE__), '..', 'nginx.conf') | |
dst_file = "/etc/nginx/nginx.conf" | |
transfer src_file, "/tmp/nginx.conf" | |
runner "mv -f /tmp/nginx.conf #{dst_file}" | |
runner "chown root:root #{dst_file}" | |
runner "chmod 644 #{dst_file}" | |
runner "/etc/init.d/nginx restart" | |
verify do | |
has_file dst_file | |
matches_local src_file, dst_file | |
has_process "nginx" | |
end | |
end | |
package :ssl_cert do | |
src_file = File.join(File.dirname(__FILE__), '..', 'certs', "#{ENV['RAILS_ENV']}.crt") | |
dst_file = "/etc/ssl/certs/server.crt" | |
transfer src_file, "/tmp/server.crt" | |
runner "mv -f /tmp/server.crt #{dst_file}" | |
runner "chown root:root #{dst_file}" | |
runner "chmod 644 #{dst_file}" | |
verify do | |
has_file dst_file | |
matches_local src_file, dst_file | |
end | |
end | |
package :ssl_key do | |
src_file = File.join(File.dirname(__FILE__), '..', 'certs', "#{ENV['RAILS_ENV']}.key") | |
dst_file = "/etc/ssl/private/server.key" | |
runner "mkdir -p /etc/ssl/private" | |
runner "chmod 700 /etc/ssl/private" | |
transfer src_file, "/tmp/server.key" | |
runner "mv -f /tmp/server.key #{dst_file}" | |
runner "chown root:root #{dst_file}" | |
runner "chmod 600 #{dst_file}" | |
verify do | |
has_file dst_file | |
matches_local src_file, dst_file | |
end | |
end | |
package :epel do | |
description "Extra Packages for Enterprise Linux" | |
rpm "http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm" | |
verify do | |
has_rpm "epel" | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# bundle exec unicorn_rails -c config/unicorn.rb -E production -D | |
# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete | |
# documentation. | |
rails_env = ENV['RAILS_ENV'] || 'production' | |
case rails_env | |
when 'production' | |
base_path = '/var/www/myapp/production' | |
worker_processes 2 | |
else | |
base_path = '/var/www/myapp/demo' | |
worker_processes 2 | |
end | |
# Help ensure your application will always spawn in the symlinked | |
# "current" directory that Capistrano sets up. | |
working_directory "#{base_path}/current" | |
# Load rails into the master before forking workers | |
# for super-fast worker spawn times | |
preload_app false | |
# Restart any workers that haven't responded in 60 seconds | |
timeout 60 | |
# Listen on a Unix data socket | |
listen "#{base_path}/shared/sockets/unicorn.sock" | |
# feel free to point this anywhere accessible on the filesystem | |
pid "#{base_path}/shared/pids/unicorn.pid" | |
# By default, the Unicorn logger will write to stderr. | |
# Additionally, ome applications/frameworks log to stderr or stdout, | |
# so prevent them from going to /dev/null when daemonized here: | |
stderr_path "#{base_path}/shared/log/unicorn.stderr.log" | |
stdout_path "#{base_path}/shared/log/unicorn.stdout.log" | |
before_fork do |server, worker| | |
# This allows a new master process to incrementally | |
# phase out the old master process with SIGTTOU to avoid a | |
# thundering herd (especially in the "preload_app false" case) | |
# when doing a transparent upgrade. The last worker spawned | |
# will then kill off the old master process with a SIGQUIT. | |
old_pid = "#{server.config[:pid]}.oldbin" | |
if old_pid != server.pid | |
begin | |
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU | |
Process.kill(sig, File.read(old_pid).to_i) | |
rescue Errno::ENOENT, Errno::ESRCH | |
# someone else did our job for us | |
end | |
end | |
end | |
# after_fork do |server, worker| | |
# # per-process listener ports for debugging/admin/migrations | |
# addr = "127.0.0.1:#{9200 + worker.nr}" | |
# server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true) | |
# end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment