Created
June 3, 2012 05:46
-
-
Save hfase01/2862098 to your computer and use it in GitHub Desktop.
diaspora thin-sock init script conf and installer.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh -e | |
set -o verbose | |
cd /etc/init.d | |
sudo rm -rf ./diaspora* ## WARNING! I need to change this to an IF condition to back up any files already there.. | |
sudo wget https://raw.github.com/gist/2862098/diaspora | |
sudo chmod +x diaspora | |
sudo update-rc.d diaspora defaults | |
cd ~/ | |
curl https://raw.github.com/gist/2862098/newD.sh | sh | |
cd /etc/nginx | |
sudo rm -rf ./nginx.conf* ## WARNING! I need to change this to an IF condition to back up any files already there.. | |
sudo wget https://raw.github.com/gist/2862098/nginx.conf | |
exit -0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/sh | |
### BEGIN INIT INFO | |
# Provides: diaspora | |
# Required-Start: $local_fs $remote_fs $network $syslog redis-server | |
# Required-Stop: $local_fs $remote_fs $network $syslog | |
# Default-Start: 2 3 4 5 | |
# Default-Stop: 0 1 6 | |
# Short-Description: diaspora repository management | |
# Description: diaspora repository management | |
### END INIT INFO | |
NAME=unicorn | |
DESC="Diaspora" | |
PID=/home/diaspora/diaspora/tmp/pids/unicorn.pid | |
START_RESQUE_PROCESS="RAILS_ENV=production QUEUE=* RAILS_ENV=production BACKGROUND=yes bundle exec rake resque:work" | |
START_DAEMON_PROCESS="RAILS_ENV=production bundle exec unicorn_rails -c config/unicorn.rb -D" | |
case "$1" in | |
start) | |
echo -n "Starting $DESC: " | |
bash -lc "$START_DAEMON_PROCESS && $START_RESQUE_PROCESS" | |
echo "Started $NAME." | |
;; | |
stop) | |
echo -n "Stopping $DESC: " | |
kill -QUIT `cat $PID` | |
kill -QUIT `cat $RESQUE_PID` | |
echo "Stopped $NAME." | |
;; | |
restart) | |
echo -n "Restarting $DESC: " | |
kill -USR2 `cat $PID` | |
kill -USR2 `cat $RESQUE_PID` | |
sleep 1 | |
kill -USR2 `cat $PID` | |
kill -USR2 `cat $RESQUE_PID` | |
sleep 1 | |
bash -lc "$START_DAEMON_PROCESS && $START_RESQUE_PROCESS" | |
echo "Restarted $NAME." | |
;; | |
*) | |
echo "Usage: $NAME {start|stop|restart}" >&2 | |
exit 1 | |
;; | |
esac | |
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh -e | |
set -o verbose | |
sudo apt-get update | |
sudo apt-get upgrade | |
sudo apt-get install -y build-essential libxslt1.1 nginx libxslt1-dev libxml2 ruby-full mysql-server libmysqlclient-dev libmysql-ruby libssl-dev libopenssl-ruby libcurl4-openssl-dev imagemagick libmagickwand-dev git-core redis-server libffi-dev libffi-ruby rubygems libsqlite3-dev libpq-dev libreadline5 openjdk-7-jre | |
wget http://ftp.us.debian.org/debian/pool/main/r/rubygems/rubygems_1.8.15-1_all.deb -O rubygems.deb && sudo dpkg -i rubygems.deb | |
sudo adduser \ | |
--system \ | |
--shell /bin/sh \ | |
--gecos 'diaspora system user' \ | |
--group \ | |
--disabled-login \ | |
--home /home/diaspora \ | |
diaspora | |
sudo -H -u diaspora git clone https://github.com/diaspora/diaspora.git /home/diaspora/diaspora | |
cd /home/diaspora/ | |
sudo git clone https://github.com/joyent/node.git ## Install Node.js from source | |
cd node | |
sudo git checkout v0.7.0 | |
sudo ./configure sh | |
sudo make | |
sudo make install | |
sudo add-apt-repository ppa:chris-lea/redis-server ## Get the newest version of redis-server from PPA | |
cd /home/diaspora/ | |
curl -L get.rvm.io | sudo bash -s stable ## Multi-user RVM | |
sudo gem install bundler --no-ri --no-rdoc | |
rvm install ruby-1.9.3-p125 | |
rvm use ruby-1.9.3-p125@global | |
sudo usermod -a -G rvm diaspora | |
exit -0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
worker_processes 8; | |
user hans; | |
pid /var/run/nginx.pid; | |
events { | |
worker_connections 2048; | |
} | |
http { | |
include mime.types; | |
default_type application/octet-stream; | |
sendfile on; | |
keepalive_timeout 65; | |
server_tokens off; | |
gzip on; | |
gzip_comp_level 3; | |
gzip_vary on; | |
gzip_proxied any; | |
gzip_buffers 16 4k; | |
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; | |
gzip_disable "MSIE [1-6]\.(?!.*SV1)"; | |
#### Upstream | |
### | |
## | |
# | |
upstream diaspora { | |
server unix:/home/hans/workspace/diaspora/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s; | |
server 127.0.0.1:3000 max_fails=3 fail_timeout=30s; ## script-server fail-back | |
} | |
upstream gitlab { | |
server unix:/home/hans/workspace/diaspora/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s; | |
server 127.0.0.1:3000 max_fails=3 fail_timeout=30s; ## script-server fail-back | |
} | |
upstream w44 { | |
server unix:/home/hans/workspace/w44/tmp/sockets/diaspora.socket max_fails=3 fail_timeout=30s; | |
server unix:/home/hans/workspace/w44/tmp/thin.sock max_fails=3 fail_timeout=30s; | |
server unix:/home/hans/workspace/w44/tmp/thin.0.sock max_fails=3 fail_timeout=30s; | |
server unix:/home/hans/workspace/w44/tmp/thin.1.sock max_fails=3 fail_timeout=30s; | |
server unix:/home/hans/workspace/w44/tmp/thin.2.sock max_fails=3 fail_timeout=30s; | |
server unix:/home/hans/workspace/w44/tmp/thin.3.sock max_fails=3 fail_timeout=30s; | |
server 0.0.0.0:85 max_fails=3 fail_timeout=30s; ## script-server fail-back | |
} | |
#### Catch-all | |
### | |
## | |
# | |
# server { | |
# listen 80; | |
# server_name _; ## This is a catch-all. Any unhandled request will be re-directed. | |
# rewrite ^(.*) https://hfase.com$1 permanent; | |
# } | |
# server { | |
# listen 443; | |
# server_name _; ## This is a catch-all. Any unhandled request will be re-directed. | |
# rewrite ^(.*) https://hfase.com$1 permanent; | |
# ssl on; | |
# ssl_certificate /home/hans/ssl-certs+keys/hfase-ssl.crt; ## You will need to supply these files!!! | |
# ssl_certificate_key /home/hans/ssl-certs+keys/hfase-ssl.key; ## You will need to supply these files!!! | |
# # enable better ssl security if you like to mitigate BEAST and other exploits | |
# ssl_session_cache shared:SSL:10m; | |
# ssl_session_timeout 5m; | |
# #ssl_protocols TLSv1; | |
# #ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
# #ssl_prefer_server_ciphers on; | |
# add_header Strict-Transport-Security max-age=500; | |
# #ssl_ecdh_curve secp521r1; | |
# } | |
#### w44 | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name w44.co; | |
rewrite ^(.*) https://w44.co$1 permanent; | |
} | |
server { | |
listen 443; | |
server_name w44.co; | |
root /home/hans/workspace/w44/public; | |
ssl on; | |
ssl_certificate /home/hans/ssl-certs+keys/w44.crt; ## You will need to supply these files!!! | |
ssl_certificate_key /home/hans/ssl-certs+keys/w44.key; ## You will need to supply these files!!! | |
# enable better ssl security if you like to mitigate BEAST and other exploits | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 5m; | |
#ssl_protocols TLSv1; | |
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
#ssl_prefer_server_ciphers on; | |
add_header Strict-Transport-Security max-age=500; | |
#ssl_ecdh_curve secp521r1; | |
location /uploads/images { | |
expires 1d; | |
add_header Cache-Control public; | |
} | |
location /assets { | |
expires 1d; | |
add_header Cache-Control public; | |
} | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_redirect off; | |
client_max_body_size 4M; | |
client_body_buffer_size 128K; | |
if (-f $request_filename/index.html) { | |
rewrite (.*) $1/index.html break; | |
} | |
if (-f $request_filename.html) { | |
rewrite (.*) $1.html break; | |
} | |
if (!-f $request_filename) { | |
proxy_pass http://w44; | |
break; | |
} | |
} | |
error_page 500 503 504 /500.html; | |
location = /500.html { | |
root /home/hans/workspace/w44/public; | |
} | |
error_page 404 /404.html; | |
location = /404.html { | |
root /home/hans/workspace/w44/public; | |
} | |
error_page 502 /down.html; | |
location = /down.html { | |
root /home/hans/workspace/w44/public; | |
} | |
} | |
#### Webmin | |
### | |
## | |
# | |
server { | |
listen 80; | |
server_name admin.hfase.com; | |
rewrite ^(.*) https://admin.hfase.com$1 permanent; | |
} | |
server { | |
listen 443; | |
server_name admin.hfase.com; | |
ssl on; | |
ssl_certificate /home/hans/ssl-certs+keys/admin.hfase-ssl.crt; | |
ssl_certificate_key /home/hans/ssl-certs+keys/admin.hfase-ssl.key; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 5m; | |
#ssl_protocols TLSv1; | |
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
#ssl_prefer_server_ciphers on; | |
add_header Strict-Transport-Security max-age=500; | |
location / { | |
proxy_pass https://127.0.0.1:10000/; | |
} | |
} | |
#### Diaspora | |
### | |
## | |
# | |
server { | |
listen 443; | |
server_name hfase.com; | |
root /home/hans/workspace/diaspora/public; | |
ssl on; | |
ssl_certificate /home/hans/ssl-certs+keys/hfase-ssl.crt; ## You will need to supply these files!!! | |
ssl_certificate_key /home/hans/ssl-certs+keys/hfase-ssl.key; ## You will need to supply these files!!! | |
# enable better ssl security if you like to mitigate BEAST and other exploits | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 5m; | |
#ssl_protocols TLSv1; | |
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
#ssl_prefer_server_ciphers on; | |
add_header Strict-Transport-Security max-age=500; | |
#ssl_ecdh_curve secp521r1; | |
location /uploads/images { | |
expires 1d; | |
add_header Cache-Control public; | |
} | |
location /assets { | |
expires 1d; | |
add_header Cache-Control public; | |
} | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_redirect off; | |
client_max_body_size 4M; | |
client_body_buffer_size 128K; | |
if (-f $request_filename/index.html) { | |
rewrite (.*) $1/index.html break; | |
} | |
if (-f $request_filename.html) { | |
rewrite (.*) $1.html break; | |
} | |
if (!-f $request_filename) { | |
proxy_pass http://diaspora; | |
break; | |
} | |
} | |
error_page 500 503 504 /500.html; | |
location = /500.html { | |
root /home/hans/workspace/diaspora/public; | |
} | |
error_page 404 /404.html; | |
location = /404.html { | |
root /home/hans/workspace/diaspora/public; | |
} | |
error_page 502 /down.html; | |
location = /down.html { | |
root /home/hans/workspace/diaspora/public; | |
} | |
} | |
#### Gitlab | |
### | |
## | |
# | |
server { | |
listen 443; | |
server_name git.hfase.com; | |
root /home/gitlab/gitlab/public; | |
ssl on; | |
ssl_certificate /home/hans/ssl-certs+keys/git.hfase-ssl.crt; | |
ssl_certificate_key /home/hans/ssl-certs+keys/git.hfase-ssl.key; | |
# enable better ssl security if you like to mitigate BEAST and other exploits | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 5m; | |
#ssl_protocols TLSv1; | |
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM; | |
#ssl_prefer_server_ciphers on; | |
add_header Strict-Transport-Security max-age=500; | |
#ssl_ecdh_curve secp521r1; | |
location /uploads/images { | |
expires 1d; | |
add_header Cache-Control public; | |
} | |
location /assets { | |
expires 1d; | |
add_header Cache-Control public; | |
} | |
location / { | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $http_host; | |
proxy_set_header X-Forwarded-Proto https; | |
proxy_redirect off; | |
client_max_body_size 4M; | |
client_body_buffer_size 128K; | |
if (-f $request_filename/index.html) { | |
rewrite (.*) $1/index.html break; | |
} | |
if (-f $request_filename.html) { | |
rewrite (.*) $1.html break; | |
} | |
if (!-f $request_filename) { | |
proxy_pass http://gitlab; | |
break; | |
} | |
} | |
error_page 500 503 504 /500.html; | |
location = /500.html { | |
root /home/gitlab/gitlab/public; | |
} | |
error_page 404 /404.html; | |
location = /404.html { | |
root /home/gitlab/gitlab/public; | |
} | |
error_page 502 /down.html; | |
location = /down.html { | |
root /home/gitlab/gitlab/public; | |
} | |
} | |
} |
I will try that out next time I get a chance, I was just having problems with the user, config, & pid though last time I tried. I understand it a little better now though so I may be able to figure out how to do it the right way.
Be nice if Unicorn was still in the Gemfile though!
:B
As of 0.0.2 Unicorn will be default :)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Wouldn't this be a little easier with Unicorn? Instead of having Nginx load balance between 3 socket files, Unicorn only creates one socket for all of its forked workers and lets the OS kernel do the load balancing for you.
That's how GitHub does it, see their blog post from 2009. Along with letting the OS kernel do the load balancing for you, you also get "zero downtime" deploys. 😁