Created
November 21, 2013 16:02
-
-
Save matejc/7584327 to your computer and use it in GitHub Desktop.
hydra server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ config, pkgs, ... }: | |
let | |
hydra = pkgs.fetchgit { url = https://github.com/NixOS/hydra; rev = "refs/heads/master"; }; | |
in { | |
... | |
require = [ "${hydra}/hydra-module.nix" ]; | |
... | |
services = { | |
postfix = { | |
enable = true; | |
setSendmail = true; | |
}; | |
openssh = { | |
enable = true; | |
permitRootLogin = "no"; | |
passwordAuthentication = false; | |
}; | |
locate.enable = true; | |
hydra = { | |
enable = true; | |
dbi = "dbi:Pg:dbname=hydra;host=localhost;user=hydra;"; | |
package = (import "${hydra}/release.nix" {}).build.x86_64-linux; | |
hydraURL = "http://hydra.scriptores.com/"; | |
listenHost = "localhost"; | |
port = 3000; | |
minimumDiskFree = 5; | |
minimumDiskFreeEvaluator = 2; | |
notificationSender = "hydra@jaeger.matejc"; | |
tracker = "<div>matejc's Hydra reborn</div>"; | |
logo = null; | |
debugServer = false; | |
}; | |
# Hydra requires postgresql to run | |
postgresql.enable = true; | |
postgresql.package = pkgs.postgresql; | |
nginx.enable = true; | |
nginx.config = pkgs.lib.readFile /root/nginx.conf; | |
}; | |
... | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 0.0.0.0:443 ssl; | |
server_name hydra-ssl.scriptores.com; | |
keepalive_timeout 70; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
ssl_certificate /root/ssl/hydra.crt; | |
ssl_certificate_key /root/ssl/hydra.key; | |
### We want full access to SSL via backend ### | |
location / { | |
proxy_pass http://127.0.0.1:3000/; | |
### force timeouts if one of backend is died ## | |
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; | |
### Set headers #### | |
proxy_set_header Accept-Encoding ""; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
### Most PHP, Python, Rails, Java App can use this header ### | |
#proxy_set_header X-Forwarded-Proto https;## | |
#This is better## | |
proxy_set_header X-Forwarded-Proto $scheme; | |
add_header Front-End-Https on; | |
### By default we don't want to redirect it #### | |
proxy_redirect off; | |
} | |
} | |
server { | |
listen 0.0.0.0:80; | |
server_name hydra-ssl.scriptores.com; | |
rewrite ^ https://$server_name$request_uri? permanent; | |
} | |
server { | |
listen 0.0.0.0:80; | |
server_name hydra.scriptores.com; | |
location / { | |
proxy_pass http://127.0.0.1:3000/; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#user nobody; | |
worker_processes 1; | |
error_log logs/error.log; | |
#error_log logs/error.log notice; | |
#error_log logs/error.log info; | |
pid logs/nginx.pid; | |
events { | |
worker_connections 1024; | |
} | |
http { | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log logs/access.log main; | |
sendfile on; | |
#tcp_nopush on; | |
#keepalive_timeout 0; | |
keepalive_timeout 65; | |
#gzip on; | |
include /root/hydra.nginx; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment