Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Configuration files for qwerty.sh deployment on a single server.
# qwerty.sh nginx configuration
#
# gzip is enabled, but only used by clients requesting it:
#
# curl -H 'Accept-Encoding: gzip,deflate' -sSL qwerty.sh
server {
listen 80;
server_name qwerty.sh www.qwerty.sh;
root /srv/qwerty.sh/web/error;
client_max_body_size 5k;
chunked_transfer_encoding off;
gzip on;
gzip_comp_level 6;
gzip_http_version 1.0;
gzip_min_length 100;
gzip_proxied any;
gzip_types "*";
types {
text/plain sh;
}
error_page 502 /bad_gateway.sh;
location /bad_gateway.sh {}
location / {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:8001;
}
}
server {
# Let's Encrypt -- https://certbot.eff.org/
listen 443 ssl; # managed by Certbot
server_name qwerty.sh;
root /srv/qwerty.sh/web/error;
client_max_body_size 5k;
chunked_transfer_encoding off;
gzip on;
gzip_comp_level 6;
gzip_http_version 1.0;
gzip_min_length 100;
gzip_proxied any;
gzip_types "*";
types {
text/plain sh;
}
error_page 502 /bad_gateway.sh;
location /bad_gateway.sh {}
location / {
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:8002;
}
ssl_certificate /etc/letsencrypt/live/qwerty.sh/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/qwerty.sh/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name hello.qwerty.sh;
root /srv/qwerty.sh/web/hello;
index hello.sh;
client_max_body_size 5k;
chunked_transfer_encoding off;
gzip on;
gzip_comp_level 6;
gzip_http_version 1.0;
gzip_min_length 100;
gzip_types "*";
types {
text/plain sh;
}
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
}
;; User & Group Considerations
;
; Ensure /srv/qwerty.sh files have appropriate mode and user/group ownership.
;
; Support supervisorctl calls with a 'supervisor' group:
;
; [unix_http_server]
; ...
; chmod=0660
; chown=root:supervisor
;
; Reload code with:
;
; sudo kill -HUP $(cat path/to/*-gunicorn.pid)
;
; Set no-password access to 'sudo' group for kill with `visudo`,
; noting that this allows HUP to _any_ process:
;
; %sudo ALL=(ALL) NOPASSWD: /bin/kill -HUP [0-9]*
;
; Change 'lowprivuser' below to match configured system username.
[program:http-qwerty]
user=lowprivuser
directory=/srv/qwerty.sh
command=make http-proxied
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/http-qwerty.log
stderr_logfile=/dev/null
redirect_stderr=true
startretries=0
startsecs=5
stopwaitsecs=5
environment=WORKERS=4,PORT=8001
[program:https-qwerty]
user=lowprivuser
directory=/srv/qwerty.sh
command=make https-proxied
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/https-qwerty.log
stderr_logfile=/dev/null
redirect_stderr=true
startretries=0
startsecs=5
stopwaitsecs=5
environment=WORKERS=4,PORT=8002
@rduplain
Copy link
Author

rduplain commented Oct 28, 2018

Note that GitHub does not send notifications for comments on gists, so I probably will not see any comments here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment