Last active
November 8, 2019 21:55
-
-
Save rduplain/3727fbd58d2a0066f2f447ac094f93d7 to your computer and use it in GitHub Desktop.
Configuration files for qwerty.sh deployment on a single server.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# qwerty.sh nginx configuration | |
# | |
# gzip is enabled, but only used by clients requesting it: | |
# | |
# curl -H 'Accept-Encoding: gzip,deflate' -sSL qwerty.sh | |
server { | |
listen 80; | |
server_name qwerty.sh www.qwerty.sh; | |
root /srv/qwerty.sh/web/error; | |
client_max_body_size 5k; | |
chunked_transfer_encoding off; | |
gzip on; | |
gzip_comp_level 6; | |
gzip_http_version 1.0; | |
gzip_min_length 100; | |
gzip_proxied any; | |
gzip_types "*"; | |
types { | |
text/plain sh; | |
} | |
error_page 502 /bad_gateway.sh; | |
location /bad_gateway.sh {} | |
location / { | |
proxy_http_version 1.1; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header Host $http_host; | |
proxy_redirect off; | |
proxy_pass http://127.0.0.1:8001; | |
} | |
} | |
server { | |
# Let's Encrypt -- https://certbot.eff.org/ | |
listen 443 ssl; # managed by Certbot | |
server_name qwerty.sh; | |
root /srv/qwerty.sh/web/error; | |
client_max_body_size 5k; | |
chunked_transfer_encoding off; | |
gzip on; | |
gzip_comp_level 6; | |
gzip_http_version 1.0; | |
gzip_min_length 100; | |
gzip_proxied any; | |
gzip_types "*"; | |
types { | |
text/plain sh; | |
} | |
error_page 502 /bad_gateway.sh; | |
location /bad_gateway.sh {} | |
location / { | |
proxy_http_version 1.1; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
proxy_set_header Host $http_host; | |
proxy_redirect off; | |
proxy_pass http://127.0.0.1:8002; | |
} | |
ssl_certificate /etc/letsencrypt/live/qwerty.sh/fullchain.pem; # managed by Certbot | |
ssl_certificate_key /etc/letsencrypt/live/qwerty.sh/privkey.pem; # managed by Certbot | |
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot | |
} | |
server { | |
listen 80; | |
server_name hello.qwerty.sh; | |
root /srv/qwerty.sh/web/hello; | |
index hello.sh; | |
client_max_body_size 5k; | |
chunked_transfer_encoding off; | |
gzip on; | |
gzip_comp_level 6; | |
gzip_http_version 1.0; | |
gzip_min_length 100; | |
gzip_types "*"; | |
types { | |
text/plain sh; | |
} | |
location / { | |
try_files $uri $uri/ =404; | |
} | |
error_page 404 /404.html; | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
;; User & Group Considerations | |
; | |
; Ensure /srv/qwerty.sh files have appropriate mode and user/group ownership. | |
; | |
; Support supervisorctl calls with a 'supervisor' group: | |
; | |
; [unix_http_server] | |
; ... | |
; chmod=0660 | |
; chown=root:supervisor | |
; | |
; Reload code with: | |
; | |
; sudo kill -HUP $(cat path/to/*-gunicorn.pid) | |
; | |
; Set no-password access to 'sudo' group for kill with `visudo`, | |
; noting that this allows HUP to _any_ process: | |
; | |
; %sudo ALL=(ALL) NOPASSWD: /bin/kill -HUP [0-9]* | |
; | |
; Change 'lowprivuser' below to match configured system username. | |
[program:http-qwerty] | |
user=lowprivuser | |
directory=/srv/qwerty.sh | |
command=make http-proxied | |
autostart=true | |
autorestart=true | |
stdout_logfile=/var/log/supervisor/http-qwerty.log | |
stderr_logfile=/dev/null | |
redirect_stderr=true | |
startretries=0 | |
startsecs=5 | |
stopwaitsecs=5 | |
environment=WORKERS=4,PORT=8001 | |
[program:https-qwerty] | |
user=lowprivuser | |
directory=/srv/qwerty.sh | |
command=make https-proxied | |
autostart=true | |
autorestart=true | |
stdout_logfile=/var/log/supervisor/https-qwerty.log | |
stderr_logfile=/dev/null | |
redirect_stderr=true | |
startretries=0 | |
startsecs=5 | |
stopwaitsecs=5 | |
environment=WORKERS=4,PORT=8002 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Note that GitHub does not send notifications for comments on gists, so I probably will not see any comments here.