diff --git a/Gemfile b/Gemfile index 6def1d1..f83c80c 100644 --- a/Gemfile +++ b/Gemfile @@ -54,12 +54,13 @@ gem 'rb-readline' gem 'delayed_job_active_record' gem 'puma' gem 'passenger' -gem 'travis' +gem 'tzinfo-data' group :development do gem 'rubocop' gem 'bullet' gem 'brakeman' gem 'hakiri' + gem 'travis' end diff --git a/Gemfile.lock b/Gemfile.lock index 19680c8..43ab579 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -204,7 +204,7 @@ GEM mime-types (>= 1.16, < 4.0) netrc (~> 0.8) round_robin_tournament (0.0.1) - rubocop (0.58.1) + rubocop (0.58.2) jaro_winkler (~> 1.5.1) parallel (~> 1.10) parser (>= 2.5, != 2.5.1.1) @@ -248,7 +248,9 @@ GEM ethon (>= 0.8.0) tzinfo (1.2.5) thread_safe (~> 0.1) - uglifier (4.1.15) + tzinfo-data (1.2018.5) + tzinfo (>= 1.0.0) + uglifier (4.1.16) execjs (>= 0.3.0, < 3) unf (0.1.4) unf_ext @@ -291,6 +293,7 @@ DEPENDENCIES therubyracer travis turbolinks + tzinfo-data uglifier RUBY VERSION diff --git a/deploy/docker-compose-prod-full-stack.yml b/deploy/docker-compose-prod-full-stack.yml index 1d4d1b5..8683b5f 100644 --- a/deploy/docker-compose-prod-full-stack.yml +++ b/deploy/docker-compose-prod-full-stack.yml @@ -42,7 +42,7 @@ services: env_file: - ./prod.env healthcheck: - test: ps -ef | grep rake | grep ruby + test: kill -0 1 command: bundle exec rake jobs:work RAILS_ENV=production diff --git a/deploy/docker-compose-test.yml b/deploy/docker-compose-test.yml index 5c8247e..efe0af6 100644 --- a/deploy/docker-compose-test.yml +++ b/deploy/docker-compose-test.yml @@ -63,9 +63,6 @@ services: worker: image: wrestlingdev - build: - context: ../ - dockerfile: ./deploy/rails-prod-Dockerfile environment: - WRESTLINGDEV_DB_NAME=wrestlingtourney - WRESTLINGDEV_DB_USR=root @@ -82,7 +79,7 @@ services: caching: restart: always healthcheck: - test: ps -ef | grep rake | grep ruby + test: kill -0 1 command: bundle exec rake jobs:work RAILS_ENV=production deploy: resources: diff --git a/deploy/nginx-env.conf b/deploy/nginx-env.conf new file mode 100644 index 0000000..e6e9295 --- /dev/null +++ b/deploy/nginx-env.conf @@ -0,0 +1,11 @@ +env WRESTLINGDEV_DB_NAME; +env WRESTLINGDEV_DB_USR; +env WRESTLINGDEV_DB_PWD; +env WRESTLINGDEV_DB_HOST; +env WRESTLINGDEV_DB_PORT; +env WRESTLINGDEV_DEVISE_SECRET_KEY; +env WRESTLINGDEV_SECRET_KEY_BASE; +env MEMCACHIER_SERVERS; +env MEMCACHIER_USERNAME; +env MEMCACHIER_PASSWORD; +env PATH; \ No newline at end of file diff --git a/deploy/nginx-wrestlingdev.conf b/deploy/nginx-wrestlingdev.conf new file mode 100644 index 0000000..d1a461d --- /dev/null +++ b/deploy/nginx-wrestlingdev.conf @@ -0,0 +1,14 @@ +server { + listen 443 ssl; + server_name localhost; + ssl_certificate /ssl/server.crt; + ssl_certificate_key /ssl/server.key; + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 5m; + ssl_ciphers HIGH:!aNULL:!MD5; + ssl_prefer_server_ciphers on; + root /rails/public; + passenger_enabled on; + passenger_ruby /usr/local/bin/ruby; + passenger_app_env production; +} diff --git a/deploy/nginx.conf b/deploy/nginx.conf new file mode 100644 index 0000000..a15dc0a --- /dev/null +++ b/deploy/nginx.conf @@ -0,0 +1,99 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +daemon off; +error_log /dev/stdout; + +include /etc/nginx/main.d/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + #access_log /var/log/nginx/access.log; + #error_log /var/log/nginx/error.log; + access_log /dev/stdout; + + + ## + # Gzip Settings + ## + + gzip on; + gzip_disable "msie6"; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + + ## + # Phusion Passenger config + ## + # Uncomment it if you installed passenger or passenger-enterprise + ## + + include /etc/nginx/passenger.conf; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} +# \ No newline at end of file diff --git a/deploy/rails-prod-Dockerfile b/deploy/rails-prod-Dockerfile index c27b3b1..f0a90e5 100644 --- a/deploy/rails-prod-Dockerfile +++ b/deploy/rails-prod-Dockerfile @@ -1,7 +1,10 @@ -FROM ruby:2.4.4 +FROM ubuntu:xenial HEALTHCHECK --start-period=30s CMD curl --insecure https://127.0.0.1/ +ENV RUBY_VERSION=2.4.4 +ENV RUBY_MAJOR_VERSION=2.4 + ENV TINI_VERSION v0.18.0 ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini RUN chmod +x /tini @@ -25,10 +28,28 @@ RUN apt-get -qq update \ sqlite3 \ wget \ apt-transport-https \ + ca-certificates \ mysql-client \ + libmysqlclient-dev \ postfix \ nodejs \ + nginx \ + lsb-release \ + dirmngr \ + gnupg \ + && wget http://cache.ruby-lang.org/pub/ruby/${RUBY_MAJOR_VERSION}/ruby-${RUBY_VERSION}.tar.gz \ + && tar -xzf ruby-${RUBY_VERSION}.tar.gz \ + && cd ruby-${RUBY_VERSION} \ + && ./configure \ + && make && make install \ + && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7 \ + && sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger $(lsb_release -c --short) main > /etc/apt/sources.list.d/passenger.list' \ + && apt-get -qq update \ + && DEBIAN_FRONTEND=noninteractive apt-get -qq install -y \ + passenger \ + nginx-extras \ && apt-get -qq clean \ + && apt-get autoremove -y \ && rm -rf \ /var/lib/apt/lists/* \ /tmp/* \ @@ -59,13 +80,18 @@ RUN gem install --no-rdoc --no-ri bundler WORKDIR /tmp COPY Gemfile Gemfile COPY Gemfile.lock Gemfile.lock -#RUN bundle install --without test RUN bundle install # Copy site into place. -RUN mkdir /rails -WORKDIR /rails -ADD . /rails +RUN rm -rf /rails && mkdir /rails +WORKDIR /rails/ +ADD . /rails/ + +# Nginx configurations (nginx does not pass envs which is why you need nginx-env.conf) +COPY ./deploy/nginx-wrestlingdev.conf /etc/nginx/sites-available/default +COPY ./deploy/nginx-env.conf /etc/nginx/main.d/nginx-env.conf +COPY ./deploy/nginx.conf /etc/nginx/nginx.conf +RUN echo "passenger_default_user root;" >> /etc/nginx/passenger.conf #Need temp secret keys to precompile assets ENV WRESTLINGDEV_SECRET_KEY_BASE 077cdbef5c2ccf22543fb17a67339f234306b7fa2e1e4463d851c444c10a5611829a2290b253da78339427f131571fac9a42c83d960b2d25ecc10a4a0a7ce1a2 @@ -75,7 +101,7 @@ RUN RAILS_ENV=production bundle exec rake assets:precompile # Tini solves the zombie PID problem ENTRYPOINT ["/tini", "--"] -# By default, simply start puma. WORKDIR /rails #CMD bundle exec puma -t 3:3 -b 'ssl://0.0.0.0:443?key=/ssl/server.key&verify_mode=none&cert=/ssl/server.crt' -e production -CMD bundle exec passenger start -p 443 --max-pool-size 3 --environment production --ssl --ssl-certificate /ssl/server.crt --ssl-certificate-key /ssl/server.key \ No newline at end of file +#CMD bundle exec passenger start --max-pool-size 3 --environment production --ssl --ssl-certificate /ssl/server.crt --ssl-certificate-key /ssl/server.key +CMD ["nginx"] \ No newline at end of file