Moving to passenger + nginx

2026-03-25 01:14:43 +00:00 · 2018-07-26 10:34:48 +00:00
parent 1dbbed833e
commit 93b726f425
8 changed files with 166 additions and 15 deletions
--- a/deploy/docker-compose-prod-full-stack.yml
+++ b/deploy/docker-compose-prod-full-stack.yml
@@ -42,7 +42,7 @@ services:
    env_file:
      - ./prod.env
    healthcheck:
-        test: ps -ef | grep rake | grep ruby
+        test: kill -0 1
    command: bundle exec rake jobs:work RAILS_ENV=production


--- a/deploy/docker-compose-test.yml
+++ b/deploy/docker-compose-test.yml
@@ -63,9 +63,6 @@ services:

  worker:
    image: wrestlingdev
-    build:
-      context: ../
-      dockerfile: ./deploy/rails-prod-Dockerfile
    environment:
      - WRESTLINGDEV_DB_NAME=wrestlingtourney
      - WRESTLINGDEV_DB_USR=root
@@ -82,7 +79,7 @@ services:
      caching:
    restart: always
    healthcheck:
-        test: ps -ef | grep rake | grep ruby
+        test: kill -0 1
    command: bundle exec rake jobs:work RAILS_ENV=production
    deploy:
      resources:
--- a/deploy/nginx-env.conf
+++ b/deploy/nginx-env.conf
@@ -0,0 +1,11 @@
+env WRESTLINGDEV_DB_NAME;
+env WRESTLINGDEV_DB_USR;
+env WRESTLINGDEV_DB_PWD;
+env WRESTLINGDEV_DB_HOST;
+env WRESTLINGDEV_DB_PORT;
+env WRESTLINGDEV_DEVISE_SECRET_KEY;
+env WRESTLINGDEV_SECRET_KEY_BASE;
+env MEMCACHIER_SERVERS;
+env MEMCACHIER_USERNAME;
+env MEMCACHIER_PASSWORD;
+env PATH;
--- a/deploy/nginx-wrestlingdev.conf
+++ b/deploy/nginx-wrestlingdev.conf
@@ -0,0 +1,14 @@
+server {
+	listen 443 ssl;
+	server_name localhost;
+	ssl_certificate /ssl/server.crt;
+	ssl_certificate_key /ssl/server.key;
+	ssl_session_cache    shared:SSL:1m;
+    ssl_session_timeout  5m;
+    ssl_ciphers  HIGH:!aNULL:!MD5;
+    ssl_prefer_server_ciphers  on;
+	root /rails/public;
+    passenger_enabled on;
+    passenger_ruby /usr/local/bin/ruby;
+    passenger_app_env production;
+}
--- a/deploy/nginx.conf
+++ b/deploy/nginx.conf
@@ -0,0 +1,99 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+daemon off;
+error_log /dev/stdout;
+
+include /etc/nginx/main.d/*.conf;
+
+events {
+        worker_connections 768;
+        # multi_accept on;
+}
+
+http {
+        ##
+        # Basic Settings
+        ##
+
+        sendfile on;
+        tcp_nopush on;
+        tcp_nodelay on;
+        keepalive_timeout 65;
+        types_hash_max_size 2048;
+        # server_tokens off;
+
+        # server_names_hash_bucket_size 64;
+        # server_name_in_redirect off;
+
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+
+        ##
+        # SSL Settings
+        ##
+
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+        ssl_prefer_server_ciphers on;
+
+        ##
+        # Logging Settings
+        ##
+
+        #access_log /var/log/nginx/access.log;
+        #error_log /var/log/nginx/error.log;
+        access_log /dev/stdout;
+
+
+        ##
+        # Gzip Settings
+        ##
+
+        gzip on;
+        gzip_disable "msie6";
+        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+        # gzip_vary on;
+        # gzip_proxied any;
+        # gzip_comp_level 6;
+        # gzip_buffers 16 8k;
+        # gzip_http_version 1.1;
+
+        ##
+        # Phusion Passenger config
+        ##
+        # Uncomment it if you installed passenger or passenger-enterprise
+        ##
+
+        include /etc/nginx/passenger.conf;
+
+        ##
+        # Virtual Host Configs
+        ##
+
+        include /etc/nginx/conf.d/*.conf;
+        include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#       # See sample authentication script at:
+#       # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+#       # auth_http localhost/auth.php;
+#       # pop3_capabilities "TOP" "USER";
+#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+#       server {
+#               listen     localhost:110;
+#               protocol   pop3;
+#               proxy      on;
+#       }
+#
+#       server {
+#               listen     localhost:143;
+#               protocol   imap;
+#               proxy      on;
+#       }
+#}
+#
--- a/deploy/rails-prod-Dockerfile
+++ b/deploy/rails-prod-Dockerfile
@@ -1,7 +1,10 @@
-FROM ruby:2.4.4
+FROM ubuntu:xenial

 HEALTHCHECK --start-period=30s CMD curl --insecure https://127.0.0.1/

+ENV RUBY_VERSION=2.4.4
+ENV RUBY_MAJOR_VERSION=2.4
+
 ENV TINI_VERSION v0.18.0
 ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
 RUN chmod +x /tini
@@ -25,10 +28,28 @@ RUN apt-get -qq update \
    sqlite3 \
    wget \
    apt-transport-https \
+    ca-certificates \
    mysql-client \
+    libmysqlclient-dev \
    postfix \
    nodejs \
+    nginx \
+    lsb-release \
+    dirmngr \
+    gnupg \
+  && wget http://cache.ruby-lang.org/pub/ruby/${RUBY_MAJOR_VERSION}/ruby-${RUBY_VERSION}.tar.gz \
+  && tar -xzf ruby-${RUBY_VERSION}.tar.gz \
+  && cd ruby-${RUBY_VERSION} \
+  && ./configure \
+  && make && make install \
+  && apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7 \
+  && sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger $(lsb_release -c --short) main > /etc/apt/sources.list.d/passenger.list' \
+  && apt-get -qq update \
+  && DEBIAN_FRONTEND=noninteractive apt-get -qq install -y \
+    passenger \
+    nginx-extras \
  && apt-get -qq clean \
+  && apt-get autoremove -y \
  && rm -rf \
    /var/lib/apt/lists/* \
    /tmp/* \
@@ -59,13 +80,18 @@ RUN gem install --no-rdoc --no-ri bundler
 WORKDIR /tmp
 COPY Gemfile Gemfile
 COPY Gemfile.lock Gemfile.lock
-#RUN bundle install --without test
 RUN bundle install

 # Copy site into place.
-RUN mkdir /rails
-WORKDIR /rails
-ADD . /rails
+RUN rm -rf /rails && mkdir /rails
+WORKDIR /rails/
+ADD . /rails/
+
+# Nginx configurations (nginx does not pass envs which is why you need nginx-env.conf)
+COPY ./deploy/nginx-wrestlingdev.conf /etc/nginx/sites-available/default
+COPY ./deploy/nginx-env.conf /etc/nginx/main.d/nginx-env.conf
+COPY ./deploy/nginx.conf /etc/nginx/nginx.conf
+RUN echo "passenger_default_user root;" >> /etc/nginx/passenger.conf

 #Need temp secret keys to precompile assets
 ENV WRESTLINGDEV_SECRET_KEY_BASE 077cdbef5c2ccf22543fb17a67339f234306b7fa2e1e4463d851c444c10a5611829a2290b253da78339427f131571fac9a42c83d960b2d25ecc10a4a0a7ce1a2
@@ -75,7 +101,7 @@ RUN RAILS_ENV=production bundle exec rake assets:precompile
 # Tini solves the zombie PID problem
 ENTRYPOINT ["/tini", "--"]

-# By default, simply start puma.
 WORKDIR /rails
 #CMD bundle exec puma -t 3:3 -b 'ssl://0.0.0.0:443?key=/ssl/server.key&verify_mode=none&cert=/ssl/server.crt'  -e production
-CMD bundle exec passenger start -p 443 --max-pool-size 3 --environment production --ssl --ssl-certificate /ssl/server.crt --ssl-certificate-key /ssl/server.key
+#CMD bundle exec passenger start --max-pool-size 3 --environment production --ssl --ssl-certificate /ssl/server.crt --ssl-certificate-key /ssl/server.key
+CMD ["nginx"]