Aketzu · March 6, 2016 22:12
diff --git a/myapp-worker.conf b/myapp-worker.conf
 description "MyApp worker"

 respawn
 setuid myapp
 setgid myapp
 chdir /srv/myapp

 #Ruby 1.9, default to UTF-8 encoding on files
 env RUBYOPT=-KU

 instance $ID

 script
  PIDFILE=tmp/pids/thin.${ID}.pid
  LOGFILE=log/thin.${ID}.log
  SOCKFILE=tmp/sockets/thin.${ID}.sock
  /usr/local/rvm/wrappers/ruby-1.9.2-p330/bundle exec thin -e production --log $LOGFILE --pid $PIDFILE --socket $SOCKFILE start
 end script
diff --git a/myapp.conf b/myapp.conf
 description "MyApp main process"
 start on filesystem and started networking

 env NUM_WORKERS=3

 pre-start script
  for i in `seq 1 $NUM_WORKERS`
  do
    start myapp-worker ID=$i
  done
 end script

 post-stop script
  for i in `seq 1 $NUM_WORKERS`
  do
    stop myapp-worker ID=$i
  done
 end script
diff --git a/nginx-myapp b/nginx-myapp
 server {
  listen      80;
  server_name myapp.example.com;

  location / {
    return 302 https://$server_name$request_uri;
  }

  location /.well-known/acme-challenge/ {
    root /srv/myapp/letsencrypt-http-webroot;
    try_files $uri $uri/ =403;
  }
 }

 upstream myapp-pool {
  server  unix:/srv/myapp/tmp/sockets/thin.0.sock;
  server  unix:/srv/myapp/tmp/sockets/thin.1.sock;
  server  unix:/srv/myapp/tmp/sockets/thin.2.sock;
 }

 server {
  listen                  443 ssl http2;
  server_name             myapp.example.com;

  ssl                     on;
  ssl_certificate         /etc/letsencrypt/live/myapp.example.com/fullchain.pem;
  ssl_certificate_key     /etc/letsencrypt/live/myapp.example.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/myapp.example.com/chain.pem;
  ssl_session_timeout     1d;
  ssl_session_cache       shared:SSL:50m;
  ssl_session_tickets     off;
  ssl_stapling            on;
  ssl_stapling_verify     on;
  resolver                8.8.8.8 8.8.4.4;

  add_header              Strict-Transport-Security "max-age=31536000;";


  root                    /srv/myapp/public;
  index                   index.htm;

  access_log              /srv/myapp/log/nginx-access.log;
  error_log               /srv/myapp/log/nginx-error.log;

  location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  Host $http_host;
    proxy_redirect  off;
    try_files /system/maintenance.html $uri $uri/index.html $uri.html @ruby;
  }

  location @ruby {
    proxy_pass http://myapp-pool;
  }


  error_page 404 /404.html;
  error_page 500 502 503 504 /50x.html;
  location = /50x.html {
    root /usr/share/nginx/html;
  }

 }
	description "MyApp worker"

	respawn
	setuid myapp
	setgid myapp
	chdir /srv/myapp

	#Ruby 1.9, default to UTF-8 encoding on files
	env RUBYOPT=-KU

	instance $ID

	script
	PIDFILE=tmp/pids/thin.${ID}.pid
	LOGFILE=log/thin.${ID}.log
	SOCKFILE=tmp/sockets/thin.${ID}.sock
	/usr/local/rvm/wrappers/ruby-1.9.2-p330/bundle exec thin -e production --log $LOGFILE --pid $PIDFILE --socket $SOCKFILE start
	end script
	description "MyApp main process"
	start on filesystem and started networking

	env NUM_WORKERS=3

	pre-start script
	for i in `seq 1 $NUM_WORKERS`
	do
	start myapp-worker ID=$i
	done
	end script

	post-stop script
	for i in `seq 1 $NUM_WORKERS`
	do
	stop myapp-worker ID=$i
	done
	end script
	server {
	listen 80;
	server_name myapp.example.com;

	location / {
	return 302 https://$server_name$request_uri;
	}

	location /.well-known/acme-challenge/ {
	root /srv/myapp/letsencrypt-http-webroot;
	try_files $uri $uri/ =403;
	}
	}

	upstream myapp-pool {
	server unix:/srv/myapp/tmp/sockets/thin.0.sock;
	server unix:/srv/myapp/tmp/sockets/thin.1.sock;
	server unix:/srv/myapp/tmp/sockets/thin.2.sock;
	}

	server {
	listen 443 ssl http2;
	server_name myapp.example.com;

	ssl on;
	ssl_certificate /etc/letsencrypt/live/myapp.example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/myapp.example.com/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/myapp.example.com/chain.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 8.8.8.8 8.8.4.4;

	add_header Strict-Transport-Security "max-age=31536000;";


	root /srv/myapp/public;
	index index.htm;

	access_log /srv/myapp/log/nginx-access.log;
	error_log /srv/myapp/log/nginx-error.log;

	location / {
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect off;
	try_files /system/maintenance.html $uri $uri/index.html $uri.html @ruby;
	}

	location @ruby {
	proxy_pass http://myapp-pool;
	}


	error_page 404 /404.html;
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/html;
	}

	}