airblade · March 6, 2012 09:27
diff --git a/crontab b/crontab
 @reboot cd /var/www/apps/myapp/current && bundle exec unicorn -c /var/www/apps/myapp/current/config/unicorn.rb -E production -D
diff --git a/myapp-unicorn.rb b/myapp-unicorn.rb
 APP_PATH = '/var/www/apps/myapp'

 # Sample verbose configuration file for Unicorn (not Rack)
 #
 # This configuration file documents many features of Unicorn
 # that may not be needed for some applications. See
 # http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb
 # for a much simpler configuration file.
 #
 # See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete
 # documentation.

 # Use at least one worker per core if you're on a dedicated server,
 # more will usually help for _short_ waits on databases/caches.
 worker_processes 3

 # Since Unicorn is never exposed to outside clients, it does not need to
 # run on the standard HTTP port (80), there is no reason to start Unicorn
 # as root unless it's from system init scripts.
 # If running the master process as root and the workers as an unprivileged
 # user, do this to switch euid/egid in the workers (also chowns logs):
 user 'rails', 'rails'

 # Help ensure your application will always spawn in the symlinked
 # "current" directory that Capistrano sets up.
 working_directory "#{APP_PATH}/current"

 # listen on both a Unix domain socket and a TCP port,
 # we use a shorter backlog for quicker failover when busy
 listen "/tmp/unicorn_myapp.sock", :backlog => 64
 #listen 8080, :tcp_nopush => true

 # nuke workers after 30 seconds instead of 60 seconds (the default)
 timeout 30

 # feel free to point this anywhere accessible on the filesystem
 pid "#{APP_PATH}/shared/pids/unicorn.pid"

 # By default, the Unicorn logger will write to stderr.
 # Additionally, ome applications/frameworks log to stderr or stdout,
 # so prevent them from going to /dev/null when daemonized here:
 stderr_path "#{APP_PATH}/shared/log/unicorn.stderr.log"
 stdout_path "#{APP_PATH}/shared/log/unicorn.stdout.log"

 # combine REE with "preload_app true" for memory savings
 # http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
 preload_app true
 GC.respond_to?(:copy_on_write_friendly=) and GC.copy_on_write_friendly = true

 # Ensure Unicorn uses new Gemfile (not expanded path to old Gemfile).
 before_exec do |server|
  ENV['BUNDLE_GEMFILE'] = "#{APP_PATH}/current/Gemfile"
 end

 before_fork do |server, worker|
  # the following is highly recomended for Rails + "preload_app true"
  # as there's no need for the master process to hold a connection
  defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect!

  # The following is only recommended for memory/DB-constrained
  # installations.  It is not needed if your system can house
  # twice as many worker_processes as you have configured.
  #
  # This allows a new master process to incrementally
  # phase out the old master process with SIGTTOU to avoid a
  # thundering herd (especially in the "preload_app false" case)
  # when doing a transparent upgrade.  The last worker spawned
  # will then kill off the old master process with a SIGQUIT.
  old_pid = "#{server.config[:pid]}.oldbin"
  if old_pid != server.pid
    begin
      sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
      Process.kill(sig, File.read(old_pid).to_i)
    rescue Errno::ENOENT, Errno::ESRCH
    end
  end
  #
  # Throttle the master from forking too quickly by sleeping.  Due
  # to the implementation of standard Unix signal handlers, this
  # helps (but does not completely) prevent identical, repeated signals
  # from being lost when the receiving process is busy.
  # sleep 1
 end

 after_fork do |server, worker|
  # per-process listener ports for debugging/admin/migrations
  # addr = "127.0.0.1:#{9293 + worker.nr}"
  # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)

  # the following is *required* for Rails + "preload_app true",
  defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection

  # if preload_app is true, then you may also want to check and
  # restart any other shared sockets/descriptors such as Memcached,
  # and Redis.  TokyoCabinet file handles are safe to reuse
  # between any number of forked children (assuming your kernel
  # correctly implements pread()/pwrite() system calls)
 end
diff --git a/myapp.conf b/myapp.conf
 upstream unicorn_myapp {
    server unix:/tmp/unicorn_myapp.sock fail_timeout=0;
 }
 server {
    listen 80;
    server_name www.myapp.com;
    rewrite ^ http://myapp.com$request_uri? permanent;
 }
 server {
    listen 80;
    server_name myapp.com assets0.myapp.com
                          assets1.myapp.com
                          assets2.myapp.com
                          assets3.myapp.com;

    access_log /var/log/nginx/myapp-access.log;
    error_log /var/log/nginx/myapp-error.log;

    root /var/www/apps/myapp/current/public;

    client_max_body_size 10M;

    # Maintenance
    error_page 503 /system/maintenance.html;
    location /system/maintenance.html {
        # Allow requests
    }

    location ~ ^/(images|javascripts|stylesheets|assets)/ {
        expires 1y;
        add_header Cache-Control public;
        add_header ETag "";
        break;
    }

    error_page 405 = @app;

    try_files $uri $uri/index.html $uri.html @app;
    location @app {
        if (-f $document_root/system/maintenance.html) {
            return 503;
        }
        proxy_set_header X-Real-IP       $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host            $http_host;
        proxy_redirect off;
        proxy_pass http://unicorn_myapp;
    }

    # Rails error pages
    error_page 500 502 504 /500.html;
    location = /500.html {
        root /var/www/apps/myapp/current/public;
    }
 }
diff --git a/nginx.conf b/nginx.conf
 user  nginx;
 worker_processes  1;

 error_log  /var/log/nginx/error.log warn;
 pid        /var/run/nginx.pid;


 events {
    worker_connections  1024;
    use epoll;
 }


 http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    tcp_nopush     on;
    tcp_nodelay    off;

    keepalive_timeout  10;

    gzip              on;
    gzip_http_version 1.0;
    gzip_comp_level   2;
    gzip_proxied      any;
    gzip_types        text/plain text/css text/xml
                      text/javascript application/x-javascript
                      application/xml application/xml+rss application/atom+xml;

    include /etc/nginx/conf.d/*.conf;
 }
	APP_PATH = '/var/www/apps/myapp'

	# Sample verbose configuration file for Unicorn (not Rack)
	#
	# This configuration file documents many features of Unicorn
	# that may not be needed for some applications. See
	# http://unicorn.bogomips.org/examples/unicorn.conf.minimal.rb
	# for a much simpler configuration file.
	#
	# See http://unicorn.bogomips.org/Unicorn/Configurator.html for complete
	# documentation.

	# Use at least one worker per core if you're on a dedicated server,
	# more will usually help for _short_ waits on databases/caches.
	worker_processes 3

	# Since Unicorn is never exposed to outside clients, it does not need to
	# run on the standard HTTP port (80), there is no reason to start Unicorn
	# as root unless it's from system init scripts.
	# If running the master process as root and the workers as an unprivileged
	# user, do this to switch euid/egid in the workers (also chowns logs):
	user 'rails', 'rails'

	# Help ensure your application will always spawn in the symlinked
	# "current" directory that Capistrano sets up.
	working_directory "#{APP_PATH}/current"

	# listen on both a Unix domain socket and a TCP port,
	# we use a shorter backlog for quicker failover when busy
	listen "/tmp/unicorn_myapp.sock", :backlog => 64
	#listen 8080, :tcp_nopush => true

	# nuke workers after 30 seconds instead of 60 seconds (the default)
	timeout 30

	# feel free to point this anywhere accessible on the filesystem
	pid "#{APP_PATH}/shared/pids/unicorn.pid"

	# By default, the Unicorn logger will write to stderr.
	# Additionally, ome applications/frameworks log to stderr or stdout,
	# so prevent them from going to /dev/null when daemonized here:
	stderr_path "#{APP_PATH}/shared/log/unicorn.stderr.log"
	stdout_path "#{APP_PATH}/shared/log/unicorn.stdout.log"

	# combine REE with "preload_app true" for memory savings
	# http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
	preload_app true
	GC.respond_to?(:copy_on_write_friendly=) and GC.copy_on_write_friendly = true

	# Ensure Unicorn uses new Gemfile (not expanded path to old Gemfile).
	before_exec do \|server\|
	ENV['BUNDLE_GEMFILE'] = "#{APP_PATH}/current/Gemfile"
	end

	before_fork do \|server, worker\|
	# the following is highly recomended for Rails + "preload_app true"
	# as there's no need for the master process to hold a connection
	defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect!

	# The following is only recommended for memory/DB-constrained
	# installations. It is not needed if your system can house
	# twice as many worker_processes as you have configured.
	#
	# This allows a new master process to incrementally
	# phase out the old master process with SIGTTOU to avoid a
	# thundering herd (especially in the "preload_app false" case)
	# when doing a transparent upgrade. The last worker spawned
	# will then kill off the old master process with a SIGQUIT.
	old_pid = "#{server.config[:pid]}.oldbin"
	if old_pid != server.pid
	begin
	sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
	Process.kill(sig, File.read(old_pid).to_i)
	rescue Errno::ENOENT, Errno::ESRCH
	end
	end
	#
	# Throttle the master from forking too quickly by sleeping. Due
	# to the implementation of standard Unix signal handlers, this
	# helps (but does not completely) prevent identical, repeated signals
	# from being lost when the receiving process is busy.
	# sleep 1
	end

	after_fork do \|server, worker\|
	# per-process listener ports for debugging/admin/migrations
	# addr = "127.0.0.1:#{9293 + worker.nr}"
	# server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)

	# the following is required for Rails + "preload_app true",
	defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection

	# if preload_app is true, then you may also want to check and
	# restart any other shared sockets/descriptors such as Memcached,
	# and Redis. TokyoCabinet file handles are safe to reuse
	# between any number of forked children (assuming your kernel
	# correctly implements pread()/pwrite() system calls)
	end
	upstream unicorn_myapp {
	server unix:/tmp/unicorn_myapp.sock fail_timeout=0;
	}
	server {
	listen 80;
	server_name www.myapp.com;
	rewrite ^ http://myapp.com$request_uri? permanent;
	}
	server {
	listen 80;
	server_name myapp.com assets0.myapp.com
	assets1.myapp.com
	assets2.myapp.com
	assets3.myapp.com;

	access_log /var/log/nginx/myapp-access.log;
	error_log /var/log/nginx/myapp-error.log;

	root /var/www/apps/myapp/current/public;

	client_max_body_size 10M;

	# Maintenance
	error_page 503 /system/maintenance.html;
	location /system/maintenance.html {
	# Allow requests
	}

	location ~ ^/(images\|javascripts\|stylesheets\|assets)/ {
	expires 1y;
	add_header Cache-Control public;
	add_header ETag "";
	break;
	}

	error_page 405 = @app;

	try_files $uri $uri/index.html $uri.html @app;
	location @app {
	if (-f $document_root/system/maintenance.html) {
	return 503;
	}
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect off;
	proxy_pass http://unicorn_myapp;
	}

	# Rails error pages
	error_page 500 502 504 /500.html;
	location = /500.html {
	root /var/www/apps/myapp/current/public;
	}
	}
	user nginx;
	worker_processes 1;

	error_log /var/log/nginx/error.log warn;
	pid /var/run/nginx.pid;


	events {
	worker_connections 1024;
	use epoll;
	}


	http {
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	log_format main '$remote_addr - $remote_user [$time_local] "$request" '
	'$status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$http_x_forwarded_for"';

	access_log /var/log/nginx/access.log main;

	sendfile on;
	tcp_nopush on;
	tcp_nodelay off;

	keepalive_timeout 10;

	gzip on;
	gzip_http_version 1.0;
	gzip_comp_level 2;
	gzip_proxied any;
	gzip_types text/plain text/css text/xml
	text/javascript application/x-javascript
	application/xml application/xml+rss application/atom+xml;

	include /etc/nginx/conf.d/*.conf;
	}