Skip to content

Instantly share code, notes, and snippets.

@axilleas

axilleas/diaspora.tmpfiles.d

Last active August 29, 2015 14:12
Show Gist options
  • Save axilleas/8da6c2febefc0230ad51 to your computer and use it in GitHub Desktop.
Save axilleas/8da6c2febefc0230ad51 to your computer and use it in GitHub Desktop.
Download ZIP
Diaspora systemd services for unicorn and sidekiq
Raw
diaspora.tmpfiles.d
d /run/diaspora 0755 diaspora diaspora -
Raw
nginx_diaspora.conf
upstream diaspora {
server unix:/run/diaspora/diaspora.sock fail_timeout=0;
}
server {
listen [::]:80;
listen 80;
server_name _;
return 301 https://{{ sitename }}$request_uri;
}
server {
listen [::]:443 ssl spdy;
listen 443 ssl spdy;
server_name {{ sitename }};
root /home/diaspora/diaspora/public;
server_tokens off;
error_log /var/log/nginx/diaspora_error.log;
# Configure maximum picture size
# Note that Diaspora has a client side check set at 4M
client_max_body_size 4M;
## SSL settings
ssl_certificate {{ ssl_cert }};
ssl_certificate_key {{ ssl_cert_key }};
# https://wiki.mozilla.org/Security/Server_Side_TLS
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
add_header Strict-Transport-Security "max-age=31536000";
location / {
# Proxy if requested file not found
try_files $uri $uri/index.html $uri.html @diaspora;
}
location @diaspora {
gzip off;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_redirect off;
proxy_pass http://diaspora;
}
}
Raw
sidekiq.service
[Unit]
Description=Diaspora Sidekiq Worker
Requires=redis.service
After=redis.service network.target
[Service]
User=diaspora
Group=diaspora
SyslogIdentifier=diaspora-sidekiq
WorkingDirectory=/home/diaspora/diaspora
Environment=RAILS_ENV=production
## Uncomment if postgres is installed
#Environment=DB=postgres
Restart=always
CPUAccounting=true
MemoryAccounting=true
BlockIOAccounting=true
CapabilityBoundingSet=
PrivateTmp=true
ExecStart=/usr/bin/bundle exec "sidekiq -e production -L log/sidekiq.log >> log/sidekiq.log 2>&1"
[Install]
WantedBy=multi-user.target
Raw
unicorn.service
[Unit]
Description=Diaspora Unicorn Server
Requires=redis.service
After=redis.service network.target
[Service]
User=diaspora
Group=diaspora
SyslogIdentifier=diaspora-unicorn
WorkingDirectory=/home/diaspora/diaspora
Environment=RAILS_ENV=production
## Uncomment if postgres is installed
#Environment=DB=postgres
PIDFile=/run/diaspora/unicorn.pid
Restart=always
CPUAccounting=true
MemoryAccounting=true
BlockIOAccounting=true
CapabilityBoundingSet=
PrivateTmp=true
NoNewPrivileges=true
ExecStart=/usr/bin/bundle exec "unicorn_rails -c config/unicorn.rb -E ${RAILS_ENV}"
[Install]
WantedBy=multi-user.target
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment