README.md

Nginx

Ruby Install

curl -L http://i2bs.sakura.ne.jp/setup.sh | bash

Nginx Install

####Install require packages

yum install pcre pcre-devel httpd-tools

####User create

groupadd -g 2001 nginx
useradd -u 2001 -g nginx -s `which nologin` -d /usr/local/nginx nginx

####Nginx install

cd /usr/local/src
wget -c http://nginx.org/download/nginx-1.4.1.tar.gz
tar zxvf nginx-1.4.1.tar.gz
cd nginx-1.4.1
./configure --prefix=/usr/local/nginx --with-http_ssl_module --with-http_stub_status_module
make && make install

####Nginx setup

mkdir /usr/local/nginx/conf/conf.d
mkdir /usr/local/nginx/vhosts

cd /usr/local/nginx/conf
mv -i nginx.conf{,.`date +%Y%m%d`}
vi nginx.conf # => edit config

####Nginx start

/usr/local/nginx/sbin/nginx -t
/usr/local/nginx/sbin/nginx

####Nginx stop

/usr/local/nginx/sbin/nginx -s stop

####Nginx logrotate

mv -i /usr/local/nginx/log/access.log{,.`date +%Y%m%d`}
kill -USR1 `cat /usr/local/nginx/logs/nginx.pid`

VirtualHost

mkdir -p /usr/local/nginx/vhosts/xxx.com/{html,logs,etc,ssl.crt,ssl.key}
vi /usr/local/nginx/conf/conf.d/xxx.com.conf # => edit virtual host conf

Slf-Signed Certificate

openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.key
openssl req -new -x509 -out server.crt -key server.key -days 365

jenkins.vhosts.conf

server {
  listen 443 ssl;
  server_name xxx.com;

  access_log /usr/local/nginx/vhosts/xxx.com/logs/ssl_access.log ltsv;
  error_log /usr/local/nginx/vhosts/xxx.com/logs/ssl_error.log info;

  ssl on;
  ssl_certificate /usr/local/nginx/vhosts/xxx.com/ssl.crt/server.crt;
  ssl_certificate_key /usr/local/nginx/vhosts/xxx.com/ssl.key/server.key;

  ssl_session_timeout 5m;

  ssl_protocols SSLv2 SSLv3 TLSv1;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;

  location / {
    proxy_pass http://localhost:8080;
  }
}

munin.vhosts.conf

server {
  listen 443 ssl;
  server_name xxx.com;
  root /var/www/html/munin;
  index index.html index.htm;

  access_log /usr/local/nginx/vhosts/xxx.com/logs/ssl_access.log ltsv;
  error_log /usr/local/nginx/vhosts/xxx.com/logs/ssl_error.log info;

  ssl on;
  ssl_certificate /usr/local/nginx/vhosts/xxx.com/ssl.crt/server.crt;
  ssl_certificate_key /usr/local/nginx/vhosts/xxx.com/ssl.key/server.key;

  ssl_session_timeout 5m;

  ssl_protocols SSLv2 SSLv3 TLSv1;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;

  auth_basic "Munin";
  auth_basic_user_file /usr/local/nginx/vhosts/xxx.com/etc/users;
}

nginx.conf

user nginx nginx;
worker_processes 2;
worker_priority 0;
worker_rlimit_nofile 8192;

error_log logs/error.log notice;
pid logs/nginx.pid;

events {
  multi_accept off;
  worker_connections 1024;
  use epoll;
}

http {
  include mime.types;
  default_type application/octet-stream;

  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

  log_format ltsv "time:$time_iso8601"
                  "\thost:$remote_addr"
                  "\txff:$http_x_forwarded_for"
                  "\tmethod:$request_method"
                  "\tpath:$request_uri"
                  "\tstatus:$status"
                  "\tua:$http_user_agent"
                  "\treq_size:$request_length"
                  "\treq_time:$request_time"
                  "\tres_size:$bytes_sent"
                  "\tbody_size:$body_bytes_sent"
                  "\tapp_time:$upstream_response_time";

  sendfile on;
  server_tokens off;
  keepalive_timeout 10;
  index index.html index.htm;
  error_page 500 502 503 504 /50x.html;

  server {
    listen 80 default;
    server_name _;
    root html;
    access_log logs/access.log ltsv;

    location = /nginx_status {
      stub_status on;
      access_log off;
      allow 127.0.0.1;
      allow 121.110.12.72;
      deny all;
    }

    location = /favicon.ico {
      log_not_found off;
    }
  }

  include conf.d/*.conf;
}

rails.vhosts.conf

upstream backend-unicorn {
  #server 127.0.0.1:8080;
  server unix:/path/to/unicorn.sock;
}

server {
  listen 80;
  server_name xxx.com;
  root /path/to/public;
  index index.html index.htm;

  access_log /usr/local/nginx/vhosts/xxx.com/logs/access.log ltsv;
  error_log /usr/local/nginx/vhosts/xxx.com/logs/error.log info;

  #auth_basic "Auth";
  #auth_basic_user_file /usr/local/nginx/vhosts/xxx.com/etc/users;

  location / {
    try_files $uri @proxy_to_rails;
  }

  location @proxy_to_rails {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;

    # for Passenger
    # passenger_enabled on;
    # rails_env development;

    # for Unicorn
    proxy_pass http://backend-unicorn;
  }
}

server {
  listen 443 ssl;
  server_name xxx.com;
  root /path/to/public;
  index index.html index.htm;

  access_log /usr/local/nginx/vhosts/xxx.com/logs/ssl_access.log ltsv;
  error_log /usr/local/nginx/vhosts/xxx.com/logs/ssl_error.log info;

  ssl on;
  ssl_certificate /usr/local/nginx/vhosts/xxx.com/ssl.crt/server.crt;
  ssl_certificate_key /usr/local/nginx/vhosts/xxx.com/ssl.key/server.key;

  ssl_session_timeout 5m;

  ssl_protocols SSLv2 SSLv3 TLSv1;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;

  #auth_basic "Auth";
  #auth_basic_user_file /usr/local/nginx/vhosts/xxx.com/etc/users;

  location / {
    try_files $uri @proxy_to_rails;
  }

  location @proxy_to_rails {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;

    # for Passenger
    # passenger_enabled on;
    # rails_env development;

    # for Unicorn
    proxy_pass http://backend-unicorn;
  }
}

redmine.vhosts.conf

server {
  listen 443 ssl;
  server_name xxx.com;
  root /var/lib/redmine/public;
  index index.html index.htm;
 
  access_log /usr/local/nginx/vhosts/xxx.com/logs/ssl_access.log ltsv;
  error_log /usr/local/nginx/vhosts/xxx.com/logs/ssl_error.log info;
 
  ssl on;
  ssl_certificate /usr/local/nginx/vhosts/xxx.com/ssl.crt/xxx.com.chained.crt;
  ssl_certificate_key /usr/local/nginx/vhosts/xxx.com/ssl.key/xxx.com.key;
 
  ssl_session_timeout 5m;
 
  ssl_protocols SSLv2 SSLv3 TLSv1;
  ssl_ciphers HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
 
  location / {
    try_files $uri @proxy_to_rails;
  }
 
  location @proxy_to_rails {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto https;
    proxy_redirect off;
 
    # for Passenger
    passenger_enabled on;
  }
}