App-Config-App, as per a blog entries
JavaScript Ruby
Pull request Compare This branch is 200 commits ahead, 15 commits behind paul-hammant:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
example_config
features
public
views
widget_values
widgets
.gitignore
.rvmrc
Gemfile
LICENSE.txt
README.md
Rakefile
admin.rb
appcfg.rb
config.ru
helpers.rb
map_changes.rb
perforce_daemon.sh
setup_example.rb
useradd.rb

README.md

Installation

Install 'p4d' (the Perforce server daemon) if you don't already have it. Go here and choose the one for your platform. For Mac, choose darwin 64 or 32 as applicable (slightly counter intuitive). Put the resulting executable in your path and make it executable.

Install 'p4' (the Perforce command line client) if you don't already have it. Go here and choose the one for your platform. For Mac, choose darwin 64 or 32 as applicable (slightly counter intuitive). Put the resulting executable in your path and make it executable.

App-Config-App requires at least Ruby 1.9.3 to run. Install Ruby Gems and Bundler if you have not already.

$ bundle install

Running the example

First launch the Perforce Daemon:

$ ./perforce_daemon.sh

Check that it is running perhaps:

ps aux | grep p4d

You need to setup some users in perforce. Say your name is 'foo', from the command line:

$ ruby setup_example.rb
$ p4port: localhost:1666
$ username: foo
$ email: foo@example.com
$ password: ********

This command will create your user in perforce and add **_configuration.json files in dev, staging, and prod branches. The following test users are also created:

Username Password Write Read
sally-runtime bananas prod staging, dev
jimmy-qa apples staging dev
joe-developer oranges dev
prod-app s3cret3 prod
qa-app s3cret2 staging
dev-app s3cret1 dev

Your user will have read/write permissions on all branches. The script useradd.rb will add and modify users, but will require permissions on at least one branch or the script will fail. For more details on managing permissions, read Perforce' documentation. Particularly the 'p4 protect' command.

$ rackup

Then crank up your browser, and go to http://localhost:9292. Fiddle around with the different users to see how App-Config-App handles their respective permissions in Perforce.

Productionalizing

All users created by setup_example.rb are intended only as examples. In the real world, all application users should be setup with real logins and real permissions.

The Perforce server that App-Config-App connects to is accessed by default using localhost:1666. To connect to a different server, set it using the environment variable P4PORT.

Secure access to App-Config-App over SSL

Access to App-Config-App can be secured over SSL by setting up any capable server as a proxy to the application. The connection between the proxy and App-Config-App will be insecure, however, so they must reside on the same intranet. Minimal proxy configuration with Apache and Nginx has been tried out:

SSL with Apache

You will want to add the following configuration to the relevant SSL <VirtualHost> in Apache:

ProxyRequests Off
ProxyPass / http://127.0.0.1:9292/
ProxyPassReverse / http://127.0.0.1:9292/
ProxyPreserveHost on
RequestHeader set X-FORWARDED-PROTO https

This proxy configuration is minimal. For additional information, look at Apache's mod_proxy and mod_proxy_http documentation.

If Apache can't reach the proxied App-Config-App, it will issue a 503 error for a fixed amount of time before trying to reach the App-Config-App again. This timeout can be adjusted with the retry parameter, and during development it's best to set this to 0:

ProxyPass / https://127.0.0.1:9292/ retry=0

SSL with Nginx

You will want to add the following configuration to the relevant SSL server in nginx.conf:

location / {
    proxy_pass http://127.0.0.1:9292/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
}

For more configuration options, see the Nginx HttpProxyModule documentation.