Adding ssl_cert (boolean) option

New mysql:backup tasks New nginx:ssl task A few gem install tasks (non-default)
winton · Jun 29, 2008 · 513f89d · 513f89d
1 parent 642025a
commit 513f89d
Show file tree

Hide file tree

Showing 6 changed files with 147 additions and 6 deletions.
diff --git a/config/mongrel/nginx.vhost.erb b/config/mongrel/nginx.vhost.erb
@@ -85,4 +85,92 @@ server {
   location = /500.html {
     root <%= deploy_to %>/current/public;
   }
-}
+}
+
+<% if ssl_cert %>
+server {
+  # port to listen on. Can also be set to an IP:PORT
+  listen 443;
+
+  ssl on;
+  ssl_certificate     <%= deploy_to %>/current/cert/cert;
+  ssl_certificate_key <%= deploy_to %>/current/cert/key;
+
+  # Set the max size for file uploads to 50Mb
+  client_max_body_size 50M;
+
+  # sets the domain[s] that this vhost server requests for
+  server_name <%= domains.join ' ' %>;
+
+  # doc root
+  root <%= deploy_to %>/current/public;
+
+  # vhost specific access log
+  access_log  <%= deploy_to %>/shared/log/nginx.log main;
+
+  # this rewrites all the requests to the maintenance.html
+  # page if it exists in the doc root. This is for capistrano's
+  # disable web task
+  if (-f $document_root/system/maintenance.html) {
+    rewrite  ^(.*)$  /system/maintenance.html last;
+    break;
+  }
+
+  location / {
+<% if auth_user %>
+    auth_basic            "Restricted";
+    auth_basic_user_file  <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
+<% end %>
+
+    # needed to forward user's IP address to rails
+    proxy_set_header  X-Real-IP  $remote_addr;
+
+    # needed for HTTPS
+    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+    proxy_redirect false;
+    proxy_max_temp_file_size 0;
+
+    # If the file exists as a static file serve it directly without
+    # running all the other rewite tests on it
+    if (-f $request_filename) { 
+      break; 
+    }
+
+    # check for index.html for directory index
+    # if its there on the filesystem then rewite 
+    # the url to add /index.html to the end of it
+    # and then break to send it to the next config rules.
+    if (-f $request_filename/index.html) {
+      rewrite (.*) $1/index.html break;
+    }
+
+    # this is the meat of the rails page caching config
+    # it adds .html to the end of the url and then checks
+    # the filesystem for that file. If it exists, then we
+    # rewite the url to have explicit .html on the end 
+    # and then send it on its way to the next config rule.
+    # if there is no file on the fs then it sets all the 
+    # necessary headers and proxies to our upstream mongrels
+    if (-f $request_filename.html) {
+      rewrite (.*) $1.html break;
+    }
+
+    if (!-f $request_filename) {
+      # Use other cluster name here if you are running multiple
+      # virtual hosts.
+      <% if mongrels == 1 %>
+      proxy_pass http://127.0.0.1:<%= mongrel_port %>;
+      <% else %>
+      proxy_pass http://mongrel_<%= application %>_<%= stage %>;
+      <% end %>
+      break;
+    }
+  }
+
+  error_page   500 502 503 504  /500.html;
+  location = /500.html {
+    root <%= deploy_to %>/current/public;
+  }
+}
+<% end %>
diff --git a/cookbook.rb b/cookbook.rb
@@ -25,6 +25,7 @@
   set :db_user,             fetch(:db_user,             'app')
   set :db_pass,             fetch(:db_pass,             '')
   set :platform,            fetch(:platform,            :rails) # Or :php
+  set :ssl_cert,            fetch(:ssl_cert,            false)
   set :use_sudo,            fetch(:use_sudo,            false)
   set :auth_user,           fetch(:auth_user,           false)
   set :nginx_dir,           fetch(:nginx_dir,           '/usr/local/nginx/conf')

diff --git a/recipes/gems.rb b/recipes/gems.rb
@@ -26,10 +26,15 @@
       end
 
       desc 'Install Chronic'
-      task :rails, :roles => :app do
+      task :chronic, :roles => :app do
         gem_install :chronic
       end
 
+      desc 'Install gchart'
+      task :gchart, :roles => :app do
+        gem_install :googlecharts
+      end
+
       desc 'Install HAML'
       task :haml, :roles => :app do
         gem_install :haml, '--no-ri'
@@ -40,6 +45,11 @@
         gem_install :hpricot
       end
 
+      desc 'Install Json'
+      task :json, :roles => :app do
+        gem_install :json
+      end
+
       desc 'Install Mime-types'
       task :mime_types, :roles => :app do
         gem_install 'mime-types'

diff --git a/recipes/log.rb b/recipes/log.rb
@@ -5,24 +5,27 @@
       desc "Tail all remote logs"
       task :default, :roles => :app do
         log.tail.nginx
-        puts '='*100
         log.tail.mongrel
-        puts '='*100
         log.tail.production
       end
 
       desc "Tail the remote Nginx log"
       task :nginx, :roles => :app do
+        puts 'Nginx ' + '=' * 100
         run_puts "tail -100 #{shared_path}/log/nginx.log"
       end
 
       desc "Tail the remote Mongrel log"
       task :mongrel, :roles => :app do
-        run_puts "tail -100 #{shared_path}/log/mongrel*.log"
+        (mongrel_port..(mongrel_port + production_mongrels - 1)).each do |port|
+          puts "Mongrel #{port} " + '=' * 100
+          run_puts "tail -100 #{shared_path}/log/mongrel.#{port}.log"
+        end
       end
 
       desc "Tail the remote Rails production log"
       task :production, :roles => :app do
+        puts 'Production ' + '=' * 100
         run_puts "tail -100 #{shared_path}/log/production.log"
       end
     end

diff --git a/recipes/mysql.rb b/recipes/mysql.rb
@@ -53,7 +53,7 @@
     end
 
     desc "Updates my.cnf from the file in config/cookbook"
-    task :config do
+    task :config, :roles => :db do
       question = [
         "This task updates your server's my.cnf (MySQL config) with the one in config/cookbook.",
         "OK?"
@@ -63,6 +63,26 @@
         sudo "/etc/init.d/mysql restart"
       end
     end
+
+    namespace :backup do
+      desc "Backup database to local workstation"
+      task :to_local, :roles => :db do
+        to_server
+        system "mkdir -p ~/db_backups/#{stage}/#{application}"
+        get "#{shared_path}/db_backups/#{backup_name}.bz2", File.expand_path("~/db_backups/#{stage}/#{application}/#{backup_name}.bz2")
+      end
+
+      desc "Backup database to server"
+      task :to_server, :roles => :db do
+        run "mkdir -p #{shared_path}/db_backups"
+        run "mysqldump --add-drop-table -u #{db_user} -p#{db_pass} #{db_table}_production | bzip2 -c > #{shared_path}/db_backups/#{backup_name}.bz2"
+      end
+
+      def backup_name
+        now = Time.now
+        [ now.year, now.month, now.day ].join('-') + '.sql'
+      end
+    end
   end
 
 end
diff --git a/recipes/nginx.rb b/recipes/nginx.rb
@@ -54,6 +54,25 @@
           sudo_each "rm -f #{nginx_dir}/nginx.conf"
         end
       end
+
+      namespace :ssl do
+        desc "Generate remote SSL key"
+        task :default, :roles => :app do
+          # http://www.geotrust.com/quickssl/csr
+          question = [
+            "This task creates cert/key and cert/csr. Press enter for all optional SSL questions.",
+            "Use these files when buying an SSL cert.",
+            '',
+            "Place the purchased cert in cert/cert. Set :ssl_cert => true in deploy.rb.",
+            "OK?"
+          ]
+          if yes(question)
+            system 'mkdir -p cert'
+            system 'openssl genrsa -out cert/key 1024'
+            system 'openssl req -new -key cert/key -out cert/csr'
+          end
+        end
+      end
     end
   end