diff options
author | Louise Crow <louise.crow@gmail.com> | 2014-08-08 16:19:49 +0100 |
---|---|---|
committer | Louise Crow <louise.crow@gmail.com> | 2014-08-08 16:19:49 +0100 |
commit | a760114de869ce3f07358dde19b8b5cc5d36003b (patch) | |
tree | c55b0b5037bc42cbc6b4a65cbb7d8b048c056efd | |
parent | c3e1825ffbdd86f477491447972ff24416d8ba96 (diff) | |
parent | d700f325de56c8a039cbe4178dd44842ef0ee977 (diff) |
Merge branch 'rails-3-develop' of ssh://git.mysociety.org/data/git/public/alaveteli into rails-3-develop
-rw-r--r-- | config/httpd-force-ssl.conf-example | 5 | ||||
-rw-r--r-- | config/httpd-ssl.conf-example | 24 | ||||
-rw-r--r-- | config/httpd.conf-example | 222 | ||||
-rwxr-xr-x | config/sysvinit-thin.ugly | 68 | ||||
-rwxr-xr-x | config/sysvinit.example | 53 | ||||
-rw-r--r-- | lib/tasks/config_files.rake | 21 | ||||
-rw-r--r-- | lib/tasks/stats.rake | 4 | ||||
-rwxr-xr-x | script/site-specific-install.sh | 11 |
8 files changed, 260 insertions, 148 deletions
diff --git a/config/httpd-force-ssl.conf-example b/config/httpd-force-ssl.conf-example new file mode 100644 index 000000000..0e89afe62 --- /dev/null +++ b/config/httpd-force-ssl.conf-example @@ -0,0 +1,5 @@ +# Rewrite all proxied HTTP requests to HTTPS. +# Only include if FORCE_SSL: true is set in general.yml +# Expected to be found at /etc/apache2/vhost.d/alaveteli +RewriteCond %{HTTP:X-Forwarded-Proto} !https +RewriteRule /(.*) https://www.example.com/$1 [L,R=permanent] diff --git a/config/httpd-ssl.conf-example b/config/httpd-ssl.conf-example new file mode 100644 index 000000000..8f099b8a6 --- /dev/null +++ b/config/httpd-ssl.conf-example @@ -0,0 +1,24 @@ +# VirtualHost for HTTPS requests +<VirtualHost *:443> + ServerName www.example.com + + ErrorLog /var/log/apache2/alaveteli_error.log + CustomLog /var/log/apache2/alaveteli_access.log combined + + ProxyRequests Off + ProxyPreserveHost On + ProxyPass / http://localhost:80/ + ProxyPassReverse / http://localhost:80/ + RequestHeader set X-Forwarded-Proto 'https' + + SSLEngine on + SSLProtocol all -SSLv2 + SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM + + SSLCertificateFile /etc/ssl/certs/www.example.com.cert + SSLCertificateKeyFile /etc/ssl/private/www.example.com.key + # SSLCertificateChainFile /etc/ssl/sub.class2.server.ca.pem + # SSLCACertificateFile /etc/ssl/ca.pem + + SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown +</VirtualHost> diff --git a/config/httpd.conf-example b/config/httpd.conf-example index 8d549d363..9736cafff 100644 --- a/config/httpd.conf-example +++ b/config/httpd.conf-example @@ -1,81 +1,145 @@ -# Apache configuration for FOI site. -# -# For development ignore this, you can just run ./scripts/server as for any -# Ruby on Rails application. -# -# Copyright (c) 2007 UK Citizens Online Democracy. All rights reserved. -# Email: hello@mysociety.org; WWW: http://www.mysociety.org - -# This is needed for the PHP spell checker -<Location /fcgi> - Options +ExecCGI - SetHandler fastcgi-script -</Location> - -RewriteEngine On -#RewriteLog /var/log/apache2/rewrite.log -#RewriteLogLevel 9 - -# TODO: do we need this now we use Passenger? -# Pass through the HTTP basic authentication to mongrel. See also -# admin_http_auth_user in app/controllers/application.rb -# Note: Apache 2 only. Doesn't work in Apache 1.3, you'll need to live without -# it. -RewriteCond %{LA-U:REMOTE_USER} (.+) -RewriteRule . - [E=RU:%1] -RequestHeader add X-Forwarded-User %{RU}e - -# Old /files URL to new subdomain (as can't use Alias with passenger, -# so we do it on its own domain). This is for custom admin upload -# files for archiving. -RewriteRule /files/(.+) http://files.whatdotheyknow.com/$1 - -# Serve attachments directly from the cache, if possible. -# -# The file names are URL-encoded on disk, and sharded by the first -# three digits of the request id, which is why this is as complicated -# as it is. The RewriteMap directive makes the URL-escaping function -# available to use in the other directives. -# -# The condition means that the rule will fire only if the cached -# file exists. -RewriteMap escape int:escape -RewriteCond %{DOCUMENT_ROOT}/views_cache/request/$2/$1/${escape:$3} -f -RewriteRule ^/request/((\d{1,3})\d*)/(response/\d+/attach/(html/)?\d+/.+) /views_cache/request/$2/$1/${escape:$3} [L] - - -<IfModule mod_passenger.c> - # Set this to something like 100 if you have memory leak issues - PassengerMaxRequests 500 - PassengerResolveSymlinksInDocumentRoot on - # Recommend setting this to 3 or less on servers with 512MB RAM - PassengerMaxPoolSize 6 - # The RackEnv variable applies to Rails 3 applications, while - # the RailsEnv variable applies to applications for earlier - # versions of Rails. There doesn't seem to be any harm in - # setting both, however. - RailsEnv production - RackEnv production -</IfModule> - -# Gzip font resources -<IfModule mod_deflate.c> - <IfModule mod_mime.c> - Addtype font/opentype .otf - Addtype font/opentype .woff - Addtype font/eot .eot - Addtype font/truetype .ttf +# Redirect other domains to canonical domain +<VirtualHost *:80> + ServerName example.com + ServerAlias example.org + ServerAlias www.example.org + RedirectPermanent / http://www.example.com/ +</VirtualHost> + +# Canonical domain vHost +<VirtualHost *:80> + ServerName www.example.com + ServerAdmin webmaster@example.com + DocumentRoot /var/www/alaveteli/public + + # TODO: Remove this and use PassengerUser when supported + # This is the user that runs the rails application processes + SuExecUserGroup alaveteli alaveteli + RewriteEngine On + + ErrorLog /var/log/apache2/alaveteli_error.log + CustomLog /var/log/apache2/alaveteli_access.log combined + + # App server configuration + <IfModule mod_passenger.c> + PassengerAppRoot /var/www/alaveteli + PassengerResolveSymlinksInDocumentRoot on + + # See http://blog.phusion.nl/2013/03/12/tuning-phusion-passengers-concurrency-settings/ + # and http://blog.scoutapp.com/articles/2009/12/08/production-rails-tuning-with-passenger-passengermaxprocesses + # for more information on tuning Passenger + + # Set this to something like 100 if you have memory leak issues + PassengerMaxRequests 2000 + # Passenger's default MaxPoolSize is 6. At the time of writing + # normal instances of Alaveteli seem to take 150-200MB per + # process, so we've set this conservatively at 3. Read the guides + # above to tune this for your system + PassengerMaxPoolSize 3 + + # The RAILS_ENV that the app is running in. This can be any of + # the environments listed in APP_ROOT/config/environments. + RailsEnv production + RackEnv production </IfModule> - AddOutputFilterByType DEFLATE font/opentype font/truetype font/eot - AddOutputFilterByType DEFLATE image/svg+xml -</IFModule> - -# Set the Sendfile header and switch sendfile on - Apache will -# now handle send_file calls from Alaveteli -<Location /> - <IfModule mod_xsendfile.c> - RequestHeader Set X-Sendfile-Type X-Sendfile - XSendFile On - XSendFileAllowAbove On + + # This is your Rails app's public directory + <Directory "/var/www/alaveteli/public"> + Options +ExecCGI -MultiViews + AllowOverride All + </Directory> + + # Maintenance Page + # Make a file down.html in the DocumentRoot to bring down the whole + # site and display itself. + RewriteEngine on + ErrorDocument 503 /down.html + Redirect 503 /down + + # If down.html exists, and that's what's been asked for, + # just hand it over + RewriteCond %{DOCUMENT_ROOT}/down.html -s + RewriteRule /down.html /down.html [L] + + RewriteCond %{DOCUMENT_ROOT}/down.html -s + RewriteRule /(.+).cgi /down [PT] + RewriteCond %{DOCUMENT_ROOT}/down.html -s + RewriteRule /(.+).php /down [PT] + # Mainly for Rails/Django type sites - anything without a . can go down + # TODO: could we just check that it is an HTML content-type? + RewriteCond %{DOCUMENT_ROOT}/down.html -s + RewriteRule /([^.]*)$ /down [PT] + # END Maintenance Page + + # Set the Sendfile header and switch sendfile on - Apache will + # now handle send_file calls from Alaveteli + <Location /> + <IfModule mod_xsendfile.c> + RequestHeader Set X-Sendfile-Type X-Sendfile + XSendFile On + XSendFilePath /var/www/alaveteli/public + </IfModule> + </Location> + + # Commonlib is typically found in alaveteli/commonlib + Alias /jslib/ "/var/www/alaveteli/commonlib/jslib" + <Directory "/var/www/alaveteli/commonlib/jslib"> + Options +ExecCGI + AddHandler fastcgi-script .cgi + </Directory> + + # Serve attachments directly from the cache, if possible. + # + # The file names are URL-encoded on disk, and sharded by the first + # three digits of the request id, which is why this is as complicated + # as it is. The RewriteMap directive makes the URL-escaping function + # available to use in the other directives. + # + # The condition means that the rule will fire only if the cached + # file exists. + RewriteMap escape int:escape + RewriteCond %{DOCUMENT_ROOT}/views_cache/request/$2/$1/${escape:$3} -f + RewriteRule ^/request/((\d{1,3})\d*)/(response/\d+/attach/(html/)?\d+/.+) /views_cache/request/$2/$1/${escape:$3} [L] + RewriteCond %{DOCUMENT_ROOT}/views_cache/cy/request/$2/$1/${escape:$3} -f + RewriteRule ^/cy/request/((\d{1,3})\d*)/(response/\d+/attach/(html/)?\d+/.+) /views_cache/cy/request/$2/$1/${escape:$3} [L] + + # Compress assets + <Location /> + <IfModule mod_deflate.c> + AddOutputFilterByType DEFLATE text/css application/javascript text/plain + </IfModule> + </Location> + + # Cache assets + ExpiresActive On + <LocationMatch "^/(assets).*\.(ico|gif|jpe?g|png|js|css|svg|ttf|otf|eot|woff)$"> + ExpiresDefault "access plus 1 day" + </LocationMatch> + + # Compress font resources + <IfModule mod_deflate.c> + <IfModule mod_mime.c> + Addtype font/opentype .otf + Addtype font/opentype .woff + Addtype font/eot .eot + Addtype font/truetype .ttf + </IfModule> + AddOutputFilterByType DEFLATE font/opentype font/truetype font/eot + AddOutputFilterByType DEFLATE image/svg+xml </IfModule> -</Location> + + # Include optional configuration + Include vhost.d/alaveteli + +</VirtualHost> + +# Large / static files for WhatDoTheyKnow. Used for manual sysadmin uploads. +# Is on its own files.example.com subdomain (instead of old /files URL) +# as mod_alias doesn't work with Passenger. +# <VirtualHost *:80> +# ServerName files.example.com +# DocumentRoot /var/www/alaveteli/files +# <Directory "/var/www/alaveteli/files"> +# Options +Indexes +# </Directory> +# </VirtualHost> diff --git a/config/sysvinit-thin.ugly b/config/sysvinit-thin.ugly new file mode 100755 index 000000000..cc604d994 --- /dev/null +++ b/config/sysvinit-thin.ugly @@ -0,0 +1,68 @@ +#! /bin/sh +### BEGIN INIT INFO +# Provides: application-thin-!!(*= $site *)!! +# Required-Start: $local_fs $network +# Required-Stop: $local_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Starts the Thin app server for the "!!(*= $site *)!!" site +# Description: The Thin app server for the "!!(*= $site *)!!" site +### END INIT INFO + +# This example sysvinit script is based on the helpful example here: +# http://richard.wallman.org.uk/2010/02/howto-deploy-a-catalyst-application-using-fastcgi-and-nginx/ + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +NAME=!!(*= $site *)!! +SITE_HOME=!!(*= $vhost_dir *)!!/!!(*= $vcspath *)!! +DESC="Alaveteli app server" +USER=!!(*= $user *)!! + +set -e + +# Check that the Daemon can be run +su -l -c "cd $SITE_HOME && bundle exec thin --version &> /dev/null || exit 0" $USER + +start_daemon() { + echo -n "Starting $DESC: " + cd "$SITE_HOME" && bundle exec thin \ + --environment=production \ + --user="$USER" \ + --group="$USER" \ + --address=127.0.0.1 \ + --daemonize \ + --quiet \ + start || true + echo "$NAME." +} + +stop_daemon() { + echo -n "Stopping $DESC: " + cd "$SITE_HOME" && bundle exec thin --quiet stop || true + echo "$NAME." +} + +restart_daemon() { + echo -n "Restarting $DESC: " + cd "$SITE_HOME" && bundle exec thin --onebyone --quiet restart || true + echo "$NAME." +} + +case "$1" in + start) + start_daemon + ;; + stop) + stop_daemon + ;; + reload|restart|force-reload) + restart_daemon + ;; + *) + N=/etc/init.d/$NAME + echo "Usage: $N {start|stop|reload|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/config/sysvinit.example b/config/sysvinit.example deleted file mode 100755 index 443e7c3fb..000000000 --- a/config/sysvinit.example +++ /dev/null @@ -1,53 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: application-thin-alaveteli -# Required-Start: $local_fs $network -# Required-Stop: $local_fs $network -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Starts the Thin web server for the "Alaveteli" site -# Description: The Thin web server for the "Alaveteli" site -### END INIT INFO - -# This example sysvinit script is based on the helpful example here: -# http://richard.wallman.org.uk/2010/02/howto-deploy-a-catalyst-application-using-fastcgi-and-nginx/ - -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -SITE_HOME=/var/www/alaveteli -NAME=alaveteli -DESC="Alaveteli app server" -USER=fms - -echo $DAEMON -test -f $DAEMON || exit 0 - -set -e - -start_daemon() { - su -l -c "cd $SITE_HOME/alaveteli && bundle exec thin -d -p 3300 -e development start" $USER -} - -stop_daemon() { - pkill -f thin -u $USER || true -} - -case "$1" in - start) - start_daemon - ;; - stop) - stop_daemon - ;; - reload|restart|force-reload) - stop_daemon - sleep 5 - start_daemon - ;; - *) - N=/etc/init.d/$NAME - echo "Usage: $N {start|stop|reload|restart|force-reload}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/lib/tasks/config_files.rake b/lib/tasks/config_files.rake index 438b63fc0..5dda64a04 100644 --- a/lib/tasks/config_files.rake +++ b/lib/tasks/config_files.rake @@ -28,22 +28,23 @@ namespace :config_files do 'VHOST_DIR', 'SCRIPT_FILE'], example) - script_file = ENV['SCRIPT_FILE'] - site = ENV.fetch('SITE', 'foi') - replacements = { :user => ENV['DEPLOY_USER'], :vhost_dir => ENV['VHOST_DIR'], - :vcspath => ENV.fetch('VCSPATH', 'alaveteli'), - :site => site + :vcspath => ENV.fetch('VCSPATH') { 'alaveteli' }, + :site => ENV.fetch('SITE') { 'foi' } } - daemon_name = File.basename(script_file, '-debian.ugly') - replacements.update(:daemon_name => "#{ site }-#{ daemon_name }") - converted = convert_ugly(script_file, replacements) - rails_env_file = File.expand_path(File.join(Rails.root, 'config', 'rails_env.rb')) + # Use the filename for the $daemon_name ugly variable + daemon_name = File.basename(ENV['SCRIPT_FILE'], '-debian.ugly') + replacements.update(:daemon_name => "#{ replacements[:site] }-#{ daemon_name }") + + # Generate the template for potential further processing + converted = convert_ugly(ENV['SCRIPT_FILE'], replacements) - unless File.exists?(rails_env_file) + # gsub the RAILS_ENV in to the generated template if its not set by the + # hard coded config file + unless File.exists?("#{ Rails.root }/config/rails_env.rb") converted.each do |line| line.gsub!(/^#\s*RAILS_ENV=your_rails_env/, "RAILS_ENV=#{Rails.env}") line.gsub!(/^#\s*export RAILS_ENV/, "export RAILS_ENV") diff --git a/lib/tasks/stats.rake b/lib/tasks/stats.rake index f09594529..46a645b4d 100644 --- a/lib/tasks/stats.rake +++ b/lib/tasks/stats.rake @@ -119,7 +119,7 @@ DESC count ? count : 0 end - row = [body.name] + stats + row = [%Q("#{ body.name }")] + stats puts row.join(",") end end @@ -147,7 +147,7 @@ DESC count ? count : 0 end - row = [body.name] + stats + row = [%Q("#{ body.name }")] + stats puts row.join(",") end end diff --git a/script/site-specific-install.sh b/script/site-specific-install.sh index fce230822..4c8c99aa2 100755 --- a/script/site-specific-install.sh +++ b/script/site-specific-install.sh @@ -134,10 +134,6 @@ su -l -c "$BIN_DIRECTORY/install-as-user '$UNIX_USER' '$HOST' '$DIRECTORY'" "$UN # no longer need the PostgreSQL user to be a superuser: echo "ALTER USER \"$UNIX_USER\" WITH NOSUPERUSER;" | su -l -c 'psql' postgres -if [ ! "$DEVELOPMENT_INSTALL" = true ]; then - install_sysvinit_script -fi - # Set up root's crontab: cd "$REPOSITORY" @@ -151,6 +147,13 @@ sed -r \ -i /etc/cron.d/alaveteli echo $DONE_MSG +if [ ! "$DEVELOPMENT_INSTALL" = true ]; then + echo -n "Creating /etc/init.d/$SITE... " + (su -l -c "cd '$REPOSITORY' && bundle exec rake config_files:convert_init_script DEPLOY_USER='$UNIX_USER' VHOST_DIR='$DIRECTORY' VCSPATH='$SITE' SITE='$SITE' SCRIPT_FILE=config/sysvinit-thin.ugly" "$UNIX_USER") > /etc/init.d/"$SITE" + chmod a+rx /etc/init.d/"$SITE" + echo $DONE_MSG +fi + echo -n "Creating /etc/init.d/foi-alert-tracks... " (su -l -c "cd '$REPOSITORY' && bundle exec rake config_files:convert_init_script DEPLOY_USER='$UNIX_USER' VHOST_DIR='$DIRECTORY' SCRIPT_FILE=config/alert-tracks-debian.ugly" "$UNIX_USER") > /etc/init.d/foi-alert-tracks chmod a+rx /etc/init.d/foi-alert-tracks |