init commit

Author: Ben Visser

Dockerfile

@@ -0,0 +1,49 @@
+FROM ruby:2.2.5
+MAINTAINER iron.io
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update \
+  && apt-get install -qq -y software-properties-common wget vim
+
+# install nginx
+RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 \
+  && echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list \
+  && apt-get update \
+  && apt-get install -qq -y nginx=1.10.2-1~jessie
+
+# install foreman
+RUN gem install foreman \
+  && gem install unicorn
+
+# install the latest postgresql lib for pg gem
+RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
+    apt-get update && \
+    apt-get install -y --force-yes libpq-dev
+
+# install MySQL(for mysql, mysql2 gem)
+RUN apt-get install -qq -y libmysqlclient-dev
+
+# install dockerize
+RUN wget -q https://github.com/jwilder/dockerize/releases/download/v0.2.0/dockerize-linux-amd64-v0.2.0.tar.gz \
+  && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-v0.2.0.tar.gz
+
+RUN apt-get clean \
+  && cd /var/lib/apt/lists && rm -fr *Release* *Sources* *Packages* \
+  && truncate -s 0 /var/log/*log
+
+# install Rails App
+WORKDIR /app
+ENV RAILS_ENV production
+ONBUILD ADD Gemfile /app/Gemfile
+ONBUILD ADD Gemfile.lock /app/Gemfile.lock
+ONBUILD RUN bundle install --without development test
+ONBUILD ADD . /app
+ONBUILD RUN bundle exec rake assets:precompile
+
+ADD nginx-sites.conf /etc/nginx/sites-enabled/default
+ADD nginx.conf /etc/nginx/nginx.conf
+ADD unicorn.rb /app/config/unicorn.rb
+ADD Procfile /app/Procfile
+
+CMD foreman start -f Procfile

Procfile

@@ -0,0 +1,2 @@
+web: bundle exec unicorn -c config/unicorn.rb
+nginx: /usr/sbin/nginx -c /etc/nginx/nginx.conf

README.md

@@ -0,0 +1,64 @@
+# Rails(+ Nginx, Unicorn) Dockerfile
+
+Forked from https://github.com/seapy/dockerfiles/tree/master/rails-nginx-unicorn
+
+Easy useable docker for rails. less configuration, affordable production.
+
+## What's include
+
+* unicorn, nginx, foreman
+* mysql, postgresql lib
+
+# Usage
+
+* Create `Dockerfile` to your project and paste below code.
+
+```
+# Dockerfile
+FROM iron/rails-nginx-unicorn
+MAINTAINER iron.io
+
+EXPOSE 80 443
+```
+
+To use ssl you will have to mount your SSL key/crt to `/etc/nginx/ssl/server{crt,key}`
+
+*NOTE*: assets are precompiled at build time, not run time to save on start time. You should specify the RAILS_ENV you want to use in your Dockerfile as well.
+
+## Build and run docker
+
+```
+# build your dockerfile
+$ docker build -t your/project .
+
+# run container
+$ docker run -d -p 80:80 -e SECRET_KEY_BASE=secretkey your/project
+```
+
+# Customize Nginx, Unicorn, foreman config
+
+## Nginx
+
+```
+# your Dockerfile
+...
+ADD config/your-custom-nginx.conf /etc/nginx/sites-enabled/default
+...
+```
+
+## Unicorn
+
+place your unicorn config to `config/unicorn.rb`
+
+## foreman
+
+place your Procfile to app root
+
+
+# Use a specific version of Ruby, Nginx
+
+TODO: automatically build different images here.
+
+# TODO
+
+* github connection setting(like bitbucket)

circle.yml

@@ -0,0 +1 @@
+# TODO

nginx-sites.conf

@@ -0,0 +1,52 @@
+upstream unicorn_server {
+  server unix:/app/unicorn.sock fail_timeout=0;
+}
+
+server {
+  listen 80;
+  listen [::]:80;
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  root /app/public;
+
+  ssl_certificate /etc/nginx/ssl/server.crt;
+  ssl_certificate_key /etc/nginx/ssl/server.key;
+  ssl_session_timeout 1d;
+  ssl_session_cache shared:SSL:50m;
+  ssl_session_tickets off;
+
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+  ssl_prefer_server_ciphers on;
+
+  keepalive_timeout 5;
+
+  try_files $uri @unicorn_server;
+  location @unicorn_server {
+    expires 0d;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Ssl on;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_redirect off;
+    proxy_pass http://unicorn_server;
+  }
+
+  location ~ ^/(assets|images|javascripts|stylesheets|swfs|system)/ {
+    gzip_static on;
+    expires max;
+    add_header Cache-Control public;
+    add_header Last-Modified "";
+    add_header ETag "";
+
+    open_file_cache max=1000 inactive=500s;
+    open_file_cache_valid 600s;
+    open_file_cache_errors on;
+    break;
+  }
+
+  error_page 500 502 503 504 /500.html;
+  location = /500.html {
+    root /app/public;
+  }
+}

nginx.conf

@@ -0,0 +1,46 @@
+user nginx;
+worker_processes  1;
+daemon off;
+error_log  /app/error.log;
+
+pid /app/nginx.pid;
+
+events {
+  worker_connections  1024;
+}
+
+
+http {
+  # performance tuning
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  keepalive_timeout 30;
+  keepalive_requests 100;
+
+  # caches information about open file descriptors for freqently accessed files.
+  open_file_cache max=1000 inactive=20s;
+  open_file_cache_valid 30s;
+  open_file_cache_min_uses 2;
+  open_file_cache_errors on;
+
+  # attack mitigation
+  reset_timedout_connection on;
+  client_body_timeout 10;
+  send_timeout 2;
+  server_tokens off;
+
+  include       /etc/nginx/mime.types;
+  default_type  application/octet-stream;
+
+
+  log_format extended '$remote_addr - $remote_user [$time_iso8601] '
+                         '"$request" $status $bytes_sent '
+                         '"$http_referer" "$http_user_agent" '
+                         '| $request_time $pipe $connection_requests $gzip_ratio $ssl_protocol/$ssl_cipher';
+  access_log off;
+  gzip off;
+
+  include /etc/nginx/sites-enabled/*;
+}
+

unicorn.rb

@@ -0,0 +1,12 @@
+app_dir = "/app"
+
+working_directory app_dir
+
+pid "#{app_dir}/unicorn.pid"
+
+stderr_path "#{app_dir}/unicorn.stderr.log"
+stdout_path "#{app_dir}/unicorn.stdout.log"
+
+worker_processes 1
+listen "#{app_dir}/unicorn.sock", :backlog => 64
+timeout 30