いきさつ
試作サイトを職場でURL公開したら、
みなさんのアクセス(大した量じゃない)で
サイトがダウンするという悲しいできことがありました。
その時に Apache + Passenger + Rails で作ったというと
何人かの方々に nginx + unicorn で worker を複数立てた方がいいんじゃない
とアドバイスもらい構築しなおしました…
環境
手順
sudo rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
nginxのインストール
sudo yum install -y nginx --disablerepo=* --enablerepo=nginx
バージョンの確認
nginx -v
nginx version: nginx/1.8.0
cd /home/dir_name/app_name/
vim Gemfile
gem 'unicorn'
bundle install
cd config/
vim unicorn.rb
application = 'app_name'
worker_processes 2
working_directory "/home/dir_name/#{application}"
listen "/var/run/unicorn/unicorn_#{application}.sock"
pid "/var/run/unicorn/unicorn_#{application}.pid"
timeout 60
preload_app true
stdout_path "/var/log/unicorn/unicorn.stdout_#{application}.log"
stderr_path "/var/log/unicorn/unicorn.stderr_#{application}.log"
GC.respond_to?(:copy_on_write_friendly=) and GC.copy_on_write_friendly = true
before_fork do |server, worker|
defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect!
old_pid = "#{server.config[:pid]}.oldbin"
if old_pid != server.pid
begin
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
Process.kill(sig, File.read(old_pid).to_i)
rescue Errno::ENOENT, Errno::ESRCH
end
end
sleep 1
end
after_fork do |server, worker|
defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection
end
ここらへんを参考にSSL自己証明書を作成
Apache/SSL自己証明書の作成とmod sslの設定 - maruko2 Note.
nginxの設定
cd /etc/nginx/conf.d
mv default.conf _default.conf.bak
vim app_name.conf
upstream backend-unicorn {
server unix:/var/run/unicorn/unicorn_app_name.sock fail_timeout=0;
}
server {
listen 80;
server_name app_domain;
root /home/dir_name/app_name/public;
index index.html;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://backend-unicorn;
}
location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {
expires 1y;
}
}
server {
listen 443 ssl;
server_name app_domain;
root /home/dir_name/app_name/public;
index index.html;
access_log /var/log/nginx/ssl_access.log;
error_log /var/log/nginx/ssl_error.log;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 10m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_pass http://backend-unicorn;
}
location ~* \.(ico|css|js|gif|jpe?g|png)(\?[0-9]+)?$ {
expires 1y;
}
}
nginxの起動
# 起動
sudo service nginx start
# 再起動
sudo service nginx restart
bundle exec unicorn_rails -c /home/dir_name/app_name/config/unicorn.rb -E production -D -p 13000
kill -HUP `cat /var/run/unicorn/unicorn_app_name.pid`
起動しているかプロセス確認
ps aux | grep unicorn