I'm migrating my rails app (still in development) from Thin to Unicorn. My app uses config.force_ssl = true.
When using Thin I could just write:
thin start --ssl
My question is: What is the equivalent way to start Unicorn with ssl in development?
If I correctly understood your question, you're trying to run unicorn on port 443.
This is a bad idea.
Instead, to achieve the same goal, I would suggest, run unicorn on an unprivileged port (above 1024), or better on a unix socket, and switch Nginx before, passing all static stuff directly trough nginx, and the rails stuff, trough unicorn.
I know this doesn't answer your question, but for the user, it will work exactly the same, with some benefits when your app server (unicorn) crashes, for example a nice rendered 502 error page served via nginx instead of a plain network error message seen in the browser of your users.
You can with this solution run X different applications on the same port, with different subdomains. a must have for a development machine with many projects.
Related
I have a web server serving multiple Rails applications using a combination of nginx and Passenger. This is pretty straightforward, because the Passenger install sets-up pretty much everything you need to connect to nginx.
I found "Rails app with Puma" that seems to explain how to set up nginx and Puma together. How would this configuration need to be modified in order to serve a second Rails application on the same server?
Also, this guide doesn't say anything about restarting the application automatically if there is a system reboot or some other issue. Is there a way to do that? The nginx + Passenger combo seems to do it by default.
This question already has an answer here:
Is it necessary to put Unicorn behind Nginx ( or Apache)
(1 answer)
Closed 8 years ago.
I've been reading up on rails deployment and it seems for the two options I'm considering, unicorn and passenger, the tutorials always put them behind a server like nginx. I was under the assumption that both unicorn and passenger were fully functioning web servers themselves. So
Why are they always placed behind something like nginx?
If I use a load balancer nginx or HAProxy, can I have the load balancer directly distribute requests to unicorn or passenger, or do I still have to place them behind nginx?
Unicorn must be placed behind Nginx, by its author's design. The Phusion Passenger Design & Architecture document explains why some app servers are designed to be placed behind Nginx. Basically, it has got to do with I/O concurrency handling and I/O security.
Phusion Passenger however does not need to be placed behind Nginx. Phusion Passenger integrates into Nginx, as an Nginx module. Even the Standalone mode of Phusion Passenger does not need to be placed behind Nginx, because its Standalone mode utilizes a lightweight Nginx core and thus already properly implements I/O security.
If you use HAProxy, you can have it directly connect to Unicorn as long as you configure HAProxy to perform both request and response buffering. For Unicorn, buffering is key. Phusion Passenger on the other hand doesn't care, it works fine regardless of whether you configure buffering or not.
How can I permanently change my application port number in production?
I know I can specify the port number when starting the server rails s -p 3005, but was wondering how to change it so that I dont have to specifiy the port number everytime I start up the app.
Don't use webrick in production.
It is only optimized for development purposes. Use something like thin, unicorn or passenger for example. You can find capistrano recipes to start or restart web servers when deploying the app.
This seems to answer your question even though the question references running in development. I tend to agree with modifying the config/boot.rb as per.
But, iltempo is correct that you should be using a different stack in production. I've had good luck with Passenger.
Here is my setup:
Mac OS X 10.6
Ruby 1.8.7
Rails 3.1
I have a Rails 3.1 application that starts with Unicorn every time this machine starts up (via a .plist in /Library/LaunchDaemons). The .plist essentially does this:
cd /my_application_directory
sudo unicorn -E production -p 80
And everything's working fine. However, I'd like to be able to set up SSL so that traffic is encrypted. I don't need a real certificate signed by a real CA, because the application is only accessible over a local network.
I've found articles like this one on generating certs, but I'm not sure where to go from there (or even if that's the correct starting place).
For my basic needs, I've found the .plist method to be much easier to work with than something like Phusion Passenger, so I'd like to continue doing it that way if possible.
Any help would be greatly appreciated!
I don't believe Unicorn supports being an SSL endpoint, so you're going to need another process to decrypt/encrypt the traffic for you.
On Mac, it's probably easiest to use apache, because it's already installed.
Sorry to not have detailed steps, but you're looking to do the following:
Change the port unicorn listens on, to prevent conflicts with apache.
Set up Apache to serve SSL, just like your linked reference.
Also set up apache to proxy requests to be handled by Unicorn, on the new port you setup. This involves the ProxyPass (and possibly ProxyPassReverse) directive.
Configure apache to start when the Mac boots.
As Rails applications default run on port 3000, would it be possible to start the application on port 80? Is it really required to have a fastcgi/mod_proxy enabled web server in front? My users won't be more than three at a time. If so, how would I be able to do so?
Thanks!
WARNING: This is not a general purpose description of how to set up a Ruby on Rails production environment. If you want to host a public Rails website, I highly recommend using Apache with Passenger, which is very easy to install and maintain.
From your description, it sounds like you are working with some kind of internal application to be used within your office or similar. For this particular purpose, hosting the application via Webrick (the built-in web server in Rails) might be a sufficient solution. To do this, start the server with a -p command line argument: ruby script/server -p 80
This obviously requires port 80 to be available (not bound by some other web server). Also, on most operating systems, you will need root privileges to bind to port 80. The security implications of running a web site as root are serious, so you really only want to do this if you know what you are doing, and are absolutely sure that the server is completely shielded from the Internet.
If there isn't some specific reason you're trying to run with mongrel, I would recommend using Phusion Passenger as it is significantly easier to configure and support than mod_proxy+mongrel.
mongrel - http://github.com/fauna/mongrel
thin - http://code.macournoyer.com/thin/