Nginx/Passenger: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
VisualWikitext
Created page with "==References== {|class='wikitable mw-collapsible' !scope='col' style='text-align:left' colspan='3'| References |- |valign='top' style='width:33%'| * Nginx » Security » Certificate » TLS * Nginx » Security » Certificate * Nginx » Security » Password * Nginx » Security » Domain * Nginx » K8s » Ingress * [https://www.phusionpassenger.com/library/c..."
 
 
(41 intermediate revisions by the same user not shown)
Line 1: Line 1:
{|class='wikitable'
|valign='top' colspan='2'|
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left'| Source
|-
|valign='top'|
<syntaxhighlight lang='bash'>
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential
apt-get install -y software-properties-common git curl file procps libfuse2
apt-get clean;sleep 5
EXE
curl -fsSL https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key-2025.txt \
| sudo tee /etc/apt/keyrings/phusion.asc >/dev/null
cat << APT | sudo tee /etc/apt/sources.list.d/passenger.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/phusion.asc]\
https://oss-binaries.phusionpassenger.com/apt/passenger noble main
APT
</syntaxhighlight>
|}
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y nginx libnginx-mod-http-passenger
/usr/bin/passenger_free_ruby -v
which passenger;echo
passenger version
apt-get clean
EXE
</syntaxhighlight>
|valign='top' style='width:50%'|
|-
|valign='top' colspan='2'|
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left'| [https://editor.plantuml.com/uml/PLHDSvim4BthLsp9eScajjjRuqCdjPsswQIfOzpf9PS55gmnI5GIiVdtNSac15i764dllVrwS6iT6jTKfS36QTLK2Hdnpcse8gXBb4g8zn2xjfIgW5mRM1jKjaP3Acq1LGOFsEh62RkLYe-nWWJJRM5qexAvBfd1oxsItW8nTTfuRO9kuOwihkWDQARtIymo7xvRdpuA4RWG_R5aO6RqZjyHd2oquEz5elUyY_vI0Z6P5sPmpW5_aN_ERt8K7itXd4nbZSf1z5X8jOzErSBfENY9rf8gM7Uk3KL7yEkf8EuIvo2wHBxMTIbJT5AhBfCBkg6KydFjLPEqmBWLoj82CoEl7NO1dA7316teOBGuRg91rejPdq7eLxz6NmurXStrzHH-hDTBMD6_Xgo3IneNO_X-juP9hQspLw87dzC1fZ3VKBeDDc5RSH6GovAUrUKyZYVt5HPa9p_ZAo6KTjtCZImsRWhtUS02xIL70gauPfDmcpuygqCCwqV7DmuoQIXrPJjc6vJkDLrfG-H5gx3Yq7EjdFUR3_8cIywvdvSl-PisEpGPcAFCYqI8TRebD_7T2FoUCUGFQvOP5n06LXkTaZrCA3owWljgbUvGN1H_6M0QfTZbN6-l7_57irEMPmwATkm36lUQmwGE1kdcUBUdjE6Gnzu4V8_m-CMicwB7nqyFyDIGQGEolnigZqPJy1vZMTkKJfp8ZWQzyU0L6uyCPUohNmyy-j-F9vcF1XOwK6oj5HlQ1_B65IUkyvJUnfvoDEs19swPm_-p_m00 PlantUML]
|-
|valign='top'|
<kroki lang='plantuml'>
@startuml
autonumber
skinparam actorStyle awesome
skinparam BoxPadding 10
actor "User Browser" as User
box "Web Server Layer" #f8f9fa
    participant "Nginx" as Nginx
    participant "Passenger Core" as Passenger
end box
box "Application Layer" #e9ecef
    participant "Ruby on Rails App" as Rails
    database "Database" as DB
end box
User -> Nginx ++: HTTP Request (e.g. GET /posts)
Nginx -> Nginx : Check for static file\n(CSS/Images/JS)
note right: If file exists in /public,\nNginx serves it directly.
alt Request is for Dynamic Content
    Nginx    -> Passenger ++: Forward request via Socket/HTTP
    Passenger -> Passenger  : Check for idle Ruby process
    note right : If no processes are running,\nPassenger "spawns" a new one.
   
    Passenger -> Rails ++    : Execute Request
    Rails    -> DB ++      : SQL Query
end
@enduml
</kroki>
|}
|}
==Passenger » Why==
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left' colspan='2'|
Passenger » Why
|-
|valign='top' style='width:50%'|
{|class='wikitable'
!scope='col'| Feature
!scope='col'| Nginx + Passenger
!scope='col'| Nginx + Puma
|-
! Ease of Setup
| High (Single config file)                || Medium (Need to manage Puma service)
|-
! Process Management
| Automatic (Spawns/restarts apps)        || Manual (Requires Systemd or Monit)
|-
! Memory Management
| Excellent (Auto-kills bloated processes) || Good (Manual tuning required)
|-
! Multi-Language
| Supports Ruby, Python, Node.js          || Ruby only
|}
|valign='top' style='width:50%'|
|}
==Passenger » How==
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left'|
Passenger » How
|-
|valign='top'|
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left' colspan='2'| How » Install
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
lxc launch ubuntu:24.04 passenger  || true  && sleep 5
lxc delete  passenger/ubuntu:24.04 || true
lxc snapshot passenger ubuntu:24.04 && sleep 1
lxc restore  passenger ubuntu:24.04 && sleep 5
lxc exec    passenger -- uname -r
</syntaxhighlight><syntaxhighlight lang='bash'>
lxc restore  passenger ubuntu:24.04 && sleep 5
lxc delete  passenger/nginx:1.24.0 || true
cat <<'INI' | \
lxc exec    passenger -- bash
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y nginx
nginx -v;echo ;apt-get clean;sleep 5
EXE
INI
lxc snapshot passenger nginx:1.24.0 && sleep 1
lxc restore  passenger nginx:1.24.0 && sleep 5
lxc exec    passenger -- nginx -v
</syntaxhighlight>
<syntaxhighlight lang='bash'>
lxc restore  passenger nginx:1.24.0 && sleep 5
lxc delete  passenger/passenger:6.1.2 || true
cat <<'INI' | \
lxc exec    passenger -- bash
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential
apt-get install -y software-properties-common git curl file procps libfuse2
apt-get clean;sleep 5
EXE
curl -fsSL https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key-2025.txt \
| sudo tee /etc/apt/keyrings/phusion.asc >/dev/null
cat << APT | sudo tee /etc/apt/sources.list.d/passenger.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/phusion.asc]\
https://oss-binaries.phusionpassenger.com/apt/passenger noble main
APT
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y libnginx-mod-http-passenger
which passenger;echo
passenger version
apt-get clean
EXE
INI
lxc snapshot passenger passenger:6.1.2 && sleep 1
lxc restore  passenger passenger:6.1.2 && sleep 5
lxc exec    passenger -- passenger version
</syntaxhighlight>
|valign='top' style='width:50%'|
|}
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left' colspan='2'| How » Config
|-
|valign='top' colspan='2'|
<syntaxhighlight lang='bash'>
lxc restore  passenger passenger:6.1.2 && sleep 5
lxc exec    passenger -- passenger version
</syntaxhighlight>
<syntaxhighlight lang='bash'>
echo
lxc exec    passenger -- cat /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;echo
lxc exec    passenger -- cat /etc/nginx/conf.d/mod-http-passenger.conf
lxc exec    passenger -- sh -c 'ls -alh /var/run/passenger-instreg/*'
lxc exec    passenger -- /usr/bin/passenger_free_ruby -v
</syntaxhighlight>
<syntaxhighlight lang='bash'>
echo
lxc exec    passenger -- cat /usr/share/nginx/modules-available/mod-http-passenger.load;echo
lxc exec    passenger -- cat /etc/nginx/modules-enabled/50-mod-http-passenger.conf
</syntaxhighlight>
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
cat <<'INI' | \
lxc exec    passenger -- bash
cat <<'EXE' | sudo bash
if [ ! -f /etc/nginx/modules-enabled/50-mod-http-passenger.conf ]; then
  ln -s  /usr/share/nginx/modules-available/mod-http-passenger.load \
          /etc/nginx/modules-enabled/50-mod-http-passenger.conf
fi
ls -lah  /etc/nginx/conf.d/mod-http-passenger.conf
EXE
INI
</syntaxhighlight>
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
cat <<'INI' | \
lxc exec    passenger -- bash
cat <<'EXE' | sudo bash
systemctl restart nginx;echo
passenger-config validate-install --auto;echo
passenger-memory-stats  --no-apache;echo
passenger-config about ruby-command;echo
passenger-status
EXE
INI
</syntaxhighlight>
|}
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left'| How » Nginx
|-
|valign='top'|
<syntaxhighlight lang='nginx' highlight='22,23,46-49' line>
cat <<'INI' | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
  listen      80;
  server_name academia.chorke.org;
  # allow letsencrypt http validation
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }
  return 301 https://academia.chorke.org$request_uri;
}
server {
  listen      443 ssl;
  server_name academia.chorke.org;
  ssl_certificate    /etc/letsencrypt/live/academia.chorke.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem;
  ssl_protocols      TLSv1.2 TLSv1.3;
 
  passenger_spawn_method  smart;
  passenger_min_instances 3;
  gzip_comp_level  3;
  gzip              on;
  gzip_vary        on;
  gzip_proxied      any;
  gzip_http_version 1.0;
  gzip_min_length  1100;
  gzip_buffers      64 8k;
  gzip_disable      "msie6";
  gzip_types        text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon;
  root      /home/deploy/sites/academia.chorke.org/production/current/public;
  access_log /home/deploy/sites/academia.chorke.org/production/current/log/nginx.access.log;
  error_log  /home/deploy/sites/academia.chorke.org/production/current/log/nginx.error.log info;
  # allow letsencrypt https validation
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }
  location ~ / {
    alias          /home/deploy/sites/academia.chorke.org/production/current/public;
    passenger_ruby /home/deploy/.rbenv/versions/3.3.5/bin/ruby;
    passenger_app_env                production;
    passenger_max_request_queue_size 200;
    passenger_enabled                on;
  }
  location ~* ^.+\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$ {
    add_header Cache-Control "public, max-age=31536000, must-revalidate";
  }
  location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    add_header Cache-Control public;
    expires    max;
  }
  location ^~ /assets/ {
    add_header  Cache-Control public;
    expires    max;
    gzip_static on;
  }
 
  location /mfa/otp {
  limit_req          zone=otp-zone burst=1 nodelay;
  limit_req_log_level error;
  limit_req_status    429;
  }
  keepalive_timeout    10;
  client_max_body_size 10M;
  try_files            $uri/index.html $uri;
  error_page          500 502 503 504 /500.html;
}
INI
</syntaxhighlight>
|}
|}
==References==
==References==
{|class='wikitable mw-collapsible'
{|class='wikitable mw-collapsible'
Line 5: Line 324:
|-
|-
|valign='top' style='width:33%'|
|valign='top' style='width:33%'|
* [https://www.phusionpassenger.com/library/config/nginx/action_cable_integration/ Passenger » Nginx » Integrating Action Cable]
* [https://www.phusionpassenger.com/library/deploy/nginx/zero_downtime_redeployments/ruby/ Passenger » Nginx » Ruby » Restarts]
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/standalone/install/ Passenger » Standalone » Install]
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/apache/install/ Passenger » Apache » Install]
* [https://www.phusionpassenger.com/library/config/nginx/ Passenger » Nginx » Config]
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/nginx/install/ Passenger » Nginx » Install]
* [https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_ruby Passenger » Nginx » Ruby]
* [https://www.phusionpassenger.com/library/config/standalone/reference/ Passenger » Standalone]
* [https://www.phusionpassenger.com/library/config/apache/reference/ Passenger » Apache]
* [https://www.phusionpassenger.com/library/config/nginx/reference/ Passenger » Nginx]
|valign='top' style='width:34%'|
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/nginx/install/oss/noble.html Passenger » Nginx » Install » Ubuntu » 24.04]
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/nginx/install/oss/jammy.html Passenger » Nginx » Install » Ubuntu » 22.04]
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/nginx/install/oss/focal.html Passenger » Nginx » Install » Ubuntu » 20.04]
|valign='top' style='width:33%'|
|-
|valign='top'|
* [[Security/Certificate/TLS|Nginx » Security » Certificate » TLS]]
* [[Security/Certificate/TLS|Nginx » Security » Certificate » TLS]]
* [[Security/Certificate|Nginx » Security » Certificate]]
* [[Security/Certificate|Nginx » Security » Certificate]]
Line 10: Line 348:
* [[Security/Domain|Nginx » Security » Domain]]
* [[Security/Domain|Nginx » Security » Domain]]
* [[K8s/Nginx/Ingress|Nginx » K8s » Ingress]]
* [[K8s/Nginx/Ingress|Nginx » K8s » Ingress]]
* [https://www.phusionpassenger.com/library/config/nginx/reference/ Nginx » Passenger]
* [[HTTP Security|Nginx » Security]]
* [[HTTP Security|Nginx » Security]]
* [[Nginx]]
* [[Nginx]]


|valign='top' style='width:34%'|
|valign='top' style='width:33%'|
|-
|valign='top'|
|valign='top'|
* [[Localtunnel]]
* [[Localtunnel]]
Line 23: Line 356:
* [[HAProxy]]
* [[HAProxy]]
* [[MinIO]]
* [[MinIO]]
 
* [[CIDR]]
|valign='top'|
* [[UFW]]


|valign='top'|
|valign='top'|
|}
|}

Latest revision as of 23:29, 7 February 2026

Source 
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential
apt-get install -y software-properties-common git curl file procps libfuse2
apt-get clean;sleep 5
EXE

curl -fsSL https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key-2025.txt \
 | sudo tee /etc/apt/keyrings/phusion.asc >/dev/null

cat << APT | sudo tee /etc/apt/sources.list.d/passenger.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/phusion.asc]\
 https://oss-binaries.phusionpassenger.com/apt/passenger noble main
APT

cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y nginx libnginx-mod-http-passenger
/usr/bin/passenger_free_ruby -v
which passenger;echo
passenger version
apt-get clean
EXE
PlantUML

Passenger » Why

Passenger » Why

Feature Nginx + Passenger Nginx + Puma
Ease of Setup High (Single config file) Medium (Need to manage Puma service)
Process Management Automatic (Spawns/restarts apps) Manual (Requires Systemd or Monit)
Memory Management Excellent (Auto-kills bloated processes) Good (Manual tuning required)
Multi-Language Supports Ruby, Python, Node.js Ruby only

Passenger » How

Passenger » How

How » Install 
lxc launch ubuntu:24.04 passenger   || true  && sleep 5
lxc delete   passenger/ubuntu:24.04 || true

lxc snapshot passenger ubuntu:24.04 && sleep 1
lxc restore  passenger ubuntu:24.04 && sleep 5
lxc exec     passenger -- uname -r

lxc restore  passenger ubuntu:24.04 && sleep 5
lxc delete   passenger/nginx:1.24.0 || true

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y nginx
nginx -v;echo ;apt-get clean;sleep 5
EXE
INI

lxc snapshot passenger nginx:1.24.0 && sleep 1
lxc restore  passenger nginx:1.24.0 && sleep 5
lxc exec     passenger -- nginx -v

lxc restore  passenger nginx:1.24.0 && sleep 5
lxc delete   passenger/passenger:6.1.2 || true

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential
apt-get install -y software-properties-common git curl file procps libfuse2
apt-get clean;sleep 5
EXE

curl -fsSL https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key-2025.txt \
 | sudo tee /etc/apt/keyrings/phusion.asc >/dev/null

cat << APT | sudo tee /etc/apt/sources.list.d/passenger.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/phusion.asc]\
 https://oss-binaries.phusionpassenger.com/apt/passenger noble main
APT

cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y libnginx-mod-http-passenger
which passenger;echo
passenger version
apt-get clean
EXE
INI

lxc snapshot passenger passenger:6.1.2 && sleep 1
lxc restore  passenger passenger:6.1.2 && sleep 5
lxc exec     passenger -- passenger version
How » Config 
lxc restore  passenger passenger:6.1.2 && sleep 5
lxc exec     passenger -- passenger version

echo
lxc exec     passenger -- cat /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;echo
lxc exec     passenger -- cat /etc/nginx/conf.d/mod-http-passenger.conf
lxc exec     passenger -- sh -c 'ls -alh /var/run/passenger-instreg/*'
lxc exec     passenger -- /usr/bin/passenger_free_ruby -v

echo
lxc exec     passenger -- cat /usr/share/nginx/modules-available/mod-http-passenger.load;echo
lxc exec     passenger -- cat /etc/nginx/modules-enabled/50-mod-http-passenger.conf

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
if [ ! -f /etc/nginx/modules-enabled/50-mod-http-passenger.conf ]; then 
  ln -s   /usr/share/nginx/modules-available/mod-http-passenger.load \
          /etc/nginx/modules-enabled/50-mod-http-passenger.conf
fi
ls -lah   /etc/nginx/conf.d/mod-http-passenger.conf
EXE
INI

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
systemctl restart nginx;echo
passenger-config validate-install --auto;echo
passenger-memory-stats  --no-apache;echo
passenger-config about ruby-command;echo
passenger-status
EXE
INI
How » Nginx 
cat <<'INI' | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
  listen      80;
  server_name academia.chorke.org;

  # allow letsencrypt http validation
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }

  return 301 https://academia.chorke.org$request_uri;
}

server {
  listen      443 ssl;
  server_name academia.chorke.org;

  ssl_certificate     /etc/letsencrypt/live/academia.chorke.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem;
  ssl_protocols       TLSv1.2 TLSv1.3;
  
  passenger_spawn_method  smart;
  passenger_min_instances 3;

  gzip_comp_level   3;
  gzip              on;
  gzip_vary         on;
  gzip_proxied      any;
  gzip_http_version 1.0;
  gzip_min_length   1100;
  gzip_buffers      64 8k;
  gzip_disable      "msie6";
  gzip_types        text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon;

  root       /home/deploy/sites/academia.chorke.org/production/current/public;
  access_log /home/deploy/sites/academia.chorke.org/production/current/log/nginx.access.log;
  error_log  /home/deploy/sites/academia.chorke.org/production/current/log/nginx.error.log info;

  # allow letsencrypt https validation
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }

  location ~ / {
    alias          /home/deploy/sites/academia.chorke.org/production/current/public;
    passenger_ruby /home/deploy/.rbenv/versions/3.3.5/bin/ruby;
    passenger_app_env                production;
    passenger_max_request_queue_size 200;
    passenger_enabled                on;
  }

  location ~* ^.+\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$ {
    add_header Cache-Control "public, max-age=31536000, must-revalidate";
  }

  location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    add_header Cache-Control public;
    expires    max;
  }

  location ^~ /assets/ {
    add_header  Cache-Control public;
    expires     max;
    gzip_static on;
  }
  
  location /mfa/otp {
   limit_req           zone=otp-zone burst=1 nodelay;
   limit_req_log_level error;
   limit_req_status    429;
  }

  keepalive_timeout    10;
  client_max_body_size 10M;

  try_files            $uri/index.html $uri;
  error_page           500 502 503 504 /500.html;
}
INI

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Nginx/Passenger&oldid=16596"