Nginx/Passenger: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
 
(34 intermediate revisions by the same user not shown)
Line 1: Line 1:
{|class='wikitable'
{|class='wikitable'
|valign='top' colspan='2'|
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left'| Source
|-
|valign='top'|
<syntaxhighlight lang='bash'>
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential
apt-get install -y software-properties-common git curl file procps libfuse2
apt-get clean;sleep 5
EXE
curl -fsSL https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key-2025.txt \
| sudo tee /etc/apt/keyrings/phusion.asc >/dev/null
cat << APT | sudo tee /etc/apt/sources.list.d/passenger.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/phusion.asc]\
https://oss-binaries.phusionpassenger.com/apt/passenger noble main
APT
</syntaxhighlight>
|}
|-
|valign='top' style='width:50%'|
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
sudo apt-get update;echo
cat <<'EXE' | sudo bash
sudo apt install -y nginx
apt-get update;echo
apt-get install -y nginx libnginx-mod-http-passenger
/usr/bin/passenger_free_ruby -v
which passenger;echo
passenger version
apt-get clean
EXE
</syntaxhighlight>
</syntaxhighlight>


Line 10: Line 40:
|valign='top' colspan='2'|
|valign='top' colspan='2'|
{|class='wikitable mw-collapsible mw-collapsed'
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left'|
!scope='col' style='text-align:left'| [https://editor.plantuml.com/uml/PLHDSvim4BthLsp9eScajjjRuqCdjPsswQIfOzpf9PS55gmnI5GIiVdtNSac15i764dllVrwS6iT6jTKfS36QTLK2Hdnpcse8gXBb4g8zn2xjfIgW5mRM1jKjaP3Acq1LGOFsEh62RkLYe-nWWJJRM5qexAvBfd1oxsItW8nTTfuRO9kuOwihkWDQARtIymo7xvRdpuA4RWG_R5aO6RqZjyHd2oquEz5elUyY_vI0Z6P5sPmpW5_aN_ERt8K7itXd4nbZSf1z5X8jOzErSBfENY9rf8gM7Uk3KL7yEkf8EuIvo2wHBxMTIbJT5AhBfCBkg6KydFjLPEqmBWLoj82CoEl7NO1dA7316teOBGuRg91rejPdq7eLxz6NmurXStrzHH-hDTBMD6_Xgo3IneNO_X-juP9hQspLw87dzC1fZ3VKBeDDc5RSH6GovAUrUKyZYVt5HPa9p_ZAo6KTjtCZImsRWhtUS02xIL70gauPfDmcpuygqCCwqV7DmuoQIXrPJjc6vJkDLrfG-H5gx3Yq7EjdFUR3_8cIywvdvSl-PisEpGPcAFCYqI8TRebD_7T2FoUCUGFQvOP5n06LXkTaZrCA3owWljgbUvGN1H_6M0QfTZbN6-l7_57irEMPmwATkm36lUQmwGE1kdcUBUdjE6Gnzu4V8_m-CMicwB7nqyFyDIGQGEolnigZqPJy1vZMTkKJfp8ZWQzyU0L6uyCPUohNmyy-j-F9vcF1XOwK6oj5HlQ1_B65IUkyvJUnfvoDEs19swPm_-p_m00 PlantUML]
[https://editor.plantuml.com/uml/PLDDSvim4BthL-pGIpA9xVRM-D19RQTjEcxg66TwoMM1XMWC4fM4WN_VHRXWnnpuqBvzRpyUzzQXSLMH2woSLbKHaH5sBrM91Wl0s6aJkZOdm9giBkWakD3D1fD4gWm-VHJ2Oo5uiMHWONJDpm3GGdSW8jr0y8SY2CaS6B36jWj_I3-dToaAu8j9dOnbYSf1y9H9rVXq_tO9sA2rf3AcMcf37ZaS2L89iABePR-MPIvZT5AhGPVkAARqadPRHIqmReiojy2Pdjb_UN223YEq1C7g-EO1gyMewGSm-T8N3dFuiTjjO4j_Ax8EhcYQJU7xmmvcfRRENdTZamTqT6nKz6ad-SitYlUGycnvLrmff3AdLtMr3CFPOu4PsTdFy5eepHn6Pczk3e-f1m4raZL0AbQh8Xx2xQlgQMst1euuIAIXsENjb3UOkw5GQRtagbLOiEPIAqVA-HaC5OuxkBcPmpTjQZG9c2F3GIA4EjwJctKZyAbZnbdwQPCouSBz6agZOxBztFtjNOjA_uTm9sWuL2d5RkGcH-h0bbWhori2HJMlbgOZuLav_SgxJXuQYYkMEivYnFSGnguM7XW-h-6v8jFwA1yED9F973g7C8UjyakAi_Oxy9RzGuOIjiklDI_qzzFx2WTBz71RQiK-x4Gwxmt6OLZlmCbWlHugxXd6V_e_ Diagram]
|-
|-
|valign='top'|
|valign='top'|
Line 75: Line 104:


|valign='top' style='width:50%'|
|valign='top' style='width:50%'|
|}
==Passenger » How==
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left'|
Passenger » How
|-
|valign='top'|
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left' colspan='2'| How » Install
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
lxc launch ubuntu:24.04 passenger  || true  && sleep 5
lxc delete  passenger/ubuntu:24.04 || true
lxc snapshot passenger ubuntu:24.04 && sleep 1
lxc restore  passenger ubuntu:24.04 && sleep 5
lxc exec    passenger -- uname -r
</syntaxhighlight><syntaxhighlight lang='bash'>
lxc restore  passenger ubuntu:24.04 && sleep 5
lxc delete  passenger/nginx:1.24.0 || true
cat <<'INI' | \
lxc exec    passenger -- bash
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y nginx
nginx -v;echo ;apt-get clean;sleep 5
EXE
INI
lxc snapshot passenger nginx:1.24.0 && sleep 1
lxc restore  passenger nginx:1.24.0 && sleep 5
lxc exec    passenger -- nginx -v
</syntaxhighlight>
<syntaxhighlight lang='bash'>
lxc restore  passenger nginx:1.24.0 && sleep 5
lxc delete  passenger/passenger:6.1.2 || true
cat <<'INI' | \
lxc exec    passenger -- bash
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential
apt-get install -y software-properties-common git curl file procps libfuse2
apt-get clean;sleep 5
EXE
curl -fsSL https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key-2025.txt \
| sudo tee /etc/apt/keyrings/phusion.asc >/dev/null
cat << APT | sudo tee /etc/apt/sources.list.d/passenger.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/phusion.asc]\
https://oss-binaries.phusionpassenger.com/apt/passenger noble main
APT
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y libnginx-mod-http-passenger
which passenger;echo
passenger version
apt-get clean
EXE
INI
lxc snapshot passenger passenger:6.1.2 && sleep 1
lxc restore  passenger passenger:6.1.2 && sleep 5
lxc exec    passenger -- passenger version
</syntaxhighlight>
|valign='top' style='width:50%'|
|}
{|class='wikitable mw-collapsible'
!scope='col' style='text-align:left' colspan='2'| How » Config
|-
|valign='top' colspan='2'|
<syntaxhighlight lang='bash'>
lxc restore  passenger passenger:6.1.2 && sleep 5
lxc exec    passenger -- passenger version
</syntaxhighlight>
<syntaxhighlight lang='bash'>
echo
lxc exec    passenger -- cat /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;echo
lxc exec    passenger -- cat /etc/nginx/conf.d/mod-http-passenger.conf
lxc exec    passenger -- sh -c 'ls -alh /var/run/passenger-instreg/*'
lxc exec    passenger -- /usr/bin/passenger_free_ruby -v
</syntaxhighlight>
<syntaxhighlight lang='bash'>
echo
lxc exec    passenger -- cat /usr/share/nginx/modules-available/mod-http-passenger.load;echo
lxc exec    passenger -- cat /etc/nginx/modules-enabled/50-mod-http-passenger.conf
</syntaxhighlight>
|-
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
cat <<'INI' | \
lxc exec    passenger -- bash
cat <<'EXE' | sudo bash
if [ ! -f /etc/nginx/modules-enabled/50-mod-http-passenger.conf ]; then
  ln -s  /usr/share/nginx/modules-available/mod-http-passenger.load \
          /etc/nginx/modules-enabled/50-mod-http-passenger.conf
fi
ls -lah  /etc/nginx/conf.d/mod-http-passenger.conf
EXE
INI
</syntaxhighlight>
|valign='top' style='width:50%'|
<syntaxhighlight lang='bash'>
cat <<'INI' | \
lxc exec    passenger -- bash
cat <<'EXE' | sudo bash
systemctl restart nginx;echo
passenger-config validate-install --auto;echo
passenger-memory-stats  --no-apache;echo
passenger-config about ruby-command;echo
passenger-status
EXE
INI
</syntaxhighlight>
|}
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left'| How » Nginx
|-
|valign='top'|
<syntaxhighlight lang='nginx' highlight='22,23,46-49' line>
cat <<'INI' | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
  listen      80;
  server_name academia.chorke.org;
  # allow letsencrypt http validation
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }
  return 301 https://academia.chorke.org$request_uri;
}
server {
  listen      443 ssl;
  server_name academia.chorke.org;
  ssl_certificate    /etc/letsencrypt/live/academia.chorke.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem;
  ssl_protocols      TLSv1.2 TLSv1.3;
 
  passenger_spawn_method  smart;
  passenger_min_instances 3;
  gzip_comp_level  3;
  gzip              on;
  gzip_vary        on;
  gzip_proxied      any;
  gzip_http_version 1.0;
  gzip_min_length  1100;
  gzip_buffers      64 8k;
  gzip_disable      "msie6";
  gzip_types        text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon;
  root      /home/deploy/sites/academia.chorke.org/production/current/public;
  access_log /home/deploy/sites/academia.chorke.org/production/current/log/nginx.access.log;
  error_log  /home/deploy/sites/academia.chorke.org/production/current/log/nginx.error.log info;
  # allow letsencrypt https validation
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }
  location ~ / {
    alias          /home/deploy/sites/academia.chorke.org/production/current/public;
    passenger_ruby /home/deploy/.rbenv/versions/3.3.5/bin/ruby;
    passenger_app_env                production;
    passenger_max_request_queue_size 200;
    passenger_enabled                on;
  }
  location ~* ^.+\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$ {
    add_header Cache-Control "public, max-age=31536000, must-revalidate";
  }
  location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    add_header Cache-Control public;
    expires    max;
  }
  location ^~ /assets/ {
    add_header  Cache-Control public;
    expires    max;
    gzip_static on;
  }
 
  location /mfa/otp {
  limit_req          zone=otp-zone burst=1 nodelay;
  limit_req_log_level error;
  limit_req_status    429;
  }
  keepalive_timeout    10;
  client_max_body_size 10M;
  try_files            $uri/index.html $uri;
  error_page          500 502 503 504 /500.html;
}
INI
</syntaxhighlight>
|}
|}
|}


Line 83: Line 324:
|-
|-
|valign='top' style='width:33%'|
|valign='top' style='width:33%'|
* [https://www.phusionpassenger.com/library/config/nginx/action_cable_integration/ Nginx » Passenger » Integrating Action Cable]
* [https://www.phusionpassenger.com/library/config/nginx/action_cable_integration/ Passenger » Nginx » Integrating Action Cable]
* [https://www.phusionpassenger.com/library/config/nginx/ Nginx » Passenger » Config]
* [https://www.phusionpassenger.com/library/deploy/nginx/zero_downtime_redeployments/ruby/ Passenger » Nginx » Ruby » Restarts]
* [https://www.phusionpassenger.com/library/config/nginx/reference/ Nginx » Passenger]
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/standalone/install/ Passenger » Standalone » Install]
* [[Nginx]]
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/apache/install/ Passenger » Apache » Install]
* [https://www.phusionpassenger.com/library/config/nginx/ Passenger » Nginx » Config]
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/nginx/install/ Passenger » Nginx » Install]
* [https://www.phusionpassenger.com/library/config/nginx/reference/#passenger_ruby Passenger » Nginx » Ruby]
* [https://www.phusionpassenger.com/library/config/standalone/reference/ Passenger » Standalone]
* [https://www.phusionpassenger.com/library/config/apache/reference/ Passenger » Apache]
* [https://www.phusionpassenger.com/library/config/nginx/reference/ Passenger » Nginx]


|valign='top' style='width:34%'|
|valign='top' style='width:34%'|
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/nginx/install/oss/noble.html Passenger » Nginx » Install » Ubuntu » 24.04]
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/nginx/install/oss/jammy.html Passenger » Nginx » Install » Ubuntu » 22.04]
* [https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/nginx/install/oss/focal.html Passenger » Nginx » Install » Ubuntu » 20.04]


|valign='top' style='width:33%'|
|valign='top' style='width:33%'|
Line 97: Line 347:
* [[Security/Password|Nginx » Security » Password]]
* [[Security/Password|Nginx » Security » Password]]
* [[Security/Domain|Nginx » Security » Domain]]
* [[Security/Domain|Nginx » Security » Domain]]
* [[K8s/Nginx/Ingress|Nginx » K8s » Ingress]]
* [[HTTP Security|Nginx » Security]]
* [[HTTP Security|Nginx » Security]]
* [[Nginx]]


|valign='top'|
|valign='top'|
* [[K8s/Nginx/Ingress|Nginx » K8s » Ingress]]
* [[Localtunnel]]
* [[Localtunnel]]
* [[PostgreSQL]]
* [[PostgreSQL]]
* [[HAProxy]]
* [[HAProxy]]
* [[MinIO]]
* [[MinIO]]
* [[CIDR]]
* [[UFW]]


|valign='top'|
|valign='top'|
|}
|}

Latest revision as of 23:29, 7 February 2026

Source 
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential
apt-get install -y software-properties-common git curl file procps libfuse2
apt-get clean;sleep 5
EXE

curl -fsSL https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key-2025.txt \
 | sudo tee /etc/apt/keyrings/phusion.asc >/dev/null

cat << APT | sudo tee /etc/apt/sources.list.d/passenger.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/phusion.asc]\
 https://oss-binaries.phusionpassenger.com/apt/passenger noble main
APT

cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y nginx libnginx-mod-http-passenger
/usr/bin/passenger_free_ruby -v
which passenger;echo
passenger version
apt-get clean
EXE
PlantUML

Passenger » Why

Passenger » Why

Feature Nginx + Passenger Nginx + Puma
Ease of Setup High (Single config file) Medium (Need to manage Puma service)
Process Management Automatic (Spawns/restarts apps) Manual (Requires Systemd or Monit)
Memory Management Excellent (Auto-kills bloated processes) Good (Manual tuning required)
Multi-Language Supports Ruby, Python, Node.js Ruby only

Passenger » How

Passenger » How

How » Install 
lxc launch ubuntu:24.04 passenger   || true  && sleep 5
lxc delete   passenger/ubuntu:24.04 || true

lxc snapshot passenger ubuntu:24.04 && sleep 1
lxc restore  passenger ubuntu:24.04 && sleep 5
lxc exec     passenger -- uname -r

lxc restore  passenger ubuntu:24.04 && sleep 5
lxc delete   passenger/nginx:1.24.0 || true

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y nginx
nginx -v;echo ;apt-get clean;sleep 5
EXE
INI

lxc snapshot passenger nginx:1.24.0 && sleep 1
lxc restore  passenger nginx:1.24.0 && sleep 5
lxc exec     passenger -- nginx -v

lxc restore  passenger nginx:1.24.0 && sleep 5
lxc delete   passenger/passenger:6.1.2 || true

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential
apt-get install -y software-properties-common git curl file procps libfuse2
apt-get clean;sleep 5
EXE

curl -fsSL https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key-2025.txt \
 | sudo tee /etc/apt/keyrings/phusion.asc >/dev/null

cat << APT | sudo tee /etc/apt/sources.list.d/passenger.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/phusion.asc]\
 https://oss-binaries.phusionpassenger.com/apt/passenger noble main
APT

cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y libnginx-mod-http-passenger
which passenger;echo
passenger version
apt-get clean
EXE
INI

lxc snapshot passenger passenger:6.1.2 && sleep 1
lxc restore  passenger passenger:6.1.2 && sleep 5
lxc exec     passenger -- passenger version
How » Config 
lxc restore  passenger passenger:6.1.2 && sleep 5
lxc exec     passenger -- passenger version

echo
lxc exec     passenger -- cat /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;echo
lxc exec     passenger -- cat /etc/nginx/conf.d/mod-http-passenger.conf
lxc exec     passenger -- sh -c 'ls -alh /var/run/passenger-instreg/*'
lxc exec     passenger -- /usr/bin/passenger_free_ruby -v

echo
lxc exec     passenger -- cat /usr/share/nginx/modules-available/mod-http-passenger.load;echo
lxc exec     passenger -- cat /etc/nginx/modules-enabled/50-mod-http-passenger.conf

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
if [ ! -f /etc/nginx/modules-enabled/50-mod-http-passenger.conf ]; then 
  ln -s   /usr/share/nginx/modules-available/mod-http-passenger.load \
          /etc/nginx/modules-enabled/50-mod-http-passenger.conf
fi
ls -lah   /etc/nginx/conf.d/mod-http-passenger.conf
EXE
INI

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
systemctl restart nginx;echo
passenger-config validate-install --auto;echo
passenger-memory-stats  --no-apache;echo
passenger-config about ruby-command;echo
passenger-status
EXE
INI
How » Nginx 
cat <<'INI' | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
  listen      80;
  server_name academia.chorke.org;

  # allow letsencrypt http validation
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }

  return 301 https://academia.chorke.org$request_uri;
}

server {
  listen      443 ssl;
  server_name academia.chorke.org;

  ssl_certificate     /etc/letsencrypt/live/academia.chorke.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem;
  ssl_protocols       TLSv1.2 TLSv1.3;
  
  passenger_spawn_method  smart;
  passenger_min_instances 3;

  gzip_comp_level   3;
  gzip              on;
  gzip_vary         on;
  gzip_proxied      any;
  gzip_http_version 1.0;
  gzip_min_length   1100;
  gzip_buffers      64 8k;
  gzip_disable      "msie6";
  gzip_types        text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon;

  root       /home/deploy/sites/academia.chorke.org/production/current/public;
  access_log /home/deploy/sites/academia.chorke.org/production/current/log/nginx.access.log;
  error_log  /home/deploy/sites/academia.chorke.org/production/current/log/nginx.error.log info;

  # allow letsencrypt https validation
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }

  location ~ / {
    alias          /home/deploy/sites/academia.chorke.org/production/current/public;
    passenger_ruby /home/deploy/.rbenv/versions/3.3.5/bin/ruby;
    passenger_app_env                production;
    passenger_max_request_queue_size 200;
    passenger_enabled                on;
  }

  location ~* ^.+\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$ {
    add_header Cache-Control "public, max-age=31536000, must-revalidate";
  }

  location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    add_header Cache-Control public;
    expires    max;
  }

  location ^~ /assets/ {
    add_header  Cache-Control public;
    expires     max;
    gzip_static on;
  }
  
  location /mfa/otp {
   limit_req           zone=otp-zone burst=1 nodelay;
   limit_req_log_level error;
   limit_req_status    429;
  }

  keepalive_timeout    10;
  client_max_body_size 10M;

  try_files            $uri/index.html $uri;
  error_page           500 502 503 504 /500.html;
}
INI

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Nginx/Passenger&oldid=16596"