Nginx/Passenger

Source

cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential
apt-get install -y software-properties-common git curl file procps libfuse2
apt-get clean;sleep 5
EXE

curl -fsSL https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key-2025.txt \
 | sudo tee /etc/apt/keyrings/phusion.asc >/dev/null

cat << APT | sudo tee /etc/apt/sources.list.d/passenger.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/phusion.asc]\
 https://oss-binaries.phusionpassenger.com/apt/passenger noble main
APT

cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y nginx libnginx-mod-http-passenger
/usr/bin/passenger_free_ruby -v
which passenger;echo
passenger version
apt-get clean
EXE

PlantUML

Passenger » Why

Feature	Nginx + Passenger	Nginx + Puma
Ease of Setup	High (Single config file)	Medium (Need to manage Puma service)
Process Management	Automatic (Spawns/restarts apps)	Manual (Requires Systemd or Monit)
Memory Management	Excellent (Auto-kills bloated processes)	Good (Manual tuning required)
Multi-Language	Supports Ruby, Python, Node.js	Ruby only

Passenger » How

How » Install

lxc launch ubuntu:24.04 passenger   || true  && sleep 5
lxc delete   passenger/ubuntu:24.04 || true

lxc snapshot passenger ubuntu:24.04 && sleep 1
lxc restore  passenger ubuntu:24.04 && sleep 5
lxc exec     passenger -- uname -r

lxc restore  passenger ubuntu:24.04 && sleep 5
lxc delete   passenger/nginx:1.24.0 || true

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y nginx
nginx -v;echo ;apt-get clean;sleep 5
EXE
INI

lxc snapshot passenger nginx:1.24.0 && sleep 1
lxc restore  passenger nginx:1.24.0 && sleep 5
lxc exec     passenger -- nginx -v

lxc restore  passenger nginx:1.24.0 && sleep 5
lxc delete   passenger/passenger:6.1.2 || true

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y apt-transport-https ca-certificates gnupg build-essential
apt-get install -y software-properties-common git curl file procps libfuse2
apt-get clean;sleep 5
EXE

curl -fsSL https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key-2025.txt \
 | sudo tee /etc/apt/keyrings/phusion.asc >/dev/null

cat << APT | sudo tee /etc/apt/sources.list.d/passenger.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/phusion.asc]\
 https://oss-binaries.phusionpassenger.com/apt/passenger noble main
APT

cat <<'EXE' | sudo bash
apt-get update;echo
apt-get install -y libnginx-mod-http-passenger
which passenger;echo
passenger version
apt-get clean
EXE
INI

lxc snapshot passenger passenger:6.1.2 && sleep 1
lxc restore  passenger passenger:6.1.2 && sleep 5
lxc exec     passenger -- passenger version

How » Config

lxc restore  passenger passenger:6.1.2 && sleep 5
lxc exec     passenger -- passenger version

echo
lxc exec     passenger -- cat /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;echo
lxc exec     passenger -- cat /etc/nginx/conf.d/mod-http-passenger.conf
lxc exec     passenger -- sh -c 'ls -alh /var/run/passenger-instreg/*'
lxc exec     passenger -- /usr/bin/passenger_free_ruby -v

echo
lxc exec     passenger -- cat /usr/share/nginx/modules-available/mod-http-passenger.load;echo
lxc exec     passenger -- cat /etc/nginx/modules-enabled/50-mod-http-passenger.conf

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
if [ ! -f /etc/nginx/modules-enabled/50-mod-http-passenger.conf ]; then 
  ln -s   /usr/share/nginx/modules-available/mod-http-passenger.load \
          /etc/nginx/modules-enabled/50-mod-http-passenger.conf
fi
ls -lah   /etc/nginx/conf.d/mod-http-passenger.conf
EXE
INI

cat <<'INI' | \
lxc exec     passenger -- bash
cat <<'EXE' | sudo bash
systemctl restart nginx;echo
passenger-config validate-install --auto;echo
passenger-memory-stats  --no-apache;echo
passenger-config about ruby-command
EXE

INI

How » Server

cat <<'INI' | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
  listen      80;
  server_name academia.chorke.org;

  # allow letsencrypt http validation
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }

  return 301 https://academia.chorke.org$request_uri;
}

server {
  listen      443 ssl;
  server_name academia.chorke.org;

  ssl_certificate     /etc/letsencrypt/live/academia.chorke.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem;
  ssl_protocols       TLSv1.2 TLSv1.3;
  
  passenger_spawn_method  smart;
  passenger_min_instances 3;

  gzip_comp_level   3;
  gzip              on;
  gzip_vary         on;
  gzip_proxied      any;
  gzip_http_version 1.0;
  gzip_min_length   1100;
  gzip_buffers      64 8k;
  gzip_disable      "msie6";
  gzip_types        text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon;

  root       /home/deploy/sites/academia.chorke.org/production/current/public;
  access_log /home/deploy/sites/academia.chorke.org/production/current/log/nginx.access.log;
  error_log  /home/deploy/sites/academia.chorke.org/production/current/log/nginx.error.log info;

  # allow letsencrypt https validation
  location /.well-known/acme-challenge/ {
    root /var/www/html;
  }

  location ~ / {
    alias          /home/deploy/sites/academia.chorke.org/production/current/public;
    passenger_ruby /home/deploy/.rbenv/versions/3.3.5/bin/ruby;
    passenger_app_env                production;
    passenger_max_request_queue_size 200;
    passenger_enabled                on;
  }

  location ~* ^.+\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$ {
    add_header Cache-Control "public, max-age=31536000, must-revalidate";
  }

  location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    add_header Cache-Control public;
    expires    max;
  }

  location ^~ /assets/ {
    add_header  Cache-Control public;
    expires     max;
    gzip_static on;
  }
  
  location /mfa/otp {
   limit_req           zone=otp-zone burst=1 nodelay;
   limit_req_log_level error;
   limit_req_status    429;
  }

  keepalive_timeout    10;
  client_max_body_size 10M;

  try_files            $uri/index.html $uri;
  error_page           500 502 503 504 /500.html;
}
INI

References

References
Passenger » Nginx » Integrating Action Cable Passenger » Nginx » Ruby » Restarts Passenger » Standalone » Install Passenger » Apache » Install Passenger » Nginx » Config Passenger » Nginx » Install Passenger » Nginx » Ruby Passenger » Standalone Passenger » Apache Passenger » Nginx	Passenger » Nginx » Install » Ubuntu » 24.04 Passenger » Nginx » Install » Ubuntu » 22.04 Passenger » Nginx » Install » Ubuntu » 20.04
Nginx » Security » Certificate » TLS Nginx » Security » Certificate Nginx » Security » Password Nginx » Security » Domain Nginx » K8s » Ingress Nginx » Security Nginx	Localtunnel PostgreSQL HAProxy MinIO CIDR UFW

Nginx/Passenger

Passenger » Why

Passenger » How

References

Navigation menu

Search