feat: configure Puma to use Unix socket for nginx communication

mroderick · mroderick · commit 065b8e2b73a8 · 2026-04-25T15:20:28.000+02:00
- Bind to /tmp/nginx.socket with umask=0077 (owner-only permissions)
- Update Procfile to use bin/start-nginx wrapper
- Only apply socket binding when DYNO env var present (Heroku)
diff --git a/Procfile b/Procfile
@@ -1,2 +1,2 @@
 release: bundle exec rake db:migrate
-web: bundle exec puma -C config/puma.rb
+web: bin/start-nginx bundle exec puma -C config/puma.rb
diff --git a/config/puma.rb b/config/puma.rb
@@ -29,7 +29,12 @@
 threads threads_count, threads_count
 
 # Specifies the `port` that Puma will listen on to receive requests; default is 3000.
-port ENV.fetch("PORT", 3000)
+# On Heroku with nginx buildpack, bind to Unix socket instead of port
+if ENV["DYNO"]
+  bind "unix:///tmp/nginx.socket?umask=0077"  # Restrict socket permissions to owner only
+else
+  port ENV.fetch("PORT", 3000)
+end
 
 # Allow puma to be restarted by `bin/rails restart` command.
 plugin :tmp_restart

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`	`1`	`release: bundle exec rake db:migrate`
`2`		`-web: bundle exec puma -C config/puma.rb`
	`2`	`+web: bin/start-nginx bundle exec puma -C config/puma.rb`