Setting up fresh Ubuntu server for Ruby on Rails

Edited on July 4, 2013

Once in a while, as a Ruby developer, you are faced with the situation when a product owner says, “Alright, now it’s time to make it live”. And then you probably think “I’ll be fighting with these stubborn servers for the next few days…”. If you have a very simple app or one at the early stages of its lifetime you can use one of the “no hassle deployment” platforms such as Heroku or OpenShift. But chances are you will need some custom stuff which is difficult to achieve on these kinds of platforms or you just feel better with “root” access.

You have many options for setting up Linux servers. Amongst the most popular ones are Chef and Puppet. Various hosting providers also add their own solutions for provisioning boxes (such as Stackscripts on Linode). Or you can do it “the old-school way”, manually. If you don’t need multiple machines and/or you have just a simple Rails site then provisioning tools might be an overkill. Also I believe any Ruby developer should configure the production server from scratch at least once to get familiar with this stuff and to learn where to look when troubleshooting server side problems.

Recently, I led a workshop about these things here at LLP and we decided to compile this knowledge into a blog post to share it with other Ruby developers and to have a known reference point in the future. So here it goes.

Note: the following steps were tested on Ubuntu 12.04 and 12.10. They don’t include any version-specific commands so they should also work without a problem on newer Ubuntu versions when they get released.

Preparations

Let’s assume you just created a VPS box and got an email with root access. Now, login to the server. If you got access to non-root user with sudo access then switch to root with:

$ sudo -i

Set preferred editor

You’ll be configuring the machine by editing several config files. Make sure you have your preferred editor set:

$ export EDITOR=vim

Let’s also make it the default editor for future sessions also:

$ echo "export EDITOR=vim" > /etc/profile.d/editor.sh

Update apt sources and upgrade base packages

You’ll be installing packages from Ubuntu repositories. Make sure apt sources are up to date:

$ apt-get update

Now run following to install Vim editor (skip it if you prefer to use nano or

other):

$ apt-get install vim

Set server timezone and time

To save yourself (and your app) some trouble set server’s timezone to UTC:

$ echo "Etc/UTC" > /etc/timezone

Let’s also install ntp daemon that will keep server time up to date, all the time:

$ apt-get install ntp

Add an user for your app

$ useradd -G sudo -m -s /bin/bash luna

You’ll be logging onto the server as the user “luna” from time to time to make some tweaks. Grant the user sudo access:

$ echo "luna ALL=NOPASSWD:ALL" > /etc/sudoers.d/luna
$ chmod 0440 /etc/sudoers.d/luna</div>

Copy SSH key

To avoid entering a password (for many reasons) when logging in as “luna” copy your public SSH key to server user’s ~/.ssh/authorized_keys file with the following command:

Try ssh’ing now:

$ ssh luna@luna.com You shouldn&#8217;t be asked for a password anymore.

Useful stuff

Switch to the user “luna”:

$ su - luna

Disable the installation of rdoc and ri docs for installed gems to save yourself some time:

$ echo "gem: --no-rdoc --no-ri" > ~/.gemrc

Set RAILS_ENV to production so you don’t have to type it when invoking rake:

$ echo "export RAILS_ENV=production" >> ~/.bashrc

Ruby

Now, for ruby, we’ll install and use RVM to installation of ruby 1.9.3.

Switch back to root and follow the next steps.

Install RVM

Here we’ll install RVM globally (so called “system install” as opposed to “user install”).

This is handy if you want to have several apps or users on the servers.

Make sure you have the curl command installed:

$ apt-get install curl

Install a stable RVM version by piping the installation script to bash:

$ curl -L get.rvm.io | bash -s stable

Source rvm script so we don’t need to re-login:

$ source /etc/profile.d/rvm.sh

Let’s ignore RVM prompts about trusting .rvmrc files (we’ll use the default gemset

for Passenger anyway)

$ echo "export rvm_trust_rvmrcs_flag=0" >> /etc/rvmrc

RVM access for the user “luna”

Add the user luna to the rvm group:

$ usermod -a -G rvm luna

Install requirements

See what are the requirements for compiling MRI:

$ rvm requirements

Most likely it is in the following list of packages:

$ apt-get install build-essential openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion

Install Ruby

Now, install ruby via RVM:

$ rvm install 2.0.0

Make installed ruby a default

Make it a default for all new shells:

$ rvm --default use 2.0.0

Nginx + Passenger

As far as a webserver is concerned, the combo of Nginx + Passenger works well in most cases.

Install the passenger gem

$ gem install passenger

Install Nginx via the passenger gem

First install dependencies for Nginx/Passenger:

$ apt-get install libcurl4-openssl-dev

Now compile it:

$ passenger-install-nginx-module

Just follow the instructions to compile and install nginx.

Create boot service (upstart)

The upstart script for Nginx will be used for starting/stopping nginx via the command line and will make sure nginx starts on system boot.

Download the script:

$ curl https://gist.github.com/sickill/2492523/raw/d1ecb87e9eba9e59ddd44d3c3aaf6c3c52b16374/nginx.conf

Start nginx:

$ start nginx

And check if it works by looking at the response:

$ curl localhost

“Welcome to Nginx” means that everything is fine.

VHost

Now we need to create a Virtual Host config for the luna app, replace the default

server block with the following:

# /opt/nginx/conf/nginx.conf

&#8230;
server {
listen 80;
server_name www.luna.com luna.com;
root /home/luna/current/public; &#35; passenger_enabled on;
}
&#8230;

Restart Nginx:

$ restart nginx

And confirm that it restarted properly:

$ curl localhost

You should get the 404 page due to the fact that our app is not running yet.

MySQL

Install the MySQL server via apt:

$ apt-get install mysql-server libmysqlclient-dev

Create a project database (you will be asked for the mysql root password you set when running the previous installation command):

$ echo "create database luna_production" | mysql -u root -p

And grant access to the user luna:

$ echo "grant all on luna_production.* to luna@localhost identified by 'luna123'" | mysql -u root -p

Capistrano

Let’s use Capistrano for deploying new releases of the “luna” app.

Note: All of the commands in this section are meant to be run on your local machine inside the Rails project directory (unless otherwise stated).

Add capistrano to the bundle

First add the following to your app’s Gemfile:

group :development do
  ...
  gem 'capistrano'
  gem 'rvm-capistrano'
  ...
end

The last one nicely integrates capistrano with RVM.

Install new gems:

$ bundle

Generate skeleton capistrano config files

$ bundle exec capify .

You should have Capfile and config/deploy.rb files now.

Edit Capfile

Make the file contents look like this:

load 'deploy'
load 'deploy/assets'
load 'config/deploy'

load ‘deploy/assets’ handles assets compilation in Rails 3. If you’re deploying a Rails 2 application just remove this line.

Edit config/deploy.rb

First, you should fill the variables with your application name, repository and web server name. Then find the commented out block of code that’s related to Passenger. Just uncomment it.

Then make sure you have following lines in the file:

require 'rvm/capistrano'
require 'bundler/capistrano'
ssh_options&#91;:forward_agent&#93; = true
set :deploy_via, :remote_cache
set :use_sudo, false
set :user, "luna"
set :deploy_to, "/home/luna"
set :rails_env, "production"
set :rvm_type<, :system
set :keep_releases, 3
after "deploy:restart", "deploy:cleanup"
namespace :deploy do
  desc "Symlink shared/* files"
  task :symlink_shared, :roles =&gt; :app do
    run "ln -nfs #{shared_path}/config/database.yml #{release_path}/config/database.yml"
  end
end
after "deploy:update_code", "deploy:symlink_shared"

Allow capistrano prepare directory structure on the server

$ bundle exec cap deploy:setup

Copy the example database config file to the server:

First create a config directory inside the shared directory:

$ ssh luna@luna.com mkdir -p ~/shared/config

Copy the file:

$ scp config/database.yml.example luna@luna.com:~/shared/config/database.yml

Now set proper values in database.yml on the server:

$ ssh luna@luna.com vim shared/config/database.yml

And deploy for the first time:

$ bundle exec cap deploy

Once you have the application code on the server log in there and prepare db structure:

$ ssh luna@luna.com

The following happens in a remote shell

$ cd current
$ bundle exec rake db:setup

Finally, deploy just to make sure everything works:

$ bundle exec cap deploy

Logrotate

Create the /etc/logrotate.d/luna file with following content:

/home/luna/app/shared/log/*.log {
daily
missingok
rotate 30
compress
delaycompress
copytruncate
}

That will tell logrotate to rotate log files daily, compress them, keep for 30 days and don’t choke when file is missing. copytruncate is important here as it will make sure the log file currently used by the Rails app is not moved but truncated. That way the app can just keep on logging without reopening log file.

Don’t forget about this, if you manage production box yourself. And do it when you initially setup the box, not “later”. “Later” often means “when the app is down due to not enough disk space”. Srsly.

Firewall

Ubuntu comes with a decent firewall management tool called ufw. Install it:

$ apt-get install ufw

Now set the default firewall policy to “deny”:

$ ufw default deny

And allow connections to the services we want to expose to the world:

$ ufw allow ssh/tcp
$ ufw allow 80/tcp
$ ufw allow 443/tcp

Finally, enable firewall:

$ ufw enable

Your production environment is safer now.

Mail server (MTA)

There are many offerings for a SMTP service that also brings in some additional features like email opening tracking, link click tracking and whatnot. If you just need the plain “send message and forget” functionality you may use Postfix MTA.

Install it by:

$ apt-get install postfix heirloom-mailx

Thanks to the firewall rules from the previous section you don’t need to worry about spammers using your server for sending their spam. They won’t be able to connect to your Postfix daemon from outside the machine.

Monitoring

For basic system monitoring the easiest thing you can do is to install monit:

$ apt-get install monit

Open /etc/monit/monitrc in an editor and adjust the default config to suit your needs.

By default it monitors CPU usage, memory usage, disk usage and several other system-level components.

If you’ve been using god for monitoring your app processes then you may consider using monit also for this task as it’s a much simpler tool for the job.

That’s it!

Great, you have now fully configured an Ubuntu server ready to serve your awesome Ruby on Rails application. I hope this tutorial made you realize that this task is not as hard as you thought. Now, after you went through all of this manually try building a set of Chef cookbooks that accomplish the above tasks automatically (and repeatably) for you.

Related posts: