Create a new, start with the smallest droplet. Use Ubuntu 16.04, log in as root.
Initial Server Setup with Ubuntu 16.04
create user 'rails'
adduser rails
Add to sudoers group
usermod -aG sudo rails
Switch user to 'rails'
su - rails
Create ssh key
ssh-keygen
Create sym link for webroot
cd ~
ln -s /var/www/html html
How To Add Swap Space on Ubuntu 16.04
Check swapfile
free -h
Check freespace
df -h
Create a 4gb Swap File
sudo fallocate -l 4G /swapfile
Verify
ls -lh /swapfile
Lock it down
sudo chmod 600 /swapfile
Make it swap
sudo mkswap /swapfile
Enable it
sudo swapon /swapfile
Verify
sudo swapon --show
Check swapfile
free -h
Make it permanent
sudo cp /etc/fstab /etc/fstab.bak;
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
How To Install Nginx on Ubuntu 16.04
Install NGINX
sudo apt-get update
sudo apt-get install nginx
Check status
systemctl status nginx
Tweak UFW firewall
sudo ufw allow 'OpenSSH'
sudo ufw allow 'Nginx Full'
sudo ufw enable
sudo ufw status
Install CURL, get your IP, and check that you can request a page in your browser!
sudo apt-get install curl
curl -4 icanhazip.com
Actions*
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx
Server Configuration
/etc/nginx
- The nginx configuration directory. All of the Nginx configuration files reside here.
/etc/nginx/nginx.conf
The main Nginx configuration file. This can be modified to make changes to the Nginx global configuration.
/etc/nginx/sites-available/
The directory where per-site "server blocks" can be stored. Nginx will not use the configuration files found in this directory unless they are linked to the sites-enabled directory (see below). Typically, all server block configuration is done in this directory, and then enabled by linking to the other directory.
/etc/nginx/sites-enabled/
The directory where enabled per-site "server blocks" are stored. Typically, these are created by linking to configuration files found in the sites-available directory.
/etc/nginx/snippets
This directory contains configuration fragments that can be included elsewhere in the Nginx configuration. Potentially repeatable configuration segments are good candidates for refactoring into snippets.
Server Logs
/var/log/nginx/access.log
Every request to your web server is recorded in this log file unless Nginx is configured to do otherwise.
/var/log/nginx/error.log
Any Nginx errors will be recorded in this log.
How To Install and Configure Elasticsearch on Ubuntu 16.04 Elastic search requires at least 2GB of ram to work for some reason.
Install JAVA
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get install oracle-java8-installer
Get ElasticSearch
sudo apt-get update
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.0.deb
Install
sudo dpkg -i elasticsearch-5.4.0.deb
Remove DEB file
rm elasticsearch-5.4.0.deb
Enable
sudo systemctl enable elasticsearch.service
Configure
sudo nano /etc/elasticsearch/elasticsearch.yml
Edit Config File
...
cluster.name: mycluster1
node.name: "My First Node"
...
Restart
sudo systemctl start elasticsearch.service
Tweak UFW firewall
sudo ufw allow from 127.0.0.1 to any port 9200
sudo ufw status
Test
curl -X GET 'http://localhost:9200'
Status
sudo systemctl status elasticsearch.service
How To Install Ruby on Rails with RVM on Ubuntu 16.04
Add key
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
Move to a writeable directory
cd /tmp
Get latest Ruby
curl -sSL https://get.rvm.io -o rvm.sh
Compile
cat /tmp/rvm.sh | bash -s stable --rails
Reload your source file
source /etc/profile.d/rvm.sh
Install your Ruby VERSION
rvm install VERSION --default
Deploying a Rails App on Ubuntu 14.04 with Capistrano, Nginx, and Puma
Install Rails and bundler
gem install rails -v '5.0.1' -V --no-ri --no-rdoc
gem install bundler -V --no-ri --no-rdoc
Authorize your server to read from your repo, you'll have to add a deployment key to your repo. To do this you must copy your ~/.ssh/id_rsa.pub
file to your repo (make sure this is your deployment user, eg. rails
)
ssh -T git@github.com
ssh -T git@bitbucket.org
ssh -T git@gitlab.com
Change Permissions on html directory
sudo chown rails:rails /var/www/html/
Clone repo
git clone git@gitlab.com:gituser/example.git
Add your local key to the server, if this doesn't work just add your local public key (id_rsa.pub) to /home/rails/.ssh/authorized_keys
ssh-copy-id rails@example.com
How To Install and Use PostgreSQL on Ubuntu 16.04
Install Postgres
sudo apt-get update
sudo apt-get install postgresql postgresql-contrib
Create 'rails' postgres user
sudo -i -u postgres
createuser --interactive
Make it look like this:
Enter name of role to add: rails
Shall the new role be a superuser? (y/n) y
Create the database for rails user
createdb rails
libpq has to be installed separately
sudo apt-get install libpq-dev
Add gems to deployment
group :development do
gem 'capistrano'
gem 'capistrano-rails'
gem 'capistrano-rvm'
gem 'capistrano3-puma', github: 'seuros/capistrano-puma'
gem 'capistrano-bundler'
gem 'capistrano-rails-console'
end
Install Capistrano
cap install
Capfile
require 'capistrano/setup'
require 'capistrano/deploy'
require 'capistrano/rails'
require 'capistrano/rvm'
require 'capistrano/bundler'
require 'capistrano/puma'
require 'capistrano/scm/git'
require 'capistrano/rails/console'
set :rvm_type, :user
set :rvm_ruby_version, '2.3.1'
install_plugin Capistrano::Puma
install_plugin Capistrano::SCM::Git
Dir.glob('lib/capistrano/tasks/*.rake').each { |r| import r }
Deploy.rb, replace (APP_NAME)
lock "3.8.1"
set :application, "APP_NAME"
set :repo_url, "git@gitlab.com:gituser/example.git"
set :deploy_to, "/home/rails/html"
set :pty, true
set :puma_conf, "#{shared_path}/config/puma.rb"
append :linked_files, "config/database.yml", "config/secrets.yml", ".env"
append :linked_dirs, "log", "tmp/pids", "tmp/cache", "tmp/sockets", "public/system"
Production.rb, replace SERVER_IP
server 'SERVER_IP', user: 'rails', roles: %w{app db web}
Create shared config files
mkdir -p /var/www/html/shared/config
touch /var/www/html/shared/config/database.yml
touch /var/www/html/shared/config/secrets.yml
touch /var/www/html/shared/config/puma.rb
touch /home/rails/html/shared/.env
Copy config in databse.yml
production:
adapter: postgresql
encoding: unicode
pool: 5
database: APP_PRODUCTION
username: rails
url: localhost
password: <%= ENV['DATABASE_PASSWORD'] %>
Copy config into secrets.yml
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
Copy config into .env
SECRET_KEY_BASE=mysupersecretkeybase
DATABASE_URL=127.0.0.1
DATABASE_PASSWORD=mysupersecretdatabasepassword
Copy config in puma.rb
#!/usr/bin/env puma
directory '/home/rails/html/current'
rackup "/home/rails/html/current/config.ru"
environment 'production'
tag ''
pidfile "/home/rails/html/shared/tmp/pids/puma.pid"
state_path "/home/rails/html/shared/tmp/pids/puma.state"
stdout_redirect '/home/rails/html/shared/log/puma_access.log', '/home/rails/html/shared/log/puma_error.log', true
threads 0,16
bind 'unix:///home/rails/html/shared/tmp/sockets/puma.sock'
workers 0
prune_bundler
on_restart do
puts 'Refreshing Gemfile'
ENV["BUNDLE_GEMFILE"] = "/home/rails/html/current/Gemfile"
end
May need Node.js for Javascript Runtime
sudo apt-get install nodejs
How To Secure Nginx with Let's Encrypt on Ubuntu 16.04
Install Certbot
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
Edit NGINX
sudo nano /etc/nginx/sites-available/default
Inside the server block, add this location block
location ~ /.well-known {
allow all;
}
Check your NGINX config file
sudo nginx -t
Restart NGINX
sudo systemctl restart nginx
Get your cert (make sure you know your webroot)
sudo certbot certonly --webroot --webroot-path=/var/www/html -d example.com -d www.example.com
Generate strong diff
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Create configuration snippet
sudo nano /etc/nginx/snippets/ssl-example.com.conf
Paste in your certificates
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Create strong encryption params
sudo nano /etc/nginx/snippets/ssl-params.conf
Paste in params
# from https://cipherli.st/
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# disable HSTS header for now
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
How To Secure Nginx with Let's Encrypt on Ubuntu 16.04
create a new Nginx config file
touch /etc/nginx/sites-available/rails
chmod 644 rails
Update your APPLICATIONSOCKET.sock, server_name, snippet location
upstream app_server {
server unix:///home/rails/html/shared/tmp/sockets/APPLICATIONSOCKET.sock fail_timeout=0;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name EXAMPLE.COM;
return 301 https://$server_name$request_uri;
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
root /home/rails/html/current/public;
index index.htm index.html;
location / {
try_files $uri/index.html $uri.html $uri @app;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|mp3|flv|mpeg|avi)$ {
try_files $uri @app;
}
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
location ~ /.well-known {
allow all;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}
Update symobolic link
cd /etc/nginx/sites-enabled
rm default
ln -s /etc/nginx/sites-available/rails default
Restart NGINX
sudo systemctl restart nginx