Last active
June 4, 2023 14:03
-
-
Save anko20094/50e767b589c9d9743aa113d74ca2ce00 to your computer and use it in GitHub Desktop.
Set up server for a telegram bot Rails application. Railas 7, Postgresql, Puma, Nginx, RVM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Note: Replace UPPERCASE words with your own setup details. | |
| Note 2: I use vim to edit files, you can and should replace vim with nano or any other editor of choice if you're not familiar with it. | |
| Note 3: Always use random and long passwords, don't share them between applications and don't lose them. Also never commit unencrypted secrets to public repos. | |
| 1) Good practice to update packages | |
| sudo apt-get update | |
| 2) Install nginx | |
| sudo apt-get install curl git-core nginx -y | |
| 3) INSTALL POSTGRESS | |
| sudo apt-get install postgresql postgresql-contrib libpq-dev | |
| 4) Log in to the postgres console | |
| sudo -u postgres psql | |
| 5) Create a user with rights and a database | |
| create database NAME_OF_APPLICATION_production; | |
| \l | |
| create user NAME_OF_USER_FOR_DB with encrypted password 'PASSWORD_OF_USER_FOR_DB'; | |
| grant all privileges on database NAME_OF_APPLICATION_production to NAME_OF_USER_FOR_DB; | |
| \q | |
| 6) Change authentication from peer to md 5 | |
| sudo vim /etc/postgresql/14/main/pg_hba.conf | |
| local all all peer -> md5 | |
| 7) Restart postgres for the changes to take effect | |
| sudo service postgresql restart | |
| sudo service postgresql status | |
| 8) Add the necessary tools: Nodejs + NPM + yarn | |
| curl -sL https://deb.nodesource.com/setup_18.x -o /tmp/nodesource_setup.sh | |
| sudo bash /tmp/nodesource_setup.sh | |
| sudo apt install nodejs | |
| npm install --global yarn | |
| node -v | |
| npm -v | |
| yarn -v | |
| 9) Install redis and add to autoload | |
| sudo apt update | |
| sudo apt install redis-server | |
| sudo nano /etc/redis/redis.conf | |
| sudo systemctl enable redis-server | |
| 10) Install and configure RVM | |
| sudo apt-get install software-properties-common | |
| sudo apt-add-repository -y ppa:rael-gc/rvm | |
| sudo apt-get update | |
| sudo apt-get install rvm | |
| sudo usermod -a -G rvm $USER | |
| echo 'source "/etc/profile.d/rvm.sh"' >> ~/.bashrc | |
| ### exit and connect to the server once again | |
| rvm install "ruby-3.2.2" | |
| rvm use ruby-3.2.2@NAME_OF_APPLICATION --create --default | |
| gem install rails -v '7.0.5' -V | |
| ### if .rvm/bin/rvm not found error -->> | |
| mkdir .rvm | |
| mkdir .rvm/bin | |
| ln -s /usr/share/rvm/bin/rvm .rvm/bin/rvm | |
| 11) Generate SSH and put into the application repository | |
| ssh-keygen -t rsa | |
| cat ~/.ssh/id_rsa.pub | |
| 11) Set your ssh to authorised keys | |
| cat ~/.ssh/id_rsa.pub | ssh root@IP_OF_SERVER 'cat >> ~/.ssh/authorized_keys' | |
| #if it still ask password when you try connect to server execute next in local terminal: | |
| eval `ssh-agent -s` | |
| ssh-add ~/.ssh/id_rsa | |
| 12) Run the command from the local terminal: | |
| cap production puma:systemd:config | |
| cap production puma:make_dirs | |
| cap production deploy:initial | |
| 13) Remove defualt nginx settings | |
| sudo rm /etc/nginx/sites-enabled/default | |
| 14) Copy nginx settings for an application | |
| sudo ln -nfs "/home/root/apps/NAME_OF_APPLICATION/current/config/nginx.conf" "/etc/nginx/sites-enabled/NAME_OF_APPLICATION" | |
| 15) Generate SSL sertificats | |
| mkdir /etc/nginx/ssl | |
| openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/nginx/ssl/NAME_OF_KEY.key -x509 -days 365 -out /etc/nginx/ssl/NAME_OF_PEM.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=IP_OF_SERVER" | |
| 16) Enter into your project's folder and set webhook for bot | |
| cd /home/root/apps/NAME_OF_PROJECT/current | |
| RAILS_ENV=production bundle exec rake telegram:bot:set_webhook CERT=/etc/nginx/ssl/NAME_OF_KEY.pem | |
| 17) You need to restart nginx for the changes to take effect | |
| sudo service nginx restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream app { | |
| # Path to Puma SOCK file, as defined previously | |
| server unix:///home/root/apps/NAME_OF_PROJECT/shared/tmp/sockets/NAME_OF_PROJECT-puma.sock; | |
| } | |
| server { | |
| server_name IP_OF_SERVER; | |
| root /home/root/apps/NAME_OF_PROJECT/current/public; | |
| try_files $uri/index.html $uri @app; | |
| location @app { | |
| proxy_pass http://app; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| proxy_redirect off; | |
| } | |
| location /cable { | |
| proxy_pass http://app/cable; | |
| proxy_http_version 1.1; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "Upgrade"; | |
| } | |
| error_page 500 502 503 504 /500.html; | |
| client_max_body_size 4G; | |
| keepalive_timeout 10; | |
| listen 80; | |
| listen 443 ssl; | |
| ssl_certificate /etc/nginx/ssl/NAME_OF_PEM.pem; | |
| ssl_certificate_key /etc/nginx/ssl/NAME_OF_KEY.key; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment