buncis/default

## default
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


## deploy.txt
#install devtools
sudo add-apt-repository ppa:chris-lea/redis-server
sudo apt-get update
sudo apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev software-properties-common libffi-dev dirmngr gnupg apt-transport-https ca-certificates redis-server redis-tools

#GENERATE NEW SSH dan upload ke github
https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent

#install ruby
git clone https://github.com/rbenv/rbenv.git ~/.rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
git clone https://github.com/rbenv/rbenv-vars.git ~/.rbenv/plugins/rbenv-vars
exec $SHELL
rbenv install 3.2.0
rbenv global 3.2.0

#add no doc no ri to gem rc
echo "gem: --no-document" > ~/.gemrc

#install bundler
gem install bundler

#install passenger and nginx
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger focal main > /etc/apt/sources.list.d/passenger.list'
sudo apt-get update
sudo apt-get install -y nginx-extras libnginx-mod-http-passenger
<!-- ini buat enabling passenger module and restart nginx -->
if [ ! -f /etc/nginx/modules-enabled/50-mod-http-passenger.conf ]; then sudo ln -s /usr/share/nginx/modules-available/mod-http-passenger.load /etc/nginx/modules-enabled/50-mod-http-passenger.conf ; fi
sudo ls /etc/nginx/conf.d/mod-http-passenger.conf
<!-- set ruby di mod-http-passenger.conf -->
passenger_ruby /home/deploy/.rbenv/shims/ruby;
sudo service nginx start
<!-- sampai sini seharusnya kalo buka ip static public
  keliatan itu halaman default nginx  -->

#install postgresql
sudo apt-get install postgresql postgresql-contrib libpq-dev
sudo su - postgres
<!-- bikin user postgresq sesuai user login -->
createuser --pwprompt ubuntu
<!-- bikin database buat appnya -->
createdb -O deploy myapp
<!-- add user jadi superuser biar bisa enable pg extensions -->
psql
ALTER ROLE ubuntu SUPERUSER;
\q
exit

#mengarahkan nginx ke ruby app dari passenger
#buang config nginx default
set server config nginx
server {
  listen 80;
  listen [::]:80;

  server_name _;
  root /home/deploy/myapp/current/public;

  passenger_enabled on;
  passenger_app_env production;

  location /cable {
    passenger_app_group_name myapp_websocket;
    passenger_force_max_concurrent_requests_per_process 0;
  }

  # Allow uploads up to 100MB in size
  client_max_body_size 100m;

  location ~ ^/(assets|packs) {
    expires max;
    gzip_static on;
  }
}

<!-- udah selesai bikin file config baru rload nginx lagi -->
sudo service nginx reload

# SETUP CAPISTRANO BIAR DEPLOY GAMPANG

gem 'capistrano', '~> 3.11'
gem 'capistrano-rails', '~> 1.4'
gem 'capistrano-passenger', '~> 0.2.0'
gem 'capistrano-rbenv', '~> 2.1', '>= 2.1.4'
bundle
cap install STAGES=production

# edit capfile

require 'capistrano/rails'
require 'capistrano/passenger'
require 'capistrano/rbenv'

# edit config/deploy.rb

set :rbenv_type, :user
set :rbenv_ruby, '3.2.0'

set :application, "myapp"
set :repo_url, "git@github.com:username/myapp.git"

# Deploy to the user's home directory
set :deploy_to, "/home/deploy/#{fetch :application}"

append :linked_dirs, 'log', 'tmp/pids', 'tmp/cache', 'tmp/sockets', 'vendor/bundle', '.bundle', 'public/system', 'public/uploads'

# Only keep the last 5 releases to save disk space
set :keep_releases, 5

# Optionally, you can symlink your database.yml and/or secrets.yml file from the shared directory during deploy
# This is useful if you don't want to use ENV variables
# append :linked_files, 'config/database.yml', 'config/secrets.yml'

# config/deploy/production.rb
server '1.2.3.4', user: 'ubuntu', roles: %w{app db web}

set :ssh_options, {
      keys: %w(/home/bc/aws/LightsailDefaultKey-ap-southeast-1.pem),
      forward_agent: false,
      auth_methods: %w(publickey),
    }

<!-- sampe sini udah bisa deploy make -->

cap production deploy

tapi ada requirements buat bikin folder and env vars

jadi vim /home/ubuntu/myapp/.rbenv-vars

# For Postgres
DATABASE_URL=postgresql://deploy:PASSWORD@127.0.0.1/myapp

RAILS_MASTER_KEY=ohai
SECRET_KEY_BASE=1234567890

STRIPE_PUBLIC_KEY=x
STRIPE_PRIVATE_KEY=y
# etc...

# SETUP SSL SERVER BUAT DOMAIN
<!-- install certbot -->
sudo snap install --classic certbot
sudo certbot --nginx
sudo certbot renew --dry-run

# setup ulang nginx buat handle SSL

server {

  listen 80;
  listen [::]:80 ipv6only=on;

  listen [::]:443 ssl ipv6only=on; # managed by Certbot
  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/buncislab.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/buncislab.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  server_name _;
  root /home/ubuntu/blogpost/current/public;

  passenger_enabled on;
  passenger_app_env production;

  location /cable {
    passenger_app_group_name blogpost_websocket;
    passenger_force_max_concurrent_requests_per_process 0;
  }

  client_max_body_size 100m;

  location ~ ^/(assets|packs) {
    expires max;
    gzip_static on;
  }

}
	##
	# You should look at the following URL's in order to grasp a solid understanding
	# of Nginx configuration files in order to fully unleash the power of Nginx.
	# https://www.nginx.com/resources/wiki/start/
	# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
	# https://wiki.debian.org/Nginx/DirectoryStructure
	#
	# In most cases, administrators will remove this file from sites-enabled/ and
	# leave it as reference inside of sites-available where it will continue to be
	# updated by the nginx packaging team.
	#
	# This file will automatically load configuration files provided by other
	# applications, such as Drupal or Wordpress. These applications will be made
	# available underneath a path with that package name, such as /drupal8.
	#
	# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
	##

	# Default server configuration
	#
	server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
	# First attempt to serve request as file, then
	# as directory, then fall back to displaying a 404.
	try_files $uri $uri/ =404;
	}

	# pass PHP scripts to FastCGI server
	#
	#location ~ \.php$ {
	# include snippets/fastcgi-php.conf;
	#
	# # With php-fpm (or other unix sockets):
	# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
	# # With php-cgi (or other tcp sockets):
	# fastcgi_pass 127.0.0.1:9000;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	# deny all;
	#}
	}


	# Virtual Host configuration for example.com
	#
	# You can move that to a different file under sites-available/ and symlink that
	# to sites-enabled/ to enable it.
	#
	#server {
	# listen 80;
	# listen [::]:80;
	#
	# server_name example.com;
	#
	# root /var/www/example.com;
	# index index.html;
	#
	# location / {
	# try_files $uri $uri/ =404;
	# }
	#}
	#install devtools
	sudo add-apt-repository ppa:chris-lea/redis-server
	sudo apt-get update
	sudo apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev software-properties-common libffi-dev dirmngr gnupg apt-transport-https ca-certificates redis-server redis-tools

	#GENERATE NEW SSH dan upload ke github
	https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent

	#install ruby
	git clone https://github.com/rbenv/rbenv.git ~/.rbenv
	echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
	echo 'eval "$(rbenv init -)"' >> ~/.bashrc
	git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
	echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
	git clone https://github.com/rbenv/rbenv-vars.git ~/.rbenv/plugins/rbenv-vars
	exec $SHELL
	rbenv install 3.2.0
	rbenv global 3.2.0

	#add no doc no ri to gem rc
	echo "gem: --no-document" > ~/.gemrc

	#install bundler
	gem install bundler

	#install passenger and nginx
	sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
	sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger focal main > /etc/apt/sources.list.d/passenger.list'
	sudo apt-get update
	sudo apt-get install -y nginx-extras libnginx-mod-http-passenger
	<!-- ini buat enabling passenger module and restart nginx -->
	if [ ! -f /etc/nginx/modules-enabled/50-mod-http-passenger.conf ]; then sudo ln -s /usr/share/nginx/modules-available/mod-http-passenger.load /etc/nginx/modules-enabled/50-mod-http-passenger.conf ; fi
	sudo ls /etc/nginx/conf.d/mod-http-passenger.conf
	<!-- set ruby di mod-http-passenger.conf -->
	passenger_ruby /home/deploy/.rbenv/shims/ruby;
	sudo service nginx start
	<!-- sampai sini seharusnya kalo buka ip static public
	keliatan itu halaman default nginx -->

	#install postgresql
	sudo apt-get install postgresql postgresql-contrib libpq-dev
	sudo su - postgres
	<!-- bikin user postgresq sesuai user login -->
	createuser --pwprompt ubuntu
	<!-- bikin database buat appnya -->
	createdb -O deploy myapp
	<!-- add user jadi superuser biar bisa enable pg extensions -->
	psql
	ALTER ROLE ubuntu SUPERUSER;
	\q
	exit

	#mengarahkan nginx ke ruby app dari passenger
	#buang config nginx default
	set server config nginx
	server {
	listen 80;
	listen [::]:80;

	server_name _;
	root /home/deploy/myapp/current/public;

	passenger_enabled on;
	passenger_app_env production;

	location /cable {
	passenger_app_group_name myapp_websocket;
	passenger_force_max_concurrent_requests_per_process 0;
	}

	# Allow uploads up to 100MB in size
	client_max_body_size 100m;

	location ~ ^/(assets\|packs) {
	expires max;
	gzip_static on;
	}
	}

	<!-- udah selesai bikin file config baru rload nginx lagi -->
	sudo service nginx reload

	# SETUP CAPISTRANO BIAR DEPLOY GAMPANG

	gem 'capistrano', '~> 3.11'
	gem 'capistrano-rails', '~> 1.4'
	gem 'capistrano-passenger', '~> 0.2.0'
	gem 'capistrano-rbenv', '~> 2.1', '>= 2.1.4'
	bundle
	cap install STAGES=production

	# edit capfile

	require 'capistrano/rails'
	require 'capistrano/passenger'
	require 'capistrano/rbenv'

	# edit config/deploy.rb

	set :rbenv_type, :user
	set :rbenv_ruby, '3.2.0'

	set :application, "myapp"
	set :repo_url, "git@github.com:username/myapp.git"

	# Deploy to the user's home directory
	set :deploy_to, "/home/deploy/#{fetch :application}"

	append :linked_dirs, 'log', 'tmp/pids', 'tmp/cache', 'tmp/sockets', 'vendor/bundle', '.bundle', 'public/system', 'public/uploads'

	# Only keep the last 5 releases to save disk space
	set :keep_releases, 5

	# Optionally, you can symlink your database.yml and/or secrets.yml file from the shared directory during deploy
	# This is useful if you don't want to use ENV variables
	# append :linked_files, 'config/database.yml', 'config/secrets.yml'

	# config/deploy/production.rb
	server '1.2.3.4', user: 'ubuntu', roles: %w{app db web}

	set :ssh_options, {
	keys: %w(/home/bc/aws/LightsailDefaultKey-ap-southeast-1.pem),
	forward_agent: false,
	auth_methods: %w(publickey),
	}

	<!-- sampe sini udah bisa deploy make -->

	cap production deploy

	tapi ada requirements buat bikin folder and env vars

	jadi vim /home/ubuntu/myapp/.rbenv-vars

	# For Postgres
	DATABASE_URL=postgresql://deploy:PASSWORD@127.0.0.1/myapp

	RAILS_MASTER_KEY=ohai
	SECRET_KEY_BASE=1234567890

	STRIPE_PUBLIC_KEY=x
	STRIPE_PRIVATE_KEY=y
	# etc...

	# SETUP SSL SERVER BUAT DOMAIN
	<!-- install certbot -->
	sudo snap install --classic certbot
	sudo certbot --nginx
	sudo certbot renew --dry-run

	# setup ulang nginx buat handle SSL

	server {

	listen 80;
	listen [::]:80 ipv6only=on;

	listen [::]:443 ssl ipv6only=on; # managed by Certbot
	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/buncislab.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/buncislab.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

	server_name _;
	root /home/ubuntu/blogpost/current/public;

	passenger_enabled on;
	passenger_app_env production;

	location /cable {
	passenger_app_group_name blogpost_websocket;
	passenger_force_max_concurrent_requests_per_process 0;
	}

	client_max_body_size 100m;

	location ~ ^/(assets\|packs) {
	expires max;
	gzip_static on;
	}

	}