Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
  • AMI: ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-20170727 (ami-1e749f67)
  • t2.large instance
$ sudo apt-get update
$ sudo apt-get install -y git

$ sudo apt-get install -y gcc build-essential
$ sudo apt-get install -y libssl-dev libreadline-dev zlib1g-dev

# Install/configure rbenv
$ sudo apt-get install -y rbenv
$ git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
$ rbenv install 2.3.1
$ echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
$ echo 'eval "$(rbenv init -)"' >> ~/.bash_profile 
$ source ~/.bash_profile
$ rbenv global 2.3.1
$ rbenv rehash
$ gem install bundler

# Set-up Asset Manager
$ git clone https://github.com/alphagov/asset-manager.git
$ cd asset-manager
$ bundle install

$ sudo apt-get install -y mongodb

# Clamscan
$ sudo apt-get install -y clamav clamav-freshclam clamav-daemon
$ sudo freshclam
$ sudo /etc/init.d/clamav-daemon start
$ sudo ln -s /usr/bin/clamscan /usr/local/bin/govuk_clamscan

# Apache Bench
$ sudo apt-get install -y apache2-utils

$ sudo apt-get install -y nginx-full

# Create nginx config file using the contents in the other file in this gist
$ sudo vi /etc/nginx/sites-available/asset-manager.ec2.gov.uk

$ sudo ln -s /etc/nginx/sites-available/asset-manager.ec2.gov.uk /etc/nginx/sites-enabled/
$ sudo service nginx reload

# Add `127.0.0.1 asset-manager.ec2.gov.uk` to /etc/hosts

$ echo "worker_processes 2" > config/unicorn.rb

# Store AWS environment variables in ~/.bash_profile
export AWS_ACCESS_KEY=<key>
export AWS_SECRET_KEY=<secret>
export AWS_REGION=<region>
export AWS_S3_BUCKET_NAME=<bucket>

$ bundle exec rails r "User.create!"
# Start Asset Manager server
$ bundle exec unicorn -p 3037 -c config/unicorn.rb

# Start the worker
$ bundle exec rake jobs:work

# Ensure Asset Manager is responding
$ curl http://asset-manager.ec2.gov.uk/healthcheck
OK

# Testing file upload
$ echo `date` > tmp.txt
$ curl http://asset-manager.ec2.gov.uk/assets/ \
--form "asset[file]=@tmp.txt" \
-H"Authorization: Bearer 123" \
-H"Accept: application/json"
# Configure the cache for the S3 objects
# Settings based on https://www.nginx.com/blog/nginx-caching-guide/
proxy_cache_path /var/cache/nginx/ levels=1:2 keys_zone=asset-manager:10m max_size=10g
inactive=60m;
# I've had to add this to avoid the following error:
# nginx: [emerg] could not build the variables_hash, you should increase either variables_hash_max_size: 512 or variables_hash_bucket_size: 64
variables_hash_max_size 1024;
upstream asset-manager.ec2.gov.uk-proxy {
server localhost:3037;
}
server {
server_name asset-manager.ec2.gov.uk;
listen 80;
# Set variable that we can use to report the mechanism used to serve the file
set $debug_served_by '';
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
proxy_connect_timeout 1s;
proxy_read_timeout 15;
add_header X-Frame-Options DENY;
location / {
try_files $uri/index.html $uri.html $uri @app;
}
location @app {
proxy_pass http://asset-manager.ec2.gov.uk-proxy;
}
root /home/ubuntu/asset-manager/public;
client_max_body_size 500m;
proxy_set_header X-Sendfile-Type X-Accel-Redirect;
proxy_set_header X-Accel-Mapping /home/ubuntu/asset-manager/uploads/assets/=/raw/;
# /raw/(.*) is the path mapping sent from the rails application to
# nginx and is immediately picked up. /raw/(.*) is not available
# publicly as it is an internal path mapping.
location ~ /raw/(.*) {
internal;
alias /home/ubuntu/asset-manager/uploads/assets/$1;
set $debug_served_by SendFile;
}
# This querystring tells Rails to proxy the request to S3
if ($query_string ~* "stream_from_s3") {
set $debug_served_by RailsProxy;
}
# This internal location tells Nginx to proxy the request to S3
# Based on https://kovyrin.net/2010/07/24/nginx-fu-x-accel-redirect-remote/
# This location is invoked when the Rails app responds with an X-Accel-Redirect
# header containing something like "/cloud-storage-proxy/https://<bucket-name>.s3.eu-west-2.amazonaws.com/<object-id>"
location ~* ^/cloud-storage-proxy/(https?://)(.*?)/(.*) {
# Do not allow people to mess with this location directly
# Only internal redirects are allowed
internal;
# Enable caching
proxy_cache asset-manager;
add_header X-Cache-Status $upstream_cache_status;
# Location-specific logging
access_log /var/log/nginx/asset-manager-cloud-storage-proxy.access.log;
error_log /var/log/nginx/asset-manager-cloud-storage-proxy.error.log warn;
# Extract download url from the request
set $download_scheme $1;
set $download_host $2;
set $download_path $3;
# Compose download url
set $download_url $download_scheme$download_host/$download_path;
# Set download request headers
proxy_set_header Host $download_host;
proxy_set_header Authorization '';
# The next two lines could be used if your storage
# backend does not support Content-Disposition
# headers used to specify file name browsers use
# when save content to the disk
#proxy_hide_header Content-Disposition;
#add_header Content-Disposition 'attachment; filename="$args"';
# Do not touch local disks when proxying
# content to clients
proxy_max_temp_file_size 0;
# Add this to avoid "no resolver defined to resolve" errors
resolver 8.8.8.8;
# Download the file and send it to client
proxy_pass $download_url;
set $debug_served_by NginxProxy;
}
# Add HTTP header to report the mechanism used to serve the file
add_header Debug-Served-By $debug_served_by;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.