Last active
August 8, 2019 14:43
-
-
Save cihad/e56e2b827b8d3f9cfecfbd20c68542f6 to your computer and use it in GitHub Desktop.
Ubuntu 16.04.4 x64, Ruby 2.5.1, Rails 5.2.0, Postgresql, Capistrano 3, Puma. Sidekiq, Nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require_relative 'config/application' | |
| require 'capistrano/setup' | |
| require "capistrano/scm/git" | |
| require 'capistrano/deploy' | |
| require 'capistrano/nginx' | |
| require 'capistrano/puma' | |
| require 'capistrano/puma/nginx' | |
| require "capistrano/chruby" | |
| require 'capistrano/rails' | |
| require 'capistrano/rails/db' | |
| require 'sshkit/sudo' | |
| install_plugin Capistrano::Nginx | |
| install_plugin Capistrano::SCM::Git | |
| install_plugin Capistrano::Puma # Default puma tasks | |
| install_plugin Capistrano::Puma::Nginx # if you want to upload a nginx site template | |
| Dir.glob('lib/capistrano/tasks/*.rake').each { |r| import r } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # config valid for current version and patch releases of Capistrano | |
| lock "~> 3.11.0" | |
| set :user, 'deployer' | |
| set :application, "biteklif" | |
| set :branch, "develop" | |
| set :repo_url, "git@github.com:cihad/MYAPP.git" | |
| set :deploy_to, "/home/deployer/apps/MYAPP" | |
| set :pty, true | |
| # https://github.com/capistrano/rails#usage | |
| set :rails_env, 'production' | |
| set :migration_role, :app | |
| set :assets_manifests, ['app/assets/config/manifest.js'] | |
| set :keep_assets, 2 | |
| append :linked_files, "config/master.key" | |
| append :linked_dirs, "log", "tmp/pids", "tmp/cache", "tmp/sockets", "public/system", 'public/uploads' | |
| # https://github.com/capistrano/chruby#usage | |
| set :chruby_ruby, "ruby-2.5.1" | |
| # https://github.com/seuros/capistrano-puma | |
| set :puma_conf, "#{shared_path}/config/puma.rb" | |
| set :nginx_ssl_certificate, "/etc/letsencrypt/live/mysite.com/fullchain.pem" | |
| set :nginx_ssl_certificate_key, "/etc/letsencrypt/live/mysite.com/privkey.pem" | |
| set :nginx_use_ssl, true | |
| # https://github.com/platanus/capistrano3-nginx#usage | |
| set :app_server_socket, "#{shared_path}/tmp/sockets/#{fetch :application}.sock" | |
| namespace :deploy do | |
| before 'check:linked_files', 'puma:config' | |
| before 'check:linked_files', 'puma:nginx_config' | |
| before 'deploy:migrate', 'deploy:db:create' | |
| after 'puma:smart_restart', 'nginx:restart' | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| group :development do | |
| # Access an interactive console on exception pages or by calling 'console' anywhere in the code. | |
| gem 'web-console', '>= 3.3.0' | |
| gem 'listen', '>= 3.0.5', '< 3.2' | |
| # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring | |
| gem 'spring' | |
| gem 'spring-watcher-listen', '~> 2.0.0' | |
| gem "capistrano", "~> 3.10", require: false | |
| gem "capistrano-rails", "~> 1.4", require: false | |
| gem 'capistrano-chruby' | |
| gem 'capistrano3-nginx', github: "treenewbee/capistrano3-nginx" | |
| gem 'capistrano3-puma', '~> 3.1' | |
| gem 'capistrano-rails-db' | |
| gem 'sshkit-sudo' | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ubuntu 16.04.4 x64 | |
| ruby 2.5.1 | |
| rails 5.2.0 | |
| capistrano ~3 | |
| puma | |
| sidekiq | |
| postgresql | |
| redis | |
| nginx | |
| cihad: local computer | |
| root: server root user | |
| deployer: server deployer user | |
| SERVERIPADRESS = you can use your server' ip address or domain name | |
| MYAPP = your application directory name like /home/apps/MYAPP/current | |
| ############### START ################## | |
| cihad$ ssh root@SERVERIPADDRESS | |
| root$ apt-get update | |
| root$ apt-get upgrade | |
| root$ adduser deployer | |
| root$ adduser deployer sudo | |
| root$ su deployer | |
| deployer$ exit | |
| root$ nano /etc/ssh/sshd_config | |
| *********************************NANO********************************** | |
| # ... | |
| PasswordAuthentication yes | |
| # ... | |
| *********************************NANO********************************** | |
| root$ service ssh restart | |
| root$ exit | |
| cihad$ ssh-keygen | |
| *********************************TERMINAL********************************** | |
| Generating public/private rsa key pair. | |
| Enter file in which to save the key (/home/cihad/.ssh/id_rsa): ~/.ssh/id_rsa_digitalocean | |
| Enter passphrase (empty for no passphrase): | |
| Enter same passphrase again: | |
| Your identification has been saved in id_rsa_digitalocean. | |
| Your public key has been saved in id_rsa_digitalocean.pub. | |
| The key fingerprint is: | |
| SHA256:twSH4fnzhlxqFlLDQNtC2QVgTNvHnisp+lOfGjA4AWg cihad@dell-xps-13 | |
| The key's randomart image is: | |
| +---[RSA 2048]----+ | |
| | .. +O+.o. | | |
| | E . +o@.. | | |
| | . . O B o | | |
| | o * + . | | |
| | o S * + | | |
| | . B.X . | | |
| | ..@.+. | | |
| | ..+ +o | | |
| | ...... | | |
| +----[SHA256]-----+ | |
| *********************************TERMINAL********************************** | |
| cihad$ ssh-copy-id -i ~/.ssh/id_rsa_digitalocean root@SERVERIPADDRESS | |
| cihad$ ssh-copy-id -i ~/.ssh/id_rsa_digitalocean deployer@SERVERIPADDRESS | |
| # Now you can login with no password | |
| cihad$ ssh deployer@SERVERIPADDRESS | |
| deployer$ sudo apt-get -y install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev | |
| # INSTALLING RUBY with Ruby Install | |
| # https://github.com/postmodern/ruby-install#install | |
| deployer$ wget -O ruby-install-0.6.1.tar.gz https://github.com/postmodern/ruby-install/archive/v0.6.1.tar.gz | |
| deployer$ tar -xzvf ruby-install-0.6.1.tar.gz | |
| deployer$ cd ruby-install-0.6.1/ | |
| deployer$ sudo make install | |
| *********************************TERMINAL********************************** | |
| [sudo] password for deployer: | |
| for dir in `find bin share -type d`; do mkdir -p /usr/local/$dir; done | |
| for file in `find bin share -type f`; do cp $file /usr/local/$file; done | |
| mkdir -p /usr/local/share/doc/ruby-install-0.6.1 | |
| cp -r *.md *.txt /usr/local/share/doc/ruby-install-0.6.1/ | |
| *********************************TERMINAL********************************** | |
| deployer$ ruby-install ruby | |
| *********************************TERMINAL********************************** | |
| #.... | |
| >>> Successfully installed ruby 2.5.1 into /home/deployer/.rubies/ruby-2.5.1 | |
| *********************************TERMINAL********************************** | |
| # chruby https://github.com/postmodern/chruby#install | |
| deployer$ cd ~ | |
| deployer$ wget -O chruby-0.3.9.tar.gz https://github.com/postmodern/chruby/archive/v0.3.9.tar.gz | |
| deployer$ tar -xzvf chruby-0.3.9.tar.gz | |
| deployer$ cd chruby-0.3.9/ | |
| deployer$ sudo make install | |
| deployer$ echo "source /usr/local/share/chruby/chruby.sh" >> ~/.bashrc | |
| deployer$ echo "source /usr/local/share/chruby/auto.sh" >> ~/.bashrc | |
| deployer$ chruby ruby-2.5.1 | |
| deployer$ echo "chruby ruby-2.5.1" >> ~/.profile | |
| deployer$ echo "gem: --no-document" > ~/.gemrc | |
| deployer$ gem install bundler | |
| deployer$ gem install rails -v 5.2.0 | |
| # Install NodeJS for Javascript Engine | |
| deployer$ curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - | |
| deployer$ sudo apt-get install -y nodejs | |
| # Install Nginx for Web Server | |
| deployer$ sudo add-apt-repository ppa:nginx/stable | |
| deployer$ sudo apt-get update | |
| deployer$ sudo apt-get -y install nginx | |
| deployer$ sudo rm /etc/nginx/sites-available/default | |
| deployer$ sudo service nginx start && sudo service nginx status | |
| *********************************TERMINAL********************************** | |
| # .... | |
| ● nginx.service - A high performance web server and a reverse proxy server | |
| # .... | |
| *********************************TERMINAL********************************** | |
| (● - must be green) | |
| # Install PosgreSQL for Database | |
| deployer$ sudo apt-get update | |
| deployer$ sudo apt-get -y install postgresql postgresql-contrib libpq-dev | |
| deployer$ sudo su - postgres | |
| *********************************TERMINAL********************************** | |
| postgres$ | |
| *********************************TERMINAL********************************** | |
| postgres$ createuser --pwprompt deploy | |
| postgres$ exit | |
| # to install postgis | |
| deployer$ sudo apt-get install postgis postgresql-9.5-postgis-scripts | |
| # for Puma Upstart | |
| deployer$ sudo apt-get update | |
| deployer$ sudo apt-get install | |
| deployer$ sudo update-initramfs -u | |
| ***** TERMINAL ****** | |
| update-initramfs: Generating /boot/initrd.img-4.4.0-130-generic | |
| W: mdadm: /etc/mdadm/mdadm.conf defines no arrays. | |
| ***** TERMINAL ****** | |
| # prints a warning but this is OK | |
| deployer$ sudo reboot | |
| deployer$ wget https://raw.githubusercontent.com/puma/puma/master/tools/jungle/upstart/puma-manager.conf | |
| deployer$ wget https://raw.githubusercontent.com/puma/puma/master/tools/jungle/upstart/puma.conf | |
| deployer$ nano puma.conf | |
| **********************************NANO************************************* | |
| # ... | |
| setuid deployer | |
| setgid deployer | |
| # ... | |
| **********************************NANO************************************* | |
| deployer$ sudo cp puma.conf puma-manager.conf /etc/init | |
| deployer$ sudo touch /etc/puma.conf | |
| deployer$ echo "/home/deployer/apps/MYAPP/current" | sudo tee --append /etc/puma.conf | |
| # Redis for Sidekiq | |
| deployer$ sudo apt-get update | |
| deployer$ sudo apt-get install build-essential tcl | |
| deployer$ curl -O http://download.redis.io/redis-stable.tar.gz | |
| deployer$ tar xzvf redis-stable.tar.gz | |
| deployer$ cd redis-stable | |
| deployer$ make | |
| deployer$ make test | |
| *********************************TERMINAL********************************** | |
| #... | |
| \o/ All tests passed without errors! | |
| #... | |
| *********************************TERMINAL********************************** | |
| deployer$ sudo make install1sudo make install | |
| deployer$ sudo mkdir /etc/redis | |
| deployer$ sudo cp ~/redis-stable/redis.conf /etc/redis | |
| deployer$ sudo nano /etc/redis/redis.conf | |
| *********************************NANO********************************** | |
| #... | |
| supervised systemd | |
| #.... | |
| dir /var/lib/redis | |
| #.... | |
| *********************************NANO********************************** | |
| deployer$ sudo nano /etc/systemd/system/redis.service | |
| *********************************NANO********************************** | |
| [Unit] | |
| Description=Redis In-Memory Data Store | |
| After=network.target | |
| [Service] | |
| User=redis | |
| Group=redis | |
| ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf | |
| ExecStop=/usr/local/bin/redis-cli shutdown | |
| Restart=always | |
| [Install] | |
| WantedBy=multi-user.target | |
| *********************************NANO********************************** | |
| deployer$ sudo adduser --system --group --no-create-home redis | |
| deployer$ sudo mkdir /var/lib/redis | |
| deployer$ sudo chown redis:redis /var/lib/redis | |
| deployer$ sudo chmod 770 /var/lib/redis | |
| deployer$ sudo systemctl start redis | |
| deployer$ sudo systemctl status redis | |
| *********************************TERMINAL********************************** | |
| ● redis.service - Redis In-Memory Data Store | |
| Loaded: loaded (/etc/systemd/system/redis.service; disabled; vendor preset: enabled) | |
| Active: active (running) since Tue 2018-07-10 22:01:16 UTC; 3s ago | |
| Main PID: 4417 (redis-server) | |
| Tasks: 4 | |
| Memory: 924.0K | |
| CPU: 50ms | |
| CGroup: /system.slice/redis.service | |
| └─4417 /usr/local/bin/redis-server 127.0.0.1:6379 | |
| *********************************TERMINAL********************************** | |
| deployer$ redis-cli | |
| 127.0.0.1:6379> ping | |
| # PONG | |
| 127.0.0.1:6379> set test "It's working!" | |
| # OK | |
| 127.0.0.1:6379> get test | |
| # "It's working!" | |
| 127.0.0.1:6379> exit | |
| deployer$ sudo systemctl restart redis | |
| deployer$ redis-cli | |
| 127.0.0.1:6379> get test | |
| # "It's working!" | |
| 127.0.0.1:6379> exit | |
| deployer$ sudo systemctl enable redis | |
| # to install yarn | |
| deployer$ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - | |
| deployer$ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list | |
| deployer$ sudo apt-get update | |
| deployer$ sudo apt-get install yarn | |
| # to install image magick | |
| deployer$ sudo apt-get update | |
| deployer$ sudo apt-get install imagemagick libmagickwand-dev | |
| # to install SSL | |
| deployer$ sudo add-apt-repository ppa:certbot/certbot | |
| deployer$ sudo apt-get update | |
| deployer$ sudo apt-get install python-certbot-nginx | |
| deployer$ sudo ufw allow 'Nginx Full' | |
| deployer$ sudo ufw delete allow 'Nginx HTTP' | |
| deployer$ sudo ufw status | |
| *********************************OUTPUT********************************** | |
| Status: active | |
| To Action From | |
| -- ------ ---- | |
| OpenSSH ALLOW Anywhere | |
| Nginx Full ALLOW Anywhere | |
| OpenSSH (v6) ALLOW Anywhere (v6) | |
| Nginx Full (v6) ALLOW Anywhere (v6) | |
| *********************************OUTPUT********************************** | |
| deployer$ sudo certbot --nginx -d mysite.com -d www.mysite.com | |
| # deploy.rb add these lines | |
| *********************************config/deploy.rb********************************** | |
| #... | |
| set :nginx_ssl_certificate, "/etc/letsencrypt/live/mysite.com/fullchain.pem" | |
| set :nginx_ssl_certificate_key, "/etc/letsencrypt/live/mysite.com/privkey.pem" | |
| set :nginx_use_ssl, true | |
| #... | |
| *********************************config/deploy.rb********************************** | |
| *********************************config/deploy/templates/nginx_conf.erb********************************** | |
| #..... | |
| <% if fetch(:nginx_use_ssl) -%> | |
| server { | |
| listen 80; | |
| server_name <%= fetch(:nginx_server_name) %>; | |
| return 301 https://$host$1$request_uri; | |
| } | |
| <% end -%> | |
| server { | |
| <% if fetch(:nginx_use_ssl) -%> | |
| listen 443; | |
| ssl on; | |
| <% if fetch(:nginx_ssl_certificate) -%> | |
| ssl_certificate <%= fetch(:nginx_ssl_certificate) %>; | |
| <% else -%> | |
| ssl_certificate_key /etc/ssl/certs/<%= fetch(:nginx_config_name) %>.crt; | |
| <% end -%> | |
| <% if fetch(:nginx_ssl_certificate_key) -%> | |
| ssl_certificate_key <%= fetch(:nginx_ssl_certificate_key) %>; | |
| <% else -%> | |
| ssl_certificate_key /etc/ssl/private/<%= fetch(:nginx_config_name) %>.key; | |
| <% end -%> | |
| <% else -%> | |
| listen 80; | |
| <% end -%> | |
| #..... | |
| <% if fetch(:nginx_use_ssl) -%> | |
| location ~ /.well-known { | |
| allow all; | |
| } | |
| <% end %> | |
| #........ | |
| } | |
| *********************************config/deploy/templates/nginx_conf.erb********************************** | |
| # wildcart ssl | |
| $ sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.com --manual --preferred-challenges dns-01 certonly | |
| deployer$ sudo certbot renew --dry-run | |
| deployer$ sudo crontab -e | |
| add this lines | |
| *********************************CRON FILE ********************************** | |
| 30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log | |
| 35 2 * * 1 /bin/systemctl reload nginx | |
| *********************************CRON FILE ********************************** | |
| deployer$ sudo systemctl restart nginx |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Bu template dosyasi sadece buraya kaybolmasin diye konuldu. Henuz | |
| # capistrano tarafinda nasil yuklenecegi belirlenmedi | |
| [Unit] | |
| Description=Puma HTTP Server | |
| After=network.target | |
| # Uncomment for socket activation (see below) | |
| # Requires=puma.socket | |
| [Service] | |
| # Foreground process (do not use --daemon in ExecStart or config.rb) | |
| Type=simple | |
| # Preferably configure a non-privileged user | |
| User=<%= fecth :user %> | |
| # The path to the puma application root | |
| # Also replace the "<WD>" place holders below with this path. | |
| WorkingDirectory=<%= current_path %> | |
| # Helpful for debugging socket activation, etc. | |
| # Environment=PUMA_DEBUG=1 | |
| # The command to start Puma. This variant uses a binstub generated via | |
| # `bundle binstubs puma --path ./sbin` in the WorkingDirectory | |
| # (replace "<WD>" below) | |
| ExecStart=<%= SSHKit.config.command_map[:bundle] %> exec pumactl -S <%= shared_path %>/tmp/pids/puma.state -F <%= shared_path %>/config/puma.rb restart | |
| ExecStop=<%= SSHKit.config.command_map[:bundle] %> exec pumactl -S <%= shared_path %>/tmp/pids/puma.state stop | |
| # Variant: Use config file with `bind` directives instead: | |
| # ExecStart=<WD>/sbin/puma -C config.rb | |
| # Variant: Use `bundle exec --keep-file-descriptors puma` instead of binstub | |
| TimeoutSec=15 | |
| Restart=always | |
| [Install] | |
| WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment