Skip to content

Instantly share code, notes, and snippets.

Forked from brobertsaz/
Last active December 18, 2015 19:49
Show Gist options
  • Save jab416171/5835836 to your computer and use it in GitHub Desktop.
Save jab416171/5835836 to your computer and use it in GitHub Desktop.

Ubuntu 12.04, Ruby, Rails, Nginx, Unicorn and git-deploy

In the seemlingly endless search for the actual correct and easy way to deploy a Rails app, we have tried several ways. We tried out using Apache2 and running a cluster of Thin servers. With the built in threading of Puma we decided to use it with Nginx.

Server Setup

  • Create new server
  • Login to new server
    • ssh username@IPaddress (you can also use the domain name if you have the DNS setup already)
    • accept the RSA key
    • use the password that was provided when you set up the new server:
      • change the password:
  • Create new user for deployment
sudo adduser "username"
  • accept the defaults
  • add new user to staff and sudo groups:
usermod -a -G staff "username"
usermod -a -G sudo "username"
  • switch user
su "username"
  • Update and Install dependencies:
sudo apt-get update
sudo apt-get -y install build-essential zlib1g-dev libssl-dev libreadline-dev libyaml-dev libcurl4-openssl-dev curl git-core python-software-properties libxslt1-dev libxml2-dev libmysqlclient-dev libsqlite3-dev nodejs
  • To make life easier, lets go ahead and add our ssh keys to the new server so that we do not have to sign in every time. (THis is done from your local terminal and not on the new server):

Add ssh keys

mkdir ~/.ssh
ssh-copy-id username@@IPaddress

Or, alternatively:

cat ~/.ssh/ | ssh root@IPaddress "cat >> ~/.ssh/authorized_keys"

Install Ruby

Install your Ruby (obviously you use the version that you want. At this point many people use a Ruby version management like RVM or RBENV. As these servers are normally setup for just on application we will use the system version of Ruby):

su root

tar -xvzf ruby-1.9.3-p194.tar.gz
cd ruby-1.9.3-p194/
sudo make install
echo "gem: --no-ri --no-rdoc" >> ~/.gemrc
sudo gem install bundler

Database Setup

Setup mySQL:

sudo apt-get install mysql-server mysql-client libmysqlclient-dev
   * If you need to add your user to the mysql database:
mysql -u root
mysql > CREATE USER "username";
mysql > GRANT ALL ON *.* TO "username";

Rails Deployment

For Rails deployment we like to use git-deploy created by Mislav Marohnić. The setup directions are quite simple but we have noticed a slight issue in that the Rails application it self is constantly updating files with in itself.

To remedy this, we create two directories and a few sub-directories for our Rails application:

mkdir /webapps/myapp/repository
mkdir /webapps/myapp/shared
mkdir /webapps/myapp/shared/log
mkdir /webapps/myapp/shared/pids
mkdir /webapps/myapp/shared/system

Then in the setup for git-deploy, we use the repository for the remote:

git remote add production "username"@IPaddres:/webapps/myapp/repository

From there, follow the setup directions for git-deploy.


Install Nginx:

sudo apt-get install nginx

Nginx will create several files for you. Setting these files up properly seems to be the biggest issue in the entire server setup. If you spand enough time you will find a multitude of different ways to configure these files. The following files are how I configured them and they work for me.

The nginx.conf file that is created required no editing for my setup to work:

user www-data;
worker_processes 4;
pid /var/run/;

events {
        worker_connections 768;
        # multi_accept on;

http {

        # Basic Settings

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        # Logging Settings

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        # Gzip Settings

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

        # nginx-naxsi config
        # Uncomment it if you installed nginx-naxsi
        #include /etc/nginx/naxsi_core.rules;

        # nginx-passenger config
        # Uncomment it if you installed nginx-passenger
        #passenger_root /usr;
        #passenger_ruby /usr/bin/ruby;

        # Virtual Host Configs

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

#mail {
#       # See sample authentication script at:
#       #
#       # auth_http localhost/auth.php;
#       # pop3_capabilities "TOP" "USER";
#       # imap_capabilities "IMAP4rev1" "UIDPLUS";
#       server {
#               listen     localhost:110;
#               protocol   pop3;
#               proxy      on;
#       }
#       server {
#               listen     localhost:143;
#               protocol   imap;
#               proxy      on;
#       }

Nginx works with several sites on a server. These sites are listed in the sites available directory for Nginx (etc/nginx/sites-available/) and includes a default on install.

Add a new file in the site-available directory and copy and paste the following into it:

upstream myapplication {
    # fail_timeout=0 means we always retry an upstream even if it failed
    # to return a good HTTP response (in case the Unicorn master nukes a single worker for timing out).
    server unix:/tmp/myapplication.sock fail_timeout=0;

server {
  listen                80; # default;
  server_name ;
  root                  /path/to/myapplication/public;

  location / {
    access_log          off;

    include proxy_params;
    proxy_redirect off;

    if (-f $request_filename) {
      access_log          off;
      expires             max;

    if (-f $request_filename.html) {
      rewrite (.*) $1.html break;

    if (!-f $request_filename) {
      proxy_pass          http://myapplication;

After creating this new file, we need to symlink it to the sites-available directory:

sudo ln -s /etc/nginx/sites-available/"filename" "filename"


Unicorn was installed by including the gem in our Gemfile.

From the root of the project:

curl -o config/unicorn.rb

This will create a new unicorn.conf file:

# Sample verbose configuration file for Unicorn (not Rack)#
# This configuration file documents many features of Unicorn
# that may not be needed for some applications. See
# for a much simpler configuration file.
# See for complete
# documentation.

# Use at least one worker per core if you're on a dedicated server,
# more will usually help for _short_ waits on databases/caches.
worker_processes 4

# Since Unicorn is never exposed to outside clients, it does not need to
# run on the standard HTTP port (80), there is no reason to start Unicorn
# as root unless it's from system init scripts.
# If running the master process as root and the workers as an unprivileged
# user, do this to switch euid/egid in the workers (also chowns logs):
# user "unprivileged_user", "unprivileged_group"

# Help ensure your application will always spawn in the symlinked
# "current" directory that Capistrano sets up.
working_directory "/path/to/myapplication" # available in 0.94.0+

# listen on both a Unix domain socket and a TCP port,
# we use a shorter backlog for quicker failover when busy
listen "/tmp/myapp.sock", :backlog => 64
listen 8080, :tcp_nopush => true

# nuke workers after 30 seconds instead of 60 seconds (the default)
timeout 30

# feel free to point this anywhere accessible on the filesystem
pid "/path/to/myapplication/pids/"

# By default, the Unicorn logger will write to stderr.
# Additionally, ome applications/frameworks log to stderr or stdout,
# so prevent them from going to /dev/null when daemonized here:
stderr_path "/path/to/myapplication/log/unicorn.stderr.log"
stdout_path "/path/to/myapplication/log/unicorn.stdout.log"

# combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
preload_app true
GC.respond_to?(:copy_on_write_friendly=) and
  GC.copy_on_write_friendly = true

# Enable this flag to have unicorn test client connections by writing the
# beginning of the HTTP headers before calling the application.  This
# prevents calling the application for connections that have disconnected
# while queued.  This is only guaranteed to detect clients on the same
# host unicorn runs on, and unlikely to detect disconnects even on a
# fast LAN.
check_client_connection false
before_fork do |server, worker|
  # the following is highly recomended for Rails + "preload_app true"
  # as there's no need for the master process to hold a connection
  defined?(ActiveRecord::Base) and

  # The following is only recommended for memory/DB-constrained
  # installations.  It is not needed if your system can house
  # twice as many worker_processes as you have configured.
  # # This allows a new master process to incrementally
  # # phase out the old master process with SIGTTOU to avoid a
  # # thundering herd (especially in the "preload_app false" case)
  # # when doing a transparent upgrade.  The last worker spawned
  # # will then kill off the old master process with a SIGQUIT.
   old_pid = "#{server.config[:pid]}.oldbin"
   if old_pid !=
       sig = ( + 1) >= server.worker_processes ? :QUIT : :TTOU
     rescue Errno::ENOENT, Errno::ESRCH
  # Throttle the master from forking too quickly by sleeping.  Due
  # to the implementation of standard Unix signal handlers, this
  # helps (but does not completely) prevent identical, repeated signals
  # from being lost when the receiving process is busy.
  # sleep 1

after_fork do |server, worker|
  # per-process listener ports for debugging/admin/migrations
  # addr = "{9293 +}"
  # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)

  # the following is *required* for Rails + "preload_app true",
  defined?(ActiveRecord::Base) and

  # if preload_app is true, then you may also want to check and
  # restart any other shared sockets/descriptors such as Memcached,
  # and Redis.  TokyoCabinet file handles are safe to reuse
  # between any number of forked children (assuming your kernel
  # correctly implements pread()/pwrite() system calls)

Create a Unicorn initializer shell script in the /etc/init.d/ directory:

touch /etc/init.d/unicorn

vim /etc/init.d/unicorn

Paste the following into that new file:

#! /bin/bash

# Provides:          unicorn
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the unicorn web server
# Description:       starts unicorn

DAEMON_OPTS="-c /path/to/myapplication/config/unicorn.rb -E staging -D"
DESC="Unicorn app for $USER"

case "$1" in
        CD_TO_APP_DIR="cd /path/to/myapplication"

        echo -n "Starting $DESC: "
        if [ `whoami` = root ]; then
          su - $USER -c "$CD_TO_APP_DIR > /dev/null 2>&1 && $START_DAEMON_PROCESS"
          $CD_TO_APP_DIR > /dev/null 2>&1 && $START_DAEMON_PROCESS
        echo "$NAME."
        echo -n "Stopping $DESC: "
        kill -QUIT `cat $PID`
        echo "$NAME."
        echo -n "Restarting $DESC: "
        kill -USR2 `cat $PID`
        echo "$NAME."
        echo -n "Reloading $DESC configuration: "
        kill -HUP `cat $PID`
        echo "$NAME."
        echo "Usage: $NAME {start|stop|restart|reload}" >&2
        exit 1

exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment