Disclaimer: This is a work in progress and may not represent best practices.
Update Linux packages.
sudo apt-get update
Create the 'deploy' user
sudo adduser --disabled-password deploy
Enable public key authentication for the 'deploy' user.
sudo mkdir /home/deploy/.ssh
sudo chown -R deploy /home/deploy/.ssh
sudo chgrp -R deploy /home/deploy/.ssh
sudo chmod -R 700 /home/deploy/.ssh
Paste a public SSH key into /home/deploy/.ssh/authorized_keys
. Then set read/write permissions.
sudo chmod 600 /home/deploy/.ssh/authorized_keys
sudo chown deploy /home/deploy/.ssh/authorized_keys
sudo chgrp deploy /home/deploy/.ssh/authorized_keys
Grant the 'deploy' user sudo access and remove its password requirement. With sudo
, add the following line to /etc/sudoers
.
deploy ALL=(ALL) NOPASSWD: ALL
Disable password authentication and remote root access. The relevant settings might be set by default, depending on how your server was instantiated. Ensure the following settings are applied in /etc/ssh/sshd_config
.
PermitRootLogin no
PasswordAuthentication no
X11Forwarding no
AllowUsers deploy # add any additional authorized users here (space-separated)
Use sudo service ssh reload
to apply configuration changes.
Enable restrictive iptables.
sudo ufw logging on
sudo ufw allow ssh
sudo ufw allow www
sudo ufw enable
Install system dependencies.
sudo apt-get update
sudo apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev
Log in as the 'deploy' user (using sudo su - deploy
).
Clone the rbenv, ruby-build, and rbenv-gem-rehash git repositories.
git clone git://github.com/sstephenson/rbenv.git .rbenv
git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
git clone https://github.com/sstephenson/rbenv-gem-rehash.git ~/.rbenv/plugins/rbenv-gem-rehash
Ensure the following lines are at the start of the 'deploy' user's ~/.bashrc
file.
export PATH="$HOME/.rbenv/bin:$PATH"
export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"
eval "$(rbenv init -)"
Reload the shell using exec $SHELL
.
Install rbenv and ruby.
rbenv install 2.2.2 # set the desired ruby version here
rbenv global 2.2.2
Skip installing Rubygem documentation when installing gems. Then install Bundler.
echo "gem: --no-ri --no-rdoc" > ~/.gemrc
gem install bundler
SSH onto the instance as 'deploy'.
Ensure the path exists for the deployed application.
mkdir /home/deploy/<app-name>
Remove the default nginx site.
sudo rm /etc/nginx/sites-enabled/default
Link the application's nginx.conf
to a new site in the nginx sites-enabled
path.
sudo ln -nfs /home/deploy/<app-name>/current/config/nginx.conf /etc/nginx/sites-enabled/<app-name>
Restart nginx.
sudo service nginx restart
Set the unicorn service to run at system startup.
cp init.sh /etc/init.d/unicorn_<app-name>
sudo chmod 755 /etc/init.d/unicorn_<app-name>
sudo update-rc.d unicorn_<app-name> defaults
- Amazon AWS: Managing User Accounts on Your Linux Instance
- Deploy Ruby on Rails on Ubuntu 14.04 Trusty Tahr
- AWS Security Groups vs iptables
- sshd_config(5) man page
- Securely Setup Ubuntu 14.04 Server
- Ruby on Rails 4.1 Ubuntu 14.04 Server Configuration
- Ruby on Rails 4.1 Ubuntu 14.04 Server Deployment
- A perfect minimal Capistrano deploy.rb for Rails and Unicorn with rolling restarts
- How To Deploy Sinatra Based Ruby Web-Applications On Ubuntu 13