larsthegeek/debian_rails_prod.md

## debian_rails_prod.md

      
    Raw
  

              debian_rails_prod.md
            
          
    Update system and install prerequisite packages

sudo apt-get update && apt-get dist-upgrade
sudo apt-get install open-vm-tools # VMware VMs Only
sudo sh -c 'echo vm.swappiness=5 > /etc/sysctl.conf' # Prod Env 
sudo reboot
Some of these packages may already be installed
sudo apt-get install openssh-server mercurial make binutils bison gcc \
 build-essential git-core curl zlib1g-dev openssl libssl-dev libreadline-dev \
 libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev \
 python-software-properties wget dnsutils vim zip unzip screen tmux htop \
 libffi-dev redis-server imagemagick ntp ufw sudo
Install postfix SMTP server (Choose internet site configuration and use the server's domain name)
sudo apt-get install postfix
Edit postfix config file
sudo vim /etc/postfix/main.cf
Set inet_interfaces to be loopback-only
inet_interfaces = loopback-only

Setup deployment user (Production Environment)

Add the deploy user  (Production Env - VPS only, otherwise this is done during install)
adduser deploy
Add deploy user to sudo group
gpasswd -a deploy sudo
Configure SSH for better security

Open the sshd config
vim /etc/ssh/sshd_config
Change from Port 22 to Port 2012 or another non-standard port
Port 2012

Disable root login
PermitRootLogin no

Restart SSH
service ssh restart

SSH w/ deploy user
ssh -p 2012 deploy@SERVER_IP_ADDRESS
Enable bash color prompt
vim ~/.bashrc
Uncomment this line
force_color_prompt=yes

Reload w/ changes
exec $SHELL
Generate an SSH keypair used for deployments
ssh-keygen -t rsa -C "YOUR@EMAIL.com"
Copy the output of this command and paste into the deploy keys section of the github repo settings
cat ~/.ssh/id_rsa.pub
Check to make sure SSH to github works with your key
ssh -T git@github.com
Create the authorized_keys file
touch ~/.ssh/authorized_keys
Configure firewall (Production Environment)

Enable SSH
sudo ufw allow 2012/tcp
Enable HTTP
sudo ufw allow 80/tcp
Enable SSL/TLS
sudo ufw allow 443/tcp
Enable firewall rules
sudo ufw enable
Configure timezone and NTP

Set timezone
sudo dpkg-reconfigure tzdata
Configure NTP
sudo apt-get update
sudo apt-get install ntp
Setup Application Stack

SSH w/ deploy user
ssh -p 2012 deploy@SERVER_IP_ADDRESS
Paste your public key into the authorized_keys file (at bottom if others already exist)
vim ~/.ssh/authorized_keys
Exit the old SSH session and reconnect, you shouldn't need to type server password any longer
exit
ssh -p 2012 deploy@SERVER_IP_ADDRESS
PostgreSQL

Add PostgreSQL APT repo, add signing key, update, and install 9.4
sudo sh -c "echo 'deb http://apt.postgresql.org/pub/repos/apt/ jessie-pgdg main' > /etc/apt/sources.list.d/pgdg.list"
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | \
  sudo apt-key add -
sudo apt-get update 
sudo apt-get install postgresql-9.4 libpq-dev
Add postgres user and set password (use same username as your linux user)
sudo -u postgres createuser myuser -s

sudo -u postgres psql
postgres=# \password myuser

Create your app's production database on server
createdb myappname_production

Ruby and Ruby on Rails

Install rbenv, ruby-build and ruby 2.3.1
cd
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
exec $SHELL

rbenv install 2.3.1
rbenv global 2.3.1
ruby -v
Tell RubyGems to not install documentation for each gem
echo "gem: --no-ri --no-rdoc" > ~/.gemrc
Install bundler and rails
gem install bundler
gem install rails
gem install aws-sdk # optional
gem install colorize # optional
rbenv rehash
Node.js

Install stable version of node
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.3/install.sh | bash
exec $SHELL
nvm install stable
nvm use stable
nvm alias default stable
Make the current version of node available system-wide at /usr/local/bin/node
n=$(which node);n=${n%/bin/node}; chmod -R 755 $n/bin/*; sudo cp -r $n/{bin,lib,share} /usr/local
Phusion Passenger w/ Nginx

Add Phusion APT repo and install passenger
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
sudo apt-get install -y apt-transport-https ca-certificates
sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger jessie main > /etc/apt/sources.list.d/passenger.list'
sudo apt-get update
sudo apt-get install -y nginx-extras passenger
Edit nginx.conf
sudo vim /etc/nginx/nginx.conf
Uncomment server_tokens_off
server_tokens off;
Uncomment passenger_root and passenger_ruby and change the passenger_ruby path
##
# Phusion Passenger config
##
# Uncomment it if you installed passenger or passenger-enterprise
##

passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
passenger_ruby /home/deploy/.rbenv/shims/ruby;
Increase the client_max_body_size if your application will allow uploading files
client_max_body_size 20M;
Restart ngnix
sudo service nginx restart
Open the nginx default site config
sudo vim /etc/nginx/sites-available/default
Comment out these two lines
# listen 80 default_server;
# listen [::]:80 default_server ipv6only=on;
Create an nginx conf for the app
sudo vim /etc/nginx/sites-available/myappname
Add the following server block
server {
  listen 80 default_server;
  server_name www.mydomain.com;
  passenger_enabled on;
  root /home/deploy/myappname/current/public;
}
Enable the new nginx conf
sudo ln -s /etc/nginx/sites-available/myappname /etc/nginx/sites-enabled/myappname
Restart nginx
sudo service nginx restart
Setup Logrotate

Edit the logrotate config
sudo vim /etc/logrotate.conf
At bottom of file add the following block:
/home/deploy/myappname/current/log/*.log {
  daily
  missingok
  rotate 7
  compress
  delaycompress
  notifempty
  copytruncate
}

Test with:
sudo /usr/sbin/logrotate -f /etc/logrotate.conf
Other Tools

Sidekiq

Setup Sidekiq as a systemd service so it can be started at boot
PostGIS and related dependencies

sudo apt-get install build-essential python-all-dev git vim python-dev python-pip\
 python-software-properties g++ gcc make libssl-dev libreadline6-dev libaio-dev libbz2-dev\
 zlib1g-dev libjpeg62-turbo-dev libpcre3-dev libexpat1-dev libxml2 libxml2-dev libjson0\
 libjson0-dev liblzma-dev libevent-dev wget zip unzip

sudo apt-get install binutils libproj-dev libgeoip1 libgtk2.0 xsltproc\
 docbook-xsl docbook-mathml

sudo apt-get install libgeos-dev libgeos-3.4.2 libproj-dev libproj0 libproj-dev

sudo apt-get install postgresql-9.4-postgis-2.1 postgresql-9.4-postgis-scripts\
 libpq-dev postgresql-contrib
Make sure rgeo witll be able to find geos
sudo ln -s /usr/lib/libgeos-3.4.2.so /usr/lib/libgeos.so
# OR on Debian Testing with libgeos-3.5.0 or newer
sudo ln -s /usr/lib/x86_64-linux-gnu/libgeos-3.5.0.so /usr/lib/libgeos.so
# uninstall rgeo first if it was previously installed
gem install rgeo
rbenv rehash
wkhtmltopdf

latest stable download: http://wkhtmltopdf.org/downloads.html
sudo apt-get install xorg xfonts-75dpi fontconfig
wget http://download.gna.org/wkhtmltopdf/0.12/0.12.2.1/wkhtmltox-0.12.2.1_linux-jessie-amd64.deb
sudo dpkg -i wkhtmltox-*
Oracle Instant Client (OIC) and SDK


Install prerequisite packages

sudo apt-get install libaio1 libaio-dev
Download the Oracle Instant Client Basic and Instant Client SDK packages - Get the latest 11.x versions for Linux x86-64
Create the directory /usr/share/oracle and extract the OIC zip files directly into the root of this directory
Inside of the /usr/share/oracle directory, create this symlink

sudo ln -s libclntsh.so.11.1 libclntsh.so
Create a LD_LIBRARY_PATH config file

sudo vim /etc/ld.so.conf.d/oic.conf
Add this line to the file and save it

/usr/share/oracle
Update the LD_LIBRARY_PATH

sudo ldconfig

References


rbenv (GitHub)
nvm (GitHub)