All the how-to, tutorial and manuals I can find on nginx and Puma assume the user following them has sudo access on the server.
Is it possible to deploy an application with nginx and puma in an environment in which you do not have sudo?
Presume for the purposes of this question that working tightly with someone who does have sudo to run all the necessary commands when you request them is not an option.
You can build from source without installing it. As long as you aren't trying to use ports under 1024, you should be able to download and compile nginx yourself. I know puma can be installed as a gem, so it wouldn't need to be sudoed in there. I think the syntax once you download the tarball is:
./configure --sbin-path=~/nginx/sbin/nginx --conf-path=~/nginx/etc/nginx.conf --pid-path=~/nginx/pid/nginx.pid
make
Building Nginx from Source
Unless you do some modification to users and groups (which will require sudo) it would be very hard if not impossible to do this.
Assuming Ubuntu and init.d you need sudo to start/stop/reset the services and modify the nginx conf files.
Here is a great resource for automated deployment and easily customize-able. RailsBox.io
Related
For example, in PHP-based apps it's recommended to run PHP-FPM from a user different from the user who owns codebase so if anyone hacks your app from the web won't be able to write anything to a codebase (except public assets directory). It seems like ruby apps designed to run HTTP servers (or application/rake servers) like Unicorn and Puma from the same user. Puma (the default rails server) doesn't even have config entries for specifying a user/group.
UPDATE
What I expect to do with a ruby app (the same I do with PHP-FPM) is to run sudo unicorn or sudo puma from a default user (codebase owner) and specify a user/group (like www-data) in config so the HTTP server will run the master process from root and child processes from www-data. Puma has no such settings and I haven't found any related issues in puma's repo. This made me think that maybe it's a common thing in Ruby ecosystem to run it like that. I still tried to run latest rails app (5.2.1) with unicorn but faced another issue: rails has a dependency on bootsnap gem and when you run sudo unicorn -c config.rb it creates tmp/cache/bootsnap-* directories as root (in master process) which breaks everything because child processes running from www-data won't have access to it. That made me consider again that maybe I'm doing something wrong and it's ok to run ruby apps from codebase-owner although I see no arguments how it's different from running PHP-FPM.
I've done a new install of nginx 1.6.3 and passenger 5.0.15 on Ubuntu 14.04 from source in order to add tracing components from AppNeta for my ROR 4.2 app on one of my servers. Nginx and passenger are running and serving pages. I am getting the trace data for server monitoring. All seems well,
However, when I run "passenger-status" (as root), I get the following:
ERROR: Phusion Passenger doesn't seem to be running. If you are sure that it is running, then the causes of this problem could be:
You customized the instance registry directory using Apache's PassengerInstanceRegistryDir option, Nginx's passenger_instance_registry_dir option, or Phusion Passenger Standalone's --instance-registry-dir command line argument. If so, please set the environment variable PASSENGER_INSTANCE_REGISTRY_DIR to that directory and run passenger-status again.
The instance directory has been removed by an operating system background service. Please set a different instance registry directory using Apache's PassengerInstanceRegistryDir option, Nginx's passenger_instance_registry_dir option, or Phusion Passenger Standalone's --instance-registry-dir command line argument.
The problem with this is that it seems to be blocking capistrano deploys; this same error is displayed by cap before exiting.
Passenger is running (it's in the ps output and pages are being served). I just need to tell passenger-status where to find the current running instance. (This is from the Design and Architecture documentation.) Therefore, it seems that setting this instance registry directory value is the required step. But to what value?
According to the Nginx Reference, the defaults are /tmp and /var/run/passenger-instreg And I've found an instance directory in /tmp. So, I've tried setting the PASSENGER_INSTANCE_REGISTRY_DIR to a number of different values:
/tmp
/tmp/passenger.JxmCeiA (the current instance directory, but this changes with each startup of Nginx)
I've even tried creating a directory at /run/passenger, setting that value in the nginx configuration file and restarting nginx. The temporary directory is being created, but passenger-status still gives the same message. Even if I use the /opt/passenger-5.0.15/bin/passenger-status script to make sure I'm using the latest version of that script.
There are some configuration values in the original 'location.ini' directory for passenger, but none were the instance registry directory, so there was nothing to reuse.
Interestingly, the /opt/passenger-5.0.15/lib/phusion_passenger/nginx/config_options.rb file does not have an entry for passenger_instance_registory_dir. It has other nginx configuration options, I would have expected it to have this one as well.
I've tried setting the environment variable as well as the Nginx passenger_instance_registry_dir option, but I must be missing something in my understanding because I can't seem to connect the passenger-status command with the current running instance.
Any help would be greatly appreciated.
Passenger author here.
/tmp/passenger.JxmCeiA is an example of an instance directory. This changes indeed with every startup (because it is specific to an instance).
The parent directory (the directory in which instance directories are located) is the instance registry directory. So in your case, the instance registry directory that is being used is /tmp.
I'm guessing that you have some kind of Passenger installation version mismatch. We've changed the structure of the instance directory a few times in the past, and every time we did this we bump an internal version number to indicate that it's incompatible with previous Passenger versions. Can you double check the following?
Does Passenger appear to be otherwise running correctly?
What Passenger version is compiled inside Nginx?
What is your passenger_root set to? Does it match the Passenger version compiled inside Nginx?
Where is the full path to the first passenger-status in PATH? Does it match passenger_root?
You also seem to be mixing the Phusion Passenger APT repository with source tarball install. Having multiple installations around is generally a bad idea. Try cleaning up your other installs so that you only end up with one.
Also check whether you are setting the PASSENGER_INSTANCE_REGISTRY_DIR environment variable correctly. Note that sudo nukes environment variables, so you need to run passenger-status like this:
# Correct:
sudo env PASSENGER_INSTANCE_REGISTRY_DIR=/tmp passenger-status
# Incorrect, sudo nukes environment variables
export PASSENGER_INSTANCE_REGISTRY_DIR=/tmp
sudo passenger-status
Regarding lib/phusion_passenger/nginx/config_options.rb: that file mainly lists per-server and per-location config options. Many config options in the main context are either not yet ported to the config_options.rb system, or not possible because they require custom attention. At present, passenger_instance_registry_dir is implemented in ext/common/nginx/Configuration.c. As we continue to cleanup and refactor the codebase, this option may eventually be moved to config_options.rb.
In case anyone else is having this problem when starting Passenger using a systemd service, this might be due to systemd's private /tmp. The problem was solved by adding PrivateTmp=false to the service file.
Source
step one check phusion passenger is installed correctly
sudo passenger-config validate-install
"if you see an ouput saying, 'Everything is looks good :-)'" then you are fine, if not you need to reinstall phusion passenger, refer to https://www.phusionpassenger.com/library/walkthroughs/start/
step two check the phusion passenger memory status
sudo passenger-memory-stats
"if you see processes running, then that's good, if not you either have to start some passenger app, or install nginx or apache with extra library for them. For nginx you need nginx and the nginx-extras".
step three uncomment the passenger_root in the nginx.conf file (for ubuntu it's usually /etc/nginx/nginx.conf) or the apache.conf file
restart nginx or apache
sudo service nginx restart # (or systemctl restart nginx, for new version of linux such as ubuntu 15.04, CentOS7)
now you can run
passenger-status
the error should go away now. The mostly likely output you will get is saying "Phusion Passenger is currently not serving any applications."
I'm running Passenger in Nginx integration mode, on Ubuntu 20.04 and I've installed it via apt from the official repos.
What worked for me was adding this to /etc/nginx/conf.d/mod-http-passenger.conf :
passenger_instance_registry_dir /tmp;
Restarting passenger the Capistrano way from the command line should now work:
$ passenger-config restart-app <your_app's_root_path> --ignore-app-not-running
If this works, Capistrano deployments should now work again.
I'm using capistrano3-foreman gem to deploy my app into production which is in a centOS server but capistrano is trying to run foreman export command from root. Since I have installed rvm and other stuff from a user which has no password privilege in sudoers file, foreman export cannot be completed.
I'm getting the following error.
sh: /root/.rvm/bin/rvm: No such file or directory
How can I prevent capistrano-foreman from trying to run the command as root and make it set to my user home path.
Thanks in advance
Ok, since RHEL & CentOS 7 migrated to systemd, first mistake was trying to export foreman to upstart.
But When I exported foreman to systemd, systemd did not recognised foreman export scripts as a service so it didn't work either.
After many hours of work & research I decided to take my chance with supervisord on CentOS 7 and now It works like a charm.
http://supervisord.org/installing.html
And please note that Debian & Ubuntu are also getting rid of upstart...
My goal is to have sidekiq start when the server boots up (I'm using EC2 with an auto-scaling group). I know there are a few other posts regarding getting sidekiq to start with upstart on boot, but I don't believe mine has been addressed specifically.
I'm using this wiki - https://github.com/mperham/sidekiq/tree/master/examples/upstart/manage-many and have placed the scripts inside /etc/init/sidekiq.conf and /etc/init/sidekiq-manager.conf.
I've made a couple small modifications as directed in /etc/init/sidekiq.conf, changing:
# setuid apps
# setgid apps -> replaced apps with ubuntu in both lines, which is the deployment user.
export HOME=/home/apps to export HOME=/home/ubuntu
I also have a /etc/sidekiq.conf that includes the following line:
/home/ubuntu/app_dir, 2
Otherwise, these scripts are identical to those included in the referenced repo. I'm getting the following errors in my logs (/var/log/upstart)
/bin/bash: line 19: cd: 2: No such file or directory
Could not locate Gemfile
It appears as if it's attempting to change directory somewhere other than /home/ubuntu/app_dir, at which point it's in the wrong directory and cannot find my Gemfile.
Is there somewhere else I need to specify a correct path to my app directory?
Thanks!
You can run sidekiq as an upstart job. Making a sidekiq.conf file in /etc/init/ directory and put the upstart code to run sidekiq.
Here is the complete script and the guide to make sidekiq upstart job.
After making this job, sidekiq start/stop/restart would be easy with sudo service command.
I'm looking for a good deployment tutorial for a Rails 3.1.1 application on a server. And by good I actually mean complete. The reason I'm posting this question is that although there are tons of tutorials out there on the web (google, blogs, books, other stackoverflow questions etc...) all of them seem to focus either on a problem with the deployment process or make some assumptions about the deployment environment that do not match with what I need.
I realize that deploying a Rails app on a server requieres a variety of different programs and tools that need to be configured and somehow I always get stuck on apparently "little" things that make me very frustrated.
So, let's begin from the start. What I have now is a server that I can access through SSH and a domain name, let's call it www.example.com. The server runs a fresh Ubuntu 10.04 x64 and has just a user installed, namely root (through root I access the server with SSH).
Note! There is no Apache, Ruby, PHP, MySQL, cPanel or any other panel installed, just the bare minimum that comes with a fresh installation.
Also the web server will host a single application and the database will run on the same machine.
From my knowledge the process of deploying a Rails application follows the following scenarios:
Installing Ruby
I already did this by using RVM using the Multi-User install process (simply because I have just the root user and it does it automatically). This seems to work fine aftewards but I do have some questions:
Would it make more sense to install Ruby directly and not through RVM (I'm thinking maybe in terms of efficiency - also RVM does a little bit of magic behind the scences modifying some bash_profile files in ways that I don't understand and this somehow seems invasive...)?
Would it make more sense to install as a separate user through RVM (can there any safety problems arise)?
Necessary gems
Now that Ruby is installed what would be the best initial set of gems to install along side it?
I installed just bundler, so that once I upload my application on the server I can run a bundle install command which will install in turn the required app gems.
Question - Should I install the rails gem before hand? Are there any other gems that need to be installed?
Web server
This is where it gets tricky for me. I'm trying to use apache and mod-passenger for deployment (they seem to be the most popular). So I installed the apache web server and the passenger gem and all the related dependencies (libraries mentioned by passenger).
Now, the problems arise. First thing is user related. How does Apache run? I mean under each user? If I installed it and (re)started it using the root user, will it permanently run under the root user? Is this a bad thing? If yes, should I create another user? If yes, how? In what groups should I put the new user in, what rights should he have (namely what folders should he have access to). How to start the apache in this case (under root, under that user, add a line somewhere in the configuration file, etc.)
Website configuration
Where to put the website configuration stuff? Is it OK to put it into apache.conf, or should I create a new file in sites-available? Or should I simply reuse the default file that is already present there? If a new user has been created at the previous step, what rights should he have in relation to the config files?
Also... where to eventually put the rails application? In what folder would it be best? Somewhere under home? Maybe under /var/www? I want to know how would this affect the rights of the apache process serving the app? (Generally I have problems while serving an app, it complains that it doesn't have rights on a specific folder. Also, using the new asset pipelines - which I don't fully understand - asset files are being created and they seem not to inherit the parent folder rights...)
Database
As database I'm using MySQL and installing it is pretty straightforward. The question that I have here is again user related. Should I use a special user for the database? How does MySQL actually manage users (are they internal, or are they the Linux users or ...?). Should the database user be the same as the "web user" from above? Or should it be a different one?
Assets
Here I get really lost. I really have troubles making the assets pipeline works. I've checked the railscasts episode and also the rails website tutorial and I do seem to theoretically understand the thing, yet I have problems in practice.
So the questions here would be - what commands should I run to precompile the assets? (Trying to run rake assets:precompile). Is it ok? What should I change in the production.rb file? How do the assets generated work in relation with the webuser or database users created above? I am personally getting a problem in this step namely the log files say that some css files are not accessible (for example I have jqplot library installed under the vendor/assets folder and its files cannot be accessed - should I add a manifest file here somehow?).
It would be really great if someone could point me towards a nice article, or resource that explains all this stuff. The main area which I'm having problems in is how does Apache, Passenger, Ruby, Rails and MySQL interact with a Linux user. How to properly set up the permissions for the Rails app folder? How does the assets pipeline affect this user permission stuff?
Thank you
Here's my way of deploying Rails:
Installing Ruby
I would not use RVM because it's very tricky to get it running properly in combination with stuff like cron jobs. Doable (with wrappers for example), but a bit of a hassle. If you don't need other Ruby versions on that machine, just install it from source yourself.
Gems
Just let Bundler work its magic. Remember to install with the flags --without test development --deployment. I wouldn't do that up front though. Just make sure you have bundler.
Web server
Using Passenger (with either Apache or Nginx) is a fine and easy choice. When you install Apache from apt, it will run in a special user.
Apache is configured correctly automatically on Ubuntu. It will start on reboot.
Website configuration
All configuration be in /etc/apache2. Place your virtual host configuration in /etc/apache2/sites-available and use a2ensite to enable it.
Put your app in /var/www, since that is the default location in Ubuntu. I usually make a deploy user.
Make sure that user can access your application by assigning your app to the www-data group.
Database
MySQL has its own user system. Log in as root user and create a new user with SQL: GRANT ALL ON 'application_production'.* TO 'deploy' IDENTIFIED BY 'some password';
Assets
Assets should be generated as the user owning the application. You should add any css and javascript files to production.rb. For example:
config.assets.precompile += %w(backend.css)
Conclusion
It helps to use a deploy tool like Capistrano. When you run capify, uncomment the appropriate line in the Capfile to get assets compilation. Here's mine:
ENV['RAILS_ENV'] = 'production'
load 'deploy' if respond_to?(:namespace) # cap2 differentiator
load 'deploy/assets'
load 'config/deploy'
require 'capistrano/ext/multistage'
require "bundler/capistrano"
require 'capistrano_colors'
This is just how I normally install my rails apps. I hope this will get you going. Recently I've written a gem for integrating Chef-solo with Capistrano, called capistrano-chef-solo. It's very alpha and might be a bit too complicated if you're just starting with deployment, but it might help you.