Stop Passenger from leaking environment variables on failure - ruby-on-rails

Well this is embarrassing. If for some reason my developer sends a bad build of our rails app to the production server, passenger may not be able to load. When that happens, web requests to passenger dump an error page with all of the variables in .env. As he prefers to put all of his secrets in .env like API keys to remote services, this is potentially a big security hole.
Is there any way to turn this behaviour off? We're using nginx. We're adding a staging server to the workflow to avoid pushing bad releases, but still, this seems like it shouldn't be happening.
Thanks. Here's the relevant portion of the nginx.conf file:
http {
passenger_root /home/X/.rvm/gems/ruby-2.1.1/gems/passenger-4.0.40;
passenger_ruby /home/X/.rvm/gems/ruby-2.1.1#XXX/wrappers/ruby;
server {
listen 443;
server_name www.X.com;
root /home/X/current/public;
passenger_enabled on;
..

Turn passenger_friendly_error_pages off. Since 4.0.42, it's off by default on production.

Related

moving app over to a different server

I am trying to move an app over from an older server to another no so much older server. As far as I can tell the old app was (for some reason I did this) running on Unicorn, with ruby version 1.8.6. The new server supports 186 and 193 so it shouldnt be a problem. but I continuously get an error when i try to run the site.
http://omnimart.myitcrm.biz/
I have searched the web and couldnt find an exact post describing this error and a solution for it.
I tried to put 186 in nginx so that it would use the correct version of ruby, but I also get 193 showing up in the environment variables, and I figured that may be the problem, but I tried tracing these environment variables back to see where there were set and I couldnt find it anywhere. Could that be the problem?
nginx conf:
server {
passenger_ruby /home/purge/.rvm/gems/ruby-1.8.6-p420/wrappers/ruby;
listen 80;
server_name omnimart.myitcrm.biz;
root /home/purge/www/omnimart/current/public;
passenger_enabled on;
}
The site is currently running now so it isn't an emergency but I would like to resolve this so i can shut down one node that only has one remaining app running on it.
Any ideas on what I can do to fix this one?

Nginx Passenger not serving Rails application

I setup Nginx with passenger on centos 7 VPS. I installed nginx and passenger as a gem. In addition I installed passenger-install-nginx-module.
When I start sudo service nginx and type passenger-status I get "Phusion Passenger is currently not serving any applications.". From my nginx conf file
http {
passenger_root /usr/local/rvm/gems/ruby-2.4.1/gems/passenger-5.1.8;
passenger_ruby /usr/local/rvm/gems/ruby-2.4.1/wrappers/ruby;
passenger_app_env production;
passenger_instance_registry_dir /var/lib/passenger-instreg;
...
server {
listen 80;
server_name localhost;
root /home/myuserhere/current/public;
passenger_enabled on;
File passenger.* creates normally when I restart nginx.
echo $PASSENGER_INSTANCE_REGISTRY_DIR returns the same path as in nginx conf file.
What I do wrong that passegner does not start application?
Finally I got it. Everything was all right. Passenger does not start apps during startup, but during the first request so all I needed to do it was press enter in my browser ... Hope that answer save time to others.
I was having a similar problem; where passenger wasn't serving any applications. This is on Focal, rails 6, Ruby 3.0.1, passenger-version: 6.0.8.
Turns out that it will start serving requests upon first request. So all I did was to temporarily allow http on the UFW then used 'curl' to http a request. Once the landing page was displayed, I was good to go.

How to make S3 serve the same file using http and https in a rails app?

I have an rails application running in Amazon EC2 and with files served in S3.
My problem is: All my application in running normally in http and I'd like to put on https. But, it's a pre-requisite that the same file responds either to http and https.
For example: if I have a file http://domain.s3.amazon.com/file.js, it should be respond to https://domain.s3.amazon.com/file.js as well.
My scripts will be used by other customers in http and https environments, so it's mandatory that its served as http and https, otherwise the browser will give this message:
[blocked] The page at 'https://mycustomerurl' was loaded over HTTPS, but ran insecure content from 'http://mydomain.com/myfile.js': this content should also be loaded over HTTPS.
How can I do that?
Thanks
PS: I've seen some samples, but the whole app goes to https, and I have this specific requisite
As long as the domain is the same, the easiest way to do this is to drop the protocol at the beginning of the url.
Just do a request for //domain.s3.amazon.com/file.js
I finally found a solution.
At the end, it was not an issue to be solved at application level but at server configuration level.
I've bought a certificate and installed in my server. Then I configured nginx with:
worker_processes 1;
http {
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/cert.pem;
ssl_certificate_key /usr/local/nginx/conf/cert.key;
keepalive_timeout 70;
}
}

Rails Capistrano: Steps after Deployment (Getting remote server up)

Ok. This should be my easiest stackoverflow post yet.
So I have Capistrano installed and configured properly. I've managed a successful deployment to my remote server (incidentally that remote server is running rails 4.0 and the local one was on 3.2.13). All my files appear to have been successfully transferred to my liquid_admin/current directory (they used to just be in the liquid_admin directory... but whatever.)
So what do I do now? How do I get rails server to load the app in liquid_admin/current?
If I try to do "rails server" it just tells me:
usage: rails new app_path
Would that actually overwrite my old app? Basically all I want to do is load the app in the "current" directory. Run the server. Should be a no-brainer right? :)
For a single website on a small server, passenger and Ngnix look like winners.
sudo passenger-install-nginx-module
And then on the Nginx sites folder:
server {
listen 80;
server_name www.mysite.com;
root /rails_website_root/public;
passenger_enabled on;
}
Then just start Ngnix (usually you put it on autostart)
The default server that you probably use in development - WEBrick - is not suitable for production. Some options that you have are:
Unicorn
Thin
You also need Apache or Nginx 'in front' of your Rails server.
All this is well explained in tons of guides, books, railscasts etc, so please go and google it.

Nginx - Basic Configuration

I've just deployed a Rails application using Capistrano under /home/username/app_name.
Now, I'm not quite sure on how to setup Nginx, I've followed this tutorial, http://coding.smashingmagazine.com/2011/06/28/setup-a-ubuntu-vps-for-hosting-ruby-on-rails-applications-2/comment-page-1/#comment-594321. I have this on my nginx.conf file, I modified the first server block I saw:
server {
listen 80;
server_name www.yourdomain.com;
root /home/johndoe/test_app/current/public;
passenger_enabled on;
...
}
But now, I'm not sure how to procede. What exactly is the server_name in the example above? And how should I access the application? I've tried typing in my ip address and nothing shows up. I'm using Linode by the way. And how do I set up the nameservers for my domain? Detailed explanations and tutorials would be very helpful. Thanks in advance!
server_name on Nginx is exactly the same as ServerName in Apache, i.e. the domain name you'd like to use for this directory (named virtual host).
With passenger set to on you should be able to access the application directly via the domain.

Resources