I followed this tutorial "Rails with SSL in Development The Simple Way" and successfully set up SSL for a Rails app. Now I created a second Rails app and it is trying to use SSL even though I didn't configure it to.
I am wondering why this is happening and what I can do to stop it.
I did manage to get the second app working by following the steps in the tutorial, but I didn't intend to make it use SSL. Before doing that, it was throwing errors about invalid HTTP format, parsing fails and my browser said SSL connection error - ERR_SSL_PROTOCOL_ERROR. I even made sure that config.force_ssl was set to false in in application.rb
The command to start the thin SSL server is thin start --ssl --ssl-key-file server.key --ssl-cert-file server.crt
which is slightly different than the deprecated command in the tutorial.
I'm on Linux Mint by the way.
I'm migrating my rails app (still in development) from Thin to Unicorn. My app uses config.force_ssl = true.
When using Thin I could just write:
thin start --ssl
My question is: What is the equivalent way to start Unicorn with ssl in development?
If I correctly understood your question, you're trying to run unicorn on port 443.
This is a bad idea.
Instead, to achieve the same goal, I would suggest, run unicorn on an unprivileged port (above 1024), or better on a unix socket, and switch Nginx before, passing all static stuff directly trough nginx, and the rails stuff, trough unicorn.
I know this doesn't answer your question, but for the user, it will work exactly the same, with some benefits when your app server (unicorn) crashes, for example a nice rendered 502 error page served via nginx instead of a plain network error message seen in the browser of your users.
You can with this solution run X different applications on the same port, with different subdomains. a must have for a development machine with many projects.
My head is about to explode from the mangled mess as a result of the following few days trying to setup a development environment for Rails, Apache and Passenger.
The questions I have are:
Do you NEED passenger for a development environment? Can I just develop with pow.cx instead? - I am 99.99% sure the answer is no (you don't use passenger for development), but I need confirmation since I am deeply confused now.
When I deploy, I only use Passenger for that, correct? I.e. I don't ever touch passenger until I deploy.
Is my development environment correct?
Production deployment is simply moving a rails application under the effects of Passenger coupled with an Apache VHOST?
Background (I suggest you read):
It seems that all the information on the web is concerned about explaining things for people who already know what they are doing, rather than explaining in detail how things work it's just a series of installation steps and that has left me extremely confused on the role of things, and how to setup a development environment and deploy a RoR application correctly - so please bear with this long question.
For the past 3 days I have been trying to setup a development environment on my Macbook Pro that isn't destroyed by Apple's rediculous limits on Apache installations. I installed a custom Apache install (from bitnami using their ruby stack, since I refuse to use Server.app) so that I can run Apache and upgrade things like PHP to 5.5 easily, and that works fine.
I am trying to get into RoR but so far it has been a struggle, and I am about ready to give up.
I understand you need Apache to serve Rails applications so that the server can handle requests concurrently rather than one at a time, and that various interfaces for this exist like Thin or whatever; Passenger was highly recommended.
I installed Passenger via their instructions and did some hackery to compile it for the Bitnami passenger installation, rather than the default Apache on Mac OS X - and it's working. When I start apache and run: passenger-memory-stats I get results expected from the installation guide, so that tells me passenger is running.
However, when I try and deploy a simple hello world Rails application I get a slew of "We're sorry…" or no result at all and just a blank page.
I am fairly sure my development environment is correct, everything works except this last bit. I can picture development taking place on a pow.cx server, and once deployment is ready you simply copy the Rails application and configure Apache's VHOST to point to your ready-to-deploy app while Passenger handles the rest, is that correct?
I am using PostgresSQL via the Postgress.app, the server works fine and I can connect to it.
I have gem 'pg' in my Gemfile.
I have already read, and tried every conceivable solution from the following SO questions, but I either get no result or empty logs which is… infuriating to say the least:
We're sorry, but something went wrong. - with Rails, Apache, Passenger
Ruby on Rails: How can i edit database.yml for postgresql?
How do I set up the database.yml file in Rails?
https://www.ruby-forum.com/topic/187128
So with all that said, I am trying to deploy this hello world application (which works on a standard rails server) using the following:
INVOKING APPLICATION VIA:
http://dmarket.local:8081/
VHOSTS:
<VirtualHost *:8081>
PassengerEnabled on
RailsEnv production
ErrorLog /Applications/rubystack/apache2/htdocs/helloworld/project_error.log
CustomLog /Applications/rubystack/apache2/htdocs/helloworld/project_error.log combined
ServerName dmarket.local:8081
ServerAlias www.dmarket.local:8081
DocumentRoot "/Applications/rubystack/apache2/htdocs/helloworld/public"
PassengerPreStart http://dmarket.local:8081
<Directory "/Applications/rubystack/apache2/htdocs/helloworld/public">
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
HOSTS FILE:
127.0.0.1 dmarket.local
127.0.0.1 www.dmarket.local
DATABASE.YML (same for development, test, and production):
adapter: postgresql
encoding: unicode
host: 127.0.0.1
port: 5432
database: tsujp
pool: 5
username: tsujp
password:
A summary of answers to your questions
You don't need Passenger in development. You can develop with Pow, and deploy with Passenger.
But you can use Passenger in development if you want to. It is a good idea to use Passenger in development because that way your development environment will match your production environment more, which reduces the risk of running into unexpected problems when you deploy.
Using Passenger in development is very easy. Use it's Standalone mode, and run passenger start instead of rails server.
Pow is strictly a development-only server. The authors recommend against using it in production.
When you deploy, you touch Passenger. You don't have to touch Passenger until deployment time, but you may.
Production deployment is indeed moving an application under the effects of Passenger, and setting up a virtual host. You will of course also need to install gems (bundle install) setup the database (editing config/database.yml), running database migrations (bundle exec rake db:migrate), etc.
I've also posted updates on the posts that you linked to, in order to make life easier for people who happened to have found those posts via search.
Apache vs Nginx
You will find a lot of people recommending Nginx (e.g. Sergio just did). I second that recommendation. Nginx is faster than Apache, handles slow clients better and is generally easier to use.
Passenger works great with Nginx. It has an Nginx integration mode that is just as easy as the Apache mode. Sergio suggested Nginx + Unicorn or Nginx + Puma, but Nginx + Passenger (which replaces Unicorn/Puma) is much easier to setup, performs great, uses less memory, works better and has more features. Nginx + Unicorn requires a lot of configuration, process management using init scripts, etc.
But this is just a recommendation. You don't have to use Nginx. Sticking with Apache + Passenger is fine. Apache works well enough for most people.
Regarding your Passenger problems
However, when I try and deploy a simple hello world Rails application I get a slew of "We're sorry…" or no result at all and just a blank page.
Whenever you get an unexpected error, the first thing you should do is to read the log files. There are two log files that are important to you:
The web server error log, typically /var/log/apache/error.log. This log file contains:
Phusion Passenger error messages.
Everything that the Rails application writes to STDERR. This typically consists of errors that Rails encounters during startup (but not errors that it encounters when it's handling requests).
The Rails development log (or production log, in case you're running in production), log/development.log (or log/production.log). When an error occurs during request handling, it is typically logged here. This file does not contain errors that Rails encounters during startup.
The error messages will often tell you what the problem is and how to solve it.
This tip can also be found in the Phusion Passenger manual, Troubleshooting section.
Capistrano
Sergio recommended Capistrano. I second that recommendation. You should remember that Capistrano complements Passenger; it does not replace Passenger. Capistrano is a tool for automating tasks. Do you currently create a tarball of your app and scp it to your server, and extract it there? Well, Capistrano automates this sort of thing for you.
For more information about how all the different pieces of the stack fit together (Apache, Passenger, Capistrano, HAProxy, Chef, etc), check out the section "The big picture" on the Phusion Passenger documentation page.
Recommendation summary
Use passenger start in development. It is by far the easiest to get started with. You don't have to edit any configuration files, it works immediately.
Use Phusion Passenger for Nginx in production.
You don't need Passenger in development. In fact, in development mode you don't need even apache. You can use built-in Webrick server ($ rails server) to run your app. And yes. Pow is a good tool, I use it all the time.
In production there are also multiple options. One of them is Apache+Passenger, yes. But you need to put Nginx in front of those (because Apache doesn't handle slow clients very well). If you have nginx, then you can replace apache+passenger with something else. For a long time I've been using Unicorn (ruby web server from github). Now my current favourite is Puma. It uses less resources than unicorn, but has more requirements to your code (it better be thread-safe, because puma is a threaded server).
Now, to the development-production discrepancy: it is known that development should resemble production as closely as possible, because it minimizes risks when deploying. So, my suggestion is: use unicorn everywhere (both development and production). Only on production put nginx in front of it.
Also,
for actually performing deploys, look into Capistrano. It became industry standard for deploying rails apps (but it can also deploy PHP, static files and what have you).
Here is my setup:
Mac OS X 10.6
Ruby 1.8.7
Rails 3.1
I have a Rails 3.1 application that starts with Unicorn every time this machine starts up (via a .plist in /Library/LaunchDaemons). The .plist essentially does this:
cd /my_application_directory
sudo unicorn -E production -p 80
And everything's working fine. However, I'd like to be able to set up SSL so that traffic is encrypted. I don't need a real certificate signed by a real CA, because the application is only accessible over a local network.
I've found articles like this one on generating certs, but I'm not sure where to go from there (or even if that's the correct starting place).
For my basic needs, I've found the .plist method to be much easier to work with than something like Phusion Passenger, so I'd like to continue doing it that way if possible.
Any help would be greatly appreciated!
I don't believe Unicorn supports being an SSL endpoint, so you're going to need another process to decrypt/encrypt the traffic for you.
On Mac, it's probably easiest to use apache, because it's already installed.
Sorry to not have detailed steps, but you're looking to do the following:
Change the port unicorn listens on, to prevent conflicts with apache.
Set up Apache to serve SSL, just like your linked reference.
Also set up apache to proxy requests to be handled by Unicorn, on the new port you setup. This involves the ProxyPass (and possibly ProxyPassReverse) directive.
Configure apache to start when the Mac boots.
I came across something in one of my rails books that said I should set
ServerSignature Off
ServerTokens Prod
to disable apache from showing server information in production when the app screws up. Is this necessary? The only error message I see in prod is the standard Rails production error message. I never see any server information.
Are there any other security related apache config variables I need to set?
It is not necessary, but it is recommended. By showing the server signature and the full server tokens you are giving potential hackers an easier way to identify how to hack your system. For example, with ServerSignature on and a full ServerToken, a hacker will know exactly what OS (including version) and server technology you are running.
Example. With ServerToken set to full you might get:
Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5 with Suhosin-Patch Server
With it set to prod you will only get
Apache
This article on slicehost gives a good overview of how to approach serverSignature and serverTokens