I am deploying an app that works locally to heroku. My heroku logs produce the following error:
/usr/ruby1.9.2/lib/ruby/1.9.1/syck.rb:145:in
`initialize': No such file or
directory -
/app/2c325e9f-adb9-420e-b7d8-a80f8aa4c4e6/home/config/facebook.yml
My facebook.yml file is in the /config directory and is formatted as such:
development:
app_id
secret_key
test:
app_id
secret_key
production:
app_id
secret_key
My guess is that you forgot to...
git add facebook.yml
git commit -m 'new file' .
prior to
git push heroku master
Althouh DigitalRoss answer works may not always be a best practice.
Adding yaml files to repository you put sensitive information into your git account
leaving security issues (eg. if code is shared in github or else).
Here's what heroku suggest.
Related
Im using Settingslogic gem as alternative to Environment Variables, and I found it more convenient. But, how to deploy the application to Heroku if my file with configs is out of the repo? I mean, all configs I save in application.yml, which is included in .gitignore file (because there is sensitive data). And when I push it to heroku, server can't find this file and can't complete deploy.
I've tried to create the file from heroku bash, but after git push heroku master command, created file disappears, and deploy failes with the same error.
How can I implement this deploy with one config file, and how can I force heroku to read this file or store it if I have no it in Git? Thanks a lot!
This topic has a SOLUTION embeded at the end.
PROBLEM
I'm deploying for the first time a Rails app on a VPS on Ubuntu 18.04. with Nginx.
I followed the good tutorial of Gorails "Deploy Ruby on Rails To Production in 2019".
Everything worked, until I had the "Incomplete response received from application" page.
I checked the nginx logs on /var/log/nginx/error.logand saw the typical message "Missing secret_key_base for 'production' environment, set this string with rails credentials:edit"
As the method of Gorails didn't seems to work (after a bundle exec rails secret on his console app-side, he add a file /my_website/.rbenv-vars with a SECRET_KEY_BASE line, filled with the generated secret key), I decided to follow the multiples topics answering to this question.
Here is the thing, I'm not sure if the followings steps are the goods one.
I run bundle exec rails secreton my console, server-side, as deploy user. So I have my GENERATED_KEY_1
I add to ~/.bashrc : export SECRET_KEY_BASE="GENERATED_KEY_1"
I source ~/.bashrc
I check my key with echo $SECRET_KEY_BASE, and I have the good key displayed (GENERATED_KEY_1)
I edited my credential file as
development:
secret_key_base: ORIGINAL_KEY
test:
secret_key_base: ORIGINAL_KEY
production:
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
and added Dotenv to my Gemfile, required it in application.rb
But none of this worked, after restarted nginx server.
So I restarted the previous step, with the root-user.
But again, it failed.
My questions are:
what I am missing ?
How can I know, if it's searching the key in the good place, as I have always the same error message ?
Which key am I suppose to generate ? App-side ? Server-side ? As root or deploy user ?
Do I have something else to configure in /etc/nginx/sites-available/default ? (I saw on this topic that this guys changed a rails_env production; to rails_env development; but I haven't any rails line)
Thank you, I'm a little bit desperate ^^
SOLUTION
During my many tests, I logged with the root user, and run EDITOR="vim" rails credentials:edit. This command had generated a master.key, which doesn't exist on your Github repo.
But first, I didn't modified it. I think that was the main problem, as the application use it to decrypt your credentials.yml.enc file. When I understood it, I edited the master.key with the content of the master.key on my computer app.
Even after editing credentials.yml.encwith <%= ENV["SECRET_KEY_BASE"] %>, this solution works. This corresponds to the answer of Lyzard Kyng, even if it's a bit different.
I can't run EDITOR="vim" rails credentials:editwith the deploy user, it doesn't work.
Rails 5.2 and later uses encrypted credentials for storing sensitive app's information, which includes secret_key_base by default. These credentials are encrypted with the key stored in master.key file. Git repository, generated by default Rails application setup, includes credentials.yml.enc but ignores master.key. After the deployment, which usually involves git push, Rails production environment should be augmented with this key some way.
So you have two options. You can securely upload master.key to production host via scp or sftp. Or you can establish shell environment variable RAILS_MASTER_KEY within the context of a user that runs rails server process. The former option is preferred, but as you have dotenv-rails gem installed, you'd create .env.production file under app's root and put there a line
RAILS_MASTER_KEY="your_master-key_content"
Don't forget to ensure that gem dotenv-rails isn't restricted within Gemfile by development and test Rails environments.
By the way since passenger module ver. 5.0.0 you can set shell environment variables right from nginx.conf
run rake secret in your local machine and this will generate a key for you
make config/secrets.yml file
add the generated secret key here
production:
secret_key_base: asdja1234sdbjah1234sdbjhasdbj1234ahds…
and redeploy the application after commiting
i had the same issue and resolved by this method.
It would be more secure to generate your key on the server and use it there, rather than push it to your repo from a local machine.
Instead of ~/.bashrc do this for using environment variables;
As root user, navigate to the # directory (can probably just use cd ..)
Enter nano home/<yourAppUser>/.bash_profile to navigate to (and create) the file to store the ENV
As you have already, just write this in the file: export SECRET_KEY_BASE="GENERATED_KEY_1"
You can store your database password here as well.
1_ Set credentials with
rails credentials:edit
2_ Upload master.key file to your production server.
If deploy with capistrano, copy master.key to shared folder (shared_path) and then add this to deploy.rb:
namespace :config do
task :symlink do
on roles(:app) do
execute :ln, "-s #{shared_path}/master.key #{release_path}/config/master.key"
end
end
end
after 'deploy:symlink:shared', 'config:symlink'
In my case, on rails credentials:edit, the file indentation were not accurate which gave the error on deployment. So make sure the indentation is correct on your local before deploying.
How do you reference a file when a ruby on rails application is deployed on Heroku? I'm using CURL::EASY and the cert parameter requires a path to the .p12 cert. This works on my local, but not when I deploy to heroku.
try bash with your heroku
heroku run bash -a your-app-name
It will connect you the file directory. Type ls to view all files of your application.
Try more Gemfile.lock to view the code on your file.
What you're looking for is:
Rails.root.join('/path/to/cert')
However, committing a private certificate file to a code repository is very poor practice, for numerous security reasons. A much preferrable solution would be to store the certificate in a heroku config file using:
heroku config:set CERTIFICATE="your cert source here"
And then pass it to Curl::Easy using:
my_curl_easy.cacert = ENV['CERTIFICATE']
I have a Rails 4 application hosted by Heroku.
Seeing as I'm working on an open-source project, there are several unversioned files containing sensitive information listed in .gitignore. For example, I have a .secret file at the root of the app that contains the key with which cookies are encrypted. I created this file by running the rake secret command.
My problem is that I cannot send this file to my heroku app since it is not versioned, it is not included in the deployment. Furthermore, I am using Github and cannot risk having my key disclosed publicly in the commit history.
I have attempted to use the heroku run command to create the file (heroku run 'rake secret > .secret' to no avail). I have attempted to connect with the terminal using heroku run bash but as the filesystem is ephemeral, my changes are not preserved when I exit the terminal.
Do you have any idea how I could achieve having unversioned files on a Heroku application?
Secret data (keys, passwords, etc) should be stored as config vars on Heroku. They are then accessed via the ENV hash in your code.
If you use something like figaro, you can place these vars in an application.yml (don't commit the file)
application.yml:
SECRET_KEY: my_secret_key
Figaro then has a rake task to push these to heroku:
rake figaro:heroku
Or, you can manually set them:
heroku config:set SECRET_KEY=my_secret_key
Finally, access them in your app as:
ENV['SECRET_KEY']
I've configured the keys to my heroku, and I've gotten far enough to be able to commit and push onto my heroku server. But for some reason, commands like "heroku logs" or "heroku rake" or "heroku restart" bring up "no such file or directory" errors. Similarly, heroku restart -app "" bring up an "app not found!" even though I'd typed everything correctly.
I think this may have to do with my Github repo being stored and written on an external hard drive. Is this possible?
Thanks in advance!
An external hard drive will have nothing to do with this problem.
Make sure you are in your app.
cd myap
Then you need to create a repo and add your project to it:
git init
git add.
git commit -m 'master'
Then you need to create a heroku project:
heroku create
heroku rename myapp
git push heroku master
Make sure you have done all of that in that order.
Are you sure you are in the project folder that your application lives in. It doesn't matter where the project is as git and the project git config (including remotes) will all be local to the project folder iteself.
Also, you don't actually need to be in the project folder if you explicitly pass the application name,
eg;
heroku rake db:migrate --app myappnamehere
This also arises if you don't have your heroku remote not named heroku. Eg, I typically call my heroku remotes based off the environment eg, production, development. So my typical push looks like;
git push production mybranch:master
In this scenario when you issue a heroku command it is unable to locate the application name which is does by inspecting the git config for a 'heroku' remote so it will always say application not specified which is why you then need to pass it in explicitly via --app attribute.