I am new to linux and RoR and was looking for some advice and best practices in respect to:
Path to my ruby source
Path to public folder
Permissions on each
Thanks in advance!
Capistrano, which is popular in the RoR community, uses /u/apps/your_app/current where current is a symlink to a timestamp directory with the latest version of the source code. That's as reasonable a place as any, although I prefer /var/www/your_app. See this diagram.
leave it where RoR has it by default, under your rails application root
By default I use 570 (r-xrwx---) for directories and 460 (r--rw-----) for files with the owner set to www-data, which is the user my web server (nginx) and app server (RoR) execute as. I set the group to a group called webadmin and add my login to that group so I can deploy and make changes. If your app needs to write to any files or directories, add write permission to specific files/directories on an as-needed basis.
Related
I have a Rails app which has been running for quite some time; however, occasionally it will decide to create files and directories under its "tmp" directory (particularly "tmp/cache") that are world-writable.
As this is an intranet, our system admins find these and complain.
I can certainly set up a cron job to remove the world-write permission, but I'd prefer to address the problem at the source.
For whatever it's worth, this is running under nginx using the Passenger 5.0.9 gem.
Thanks!
Does the umask of the app user and the nginix user affect this?
This is a simple question, but I haven't been able to find an exact answer to it anywhere.
I have a standalone Python script which I am using in my Rails app. What is the appropriate folder I should save it in according to convention, so that I can push it to production (currently running it from my computer's desktop)? I think the answer is lib/assets but I want to make sure.
I don't think there is an exact answer for this question.
If it is a ruby script, it is usually placed in lib or bin.
From the rails folder descriptions in Getting Started with Rails guide:
bin/ Contains the rails script that starts your app and can contain
other scripts you use to setup, deploy or run your application.
lib/ Extended modules for your application.
You could put it in lib/assets folder as it reflects your understanding that it is an external asset used in the system.
I'm looking for a good deployment tutorial for a Rails 3.1.1 application on a server. And by good I actually mean complete. The reason I'm posting this question is that although there are tons of tutorials out there on the web (google, blogs, books, other stackoverflow questions etc...) all of them seem to focus either on a problem with the deployment process or make some assumptions about the deployment environment that do not match with what I need.
I realize that deploying a Rails app on a server requieres a variety of different programs and tools that need to be configured and somehow I always get stuck on apparently "little" things that make me very frustrated.
So, let's begin from the start. What I have now is a server that I can access through SSH and a domain name, let's call it www.example.com. The server runs a fresh Ubuntu 10.04 x64 and has just a user installed, namely root (through root I access the server with SSH).
Note! There is no Apache, Ruby, PHP, MySQL, cPanel or any other panel installed, just the bare minimum that comes with a fresh installation.
Also the web server will host a single application and the database will run on the same machine.
From my knowledge the process of deploying a Rails application follows the following scenarios:
Installing Ruby
I already did this by using RVM using the Multi-User install process (simply because I have just the root user and it does it automatically). This seems to work fine aftewards but I do have some questions:
Would it make more sense to install Ruby directly and not through RVM (I'm thinking maybe in terms of efficiency - also RVM does a little bit of magic behind the scences modifying some bash_profile files in ways that I don't understand and this somehow seems invasive...)?
Would it make more sense to install as a separate user through RVM (can there any safety problems arise)?
Necessary gems
Now that Ruby is installed what would be the best initial set of gems to install along side it?
I installed just bundler, so that once I upload my application on the server I can run a bundle install command which will install in turn the required app gems.
Question - Should I install the rails gem before hand? Are there any other gems that need to be installed?
Web server
This is where it gets tricky for me. I'm trying to use apache and mod-passenger for deployment (they seem to be the most popular). So I installed the apache web server and the passenger gem and all the related dependencies (libraries mentioned by passenger).
Now, the problems arise. First thing is user related. How does Apache run? I mean under each user? If I installed it and (re)started it using the root user, will it permanently run under the root user? Is this a bad thing? If yes, should I create another user? If yes, how? In what groups should I put the new user in, what rights should he have (namely what folders should he have access to). How to start the apache in this case (under root, under that user, add a line somewhere in the configuration file, etc.)
Website configuration
Where to put the website configuration stuff? Is it OK to put it into apache.conf, or should I create a new file in sites-available? Or should I simply reuse the default file that is already present there? If a new user has been created at the previous step, what rights should he have in relation to the config files?
Also... where to eventually put the rails application? In what folder would it be best? Somewhere under home? Maybe under /var/www? I want to know how would this affect the rights of the apache process serving the app? (Generally I have problems while serving an app, it complains that it doesn't have rights on a specific folder. Also, using the new asset pipelines - which I don't fully understand - asset files are being created and they seem not to inherit the parent folder rights...)
Database
As database I'm using MySQL and installing it is pretty straightforward. The question that I have here is again user related. Should I use a special user for the database? How does MySQL actually manage users (are they internal, or are they the Linux users or ...?). Should the database user be the same as the "web user" from above? Or should it be a different one?
Assets
Here I get really lost. I really have troubles making the assets pipeline works. I've checked the railscasts episode and also the rails website tutorial and I do seem to theoretically understand the thing, yet I have problems in practice.
So the questions here would be - what commands should I run to precompile the assets? (Trying to run rake assets:precompile). Is it ok? What should I change in the production.rb file? How do the assets generated work in relation with the webuser or database users created above? I am personally getting a problem in this step namely the log files say that some css files are not accessible (for example I have jqplot library installed under the vendor/assets folder and its files cannot be accessed - should I add a manifest file here somehow?).
It would be really great if someone could point me towards a nice article, or resource that explains all this stuff. The main area which I'm having problems in is how does Apache, Passenger, Ruby, Rails and MySQL interact with a Linux user. How to properly set up the permissions for the Rails app folder? How does the assets pipeline affect this user permission stuff?
Thank you
Here's my way of deploying Rails:
Installing Ruby
I would not use RVM because it's very tricky to get it running properly in combination with stuff like cron jobs. Doable (with wrappers for example), but a bit of a hassle. If you don't need other Ruby versions on that machine, just install it from source yourself.
Gems
Just let Bundler work its magic. Remember to install with the flags --without test development --deployment. I wouldn't do that up front though. Just make sure you have bundler.
Web server
Using Passenger (with either Apache or Nginx) is a fine and easy choice. When you install Apache from apt, it will run in a special user.
Apache is configured correctly automatically on Ubuntu. It will start on reboot.
Website configuration
All configuration be in /etc/apache2. Place your virtual host configuration in /etc/apache2/sites-available and use a2ensite to enable it.
Put your app in /var/www, since that is the default location in Ubuntu. I usually make a deploy user.
Make sure that user can access your application by assigning your app to the www-data group.
Database
MySQL has its own user system. Log in as root user and create a new user with SQL: GRANT ALL ON 'application_production'.* TO 'deploy' IDENTIFIED BY 'some password';
Assets
Assets should be generated as the user owning the application. You should add any css and javascript files to production.rb. For example:
config.assets.precompile += %w(backend.css)
Conclusion
It helps to use a deploy tool like Capistrano. When you run capify, uncomment the appropriate line in the Capfile to get assets compilation. Here's mine:
ENV['RAILS_ENV'] = 'production'
load 'deploy' if respond_to?(:namespace) # cap2 differentiator
load 'deploy/assets'
load 'config/deploy'
require 'capistrano/ext/multistage'
require "bundler/capistrano"
require 'capistrano_colors'
This is just how I normally install my rails apps. I hope this will get you going. Recently I've written a gem for integrating Chef-solo with Capistrano, called capistrano-chef-solo. It's very alpha and might be a bit too complicated if you're just starting with deployment, but it might help you.
Using Rails 3.0.7 and git, deploying with capistrano. I'm using different machines as web and app servers. I cannot deploy the application code to the web server, only the static assets--basically the public/ folder.
This would seem common but no luck searching for a best practice.
Is anything build around capistrano to handle this case? Otherwise I'm thinking that adding tasks to create the structure, but scp the public directory from the app server would be the solution.
So I assume there's a business reason you can't deploy the app to the other server?
If there isn't then just deploy the whole code
and configure your web server to just serve the public folder.
(in Apache/Passenger the configs would be exactly the same, you just wouldn't enable passenger on the static server)
That is the only simple way to do it..
otherwise you're going to cause yourself a load of headaches..
Nevertheless I'm going to make up a way to solve this.
If you do need to deploy just the static code
then I suggest you create two repositories
the app (eg. git#myserver:app.git
the static files (eg. git#myserver:static.git)
Now in your app include git#myserver:static.git as a submodule mounted at public/
Having done this, you should search standard capistrano recipes for deploying with git submodules (in particular I guess you'll want to store a local cache of the submodules, update it, then git submodule init somehow with that)
You can then have two capistrano recipes
I suggest you check out capistrano multi-stage... defining app and static as two stages
You can therefore just specify git#myserver:app.git as the repository for "app"
and git#myserver:static.git as the repository for "static"
then a simple cap app deploy:migrations && cap static deploy should do it.
but remember these will not be simultaneous
I too wish there were more established practices published. We've done ours based on the Django book which recommends making your public app directory a networked directory.
This is much better as scp only works if your public directory is static. Many apps will write things to the public directory, e.g. image generation on-the-fly. These files also need to be copied to the web server immediately.
I recommend using a NFS, Samba Share or similar, so that your public directory is actually just a networked folder, so when you write to it, it's like writing to the remote folder.
To integrate it into capistrano we do the following:
create this networked folder in shared/public
After deploy:update_code:
move content from current/public to shared/public (overriding files as needed)
remove or rename current/public then symlink current/public to shared/public
Downsides:
* doesn't remove old files (like someone earlier said)
* no real rollback option (apart from redeploying older version)
Best approach I've come up with is to in fact scp files over to the web server.
I've always deployed my apps to ~/apps/myApp/current (with Capistrano, that's why I have the current directory).
But I've seen users deploy to like /var/www/, or even some make a directory at the root, /myapp.
I'm wondering is there an ideal place to put my app? Or does it not matter at all.
Additionally what do you usually name your user, I'm using deploy as my username and group, but I've seen users use rails or just whatever the username they always use is.
Is there a rule of thumb here? I'm aware that some may see this as a subjective question, I just wanted to get a little census as to what most people do.
On Ubuntu, /srv is a good place to install a rails app. Do not put it in /var/www, people would be able to browse your app sources in some circumstances.
The user www-data is perfect for running your app (when running apache, that's the default user). With Passenger, you can set PassengerDefaultUser www-data in its config file to enable that.
Do NOT run your app in as root. It's very dangerous.
/var/rails/app_name/current and deploy
I put all my web stuff under /var/www/ just because I like having it all in one place and /var/www/ is the default directory for Apache. There is no 'ideal' place to put your software - just put it wherever seems most logical to you. Pretty much the same for the username - I run my rails stuff under www-data but it doesn't matter what user you run it as (as long as it's not root).
Obviously clients shouldn't be allowed access to the rails app itself.
/srv is the right place to put your http or ftp , for more info visit https://help.ubuntu.com/community/LinuxFilesystemTreeOverview