We deploy the application on a clean Ubunt: from A to Z

So, you have a clean Ubuntu, an ssh connection to the server is open in the console and the console invites you temptingly - “root @ my-awesome-host: ~ #” - and there is nothing more. And you want to run and show the world some kind of rail application. Let's go from soup to nuts.

Build a house

There are no users in your system yet. Yes, even the name of the host, most likely, is not as in the above example, but something like "56-78-vps-small". Not order.

Change:
')
#> nano /etc/hostname
#> nano /etc/hosts

Reboot:

shutdown -r now

We are waiting for the system to boot. Immediately add the firewall rules:

#> nano /etc/rc.local

# Drop all incoming traffic<br>
/sbin/iptables -P INPUT DROP<br>
# Drop all forwarded traffic<br>
/sbin/iptables -P FORWARD DROP<br>
# Allow all outgoing traffic<br>
/sbin/iptables -P OUTPUT ACCEPT<br>
# Allow returning packets<br>
/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT<br>
# Allow incoming traffic on port 80 for web server<br>
/sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT<br>
# Allow local traffic<br>
/sbin/iptables -A INPUT -i lo -j ACCEPT<br>
# Allow incoming SSH on port 22<br>
/sbin/iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT<br>
# Allow ping<br>
/sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT<br><br>

exit 0

In Feng Shui, you can save the configuration to a separate file and restore it with a separate command. But you can and so :) Inhale:

#> /etc/rc.local

We try:

#> asdlkjflaskdjf

If the letters are displayed - we exhale, it means that they did not cut down the branch on which they were sitting (they did not close the ssh connection). Go ahead.

#> adduser deployer<br>
#> adduser eugzol<br>
#> adduser eugzol sudo

Remember passwords.

Under www. Everything will work. Under eugzol we will sit through ssh (choose your favorite username). We leave, we go ...

root@my-awesome-host#> exit<br>
eugzol@home$> ssh my-awesome-host<br>
eugzol@my-awesome-host$> sudo echo test

Everything works well. Add your key:

$> mkdir .ssh<br>
$> echo "ssh-rsa ........... == eugzol@home" > .ssh/authorized_keys<br>
$> chmod 700 .ssh<br>
$> cd .ssh<br>
$> chmod 600 *

Disconnect, connect, should not ask for a password. Similarly, we add our key to the user deployer.

If you like the color console, remove the comment character from the corresponding line in .bashrc:

$> nano ~/.bashrc<br>
# ...<br>
force_color_prompt=yes<br>
...

Packages, packages, packages

We put in advance all that is useful. Well, maybe something and forgotten, not scary, then add the circumstances.

To build Ruby:
$> sudo apt-get -y install build-essential zlib1g zlib1g-dev libxml2 libxml2-dev libxslt-dev sqlite3 libsqlite3-dev locate git-core

MySQL (remember root password):
$> sudo apt-get -y install mysql-server libmysqlclient-dev

To build Passenger:
$> sudo apt-get -y install libcurl4-openssl-dev

We roll out application

$> sudo su deployer

Next, create a directory structure:
/ home / deployer / repos - git repository
/ home / deployer / projects - working copies of projects

$> mkdir repos<br>
$> mkdir projects

Put the ruby:

$> bash < <(curl -s rvm.beginrescueend.com/install/rvm)

See what he writes at the end. And there are two important things:
- it may be necessary to add the specified string to the .bashrc if it is not already there
- perhaps, not all packages were previously delivered from those indicated. need to go back and deliver

Go ahead.

$> rvm install 1.8.7

I needed this version of Ruby. If you have a different main version, put another one.

Now let's see how we will install the application, for example, rolling-on-rails. According to science, it is necessary to wrap it in Capistrano or a similar tool. But first you can do with simple methods.

And finally:

$> echo "gem: --no-rdoc --no-ri" > ~/.gemrc"

That rubygems did not brake on installation of the documentation which all the same from the local computer nobody looks.

$> rvm use 1.8.7<br>
$> rvm gemset use global<br>
$> gem install bundler

Repository and working directory

cd ~/repos<br>
git init --bare rolling-on-rails.git

Next on your local machine in the project directory:

eugzol@home$> git remote add my-awesome-host ssh://deployer@my-awesome-host.ru/home/deployer/repos/rolling-on-rails.git<br>
eugzol@home$> git push my-awesome-host master

We return to the remote:

cd ~/projects<br>
mkdir rolling-on-rails<br>
cd rolling-on-rails<br>
git init<br>
git remote add local /home/deployer/repos/rolling-on-rails.git<br>
git fetch local<br>
git checkout master

The files of our project should appear in the directory.

Configuring the base

mysql -u root -p

Enter the password.

mysql> create user 'rolling-on-rails'@'localhost' identified by 'sakdl5&%1';<br>
mysql> create database rolling-on-rails charset utf8 collate utf8_bin;<br>
mysql> grant all on rolling-on-rails.* to 'rolling-on-rails'@'localhost';

Create a config:

cd ~/projects/rolling-on-rails<br>
echo "production:<br>
adapter: mysql<br>
host: localhost<br>
database: rolling-on-rails<br>
username: rolling-on-rails<br>
password: sakdl5&%1<br>
encoding: utf8" > config/database.yml

Gems and go!

$> echo "rvm 1.8.7@rolling-on-rails > .rvmrc"<br>
$> rvm gemset create rolling-on-rails<br>
$> cd ..<br>
$> cd rolling-on-rails

RVM will ask if you trust what you have written in .rvmrc. Since you did not come up with this line yourself, but copied it from a source on an open network, and who knows that they will offer you to write to the config files on these Internet sites, I would reread it again ... Well, jokes aside, we go further.

$> rvm info

Once again, we check that we have the right version of Ruby and gemset.

$> bundle install<br>
$> RAILS_ENV=production rake db:migrate<br>
$> RAILS_ENV=production rake db:seed

Check if everything works.

We put the passenger

Add a temporary deployer to the sudo group:

eugzol@my-awesome-host$> sudo adduser deployer sudo<br>
sudo su deployer

Actually installation:

cd ~/projects/rolling-on-rails<br>
gem install passenger<br>
rvmsudo passenger-install-nginx-module

We say to the installer - download and install everything yourself.

Create a place for nginx logs:

mkdir ~/nginx

Editing config files:

cd /opt/nginx/conf<br>
sudo nano nginx.conf

As a result, we get something like http://pastie.org/2625120 .

Put the init script:

cd<br>
git clone git://github.com/jnstq/rails-nginx-passenger-ubuntu.git<br>
sudo mv rails-nginx-passenger-ubuntu/nginx/nginx /etc/init.d/nginx<br>
sudo chown root:root /etc/init.d/nginx

Change the path to the pid file:

$> sudo nano /etc/init.d/nginx
...<br>
PIDSPATH=/home/deployer/nginx<br>
...

Checking:

$> sudo service nginx configtest
$> sudo service nginx start

We go to our server from a browser by IP or domain name. You should see the invitation “Welcome to nginx!”.

Add application configuration:

$> cd /opt/nginx/conf<br>
$> sudo su<br>
#> mkdir sites-available<br>
#> mkdir sites-enabled<br>
#> nano sites-available/rolling-on-rails.conf

Add there something like http://pastie.org/2625166 .

Include:

#>cd sites-enabled<br>
#> ln -s ../sites-available/rolling-on-rails.conf .

Restart:

#> service nginx reload

Go to rolling-on-rails.ru . If everything is done right, then enjoy our working application.

We clean the tails

Remove the remaining trash:

deployer@my-awesome-host$> rm -rf ~/rails-nginx-passenger-ubuntu
deployer@my-awesome-host$> exit

Remove the deployer user from the sudo group:

eugzol@my-awesome-host$> sudo nano /etc/group

A line similar to sudo: x: 27: eugzol, deployer is changed to sudo: x: 27: eugzol.

exit

We do other things while it works :)

PS This topic was written mainly by habrauser eugzol with my small additions, so it's better to send all questions and advantages to karma to him