Karol Galanciak - Ruby on Rails and Ember.js consultant

CentOS 6.4 Server Setup With Ruby on Rails, Nginx and PostgreSQL

Server setup with the entire environment for Rails applications can be quite tricky, especially when you do it for the first time. Here is step by step guide how to setup CentOS 6.4 server with a basic environment for deploying Rails applications. I encourage you to choose CentOS Linux - it is a reliable distro (well, based on Red Hat Enterprise Linux), easy to handle and doesn’t require advanced Unix knowledge like Gentoo (especially while updating system related stuff).

Initial setup

You need to ssh on your server:

1
ssh root@your-ip

Start with creating new user deploy:

1
adduser deploy

And create password for the new user:

1
passwd deploy

You shouldn’t use root user often, but you will need root privileges for performing many tasks, like installing stuff, so it is quite useful to edit sudo configuration - it will give deploy user an ability to perform all tasks which require root privileges by preceding command with sudo. Run:

1
visudo

find section that looks like that:

1
2
## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL

and add the following line:

1
deploy    ALL=(ALL)       ALL

If you are not familiar with Vi editor, you have to press a, and then you can type :). When you finish hit escape and type :wq!.

Enhance security - configure SSH

You can easily make your server more secure by editing SSH configuration. Type:

1
vi /etc/ssh/sshd_config

Here are some default options which you may change:

1
2
#Port 22
#PermitRootLogin yes

Default 22 port for SSH is not insecure, but changing it to some other value will make it more difficult to compromise your server by automated attacks. Pick any number less than 65536 and uncomment this line.

Another option is PermitRootLogin - change it to no to disable logging as root through ssh. You have root privileges by using sudo, so you don’t need to login as root anyway.

If you are going to create some more users, but you don’t want them to login through ssh, add following line:

1
AllowUsers deploy

When you are finished type:

1
/etc/init.d/sshd reload

Now, open NEW terminal window and check if everything works:

1
ssh -p new-port deploy@your-ip

Uhh, what was that IP?

You can avoid typing your IP number on every login by using named hosts, which is quite simple: create or edit ~/.ssh/config (on your local machine, not server) and add:

1
2
3
4
Host some-awesome-server-name
Hostname your-ip-number
User deploy
Port your-port

Now you can login on your server by:

1
ssh some-awesome-server-name

Amazing!

But you can also skip password - you have to generate authentication keys on your local machine:

1
ssh-keygen -t rsa

And that’s the entire output:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Generating public/private rsa key pair.
Enter file in which to save the key (/home/azdaroth/.ssh/id_rsa):
Created directory '/home/azdaroth/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/azdaroth/.ssh/id_rsa.
Your public key has been saved in /home/azdaroth/.ssh/id_rsa.pub.
The key fingerprint is:
d9:1c:0b:76:60:56:e0:af:cd:f3:93:c7:15:f5:dc:dc azdaroth@abyss
The key's randomart image is:
+--[ RSA 2048]----+
|        =o.      |
|       + .      .|
|        + o    o=|
|       . B o   .E|
|        S =     .|
|         +      .|
|        . +  o . |
|           oo o  |
|            .o   |
+-----------------+

What about the passphrase? It’s up to you. If you leave it blank, you can ssh on your server by just entering: ssh server-name and that’s all. Pretty nice, but if your local machine gets stolen, something really bad may happen with your server. So, you should enter a passphrase, at least on your laptop. The only downside of passphrase is that you will be asked to enter it on each login.

To finish setup on your server, enter the following commands:

1
2
3
4
mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Setting these permissions is essential and ssh will stop working if StrictModes is set in configuration (and probably is by default). Now, copy your PUBLIC key to authorized_keys file on your server:

1
  cat ~/.ssh/id_rsa.pub | ssh server-name "cat >> ~/.ssh/authorized_keys"

Installing prerequisites

You will need to install some libraries. Start with updates:

1
  sudo yum update

You will probably want to install some extra repositories (like Fedora Epel) to get some up-to-date packages. Run:

1
2
3
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
sudo rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

And enable remi repository:

1
sudo vi /etc/yum.repos.d/remi.repo

In [remi] section set the enabled option to 1.

1
2
3
4
5
6
7
[remi]
name=Les RPM de remi pour Enterprise Linux 6 - $basearch
#baseurl=http://rpms.famillecollet.com/enterprise/6/remi/$basearch/
mirrorlist=http://rpms.famillecollet.com/enterprise/6/remi/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

Now, you are going to install some packages, like RVM dependencies and other stuff.

1
sudo yum install git-core openssl openssl-devel subversion curl curl-devel gcc-c++ patch readline readline-devel zlib zlib-devel libyaml-devel libffi-devel  make bzip2 autoconf automake libtool bison sqlite-devel libxml2 libxml2-devel libxslt libxslt-devel libtool

RVM, Ruby and Rails

Now you can proceed to installing Ruby. We will use RVM - command-line tool, which makes managing multiple Ruby versions really easy. To install RVM enter:

1
\curl -L https://get.rvm.io | bash -s stable

Carefully read generated output. If everything is ok, run

1
2
source /home/deploy/.rvm/scripts/rvm
source ~/.bashrc

Make sure you have following lines in your ~/.bashrc file :

1
2
[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm"
PATH=$PATH:$HOME/.rvm/bin # Add RVM to PATH for scripting

To check if everything was installed properly enter:

1
type rvm | head -1

It should return something like: rvm is a function. If not, reload terminal session (simply log out and log in again).

And now you can install specified Ruby Version:

1
rvm install 2.1.0

Use installed Ruby version as the default one:

1
2
rvm use 2.1.0
rvm use 2.1.0 --default

Nice! You’ve successfully installed Ruby. Now, you can install Bundler and Rails.

1
gem install bundler rails

Nginx and Passenger

You will need an http server to run your applications. Nginx is fast, lightweight and easy to configure and Phusion Passenger module makes Nginx and Rails integration painless. Firstly, install Passenger gem:

1
gem install passenger

and then, install Nginx with compiled Passenger module:

1
rvmsudo passenger-install-nginx-module

Choose the recommended install mode.

Now, open the Nginx configuration file (/opt/nginx/cong/nginx.conf if you haven’t changed it during installation).

1
sudo vi /opt/nginx/conf/nginx.conf

Let’s change some default config. Change worker_processes to be equal to number of CPU cores. You can also enable gzip compression. Just add following lines:

1
2
3
gzip on;
gzip_vary on;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

Now setup your Rails application:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
server {
  listen       80;
  server_name  some-example.com;

  root /path-to-your-application/current/public;
  client_max_body_size 128M;
  passenger_enabled on;
  rails_env production;

  location ~ ^/(assets|images|javascripts|stylesheets|system)/ {
    expires max;
    add_header Cache-Control public;
  }
}

At the end it should look like that:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#user  nobody;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
  worker_connections  1024;
}


http {
  passenger_root /home/azdaroth/.rvm/gems/ruby-2.1.0/gems/passenger-4.0.35;
  passenger_ruby /home/azdaroth/.rvm/wrappers/ruby-2.1.0/ruby;

  include       mime.types;
  default_type  application/octet-stream;

  #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  #                  '$status $body_bytes_sent "$http_referer" '
  #                  '"$http_user_agent" "$http_x_forwarded_for"';

  #access_log  logs/access.log  main;

  sendfile        on;
  #tcp_nopush     on;

  #keepalive_timeout  0;
  keepalive_timeout  65;


  gzip on;
  gzip_vary on;
  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

  server {
    listen           80;
    server_name      localhost;

    location / {
      root   html;
      index  index.html index.htm;
    }

    error_page       500 502 503 504  /50x.html;
    location = /50x.html {
      root   html;
    }

  }

  server {
    listen       80;
    server_name  some-example.com;

    root /path-to-your-application/current/public;
    client_max_body_size 128M;
    passenger_enabled on;
    rails_env production;

    location ~ ^/(assets|images|javascripts|stylesheets|system)/ {
      expires max;
      add_header Cache-Control public;
    }
  }
}

You should also use a neat little script for easier Nginx management. Open the following file:

1
sudo vi /etc/init.d/nginx

copy & paste script below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemin
#
# chkconfig:   - 85 15 
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /opt/nginx/conf/nginx.conf
# pidfile:     /opt/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/opt/nginx/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"

lockfile=/var/lock/subsys/nginx

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    start
}

reload() {
    configtest || return $?
    echo -n $"Reloading $prog: "
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
  $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart|configtest)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
            ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
        exit 2
esac

and make it executable:

1
sudo chmod +x /etc/init.d/nginx

Now you can control Nginx by few commands:

1
2
3
4
5
6
sudo service nginx start
sudo service nginx stop
sudo service nginx reload
sudo service nginx restart
sudo service nginx status
sudo service nginx configtest

To add Nginx to the default run levels, enter:

1
sudo /sbin/chkconfig nginx on

ImageMagick

This part is optional, but you will probably need ImageMagick in some applications - it is a powerful software for creating, editing and converting images. The ImageMagick version available in repositories is probably outdated, so we will compile it from source.

Start with installing some delegates (you have to install them before compiling ImageMagick).

1
sudo yum install libjpeg libjpeg-devel libpng-devel libpng-devel freetype freetype-devel libtiff-devel jasper-devel bzip2-devel giflib-devel ghostscript-devel

And compile it:

1
2
3
4
5
6
7
8
wget http://www.imagemagick.org/download/ImageMagick.tar.gz
tar xvfz ImageMagick.tar.gz
cd ImageMagick-6.8.8-2
./configure
make
sudo make install
sudo ldconfig /usr/local/lib
make check

Export PATH variable:

1
export PATH=$PATH:/usr/local/bin

And check if everything works:

1
convert -version

You should get output similar to this:

1
2
3
4
Version: ImageMagick 6.8.8-2 2013-07-18 Q16 http://www.imagemagick.org
Copyright: Copyright (C) 1999-2013 ImageMagick Studio LLC
Features: DPC OpenMP
Delegates: bzlib freetype jng jp2 jpeg png ps tiff xml zlib

PostgreSQL

So, the last step is installing PostgreSQL. Firstly, you have to modify /etc/yum.repos.d/CentOS-Base.repo file:

1
sudo vi /etc/yum.repos.d/CentOS-Base.repo

and in both [base] and [updates] sections add the following line:

1
exclude=postgresql*

Now, install PostgreSQL repository and PostgreSQL itself:

1
2
sudo rpm -Uvh http://yum.postgresql.org/9.3/redhat/rhel-6-x86_64/pgdg-centos93-9.3-1.noarch.rpm
sudo yum install postgresql93 postgresql93-devel postgresql93-server postgresql93-libs postgresql93-contrib

You have to initialize database cluster before doing anything:

1
sudo /etc/init.d/postgresql-9.3 initdb

And you can start Postgres and add it do default run levels:

1
2
sudo service postgresql-9.3 start
sudo chkconfig --levels 235 postgresql-9.3 on

The very first thing you should do with Postgres is setting password for postgres user:

1
2
sudo su postgres
psql

Now, you are in psql console. To change password, enter:

1
alter user postgres with password 'postgres-user-password';

Logout from postgres user and modify /var/lib/pgsql/9.3/data/pg_hba.conf:

1
sudo vi /var/lib/pgsql/9.3/data/pg_hba.conf

At the bottom of the file change authentication method to md5:

1
2
3
4
5
6
7
8
# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     md5
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5

and restart Postgres:

1
sudo service postgresql-9.3 restart

To run psql console as deploy user just enter:

1
psql postgres postgres

and create a new user and database:

1
2
create user username with password 'secretPassword';
create database testdb owner=username;

And that’s it! Enjoy your server.

Comments