-
-
Save strangerxx/28603c7122e32d5f129b44c1d8f4879f to your computer and use it in GitHub Desktop.
Deploy Rails 5.2.1 to VPS(Ubuntu 18.04.1 LTS). Nginx mainline + pagespeed, Puma with Jungle, Capistrano3, PostgreSQL 11, RVM, Certbot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root# apt-get update | |
| root# apt-get upgrade | |
| // dependencies for Ruby | |
| root# apt-get install -y git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev \ | |
| libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev software-properties-common libffi-dev \ | |
| libpcre3-dev unzip | |
| // Node.js v7 | |
| root# curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash - | |
| root# apt-get install -y nodejs | |
| // Yarn | |
| root# curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - | |
| root# echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list | |
| root# sudo apt-get update && sudo apt-get install yarn | |
| // Postgresql 11 | |
| root# echo 'deb http://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main' > /etc/apt/sources.list.d/pgdg.list | |
| root# wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - | |
| root# apt-get update && apt-get install -y postgresql-11 libpq-dev | |
| // fix perl: warning: Setting locale failed. | |
| root# echo -e 'LANG="en_US.UTF-8"\nLC_ALL="en_US.UTF-8"\nLANGUAGE="en_US:en"' > /etc/default/locale | |
| // mainline nginx with stable ngx_pagespeed | |
| root# NPS_VERSION=1.13.35.2-stable | |
| root# wget -O- https://github.com/apache/incubator-pagespeed-ngx/archive/v${NPS_VERSION}.tar.gz | tar -xz | |
| root# nps_dir=$(find . -name "*pagespeed-ngx-${NPS_VERSION}" -type d) | |
| root# cd "$nps_dir" | |
| root# NPS_RELEASE_NUMBER=${NPS_VERSION/beta/} | |
| root# NPS_RELEASE_NUMBER=${NPS_VERSION/stable/} | |
| root# psol_url=https://dl.google.com/dl/page-speed/psol/${NPS_RELEASE_NUMBER}.tar.gz | |
| root# [ -e scripts/format_binary_url.sh ] && psol_url=$(scripts/format_binary_url.sh PSOL_BINARY_URL) | |
| root# wget -O- ${psol_url} | tar -xz # extracts to psol/ | |
| root# NGINX_VERSION=1.25.3 | |
| root# cd | |
| root# wget -O- http://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz | tar -xz | |
| root# cd nginx-${NGINX_VERSION}/ | |
| root# PS_NGX_EXTRA_FLAGS='--prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module' | |
| root# ./configure --add-module=$HOME/$nps_dir ${PS_NGX_EXTRA_FLAGS} | |
| root# curl -s https://raw.githubusercontent.com/apache/incubator-pagespeed-ngx/master/src/ngx_pagespeed.cc > ngx_pagespeed.cc | |
| root# cp ngx_pagespeed.cc incubator-pagespeed-ngx-1.13.35.2-stable/src/ | |
| root# make | |
| root# make install | |
| root# adduser --system --no-create-home --shell /bin/false --group --disabled-login nginx | |
| root# wget -O /etc/nginx/nginx.conf https://gist.githubusercontent.com/strangerxx/28603c7122e32d5f129b44c1d8f4879f/raw/nginx.conf | |
| root# mkdir /etc/nginx/sites-enabled | |
| root# mkdir /etc/nginx/sites-available | |
| root# mkdir /var/cache/nginx | |
| root# mkdir -p /var/ngx_pagespeed_cache | |
| root# chown nginx:nginx /var/ngx_pagespeed_cache | |
| root# wget -O /lib/systemd/system/nginx.service https://gist.githubusercontent.com/strangerxx/28603c7122e32d5f129b44c1d8f4879f/raw/nginx.service | |
| root# systemctl enable nginx.service | |
| // certbot | |
| root# apt install snapd | |
| root# snap install --classic certbot | |
| // deployer user in sudo group | |
| root# adduser deployer | |
| root# gpasswd -a deployer sudo | |
| // disable ssh root login, permit password login | |
| root# vim /etc/ssh/sshd_config | |
| EDIT: | |
| PermitRootLogin no | |
| PasswordAuthentication yes | |
| root# service ssh restart | |
| root# exit | |
| ssh deployer@server | |
| ssh-copy-id deployer@server | |
| ssh deployer@server | |
| // rvm, ruby 3.0.1, bundler | |
| deployer$ sudo apt-get install -y libgdbm-dev libncurses5-dev automake libtool bison libffi-dev | |
| deployer$ gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB | |
| deployer$ curl -sSL https://get.rvm.io | bash -s stable | |
| deployer$ echo "gem: --no-document" > ~/.gemrc | |
| deployer$ source ~/.rvm/scripts/rvm | |
| deployer$ rvm install 3.0.1 && rvm use 3.0.1 --default | |
| deployer$ gem install bundler | |
| // postgresql deployer user, project db | |
| deployer$ sudo su - postgres | |
| deployer$ createuser --pwprompt deployer | |
| deployer$ createdb -O deployer <<APP_DB_NAME>> | |
| deployer$ exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ADD TO Gemfile: | |
| group :development do | |
| gem 'capistrano' | |
| gem 'capistrano-rvm' | |
| gem 'capistrano-rails' | |
| gem 'capistrano3-puma' | |
| gem 'capistrano-nginx' | |
| gem 'capistrano-upload-config' | |
| gem 'sshkit-sudo' | |
| end | |
| RUN: | |
| your_app$ bundle install | |
| your_app$ cap install | |
| EDIT Capfile AS ATTACHED Capfile | |
| EDIT config/deploy.rb AS ATTACHED deploy.rb AND CHANGE VARIABLES IN IT | |
| RUN: | |
| your_app$ cp config/database.yml config/database.yml.example | |
| your_app$ cap production config:init | |
| your_app$ echo '/config/database.production.yml' >> .gitignore | |
| ssh deployer@server | |
| deployer$ echo 'RAILS_MASTER_KEY="<<YOUR_MASTER_KEY>>"' | sudo tee --append /etc/environment | |
| deployer$ sudo ln -s /bin/mkdir /usr/bin/mkdir | |
| deployer$ exit | |
| EDIT WITH YOUR PARAMETERS: | |
| /config/database.production.yml | |
| RUN: | |
| your_app$ rails g capistrano:nginx_puma:config | |
| EDIT OR LEAVE AS IS: | |
| config/deploy/templates/nginx_conf.erb | |
| config/deploy/templates/puma.rb.erb | |
| ADD RUBY-VERSION FILE FOR PUMA JUNGLE: | |
| your_app$ echo 'ruby-2.5.1' > .ruby-version | |
| GIT COMMIT AND PUSH CHANGES | |
| RUN: | |
| your_app$ cap production deploy | |
| CONGRATULATION! ALL DONE! | |
| CHECK YOUR RUNNIG SERVER! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Using ENV variables: | |
| store variables in /etc/environment like: | |
| export VAR_NAME=value |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'capistrano/setup' | |
| require 'capistrano/deploy' | |
| require 'capistrano/scm/git' | |
| install_plugin Capistrano::SCM::Git | |
| require 'capistrano/rvm' | |
| require 'capistrano/rails' | |
| require 'capistrano/puma' | |
| install_plugin Capistrano::Puma | |
| install_plugin Capistrano::Puma::Nginx | |
| install_plugin Capistrano::Puma::Systemd | |
| require 'capistrano/nginx' | |
| require 'capistrano/upload-config' | |
| require 'sshkit/sudo' | |
| Dir.glob('lib/capistrano/tasks/*.rake').each { |r| import r } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # config valid only for current version of Capistrano | |
| lock '3.8.1' | |
| set :application, '<<YOUR APPNAME>>' | |
| set :repo_url, '<<YOUR APP REPO>>' | |
| # ask :branch, `git rev-parse --abbrev-ref HEAD`.chomp | |
| set :user, 'deployer' | |
| server '<<YOUR SERVER>>', user: "#{fetch(:user)}", roles: %w{app db web}, primary: true | |
| set :deploy_to, "/home/#{fetch(:user)}/apps/#{fetch(:application)}" | |
| set :pty, true | |
| set :rvm_ruby_version, '2.4.1' | |
| append :linked_files, 'config/database.yml', 'config/puma.rb' | |
| append :linked_dirs, 'log', 'tmp/pids', 'tmp/cache', 'tmp/sockets', 'vendor/bundle', 'public/system', 'public/uploads' | |
| set :config_example_suffix, '.example' | |
| set :config_files, %w{config/database.yml config/secrets.yml} | |
| set :puma_conf, "#{shared_path}/config/puma.rb" | |
| namespace :deploy do | |
| before 'check:linked_files', 'config:push' | |
| #before 'check:linked_files', 'puma:jungle:setup' | |
| before 'check:linked_files', 'puma:nginx_config' | |
| #after 'puma:smart_restart', 'nginx:restart' | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| user nginx; | |
| worker_processes 1; | |
| error_log /var/log/nginx/error.log warn; | |
| pid /var/run/nginx.pid; | |
| events { | |
| worker_connections 1024; | |
| } | |
| http { | |
| include /etc/nginx/mime.types; | |
| default_type application/octet-stream; | |
| log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
| '$status $body_bytes_sent "$http_referer" ' | |
| '"$http_user_agent" "$http_x_forwarded_for"'; | |
| access_log /var/log/nginx/access.log main; | |
| sendfile on; | |
| #tcp_nopush on; | |
| keepalive_timeout 65; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
| ssl_ecdh_curve prime256v1:secp384r1; | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_session_tickets off; # Requires nginx >= 1.5.9 | |
| ssl_stapling on; # Requires nginx >= 1.3.7 | |
| ssl_stapling_verify on; # Requires nginx => 1.3.7 | |
| resolver 8.8.8.8 8.8.4.4 valid=300s; | |
| resolver_timeout 5s; | |
| add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; | |
| add_header X-Frame-Options DENY; # change to SAMEORIGIN for iframes | |
| add_header X-Content-Type-Options nosniff; | |
| gzip on; | |
| gzip_vary on; | |
| gzip_types application/ecmascript; | |
| gzip_types application/javascript; | |
| gzip_types application/json; | |
| gzip_types application/pdf; | |
| gzip_types application/postscript; | |
| gzip_types application/x-javascript; | |
| gzip_types image/svg+xml; | |
| gzip_types text/css; | |
| gzip_types text/csv; | |
| gzip_types text/javascript; | |
| gzip_types text/plain; | |
| gzip_types text/xml; | |
| gzip_http_version 1.0; | |
| pagespeed on; | |
| pagespeed FetchWithGzip on; | |
| # Needs to exist and be writable by nginx. Use tmpfs for best performance. | |
| pagespeed FileCachePath /var/ngx_pagespeed_cache; | |
| pagespeed ModPagespeedCreateSharedMemoryMetadataCache "/var/ngx_pagespeed_cache" 51200; | |
| pagespeed ModPagespeedFileCacheSizeKb 1024000; | |
| pagespeed LRUCacheKbPerProcess 8192; | |
| pagespeed LRUCacheByteLimit 16384; | |
| #pagespeed Disallow "*.svg*"; | |
| include /etc/nginx/sites-enabled/*; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=The NGINX HTTP and reverse proxy server | |
| After=syslog.target network.target remote-fs.target nss-lookup.target | |
| [Service] | |
| Type=forking | |
| PIDFile=/run/nginx.pid | |
| ExecStartPre=/usr/sbin/nginx -t | |
| ExecStart=/usr/sbin/nginx | |
| ExecReload=/usr/sbin/nginx -s reload | |
| ExecStop=/bin/kill -s QUIT $MAINPID | |
| PrivateTmp=true | |
| [Install] | |
| WantedBy=multi-user.target |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment