I really love this site I came across recently. They have free coupons for all kinds of stuff you can buy online; I used their coupon for eharmony and it worked beautifully. They have a great logo too. Check it out at CouponCodeHeaven.com <a href=http://www.couponcodeheaven.com>free coupons</a> 2008-08-01T08:55:11-04:00 431 home false 1 2010-03-11T06:49:42-05:00 137 See the topics below for ways to allow others to access your server. * AddingSubversionUsers * CreatingRestrictedUsers - use this in place of insecure FTP access. * We provide custom [http://www.essayontime.com/ essay writing service] to any student, who needs it. 2008-08-01T08:55:09-04:00 414 AllowingAccessToYourServer false 1 2010-02-12T15:22:50-05:00 24 6 To merge in changes Rails Machine has made to your code at GitHub, please follow these instructions * First, commit or stash any changes in your index. The following steps need to be performed in a clean working directory. <pre> <code> git status # On branch master nothing to commit (working directory clean) </code> </pre> * Next, you'll add a remote for Rails Machine's fork of your repository and fetch the latest changes <pre> <code> git remote add railsmachine git@github.com:railsmachine/your_repo.git git fetch railsmachine </code> </pre> * Now, merge railsmachine's changes back into master (or whichever branch you prefer to deploy from) and push. <pre> <code> git checkout master # switch to the 'master' branch git diff ..railsmachine/master # peview the changes git merge railsmachine/master # perform the merge git status # ensure there are no conflicts rake # run your test suite git push origin master # push to your origin </code> </pre> * If you wanted to merge these changes into another branch called "production", you'd perform the following steps: <pre> <code> git checkout production # switch to the 'production' branch git diff ..railsmachine/master # peview the changes git merge railsmachine/master # perform the merge git status # ensure there are no conflicts rake # run your test suite git push origin production # push to your origin </code> </pre> h2. Conflicts Please refer to the "git-merge documentation":http://www.kernel.org/pub/software/scm/git/docs/git-merge.html#_how_conflicts_are_presented for a great guide to git conflict resolution. 2009-04-03T15:46:00-04:00 506 MergingChangesFromGithub false 1 2010-01-25T15:58:29-05:00 3 Git is an alternative source code management tool that you may want to use instead of Subversion. These steps will allow you to install it with [http://www.eluneart.com|web design] on your CentOS 4 server. Things to consider: * Your server may already have it installed, so check before you get started by executing 'which git'. * Depending on the version of CentOS installed on your server, you may be able to install via yum: yum install git If you need to install git but don't see it in the yum repository- or simply need to run the latest version- use the following steps. *Note:* Be sure you've configured your server to use the RpmforgeRepository. <pre><code>sudo yum --enablerepo=rpmforge install xmlto curl curl-devel # check for the latest version at http://git.or.cz/ wget http://kernel.org/pub/software/scm/git/git-1.6.6.tar.gz tar xvzf git-*.tar.gz cd git-* make configure ./configure --prefix=/usr --without-tcltk make all sudo make install</code></pre> If you get this error while installing the curl-devel package: <pre><code> Error: Missing Dependency: libidn = 0.4.6-1.2.el5.rf is needed by package libidn-devel </code></pre> Then you may have a newer version of libidn which is stopping it from being installed. To solve this, remove libidn and try again. <pre><code> sudo yum remove libidn </code></pre> 2008-08-01T08:55:11-04:00 434 InstallingGit false 1 2010-01-13T12:54:35-05:00 15 h2. Upgrading from Source <pre><code> # install readline and ncurses sudo yum install -y readline readline-devel ncurses ncurses-devel # for ruby 1.8.7 wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p174.tar.bz2 tar xjvf ruby-1.8.7-p174.tar.bz2 cd ruby-1.8.7-p174 # for ruby 1.8.6 wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p369.tar.gz tar xzvf ruby-1.8.6-p369.tar.gz cd ruby-1.8.6-p369 # remove ruby from yum sudo yum remove -y ruby # complie your selected ruby ./configure --prefix=/usr --with-readline-dir=/usr/local --enable-shared make sudo make install cd .. # install RubyGems wget http://rubyforge.org/frs/download.php/60718/rubygems-1.3.5.tgz tar xfz rubygems-* cd rubygems-* sudo ruby setup.rb cd .. # recompile RubyGems sudo gem pristine --all # compiling mysql will probably fail. this should fix that sudo gem install mysql -- --with-mysql-config # restart your mongrels sudo /etc/init.d/mongrel_cluster restart </code></pre> 2008-08-01T08:55:16-04:00 477 UpgradingRuby false 1 2010-01-11T18:01:41-05:00 1 34 "Phusion Passenger":http://www.modrails.com/, or mod_rails/mod_rack, is an Apache module that greatly simplifies Ruby web application deployment. Before you can start using "Phusion Passenger":http://www.modrails.com/ you will need to install a few items on your existing RailsMachine virtual private server. This guide will walk you through the preparation of your RailsMachine, the installation of Phusion Passenger, and the conversion of your existing application to use Phusion Passenger. h2. Upgrading Ruby Gems If you are using a version of RubyGems before the 1.2 version release on your server you will need to <a href="/UpgradingRubyGems">upgrade</a> to avoid complications during the install. h2. Install Phusion Passenger and Ruby Enterprise Edition Execute the following commands from your deploy user account on your Rails Machine. <pre><code># make a place to do the install mkdir passenger_install cd passenger_install # download and start the installer wget http://assets.railsmachine.com/wiki/centos_passenger_install.sh sh centos_passenger_install.sh </code></pre> h2. Optional: Using Ruby Enterprise Edition Ruby Enterprise Edition comes with a set of pre-installed gems. You will need to install the gems that are missing from Ruby Enterprise Edition's line up. You must specify the path to Enterprise Ruby as it is not in your path. After you are done installing your gems, modify the /etc/httpd/conf.d/passenger.conf to use Ruby Enterprise Edition. <pre><code># re-install all of your regular-Ruby gems with Enterprise Ruby gem list | grep -v passenger | awk ' (NR != 1 && NR != 2 ) {print $1}' | xargs sudo /opt/ree/bin/gem install --no-ri --no-rdoc sudo /opt/ree/bin/gem install mysql -- --with-mysql-config </code></pre> <pre><code># change /etc/httpd/conf.d/passenger.conf to use Enterprise Ruby #LoadModule passenger_module /usr/lib64/ruby/gems/1.8/gems/passenger-2.2.8/ext/apache2/mod_passenger.so #PassengerRoot /usr/lib64/ruby/gems/1.8/gems/passenger-2.2.8 #PassengerRuby /usr/bin/ruby # Ruby Enterprise Edition settings LoadModule passenger_module /opt/ree/lib/ruby/gems/1.8/gems/passenger-2.2.8/ext/apache2/mod_passenger.so PassengerRoot /opt/ree/lib/ruby/gems/1.8/gems/passenger-2.2.48 PassengerRuby /opt/ree/bin/ruby </code></pre> h3. Restart Apache <pre><code>#restart apache sudo /etc/init.d/httpd restart # Check to see that Passenger loaded successfully sudo /usr/sbin/apachectl -t -D DUMP_MODULES 2>&1 | grep passenger # If it wasn’t listed in the step above, make sure that /etc/httpd/conf/httpd.conf contains this line: Include conf.d/*.conf </code></pre> h1. Capistrano and Passenger The following steps should be performed on your local development machine not on your Rails Machine. <pre><code># install lastest railsmachine gem (on your local machine) sudo gem install railsmachine # add :app_server option to your deploy.rb set :app_server, :passenger # switch to Passenger cap app:switch </code></pre> 2008-12-09T16:23:45-05:00 496 PhusionPassenger false 1 2009-12-17T11:11:19-05:00 1 65 "HAProxy":http://haproxy.1wt.eu/ is a *very fast* and highly configurable software TCP load balancer. HAProxy is extremely attractive as a reverse proxy in a Rails stack because of it's unique @maxconn 1@ configuration setting, allowing the user to specify that each mongrel gets only one request at a time. If you're still not convinced, note that HAProxy is currently used by "37Signals":http://www.37signals.com/svn/posts/1073-nuts-bolts-haproxy and <a href="http://twitter.com/pjhyett/statuses/931276775">GitHub</a>. This guide will help you install and configure HAProxy on your <nowiki>RailsMachine</nowiki>. h3. Impact to your website You can configure and test HAProxy without impacting any applications you may already have running. When you're ready to swap it in, you'll just need to restart Apache. The downtime to the outside world will be very brief. h3. Getting HAProxy The first step is to download, build and install HAProxy. We highly recommend version 1.3.15.4 or later. <pre><code>wget http://haproxy.1wt.eu/download/1.3/src/haproxy-1.3.15.4.tar.gz tar xvzf haproxy* cd haproxy* make TARGET=linux26 cp haproxy /usr/ sudo install --owner=root --group=root -m700 haproxy /usr/sbin/</code></pre> h3. Configuring the proxy server Download "this configuration file":http://gist.github.com/raw/25482/d39fb332edf977602c183194a1cf5e9a0b5264f9. At the bottom of the file, edit the *listen* section to use the correct mongrel ports. If you have more than one application, you can add additional *listen* blocks. For each additional *listen* block, increment the haproxy listen port (9000,9001,9002,etc) and adjust the mongrel ports for the application (8000, 8010, 8020,etc). Save the configuration to your server as /etc/haproxy.conf. Now save "this init script":http://s3.amazonaws.com/rmachine-signal-wiki/haproxy.sh to /etc/init.d/haproxy, then run: <pre><code>sudo chmod +x /etc/init.d/haproxy sudo chkconfig haproxy on sudo /sbin/service haproxy start </code></pre> Test your configuration before you continue (you might need to 'yum install -y curl'): <pre><code>curl localhost:9000</code></pre> You should see the HTML from the root URL of your application. If not, double check your settings and restart the proxy with <code>sudo /sbin/service haproxy restart</code> until you do. h3. Configuring Apache Once things seem to be working, you can update your Apache configuration. This will be located on your server at /etc/httpd/conf/apps/APPNAME.conf. If you configured the application as the default vhost, then it will be at /etc/httpd/conf/default.conf Be sure to backup your configuration just in case, and then: # Remove the mod_proxy_balancer that start with: <code><Proxy balancer://APPNAME_cluster></code> # Look for this line: <code>RewriteRule ^/(.*)$ balancer://APPNAME_cluster%{REQUEST_URI} [P,QSA,L]</code> # And change it to this: <code>RewriteRule ^/(.*)$ http://localhost:7001%{REQUEST_URI} [P,QSA,L]</code> Be sure to use the correct listen port for your application. In the haproxy configuration template, we use 8001 for the first application. Restart Apache to reload the configuration. <pre><code>sudo /sbin/service httpd restart</code></pre> h3. Proxy Statistics HAProxy provides a status page showing the health of your mongrels. To see your status page, visit http://yourapp.com/haproxy?stats. The username/password for the stats page are haproxy/stats in our configuration template - feel free to tweak this to your liking. h2. Health Checks In the provided configuration template, HAProxy will attempt to load the home page of your application _from each mongrel_ once every twenty seconds to verify that each mongrel is available for new requests. If your home page is cached or doesn't perform very well, you may perfer to install "pulse":http://github.com/jnewland/pulse. Pulse is a Rails plugin that provides a lightweight action intended soley for health checks. Once you install pulse, uncomment the following line in your HAProxy config: <pre><code>option httpchk GET /pulse</code></pre> Restart HAProxy to reload the configuration. <pre><code>sudo /sbin/service haproxy restart</code></pre> 2008-08-01T08:55:12-04:00 435 haproxy false 1 2009-12-17T10:58:54-05:00 1 27 Ruby Gems is used to install, update and remove Ruby libraries from your system. To update Ruby Gems on your server, use the following command: <pre><code> sudo gem update --system </code></pre> If this fails, follow these steps to upgrade it manually: <pre><code> wget http://rubyforge.org/frs/download.php/60718/rubygems-1.3.5.tgz tar xfz rubygems-* cd rubygems-* sudo ruby setup.rb cd .. </code></pre> 2008-08-01T08:55:17-04:00 478 UpgradingRubyGems false 1 2009-12-17T10:52:30-05:00 7 To allow Rails Machine staff to access your server, you'll need to add our SSH key to your list of authorized keys. To do so, please perform the following steps *from your server*: <pre><code> wget http://assets.railsmachine.com/wiki/rails@build.pub # download our key mkdir -p ~/.ssh # setup ssh directory chmod 0700 ~/.ssh # ensure permissions are setup right cat rails@build.pub >> ~/.ssh/authorized_keys # add our key to the authorized_list chmod 0600 ~/.ssh/authorized_keys # ensure permissions are setup right </code></pre> To perform some tasks on your server, we'll need sudo access. To avoid passing around your password, it's possible to enable passwordless sudo for the primary user. To do, SSH to your server and perform the following steps: <pre><code> sudo su - # change to the root user visudo # edit the sudoers file </code></pre> If the username you'd like us to SSH in is named 'deploy', you'd add the following line to the end of the sudoers file: <pre><code> deploy ALL = NOPASSWD: ALL </code></pre> Save the file, and you're done! Once this is all done, please provide us a list of the usernames and hostnames of all servers, and we'll confirm we can access them. 2009-08-19T14:18:42-04:00 511 AllowRailsMachineStaffAccessToYourServerViaSSHKeys false 1 2009-11-23T11:47:22-05:00 8 The Apache 2.2 rpms installed on your Rails Machine are incompatible with the PHP rpms available through yum. However, you can easily install PHP via source. *Note*: Installing PHP requires changing Apache's processing model. If you are planning to run Rails applications on this server, this may have a performance impact during periods of high traffic. Follow these steps as the deploy user on your server. <pre><code>sudo su - service httpd stop # Edit /etc/sysconfig/httpd and comment out: #HTTPD=/usr/sbin/httpd.worker service httpd start wget http://us3.php.net/get/php-5.2.11.tar.gz/from/www.php.net/mirror tar xzvf php-*.tar.gz cd php-5.* yum install flex httpd-devel libjpeg-devel libxml2-devel libpng-devel ./configure --with-apxs2=/usr/sbin/apxs --enable-xml --with-mysql --with-iconv --with-zlib --disable-magic-quotes --with-jpeg --with-jpeg-dir=/usr --with-gd #if you are on a 64-bit machine, add --with-libdir=/lib64 to your configure line make && make install # Edit /etc/httpd/conf/httpd.conf and under <IfModule mime_module> add this line: AddType application/x-httpd-php .php .phtml service httpd restart</code></pre> That's it! 2008-08-01T08:55:15-04:00 460 RunningPHP false 1 2009-11-20T12:53:42-05:00 4 h3. Why replication? Rails Machine servers have the benefit of nightly snapshots in case of data corruption or hardware failure. But what about the time between snapshots? If you want the ability to recover all of the data from your database- right up to the second before catastrophe stuck- then you'll need to set up database replication. The simplest type of replication to configure is master-slave replication. Should anything happens to the master server, you can promote the slave server to be the new master or dump the slave database and import it into a new server. Setting up database replication can seem like a daunting task. In this article, we're going to offer a detailed, mostly-painless description of configuring your servers for replication. h3. Getting the tools Apart from MySQL itself, the only tool we'll be using is <a href="http://www.percona.com/docs/wiki/percona-xtrabackup:start">XtraBackup</a> from "Percona":http://www.percona.com. Visit the XtraBackup "downloads page":http://www.percona.com/mysql/xtrabackup/ to find the latest version. If you cannot find precompiled binaries, download the source package and compile by following the <a href="http://www.percona.com/docs/wiki/percona-xtrabackup:howtobuild">build instructions</a>. If you are using 32bit CentOS, you can download binary files for version 0.7 "here":http://assets.railsmachine.com/other/xtrabackup.tar.gz. These are known to work for CentOS 4, but may work on new versions as well. You will need to have XtraBackup installed on both servers. h3. Replication overview To help you keep the overall process in mind as we walk through the steps, here is a high-level overview of what we'll be doing. For our example, we'll be assuming that there is a database server in use called db1 with IP address 10.0.0.20. This will be the _master_ in our replication scheme. We want to configure a new _slave_ server called db2 with IP address 10.0.0.21. # Verify the MySQL configuration on db1 # Obtain a consistent, 'clean' snapshot of the data on db1 # Obtain metadata about the snapshot- the log file and position # Allow access to data on db1 to db2 # Import the data on to db2 # Give db2 the connection details h3. Replicate! h4. Check settings Open your MySQL configuration on db1. In the @[mysqld]@ section, make sure you have a server-id and binary log options set. <pre> server-id=1 log-bin=db1-bin log-bin-index=db1-bin </pre> The names of the binary log files are not important, but it's a good idea to include the hostname. When you're configuring MySQL on db2, you would use a server-id of 2. If you make any changes to the database configuration, be sure to restart MySQL: <pre> sudo service mysqld restart # the service is called 'mysql' on debian/ubuntu </pre> h4. Snapshot the database *Important*: This backup process performs a 'hot' backup. This mean that, most likely, your application will be able to continue using the database with no side effects. However, the backup tool does need to identify the log file and position, and for this it will very briefly read-lock the database tables at the end of the process. If you are concerned that this may impact your application, you should wait for a period of low traffic or seek "outside help":http://support.railsmachine.com/help. On db1, run the following commands. <pre> mkdir /tmp/db1 cd /tmp/db1 innobackupex --user=root --password=<pass> . </pre> This may take a while to complete. When it does complete, you should see a confirmation that the process ended successfully that looks something like this: <pre> innobackupex: Backup created in directory '/tmp/db1/2009-06-09_15-00-09' innobackupex: MySQL binlog position: filename 'db1-bin.000001', position 3456 090602 15:21:11 innobackupex: innobackup completed OK! </pre> Note the binlog filename (db1-bin.000001) and position (3456). You will need these later to tell db2 where to restart the replication process. h4. Grant access to db2 Now we need to log in to MySQL on db1 and grant replication privileges to a user from db2. Run the following commands on db1, setting your own username and password: <pre> # mysql -uroot -p<password> mysql> grant replication slave on *.* to 'repl'@'10.0.0.21' identified by 'sekrit_password'; mysql> exit; </pre> h4. Import data snapshot on db2 There are any number of ways to get the data copied from db1 to db2 but for this example, we'll use scp. On db1: <pre> scp -r /tmp/db1 user@10.0.0.21: </pre> This will copy the db1 backup to the home directory of your user on db2. Now on db2, make sure the database is stopped, move aside any existing MySQL data, and replace it with the export from db1. You also need to apply the logs that XtraBackup created. <pre> sudo su - # become root service mysqld stop # the service is called 'mysql' on debian/ubuntu mv /var/lib/mysql /var/lib/mysql.old mv /home/user/db1 /var/lib/mysql chown -R mysql.mysql /var/lib/mysql cd /var/lib/mysql innobackupex --apply-log . service mysqld start </pre> Check your MySQL log files to verify that the database has started normally. h4. Connect to db1 from db2 The only task remaining is to tell db2 how to connect to db1 and replicate changes to the database as they happen. Run the following on db2, replacing the filename and position with the values you noted from the db1 snapshot: <pre> mysql -uroot -p<password> mysql> change master to master_host = '10.0.0.20', master_user = 'repl', master_password = 'sekrit_password', master_log_file = 'db1-bin.000001', master_log_pos = 3456; mysql> start slave; mysql> show slave status\G; # the \G changes the format for better readability </pre> The very last line of the slave status report should show the seconds_behind_master. On subsequent runs, this number should decrease. *Troubleshooting*: If the seconds_behind_master is NULL- and remains that way after running 'show slave status\G;' a few times- then you may have some debugging to do. Look up higher in the report and there should be details. Make sure you used the correct replication username, password, log file and position. Also, make sure there's not a firewall blocking your connection. h4. Success! Once @seconds_behind_master@ is 0, your slave database is fully caught up. Congratulations! You have increased your resiliency against disaster and given everyone involved a little peace of mind. One last bit of advice: this is a read-only slave, you shouldn't be doing any writes on db2. If you do, you'll likely break replication and there may not be an easy way to get it started without going through all of this again. 2009-06-09T18:00:15-04:00 508 DatabaseReplication false 1 2009-10-13T11:00:11-04:00 9 Here's an easy way to perform nightly live backups of your database. This is a live backup, and it shouldn't have any impact on your application. This technique is safe for both Innodb and MyISAM tables. First, you'll need to install <a href="http://www.percona.com/docs/wiki/percona-xtrabackup:start">XtraBackup</a> from "Percona":http://www.percona.com. Visit the XtraBackup "downloads page":http://www.percona.com/mysql/xtrabackup/ to find the latest version. If you cannot find precompiled binaries, download the source package and compile by following the <a href="http://www.percona.com/docs/wiki/percona-xtrabackup:howtobuild">build instructions</a>. If you are using 32bit CentOS, you can download binary files for version 0.7 "here":http://assets.railsmachine.com/other/xtrabackup.tar.gz. These are known to work for CentOS 4, but may work on new versions as well. Now you can create a timestamped, compressed copy of your database: <pre> innobackupex --user=root \ --password=sekrit \ --stream=tar ./ | \ gzip - > backup.`date +%m%d%Y%H%M%S`.tar.gz </pre> If your root password is blank, leave out the password option. If you're using Ubuntu or another system where the MySQL configuration is not at @/etc/my.cnf@, then you'll need to specify the path to the defaults file by passing the option @--defaults-file=/etc/mysql/my.cnf@ Should you ever need to restore a backup, stop MySQL, move aside your existing MySQL data directory and unzip this tarball in its place: <pre> service mysql stop mv /var/lib/mysql /var/lib/mysql.old mkdir /var/lib/mysql mv /path/to/backup.tar.gz /var/lib/mysql cd /var/lib/mysql tar xzfi backup.tar.gz innobackupex --apply-log chown -R mysql.mysql /var/lib/mysql service mysql start </pre> 2009-06-11T15:59:37-04:00 509 NightlyDatabaseBackupsWithXtrabackup false 1 2009-09-25T04:41:09-04:00 6 <a href="http://seattlerb.rubyforge.org/ImageScience.html">ImageScience</a> is a clean and happy Ruby library that generates thumbnails -- and kicks the living crap out of <nowiki>RMagick</nowiki>. Oh, and it doesn't leak memory like a sieve. :) h2. Installing <nowiki>ImageScience</nowiki> on <nowiki>CentOS</nowiki> 4/5 <pre> <code> #install requirements sudo yum install -y cvs gcc-c++ #login to the FreeImage CVS server #when prompted for a password, hit enter cvs -z3 -d:pserver:anonymous@freeimage.cvs.sourceforge.net:/cvsroot/freeimage login #checkout FreeImage #this will take a ridiculously long time, thanks to CVS cvs -z3 -d:pserver:anonymous@freeimage.cvs.sourceforge.net:/cvsroot/freeimage co -D 2007-01-01 -P FreeImage cd FreeImage #compile FreeImage make PATH=$PATH:/sbin sudo make install #install ImageScience gem sudo gem install image_science #install RubyInline sudo gem install RubyInline </code> </pre> If you're on a 64-bit OS (uname -i) you'll need to checkout from 2007-02-11 instead of 2007-01-01 in the directions above. You might get these errors otherwise: <pre> <code> /usr/bin/ld: ./Source/FreeImage/BitmapAccess.o: relocation R_X86_64_32S against `a local symbol' can not be used when making a shared object; recompile with -fPIC </code> </pre> or <pre> <code> Source/Metadata/Exif.cpp:498: error: cast from 'BYTE*' to 'DWORD' loses precision make[1]: *** [Source/Metadata/Exif.o] Error 1 </code> </pre> 2008-08-11T10:15:44-04:00 488 InstallingImageScience false 1 2009-09-11T23:03:19-04:00 15 To get the latest and greatest version of ImageMagick, you'll want to compile from source rather than using yum to update it. Don't worry, it's easy. Run these steps on your server: <pre><code>sudo su - # uninstall old ImageMagick yum remove ImageMagick # get new ImageMagick sources wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick.tar.gz # untar tar -zxvf ImageMagick*.tar.gz cd ImageMagick* # build and install ./configure --disable-openmp make make install # fix problem with rmagick not finding ImageMagick libraries echo /usr/local/lib >> /etc/ld.so.conf.d/ImageMagick.conf ldconfig # test ImageMagick (should not report an error, may want to scp over and check that it is a valid image) convert logo: logo.png # update rmagick gem install rmagick # finally, test rmagick ruby -rrubygems -e "require 'RMagick2'; puts Magick::Long_version;"</code></pre> 2008-08-01T08:55:16-04:00 475 UpgradingImageMagick false 1 2009-09-11T12:42:07-04:00 1 4 Please check out the "official deployment guide":https://support.railsmachine.com/index.php?pg=kb.page&id=12 in our Knowledge Book. 2008-08-01T08:55:08-04:00 407 5MinuteDeployment false 1 2009-09-09T07:22:53-04:00 8 If you are trying to connect to your database from a physically separate application server, see CommunicationsWithinTheCluster To access your mysql database remotely- i.e. from anything but a shell on your server- you'll need to tunnel traffic via ssh. In Linux or Mac OS X this is accomplished easily: <pre><code>ssh -f -N -L 8888:127.0.0.1:3306 deploy@your-account.railsmachina.com</code></pre> This will setup a tunnel from port 8888 on your local machine to port 3306 (the default mysql port) on your server. You can then connect to mysql using 'localhost' as the host and '8888' as the port. Using the command line client: <pre><code>mysql --user database_user --password --port 8888 --protocol=TCP database_name</code></pre> On Windows, you can create tunnels using putty or with ssh in cygwin. 2008-08-01T08:55:10-04:00 424 ConnectingToMySQL false 1 2009-08-28T09:23:42-04:00 4 Occasionally, you may find that you have a process or cron job that is using up too much RAM or hogging all of the CPU for extended periods of time. One way to deal with this is to use <code>ulimit</code> to set limits on the resources that a process is allowed. For example, if you have a memory intensive cron job that runs every minute, you could ensure that it doesn't use more than 32M (32*1024 kbytes) of RAM You can do that easily: <pre> * * * * * ulimit -v 32768 && /bin/memory_hog </pre> 2009-07-01T12:45:01-04:00 510 LimitResourceUsage false 1 2009-07-01T12:46:44-04:00 9 4 Be sure to check out "Red Hat's excellent guide":http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/index.html to managing a Red Hat based system. * DatabaseReplication * NightlyDatabaseBackupsWithXtrabackup * ReceivingMail * UpdatingYourServer * UpgradingRubyGems * SchedulingTasksWithCron * SettingUpNFS * SettingTheServerTimezone * SshSecurity * CreatingRestrictedUsers * InstallingPostgresql * MonitoringProcesses * AddingSubversionUsers * UpgradingImageMagick * AboutBackups * UsingDkimEmailAuthentication * CachingDnsRequests * LimitResourceUsage 2008-08-01T08:55:13-04:00 444 LinuxAdministration false 1 2009-07-01T10:22:24-04:00 9 12 If you are using Phusion Passenger with ImageMagick you may have problems with Passenger not being able to find the ImageMagick libraries. If you see '/usr/local/bin/identify: error while loading shared libraries: libMagick.so.10: cannot open shared object file: No such file or directory' in your logs, use these settings in your Apache vhost to help Passenger locate what is needed. Be sure to use the proper path to the installed version of ImageMagick in the steps below. Before you get started, make sure you're using the latest version of Passenger. If you need help upgrading or installing Passenger on a CentOS server, visit our instructions for PhusionPassenger h3. Modify your Vhost Add these to your application vhost. It can go right after the VirtualHost start tag. *NOTE*: You may need to adjust the paths for your server's architecture or for the version of ImageMagick you're using. <pre><code>SetEnv LD_LIBRARY_PATH /usr/local/lib SetEnv MAGICK_HOME /usr/local/lib/ImageMagick-6.4.7 SetEnv DYLD_LIBRARY_PATH $MAGICK_HOME/lib SetEnv PATH $MAGICK_HOME/bin:/usr/local/bin/:$PATH </code></pre> h3. Restart Apache <pre><code>sudo service httpd restart</code></pre> 2008-12-17T21:32:14-05:00 498 phusion-passenger-with-imagemagick false 1 2009-06-30T14:42:10-04:00 9 7 Nobody likes 2 Gig Rails log files. Put this into /etc/logrotate.d/mongrel : <pre><code> "/var/www/apps/*/shared/log/mongrel*log" "/var/www/apps/*/shared/log/production*log" { daily rotate 7 compress missingok sharedscripts postrotate /etc/init.d/mongrel_cluster restart endscript } </code></pre> Make sure logrotate is installed: @sudo yum install -y logrotate@ This says your logs will be kept for 7 days, compressed, and that your mongrel_cluster will be restarted afterwards. Check the "man page":http://www.linuxcommand.org/man_pages/logrotate8.html for more options. 2008-08-01T08:55:14-04:00 457 RotatingApplicationLogs false 1 2009-06-12T09:20:28-04:00 9 3 First you need to generate an RSA key file: <pre><code>openssl genrsa -out domainname.key 1024</pre></code> This will create a key file without requiring a passphrase everytime you start your web server. Using the key file, you can now create your CSR (Certificate Signing Request) file: <pre><code>openssl req -new -key yourdomain.com.key -out yourdomain.com.csr</pre></code> You will be prompted for the following: h3. Country Name (2 letter code) [AU]: US (must be two letter country code, note for United Kingdom the country code must be GB and NOT UK) h3. State or Province Name (full name) [Some-State]: The state or province where your organization is legally located. This cannot be abbreviated and must be entered in full. h3. Locality Name (eg, city) []: The city where your organization is legally located. h3. Organization Name (eg, company) [Internet Widgits Pty Ltd]: The exact legal name of your organization. Do not abbreviate your organization name. h3. Organizational Unit Name (eg, section) []: Section of the organization, such as Marketing or Web Development. h3. Common Name (eg, YOUR name) []: The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.yourdomain.com, then your CSR's common name must be www.yourdomain.com. If you applying for a wildcard certificate to secure all sub domains on your domain, the common name must be *.yourdomain.com. h3. Email Address []: Leave this field blank by just pressing return. h3. A challenge password []: Leave this field blank by just pressing return. h3. An optional company name []: Leave this field blank by just pressing return. After the csr is generated you can send the contents to your SSL provider by dumping the contents and then copy and paste: <pre><code>cat yourdomain.com.csr</pre></code> You can then move the key and csr to /etc/httpd/conf/ssl.key and /etc/httpd/conf/ssl/csr. Once you get the key you will place it in /etc/httpd/conf/ssl.key. Your provider will also send you instructions for using an Intermediary Certificate. Once you get your certificate you can then follow the instructions for setting up SSL on your webserver: http://wiki.railsmachine.com/SettingUpSSL 2009-04-28T10:13:43-04:00 507 new false 1 2009-04-28T10:22:28-04:00 14 10 multiple 2009-03-12T17:45:10-04:00 505 search false 1 2009-03-12T17:45:10-04:00 1 Rails Machine takes pride in using reliable hardware, but problems can happen, and you should be prepared for them. Your machine's data sits on a RAID 10 drive array, which does mitigate some of the risk. In addition, Rails Machine takes daily snapshots of each server in case of catastrophic failure. But none of this is a replacement for having good backups within reach in case an important file or directory is accidentally deleted or becomes corrupted. What should you back up? This depends on what you're running on your machine, but for a basic Rails application, you'll need backups of your database and of your SVN repository. Maybe a copy of the current running version would be a good idea as well. Please note: Backup storage is not included in all plans. Please see your plan details for more information. If your plan does include backup storage, you will have a RAID 10 network drive mounted on /backup/storage. You are free to use this for your backups, or you can pull files from your Rails Machine to some off-site backup of your choice. Whether this be a computer at your home or office, possibly then burned to a CD or DVD, it's up to you. To back up your database, assuming you're using the default of mysql, use the mysqldump script. It's usually a good idea to compress the output, since it tends to be verbose and can get very large very quickly: <pre><code>mysqldump -u deploy -p mydatabasename | gzip - > mydatabasename-backup.sql.gz</code></pre> Backing up your SVN repository can be done by one of two methods, described at http://svnbook.red-bean.com/nightly/en/svn.reposadmin.maint.html#svn.reposadmin.maint.backup. The backup script described is on your Rails Machine at <code>/usr/share/doc/subversion-1.2.1/tools/backup/hot-backup.py</code>. Whichever method you choose, you can use the /backup/storage directory as the destination or you can move the file off of your server with scp/sftp. h2. Offsite backups In the event of meteor, both your server and the backup server will be converted to dust. If you'd like to add offsite backups of your database and other important files, we suggest uploading a backup of your database, repository and any files uploaded by your users to Amazon S3. Here's are some rake tasks and tips to get you started. http://www.rubyinside.com/advent2006/15-s3rake.html Once you get that working, just create a cron job and your app will be safe no matter how much of the East Coast is obliterated. 2008-08-01T08:55:08-04:00 408 AboutBackups false 1 2009-02-27T11:14:22-05:00 3 h3. Database user name In older versions of Rails you might have used a configuration like this in your database.yml: <pre><code> production: adapter: mysql database: myapp_production user: myapp_productionn password: sekrit host: localhost </code></pre> In newer versions, be sure to use "username" or you're likely to see errors when 'root' tries to log in to mysql. h3. Nokogiri You may run into problems trying to install the nokogiri gem. The error might look like this: <pre><code> make gcc -fPIC -O0 -g -march=i386 -mcpu=i686 -Wall -fPIC -g -DXP_UNIX -O3 -Wall -Wcast-qual -Wwrite-strings -Wconversion -Wmissing-noreturn -Winline -I. -I/usr/lib/ruby/1.8/i386-linux -I/usr/lib/ruby/1.8/i386-linux -I. -c html_document.c In file included from ./html_document.h:4, from html_document.c:1: ./native.h:7:27: libxml/parser.h: No such file or directory ./native.h:8:26: libxml/xpath.h: No such file or directory ./native.h:9:35: libxml/xpathInternals.h: No such file or directory ./native.h:10:30: libxml/xmlreader.h: No such file or directory ./native.h:11:31: libxml/HTMLparser.h: No such file or directory ./native.h:12:29: libxml/HTMLtree.h: No such file or directory In file included from ./native.h:15, # many more below </code></pre> Use the steps below to get it to compile. <pre><code> yum install -y libxml2 libxml2-devel sudo ln -s /usr/include/libxml2/libxml /usr/include/libxml ldconfig gem install nokogiri </code></pre> 2009-02-11T11:15:09-05:00 504 Gotchas false 1 2009-02-12T15:59:53-05:00 4 There are a couple of ways to add more svn users. The simplest (especially if you trust your users) is to just add a shell account for each user, giving them access to the 'deploy' group. <pre><code>adduser <username> usermod -a -G deploy <username></code></pre> Make sure your repository is group writable: <pre><code>chmod -R g+w /var/www/apps/your_app/repos</code></pre> New users will access the repository via the same svn+ssh url that you already do. Another, possibly more secure way is "described in the SVN book":http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.sshtricks. It involves setting up SSH to differentiate between public key files used to authenticate, and to run the svnserve command automatically with the correct username passed to it. 2008-08-01T08:55:09-04:00 412 AddingSubversionUsers 1 2009-02-10T14:31:34-05:00 9 2 This page has moved. You can find it here: http://wiki.railsmachine.com/haproxy- 2009-02-09T15:04:43-05:00 503 InstallingHaproxy false 1 2009-02-09T15:23:41-05:00 3 If you want to run SSH on a port other than the standard port 22, you can make the following change. <pre> $ sudo vi /etc/ssh/ssh_config: # Comment out or changeg the Port directive #Port 22 Port 9022 </pre> Now, restart sshd. <pre> $ sudo /sbin/service sshd restart </pre> For subversion to work on this new port, edit ~/.ssh/config on your local system and create an entry like this: <pre> Host youraccount.railsmachina.com Port 9022 </pre> You should now be able to ssh to your server or run svn update as if nothing had changed. If you want to get fancy, you can create an easy alias for your server: <pre> Host myserver Port 9022 User deploy HostName youraccount.railsmachina.com </pre> Now you can connect to the server with 'ssh myserver'- the username, port, and hostname will be read from your ssh config. *NOTE:* If you do this be sure to relocate your svn repository on your local dev system to the new, shorter URL or it may not work: <pre> cd /path/to/project svn switch --relocate svn+ssh://deploy@youraccount.railsmachina.com/var/www/apps/yourapp/repos/trunk svn+ssh://myserver/var/www/apps/yourapp/repos/trunk </pre> 2008-11-25T11:03:52-05:00 493 SshOnAlternatePorts false 1 2009-02-06T23:37:40-05:00 7 IPTables is quick and easy to install, and it's a great way to lock down your server. Here's a quick start that will give you access to the server only for ssh, web, and email traffic. <pre><code> sudo su - # to become root yum install iptables # GROUND RULES: Allow established TCP traffic iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT # ALLOW: ssh, smtp, http, https, pings, local traffic iptables -A INPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A INPUT -s 127.0.0.1 -j ACCEPT # REJECT: anything that wasn't explicitly allowed iptables -A INPUT -j REJECT iptables -A FORWARD -j REJECT # Save rules so they'll be used after reboots service iptables save </code></pre> That's should give you a nice and secure system, but there are times you need to make exceptions. For instance, what if you have separate web server and database servers? You don't want to allow everyone in, but you will need to allow the web server to connect to the mysql port, 3306, on your database server. You can do that with a rule like this: <pre><code> iptables -A INPUT -p tcp -s <source address> -d <destination address> --dport 3306 -j ACCEPT </code></pre> In our example, the source address would be the private address of your web server, and the destination address would be the private address of the db server. Use 'ifconfig eth1' on the servers to double-check your private address. You can easily tailor this command to only allow ssh or web traffic from certain IP addresses. Be sure to run *service iptables save* as root to save your rules after you make changes. If you mess up, you can flush all rules and start over with *<code>iptables --flush</code>*, or you can delete a rule by changing the *-A* to *-D*, e.g. <pre><code> iptables -A INPUT -s 120.23.210.33 -p tcp --dport 22 -j ACCEPT # Ooops. Typo in the source address. Delete it and try again: iptables -D INPUT -s 120.23.210.33 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -s 120.23.210.32 -p tcp --dport 22 -j ACCEPT </code></pre> It is also worth noting that you may experience issues related to scp and rsync with large files being copied from the server running iptables. If you find that your process is reporting "stalled", you may need to temporarily disable iptables or add a static entry for the destination ip address. 2008-12-03T16:37:28-05:00 494 FirewallingWithIptables false 1 2009-02-03T16:00:05-05:00 14 8 If you need your application to respond to several different domain name there are two ways to accomplish this. In either case, you first need to add a DNS record so that the new domain or subdomain points to your server's IP address. h2. Using Capistrano If you're not using SSL, you can let Capistrano make the change for you. On your development computer, edit your app's deploy.rb and change this line: <pre><code># set :apache_server_aliases, %w{alias1 alias2}</pre></code> to this: <pre><code>set :apache_server_aliases, %w{ yournewdomain.com www.younewdomain.com}</pre></code> Add as many aliases as you need. Then re-write your apache configuration by running this: <pre><code>cap web:setup web:restart</code></pre> h2. Editing Apache Configuration If you are using SSL, the safest method is to edit the Apache configuration manually on the server: <pre><code>vi /etc/httpd/conf/apps/yourapp.conf</pre></code> Look for the two lines in the file that start with ServerAlias. Add your new domain(s) like this: <pre><code>ServerAlias yournewdomain.com www.yournewdomain.com</pre></code> Save the file, then restart Apache <pre><code>sudo /sbin/service httpd restart'</pre></code> 2008-12-15T16:58:29-05:00 497 ApacheServerAlias false 1 2009-01-19T15:09:12-05:00 9 3 The GNU Debugger can be a very powerful tool for debugging stuck processes in your application. For some ideas check out some tips from Jamis Buck: http://weblog.jamisbuck.org/2006/9/22/inspecting-a-live-ruby-process http://weblog.jamisbuck.org/2006/9/23/inspecting-a-live-ruby-process-day-2 http://weblog.jamisbuck.org/2006/9/25/gdb-wrapper-for-ruby Mauricio Fernandez chimed in with his own tips: http://eigenclass.org/hiki.rb?ruby+live+process+introspection You can grab Mauricio's ruby gdb script and start using it with the snippet below: <pre><code> mkdir -p ~/.gdb wget -O ~/.gdb/ruby assets.railsmachine.com cat <<-HERE >> ~/.gdbinit define session-ruby source ~/.gsb/ruby end HERE </code></pre> For now, we'll work with the Jon Leighton's gdb/irb wrapper, based on Jamis' wrapper: <pre><code> sudo gem install rgdb $ rgdb <pid> irb(main):001:0> gdb.backtrace.each { |line| puts line } </code></pre> 2009-01-15T11:40:20-05:00 502 gdb true 1 2009-01-15T11:40:20-05:00 9 1 To install the latest version of the Java Development Kit on your CentOS server follow these steps Start here: http://java.sun.com/javase/downloads/index.jsp Click "Get the JDK Download" and then select Linux as the OS. Download the rpm.bin package for your architecture. Below we're assuming the x86, version 6 update 17 package so you might need to edit the commands slightly. Double check the architecture on the server by running 'uname -i'. <pre><code> $ chmod +x jdk-6u17-linux-i586-rpm.bin $ ./jdk-6u17-linux-i586-rpm.bin $ sudo rpm -Uvh jdk-6u17-linux-i586.rpm $ java -version java version "1.6.0_17" </code></pre> 2009-01-12T14:21:18-05:00 501 java false 1 2009-01-12T14:21:18-05:00 9 1 Apache's rewrite rules allow you to change an incoming request for different reasons- perhaps because a page moved or your site layout changed. Here are some examples of how you can use rewrite rules in your site. After you make any changes to your apache configuration, be sure to restart apache. On CentOS, you do this with <pre><code> sudo /sbin/service httpd restart </code></pre> h3. HTTP_HOST Rewriting For various reasons you may want to redirect all of your traffic to a single subdomain. For example, you "might want to":http://no-www.org send all traffic for www.mydomain.com to mydomain.com. To do that, add this to your apache configuration. You'll usually want to put it inside the <code>VirtualHost</code> context. <pre><code> RewriteEngine On # You might already have this line RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] RewriteRule ^(.*)$ http://%1/$1 [R=301,L] </code></pre> 2008-12-30T10:59:56-05:00 500 ApacheRewriteRules false 1 2008-12-30T11:07:12-05:00 9 8 If you get an error like this when trying to upload files via FTP: <pre><code> A Net::FTPTempError occurred in some_class#some_method: 425 Unable to build data connection: Connection timed out /usr/lib/ruby/1.8/net/ftp.rb:241:in `getresp' </code></pre> You may notice that a blank file is created on the remote server, but the data is never transferred. To solve, try using passive mode: <pre><code> ftp = Net::FTP.open("ftp.domain.com") do |ftp| ftp.login ftp.passive = true # do ftp stuff end </code></pre> 2008-12-18T10:59:47-05:00 499 FtpTempError false 1 2008-12-18T11:00:31-05:00 9 3 h2. Getting a certificate The first step is to get your SSL certificate. There are tons of places you could get one from- Rapid SSL, Verisign, Go Daddy, just to name a few. Many places will even give you a free certificate to try before you buy. If you're using the application internally only or just don't care about warnings from the browser, you can even generate your own. Use the certificate provider's instructions for Apache 2. *NOTE*: when generating a key for a Certificate Signing, ensure you don't add a passphrase to the key. If prompted for one, press enter for a blank passphrase. h2. Copy the certificate to your server <pre> <code> scp *.crt deploy@yourdomain.railsmachina.com:~/ </code> </pre> h2. SSH to your Server <pre> <code> ssh deploy@yourdomain.railsmachina.com </code> </pre> h2. Install mod_ssl <pre> <code> sudo yum install mod_ssl </code> </pre> h2. Create needed directories <pre> <code> sudo mkdir -p /etc/httpd/conf/ssl.crt/ sudo mkdir -p /etc/httpd/conf/ssl.key/ </code> </pre> h2. Move the certificates and keys to the newly created directories <pre> <code> sudo mv *.crt /etc/httpd/conf/ssl.crt/ sudo mv *.key /etc/httpd/conf/ssl.key/ </code> </pre> h2. Backup your existing Apache VHost Config <pre> <code> sudo mv /etc/httpd/conf/apps/your_app.conf /etc/httpd/conf/apps/your_app.conf.orig </code> </pre> h2. Obtain our Apache vhost template <pre> <code> wget http://assets.railsmachine.com/wiki/ssl_vhost.conf sudo mv apache_ssl_vhost /etc/httpd/conf/apps/your_app.conf </code> </pre> h2. Customize the Apache VHost Template *NOTE*: This config template handles both SSL and non-SSL for the same Rails application. Note that this binds your IP address to this virtual host. If you have other applications on the server you will need to request an additional IP address. <pre> <code> sudo vim /etc/httpd/conf/apps/your_app.conf </code> </pre> * Substitute your IP address, domain name and application name where needed. * Make sure you have the correct number of balance members- one for each mongrel (2 by default). * Verify the paths to your server certificate and server private key are correct. * Ensure any customizations you may have made to @/etc/httpd/conf/apps/your_app.conf.orig@ are copied over to @/etc/httpd/conf/apps/your_app.conf@ * If your SSL certificate came with an 'Intermediate Certificate', move that file to @/etc/httpd/conf/ssl.crt/@ and add the following lines below the @SSLCertificateFile@ line: <pre> <code> # Intermediate Certificate SSLCACertificateFile /etc/httpd/conf/ssl.crt/DigiCertCA.crt </pre> </code> h2. Restart Apache <pre> <code> sudo /sbin/service httpd restart </code> </pre> If httpd fails to restart, please "submit a support request":https://support.railsmachine.com/index.php?pg=request with the error that you received, your domain name (yourdomain.railsmachina.com) and your @deploy@ user's password and we'll help you debug the error. 2008-08-01T08:55:15-04:00 466 SettingUpSSL false 1 2008-12-16T11:52:23-05:00 9 8 All Rails Machine VPS plans are protected by a shared Cisco firewall. All incoming ports are blocked except ssh, dns, ftp, http/https, smtp, imap, pop3, and 8000-10000. You can close down additional ports using [[FirewallingWithIptables|iptables]]. To access ports on your server that are firewalled, the best approach is to use ssh to tunnel the connection to your local computer. See ConnectingToMySQL for an example. 2008-08-01T08:55:09-04:00 410 AboutFirewalls false 1 2008-12-03T16:04:04-05:00 9 3 <pre><code>sudo yum install pcre-devel wget http://sysoev.ru/nginx/nginx-0.5.35.tar.gz tar xvzf nginx-0.5.35.tar.gz cd nginx-* ./configure --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --with-http_ssl_module --user=deploy --group=deploy make && sudo make install sudo mkdir -p /etc/nginx/apps sudo /sbin/service httpd stop sudo /sbin/chkconfig httpd off</code></pre> 1. Replace /etc/nginx.conf with "this file":http://s3.amazonaws.com/rmachine-signal-wiki/nginx.conf. 2. Save "this default configuration":http://s3.amazonaws.com/rmachine-signal-wiki/default.conf as /etc/nginx/default.conf. If you are already serving a site from youraccount.railsmachina.com, then you will need to update the default.conf to reflect any changes you made in /etc/httpd/conf/default.conf. 3. Use "this application template":http://s3.amazonaws.com/rmachine-signal-wiki/application.conf and update with the name of your application and the correct mongrel ports. If you need SSL support, uncomment the lower section and update it also. Upload your configuration to /etc/nginx/apps/yourapp.conf. 4. Start nginx: sudo nginx *Coming soon* * init scripts * railsmachine recipes *Related Topics* [[Mongrel Start/Stop/Restart Recipe]] 2008-08-01T08:55:12-04:00 438 InstallingNginx false 1 2008-10-13T18:51:18-04:00 7 7 *Note*: We've had several customers report bugs when setting up the SCPOnly utility recently. We suspect that SCPOnly is not compatible with CentOS 5, the linux distribution we're using for newer customers. More details as we have them. For one reason or another, you may want to create users who do not have normal access to your server. In this example, we're going to set up *scponly* so that our user will only be able to add or remove files in their home folder. The user will not be able to see files on the rest of the server. They will not even be able to get to a command prompt on the server- they will only be able to connect through sftp or scp for secure file transfers. <pre><code>wget http://sublimation.org/scponly/scponly-4.6.tgz tar vxzf scponly-4.6.tgz cd scponly-4.6 sed -i -e 's/@PROG_USERADD@/\/usr\/sbin\/useradd/g' setup_chroot.sh.in ./configure --enable-chrooted-binary --enable-scp-compat make && sudo make install chmod +x setup_chroot.sh sudo vi /etc/shells # add these 2 lines: /usr/local/bin/scponly /usr/local/sbin/scponlyc # setup a new jailed user sudo ./setup_chroot.sh # create /dev/null for this user (named scponly in this example) sudo mkdir /home/scponly/dev sudo mknod -m 666 /home/scponly/dev/null c 1 3 </code></pre> *Optional*: make 'incoming' the start folder for your user (named scponly in this example) <pre><code>sudo vi /etc/passwd #edit the user's home path (the double-slash is important) scponly:x:1001:1001::/home/scponly//incoming:/usr/local/sbin/scponlyc</code></pre> Now your user(s) can connect to the server by scp or by sftp using an [[SftpClients|SFTP client]]. They will only be able to see files under their home directory, and will only be able to upload to the incoming directory. 2008-08-01T08:55:10-04:00 426 CreatingRestrictedUsers false 1 2008-09-23T11:30:25-04:00 8 If you have multiple servers, you may want to set up NFS to share files between them or to cross backup. On each of the clients, you'll want to use autofs to automount the shared directories after a reboot. h2. On the server (the one sharing directories) <pre><code>yum install nfs-utils portmap autofs</code></pre> Edit /etc/exports and permit sharing. Use the private address of the client, which you can check with <code>ifconfig eth1</code>. Add one line like this for each client. <pre><code>/path/to/share 10.0.x.x(rw,async,all_squash,anonuid=596,anongid=596)</code></pre> Then start the services <pre><code>chkconfig portmap on chkconfig nfslock on chkconfig nfs on service portmap start service nfslock start service nfs start</code></pre> h2. On each client We're going to mount the shared directory at /backup/assets <pre><code>yum install nfs-utils portmap autofs chkconfig autofs on chkconfig portmap on chkconfig nfslock on service portmap start service nfslock start mkdir -p /backup/assets #Put this in /etc/auto.master: /backup /etc/auto.backup --timeout=60 #Put this in /etc/auto.backup (using the server's private address): assets -rw,soft,intr,rsize=8192,wsize=8192 10.0.x.x:/path/to/share service autofs start cd /backup/assets </code></pre> h2. User Submitted Notes I used the id of one of my regular users (the deploy user -- user id 500, found in /etc/passwd) to enable the ability to create and write to files in the share: <pre><code> /path/to/share 10.0.x.x(rw,async,all_squash,anonuid=500,anongid=500) </code></pre> 2008-08-01T08:55:15-04:00 465 SettingUpNFS false 1 2008-09-15T19:43:19-04:00 3 For most MTAs (Postfix, Sendmail, etc.), the default configuration is to only allow relay email that is coming from the server. This is done for security reasons and means that while your Rails application will be able to send mail just fine, it won't be able to receive mail. If you want to receive mail, you'll need to make a small change in your configuration and then restart the MTA. h1. Postfix Open the file /etc/postfix/main.cf in your editor and look for this section. Comment out "inet_interfaces = localhost" and uncomment "inet_interfaces = all". Restart Postfix with 'service postfix restart'. <pre> # RECEIVING MAIL # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, # the software claims all active interfaces on the machine. The # parameter also controls delivery of mail to user@[ip.address]. # # See also the proxy_interfaces parameter, for network addresses that # are forwarded to us via a proxy or network address translator. # # Note: you need to stop/start Postfix when this parameter changes. # inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #inet_interfaces = localhost </pre> h1. Sendmail Open the file /etc/mail/sendmail.mc. Look for the string "DAEMON_OPTIONS". You will need to change the last line of this part: <pre>dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl</pre> to this: <pre>DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl</pre> This will tell sendmail to listen on all interfaces, instead of just the loopback address (127.0.0.1). Restart sendmail with 'service sendmail restart'. 2008-08-29T08:12:34-04:00 489 ReceivingMail false 1 2008-08-29T15:23:30-04:00 3 2 According an official "Ruby security advisory":http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/, the following versions of Ruby have exploitable security vulnerabilities: * 1.8.4 and earlier * 1.8.5-p230 and earlier * 1.8.6-p229 and earlier * 1.8.7-p21 and earlier h2. How do I upgrade? Please follow the instructions provided on the UpgradingRuby page 2008-08-01T08:55:13-04:00 449 PatchingRuby false 1 2008-08-26T13:39:28-04:00 3 If you need more hardware, bandwidth or RAM, just submit a support ticket describing your needs. We'll discuss pricing, then set it up. 2008-08-01T08:55:17-04:00 480 UpgradingServerSpecs 1 2008-08-05T16:17:13-04:00 2 If you've lost your root mysql password and need to reset it, follow these steps: <pre><code>sudo su - service mysqld stop mysqld_safe --skip-grant-tables --user=root & mysql -u root mysql>UPDATE mysql.user SET Password=PASSWORD('some_password') WHERE User='root'; mysql>FLUSH PRIVILEGES; mysql>exit; service mysqld restart</code></pre> 2008-08-01T08:55:14-04:00 454 ResetMysqlPassword 1 2008-08-05T16:17:06-04:00 2 *Git* "Setting up and deploying a Rails app with Git":http://zilkey.com/2008/3/10/setting-up-and-deploying-a-rails-app-to-a-remote-git-server - Jeff Dean *Ferret* "Starting Ferret at reboot using Capistrano":http://zilkey.com/2008/5/4/starting-ferret-at-reboot-using-capistrano - Jeff Dean *Windows* "Setting up Windows for SVN+SSH":http://www.mslater.com/2006/12/8/using-ssh-keys-to-speed-login - Michael Slater 2008-08-01T08:55:16-04:00 472 TipsAndTricksFromMachinists 1 2008-08-05T16:16:59-04:00 2 After you've requested an additional IP address, there are a few steps you need to take to start using it. You'll need to add an 'alias' ethernet device, and start it up. This is easy: <pre><code>sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0:0</code></pre> *NOTE*:The ":0" is your first alias address. Future addresses would be :1,:2,etc. Add the folowing: <pre> DEVICE=eth0:0 BOOTPROTO=static ONBOOT=yes IPADDR=xxx.xxx.xxx.xxx # Replace with your second assigned assigned IP NETMASK=255.255.255.0 </pre> Now run: <pre><code>sudo /sbin/ifup ifcfg-eth0:0</code></pre> Your second IP is now functional. As a last step, verify that the file /etc/init.d/ifaliases exists on your server. If not, run this to ensure the new interface to starts on boot: <pre><code> sudo su - wget http://pastie.caboo.se/108892.txt mv 108892.txt /etc/init.d/ifaliases chmod +x /etc/init.d/ifaliases chkconfig ifaliases on exit</code></pre> 2008-08-01T08:55:09-04:00 413 AdditionalIpAddress 1 2008-08-05T16:16:41-04:00 2 Here are the steps for getting Subversion 1.4 installed, along with the Ruby bindings if you need them. Be sure to visit the "Subversion website":http://subversion.tigris.org/ to check the latest version number. As of this writing it is 1.4.6, so you might need to make slight adjustments to the steps outline here. <pre><code> yum remove subversion subversion-devel wget http://subversion.tigris.org/downloads/subversion-1.4.6.tar.bz2 tar xvjf subversion-* cd subversion-* ./configure --prefix=/usr make sudo make install # Ruby bindings sudo make install-swig-rb # should return true if Ruby bindings are setup correctly: ruby -e 'puts require("svn/core")' </code></pre> 2008-08-01T08:55:12-04:00 442 InstallingSubversion 1 2008-08-05T16:16:33-04:00 2 If you need to make a large number of DNS requests, you can install bind in caching mode on your server to make those requests run more quickly. <pre>sudo yum install -y caching-nameserver chkconfig named on service named start</pre> Then test with this command: <pre>host -v cnn.com localhost</pre> Assuming it works, edit /etc/resolv.conf and add this line at the top: <pre>nameserver 127.0.0.1</pre> 2008-08-01T08:55:10-04:00 418 CachingDnsRequests 1 2008-08-05T16:16:18-04:00 2 Setting up your SPF record correctly will depend on knowing all of the servers that are permitted for sending email for your domain. You can find "a detailed guide here":http://old.openspf.org/dns.html along with a wizard to help you. Once you have the correct contents of your SPF record, go to the DNS for your domain and add one or more TXT records. 2008-08-01T08:55:18-04:00 485 UsingSpfRecordsInDNS 1 2008-08-05T16:16:08-04:00 2 If you need reverse DNS please "submit a support ticket":https://support.railsmachine.com/index.php?pg=request specifying the IP address and hostname for reverse DNS. 2008-08-01T08:55:14-04:00 455 ReverseDNS 1 2008-08-05T16:16:00-04:00 2 When the Linux kernel runs out of memory, it will start killing processes. This occurs most frequently after you have added new mongrels, but it can happen anytime the processes on your server have exhausted the available RAM. Often mysql, mongrels, or http workers will be killed. Occasionally sshd will be killed, leaving you unable to login to the server. In that case, please submit a support ticket along with your deploy password, and we'll restart the service for you. You can check for "Out of Memory" errors on the server by running the <code>dmesg</code> command. Generally, the problem can be dealt with by cutting down on the number of mongrels, stopping/removing memory-intensive processes, or upgrading the server's RAM. Check your memory usage with the buffers/cache line from 'free -m'. You can [[UsingServices|restart the process]] on the server to resolve the situation. For example: <pre><code>sudo /sbin/service mysqld start # or sudo /sbin/service mongrel_cluster restart </code></pre> If your server is repeatedly running out of memory, it might be a good idea to [[RunningMonit|install monit]] to keep an eye on things and restart important services as needed. 2008-08-01T08:55:13-04:00 448 OutOfMemory 1 2008-08-05T16:15:53-04:00 2 The Apache docs have some "good information":http://httpd.apache.org/docs/2.0/howto/auth.html for setting up authentication and authorization using the htaccess file and htpasswd utility. Besides requiring a username and password, you can tell your server to only answer requests from certain IP addresses or to specifically deny users from certain IP addresses. 2008-08-01T08:55:11-04:00 433 HttpAuthentication 1 2008-08-05T16:15:31-04:00 2 By default, your Rails Machine is preconfigured for running Ruby on Rails applications. If you need DNS services, you have a few options: 1. You domain registrar probably provides DNS service for free. 2. Use a third party DNS service like dnsmadeeasy. 3. If you'd like, we can manage your DNS. You will need to "submit a ticket":https://support.railsmachine.com/index.php?pg=request to make changes. See also: AddingAHostToDNS 2008-08-01T08:55:17-04:00 483 UsingDNS 1 2008-08-05T16:15:25-04:00 2 If you are running a busy site, you may need to change the Apache Maxclients parameter to keep your site running quickly. *The Problem* To determine whether you need to make this change, there are a few things you can check: 1. <code> sudo netstat -anp | grep http | wc -l</code> You will notice the count of httpd connections remains around 150 or 250. 2. After restarting Apache (service httpd restart), the site will run more quickly, but will again approach a threshold of about 150 or 250 and remain constant, then the site will slow down again. *The Fix* In /etc/httpd/conf/httpd.conf, uncomment this line: <pre><code>Include conf/extra/httpd-mpm.conf</code></pre> Then change the mpm_worker_module section of /etc/httpd/conf/extra/httpd-mpm.conf: <pre><code><IfModule worker.c> StartServers 2 ServerLimit 100 MaxClients 2500 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0 </IfModule></code></pre> Now restart apache with <code>service httpd restart</code>. This will bump you up to 2500 simultaneous connections. 2008-08-01T08:55:09-04:00 415 ApacheMaxClients 1 2008-08-05T16:14:52-04:00 2 You can keep your server up-to-date with security patches or install new programs with the 'yum' command. <pre><code>sudo yum update yum search <package> yum install <package> yum remove <package></code></pre> Yum will always summarize the changes that will be made. After reviewing the programs to be added or removed, press 'Y' to continue. See also UpgradingRuby and UpgradingRubyGems 2008-08-01T08:55:16-04:00 474 UpdatingYourServer 1 2008-08-05T16:14:44-04:00 2 If you send email from your application, you might find that your emails end up in a spam box. There are a few steps you can take to avoid this. * SettingMailServerHostname * UsingSpfRecordsInDNS * UsingDkimEmailAuthentication 2008-08-01T08:55:09-04:00 417 AvoidingSpamFilters false 1 2008-08-05T16:14:37-04:00 1 3 If you need more disk space, bandwidth or RAM, just "submit a support ticket":https://support.railsmachine.com/index.php?pg=request describing your needs, we'll send you pricing, then set it up. Most upgrades to can be completed with only a few minutes of downtime. 2008-08-01T08:55:17-04:00 479 UpgradingServers 1 2008-08-05T16:14:28-04:00 2 If you are getting errors that you are out of disk space, the usual solution is to remove unwanted files or upgrade your disk space. <pre><code>df -h</code></pre> First, make sure you really are out of disk space. If you are, the command above will show 100% usage of the / (root) partition. If the root partition is *not* fully utilized, then you might be out of inodes. <pre><code>df -i</code></pre> This will tell you about your inode usage. *Out of disk space* Each time you deploy your application you are adding another 50M or more of data to your server, depending on the size of your application. Add to this the size of your log files and any data uploaded by your users. The easiest way to clean up some space is to remove old deployments. Running <code>cap deploy:cleanup</code> is an easy way to do this. By default, your last 2 deployments will remain on the server. You can check or adjust that number in your deploy.rb: <pre><code>set :keep_releases,2</code></pre> If you change this, be sure to commit it to subversion before running the cleanup task. If still you need to free up more room, clean up your log files from /var/www/apps/your_app/shared/logs. You might want to look into RotatingApplicationLogs to keep them from getting too big. *Out of inodes* It may be you have disk space left but you are using all of the inodes on the filesystem. This can occur if your server or application is creating lots of very small files. The quick solution is to remove some of these files. The longterm solution will be to submit a support request. Your filesystem can be rebuilt with more inodes. 2008-08-01T08:55:13-04:00 447 OutOfDiskSpace 1 2008-08-05T16:14:21-04:00 2 You'll find instructions for installing monit in "the tuneup guide":https://support.railsmachine.com/tuneup 2008-08-01T08:55:15-04:00 459 RunningMonit 1 2008-08-05T16:14:01-04:00 2 Deploying a second (or third, or fourth, whatever the case may be) is basically the same process as described in the guide. However, you need to make a couple of small changes: # Use a different domain name pointing to your server's IP address when you run the 'railsmachine' command # Edit the Apache proxy port To edit the Apache proxy port, edit your deploy.rb after running the railsmachine command. <pre><code>set :apache_default_vhost, false set :apache_proxy_port, 8010 # or 8020, or 8030</code></pre> Choosing the proxy port is based on how many apps you have running. The default is 8000, which is what your first app is probably using. Add 10 to this number for each app you have, so the second app will use 8010, third 8020, etc. 2008-08-01T08:55:10-04:00 427 DeployingAdditionalApplications false 1 2008-08-05T16:13:54-04:00 1 3 CentOS is the Community ENTerprise operating system. Visit their "home page":http://centos.org/ bq. CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by a prominent North American Enterprise Linux vendor. CentOS conforms fully with the upstream vendors redistribution policy and aims to be 100% binary compatible. (CentOS mainly changes packages to remove upstream vendor branding and artwork.) The "prominent North American Enterprise Linux vendor" is, of course, Red Hat. Cent is compatible the RHEL. If you need an RPM for some software you'd like to run, grab the "el4" package for Cent4 and all will be well. Probably. 2008-08-01T08:55:10-04:00 421 CentOS 1 2008-08-05T16:13:45-04:00 2 These are the step for installing Postgres on your server. <pre><code>sudo su - yum install postgresql-client postgresql-server postgresql-devel chkconfig postgresql on service postgresql start gem install postgres su - postgres createuser deploy -a -d exit</code></pre> If your database.yml uses the postgres adapter, the railsmachine deploy scripts will automatically run postgres commands for the <code>db:setup</code> task, which is normally run as a subtask of the <code>servers:setup</code> task during the [[5MinuteDeployment]]. You may need to adjust the postgres permissions on your server for the task to run successfully. 2008-08-01T08:55:12-04:00 439 InstallingPostgresql 1 2008-08-05T16:13:37-04:00 2 Your server comes with init scripts for all of the core Rails Machine services. This includes Apache, MySQL, and Mongrel cluster. You can find these scripts and more in /etc/init.d/. They are all used similarly. To start or stop a service, use the <code>service</code> command with the name of the script. Examples: <pre><code> service httpd stop service mysqld start service mongrel_cluster restart service <service_name> [start|stop|restart|status] </code></pre> *Note:* If you are not running as root on the server, you will need to use sudo and the full path to <code>service</code>: <pre><code>sudo /sbin/service mysqld restart</code></pre> *Startup scripts* Service can also be used to start services when the system boots. To add or remove startup services, or to view the current configuration use these commands: <pre><code>chkconfig --list <service> chkconfig <service> on #start the service on boot chkconfig <service> off #do not start automatically </code></pre> *Hint:* When you add a new init script, be sure to make it executable: <pre><code>chmod +x /etc/init.d/<service></code></pre> 2008-08-01T08:55:17-04:00 484 UsingServices 1 2008-08-05T16:13:25-04:00 2 The location of PID files has changed in recent versions of Rails. This can occasionally cause problems with mongrel_cluster when you try to deploy your application. During deployment you may see errors such as "Path to pid file not valid" or you may see an error creating a symbolic link to /var/www/apps/yourapp/shared/pids. In either case, we're going to fix it by installing the latest version of mongrel_cluster and updating your deploy.rb file to put mongrel pid files in /var/run/mongrel_cluster. On your server: <pre><code>sudo su - gem install mongrel_cluster cp /usr/lib/ruby/gems/1.8/gems/mongrel_cluster-1.0.2/resources/mongrel_cluster /etc/init.d/ chmod +x /etc/init.d/mongrel_cluster chkconfig --levels 235 mongrel_cluster on mkdir -p /var/run/mongrel_cluster chown deploy.deploy /var/run/mongrel_cluster</code></pre> Now on your local system add this line to config/deploy.rb: <pre><code>set :mongrel_pid_file, "/var/run/mongrel_cluster/#{application}.pid"</code></pre> And then run: <pre><code>svn commit -m "updated pid_file location" cap app:setup deploy</code></pre> 2008-08-01T08:55:14-04:00 450 PathToPidFileNotValid 1 2008-08-05T16:13:17-04:00 2 Some users have had problems getting Capistrano to work with their non-Railsmachine repositories. If you have an account that requires you to use a HTTPS, you might need to add this to your deploy.rb to get deployments to work: <pre><code>set :svn_username, 'user' set :svn_password, 'password'</code></pre> If you're using Capistrano 2, use: <pre><code>set :scm_username, 'user' set :scm_password, 'password'</code></pre> 2008-08-01T08:55:10-04:00 420 CapistranoOverHttps 1 2008-08-05T16:12:12-04:00 2 Often you can get more recent releases of an applications from rpm forge (a.k.a. the dag repository). You can also find applications here not offered in the standard repositories at all. <pre><code>sudo rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm sudo rpm -Uvh rpmforge-release-0.3.6-1.el4.rf.i386.rpm</code></pre> To use it: <pre><code>sudo yum update # to fetch a list of all the packages available sudo yum --enablerepo=rpmforge install PACKAGE</code></pre> 2008-08-01T08:55:14-04:00 458 RpmforgeRepository 1 2008-08-05T16:11:54-04:00 2 By default, the railsmachine gem will allocate 2 mongrels for each application. If you'd like to run more, uncomment and update these lines in your deploy.rb: <pre><code>set :apache_proxy_servers, 3 set :mongrel_servers, apache_proxy_servers</code></pre> Commit your changes and then run this on your development system: <pre><code>cap app:setup web:setup servers:restart</code></pre> *Note*: If you've customized your Apache configuration- to use SSL, for instance- you should omit the web:setup task and instead update the balance members manually in /etc/httpd/conf/apps/yourapp.conf [[HowManyApplicationsCanIRun|Make sure you have enough memory]] to run those new mongrels! 2008-08-01T08:55:10-04:00 422 ChangingTheNumberOfMongrels false 1 2008-08-05T16:11:48-04:00 1 3 These instructions are based on the documentation at http://dkimproxy.sourceforge.net, refer there for FAQ and troubleshooting. Install postfix and get Perl libraries we'll need: <pre><code> yum remove sendmail yum install postfix unzip links wget ftp gpg wget ftp://ftp.ncftp.com/ncftp/binaries/ncftp-3.2.1-linux-x86-glibc2.3-export.tar.gz tar xvfz ncftp-3.2.1*.tar.gz cd ncftp-3.2.1 make install cpan install Bundle::CPAN reload cpan install Error Crypt::OpenSSL::RSA Digest::SHA Digest::SHA1 Mail::Address MIME::Base64 Net::DNS install Net::Server Mail::DKIM exit </code></pre> Download dkimproxy which will handle the DKIM signing of our messages: <pre><code>wget http://superb-west.dl.sourceforge.net/sourceforge/dkimproxy/dkimproxy-1.0beta1.tar.gz tar xvzf dkimproxy* cd dkimproxy* ./configure --prefix=/usr/local/dkimproxy make install useradd -r -c "DKIM Proxy System Account" dkim mkdir -p /etc/mail/domainkeys chmod 0700 /etc/mail/domainkeys openssl genrsa -out private.key 1024 openssl rsa -in private.key -pubout -out public.key mv private.key /etc/mail/domainkeys/<selector>.pem cat public.key </code></pre> Use the contents of the public key to add a TXT record for <code><selector>._domainkey.yourdomain.com</code> to your DNS with the following format. Do keep the quote in the text value. <pre><code> "k=rsa; t=s; p=<public key here>" </code></pre> Test your DNS record: <pre><code>dig +short <selector>._domainkey.yourdomain.com txt</code></pre> Move the public key: <pre><code>mv public.key /etc/mail/domainkeys/<selector>.pub chown -R dkim /etc/mail/domainkeys</code></pre> Edit /usr/local/dkimproxy/etc/dkimproxy_out.conf.example * Update the domain(s) you are signing for * Update the path to the keyfile: /etc/mail/domainkeys/<selector>.pem * Update the selector name Then run: <pre><code>mv /usr/local/dkimproxy/etc/dkimproxy_out.conf.example /usr/local/dkimproxy/etc/dkimproxy_out.conf mv /usr/local/dkimproxy/etc/dkimproxy_in.conf.example /usr/local/dkimproxy/etc/dkimproxy_in.conf #Save init script to /etc/init.d/dkimproxy chmod +x /etc/init.d/dkimproxy chkconfig dkimproxy on service dkimproxy start # should see inbound and outbound proxies starting </code></pre> Edit or update these sections in /etc/postfix/master.cf: <pre><code>smtp inet n - n - - smtpd -o smtpd_proxy_filter=127.0.0.1:10025 -o smtpd_client_connection_count_limit=10 submission inet n - n - - smtpd -o smtpd_etrn_restrictions=reject -o smtpd_sasl_auth_enable=yes -o content_filter=dksign:[127.0.0.1]:10027 -o receive_override_options=no_address_mappings -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject dksign unix - - n - 10 smtp -o smtp_send_xforward_command=yes -o smtp_discard_ehlo_keywords=8bitmime,starttls 127.0.0.1:10028 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 127.0.0.1:10026 inet n - n - - smtpd -o smtpd_authorized_xforward_hosts=127.0.0.0/8 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions= -o mynetworks=127.0.0.0/8 -o receive_override_options=no_unknown_recipient_checks pickup fifo n - n 60 1 pickup -o content_filter=dksign:[127.0.0.1]:10027 </code></pre> Edit /etc/postfix/main.cf: * Uncomment: inet_interfaces = all * Comment: inet_interfaces = localhost * Configure other Postfix directives as needed: hostname, relays, etc. Reload postfix configuration <pre><code>service postfix reload</code></pre> Test it! Use the mutt program to send an email to test@dkimtest.jason.long.name. You may need to <code>yum install mutt</code>. The reply to your test mail will provide the results of the DKIM verification. Be sure to put "dkim" in the subject of your test email. Look in /var/log/maillog to check for errors/confirmations. If you send an email to your Gmail or Yahoo email accounts, you should see the DKIM and Domain Keys signatures in the header of the message along with a confirmation: <code>dkim=pass header.i=@yourdomain.com</code> 2008-08-01T08:55:17-04:00 482 UsingDkimEmailAuthentication false 1 2008-08-05T16:10:18-04:00 3 The following list of graphical SFTP clients will allow you to more easily copy files to and from your server securely. h3. Windows clients * "Filezilla":http://ca.huji.ac.il/services/internet/ssh/filezilla.shtml * "WinSCP":http://winscp.net/eng/index.php h3. Mac clients * "Fugu":http://rsug.itd.umich.edu/software/fugu/ * "Fetch":http://www.fetchsoftworks.com/ * "Transmit":http://www.panic.com/transmit h3. Linux * Built in to Nautilus (sftp://) and Konqueror (fish://) 2008-08-01T08:55:15-04:00 467 SftpClients false 1 2008-08-05T16:10:08-04:00 1 4 RMagick is installed by default on Rails Machine servers. Installing it on your local development machine can be frustrating, especially sorting out all the dependencies. Luckily, the RMagick website has good installation instructions for the three major platforms: * "Linux, *BSD, and other Unix-like systems":http://rmagick.rubyforge.org/install-linux.html * "Mac OS X":http://rmagick.rubyforge.org/install-osx.html * "Windows":http://rmagick.rubyforge.org/install-faq.html#win Instructions for specific distributions of Linux are available throughout the web; remember, Google is your friend. 2008-08-01T08:55:12-04:00 440 InstallingRMagick false 1 2008-08-05T16:10:01-04:00 1 3 Here a some common issues you might run into and the best ways to solve them: * PathToPidFileNotValid * SiteReturning503Errors * OutOfMemory * OutOfDiskSpace * PermissionDeniedSavingAttachment 2008-08-01T08:55:16-04:00 473 TroubleShooting false 1 2008-08-05T16:09:44-04:00 3 If you are getting 503 errors when you visit your site, the most likely cause is that your mongrel cluster isn't running. You can start the cluster via Capistrano using <code>cap app:start</code> or on your server using <code>mongrel_rails cluster::start -C /etc/mongrel_cluster/your_app.conf</code>. If your application is still not available, check RAILS_ROOT/log/mongrel.log for missing Ruby gems or other problems that would prevent Mongrel from starting. You should also check your production.log to see if there is anything there that might point you in the right direction. 2008-08-01T08:55:16-04:00 468 SiteReturning503Errors false 1 2008-08-05T16:09:15-04:00 1 3 New servers will already have mysql 5 installed. But if yours does not, you can install it with the following steps. <pre><code> # Shut down the current version /sbin/service mysqld stop # Remove the current version yum remove mysql-server mysql-devel mysql # Install MySQL 5.0 yum --enablerepo=centosplus install mysql mysql-server mysql-devel chkconfig mysqld on # Start MySQL /sbin/service mysqld start mysql_upgrade # Update the MySQL GEM gem install mysql -- --with-mysql-config</code></pre> 2008-08-01T08:55:16-04:00 476 UpgradingMysql false 1 2008-08-05T16:08:53-04:00 1 3 h2. The Situation You send email from your application. You don't want to end up in someone's spam box. h2. The Fix This is not always an easy problem to solve. We'll start with the easiest step. h3. Sendmail On your server, edit /etc/hosts. The last line should have the public IP address of your server. Add the domain name that you send mail from in front of the railsmachina name, like this: <pre><your public ip> mail.yourdomain.com your_account.railsmachina.com</pre> Then restart sendmail: <pre>sudo /sbin/service sendmail restart</pre> h3. Postfix Edit the myhostname variable in /etc/postfix/main.cf: <pre><code>myhostname = mail.somedomain.com</code></pre> Then restart postfix: <pre>sudo /sbin/service postfix restart</pre> h2. Testing your setup From your server, you can test by running <pre>telnet localhost 25</pre> The mail server should identify itself as <code>mail.yourdomain.com</code>. If you still have problems with email being marked as spam, you can create SPF records in your DNS, or you can set up DKIM. 2008-08-01T08:55:15-04:00 463 SettingMailServerHostname false 1 2008-08-05T16:06:05-04:00 1 4 * AppSymlinksForUploadingToPublic * ChangingTheNumberOfMongrels * RotatingApplicationLogs 2008-08-01T08:55:16-04:00 471 TipsAndTricks false 1 2008-08-05T16:05:54-04:00 3 h2. What are they? The Rails Machine gems are a collection of libraries for automating deployment of Ruby on Rails applications using Capistrano. You can view the "project page on Rubyforge":http://rubyforge.org/projects/railsmachine In addition to the railsmachine gem for deployment, the mongrel_cluster gem simplifies the creation and management of mongrels. For setting up a Rails environment quickly and easily, there is the [[Machinify]] gem. h2. Who can use the gems? Anyone can use them. All Rails Machine VPS are set up for it- it's what makes the [[5MinuteDeployment|5-minute deployment]] possible. The gem will work even if you don't have a Rails Machine server, and you are free use it. However, you will need to setup your server in a similar way to what would be available by default on one of our machines. To make sure the paths on your server match the expectations of the gems, look through the Capistrano recipes included with the gem in /my/ruby/lib/dir/gems/1.8/gems/railsmachine-<version>/lib/railsmachine. h2. See also UpgradingToCapistrano2 2008-08-01T08:55:14-04:00 452 RailsMachineGems false 1 2008-08-05T16:05:45-04:00 1 3 Login to your server as 'deploy' and the do the following to install memcached. <pre><code> # Download the i386 Red Hat EL 4 rpms from Dag wget http://dag.wieers.com/packages/libevent/libevent-devel-1.1a-1.2.el4.rf.i386.rpm wget http://dag.wieers.com/packages/libevent/libevent-1.1a-1.2.el4.rf.i386.rpm wget http://dag.wieers.com/packages/memcached/memcached-1.1.12-2.el4.rf.i386.rpm # Install Dag's gpg key sudo rpm --import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt # Install the rpms sudo rpm -i libevent*.rpm memcached*.rpm # start the service sudo /sbin/service memcached start # flag service to start at boot sudo /sbin/chkconfig --levels 235 memcached on # install Robot Coop memcache client sudo gem install memcache-client</code></pre> 2008-08-01T08:55:12-04:00 436 InstallingMemcached false 1 2008-08-05T16:05:34-04:00 1 3 h2. The Situation You have been using Capistrano and the Railsmachine gem. You have your deployment working just the way you like it. Change is scary. h2. The Fix Upgrading to Capistrano 2 is no big deal. The biggest change is the use of namespacing in tasks. Instead of <code>cap deploy_with_migrations</code>, you'll use <code>cap deploy:migrations</code>. Most of the time you will still simply call 'cap deploy' to update your code. *1) Get the latest capistrano and railsmachine gems <pre><code>sudo gem install capistrano railsmachine</code></pre> *Note*: You are no longer required to have mongrel or mongrel_cluster on your development system. *2) Capify your project directory <pre><code>capify .</code></pre> *3) If you have any custom tasks, update them <pre><code>task :after_deploy, :roles => :app do # ... end</code></pre> might become this <pre><code>namespace :custom do task :update, :roles => :app do # ... end end after :deploy,"custom:update"</code></pre> *That's it!* Be sure to commit your changes to Subversion. Run 'cap -T' to view the full list of tasks. 2008-08-01T08:55:17-04:00 481 UpgradingToCapistrano2 false 1 2008-08-05T16:05:16-04:00 3 *Adding user tasks* To add a task to a user's cron jobs, use the command <code>crontab -e</code>. You can view a user's crontab with <code>crontab -l</code>. Use <code>man crontab</code> for more information. The format for the crontab file is: <pre><code> # +---------------- minute (0 - 59) # | +------------- hour (0 - 23) # | | +---------- day of month (1 - 31) # | | | +------- month (1 - 12) # | | | | +---- day of week (0 - 7 with Sunday=0 & 7) # | | | | | # * * * * * command to be executed </code></pre> An asterisk indicates that the job is to run every minute, hour, etc. To help you remember the format, you can paste these comments the top of your crontab file. *Examples:* This will run a script every 2 minutes: <pre>*/2 * * * * /path/to/script</pre> This will run a script on the 1st and 15th of every month at 4am: <pre>00 4 1,15 * * /path/to/script</pre> *Adding system tasks* For system tasks, you can also put a script in /etc/cron.[hourly, daily, weekly, monthly]. You can find examples in /etc/cron.daily. Find more information in the "Redhat docs":http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/custom-guide/cron-task.html 2008-08-01T08:55:15-04:00 461 SchedulingTasksWithCron false 1 2008-08-05T15:24:44-04:00 1 5 For extra points, you can install an ssh key for fast logins when using ssh and Capistrano. This is strongly encouraged unless you REALLY enjoy typing the password you selected for the deploy user. NOTE: On a Mac, ONLY the shell you execute these commands in will be able to log in without a password. *Windows users*, "check out these hints":http://www.mslater.com/2006/12/8/using-ssh-keys-to-speed-login from another Machinist. *Setting Up Your Key* By creating a passphrase protected SSH key on your client machine and copying it to your Rails Machine you can make logins a little safer and save yourself from having to type passwords quite as often. You can generate an SSH RSA key with your email as an added comment using the ssh-keygen command. The following command will create two files, id_rsa and id_rsa.pub, in your .ssh/ directory: <pre><code>ssh-keygen -t rsa -f ~/.ssh/id_rsa -C "you@web2.oh" </code></pre> You need to do a little preparation on your Rails Machine; creating the ~/.ssh directory with the correct permissions for the deploy user. Note that this uses SSH to remotely execute the command from your client machine and you don't run this on your Rails Machine. <pre><code>ssh deploy@your_account.railsmachina.com 'mkdir ~/.ssh;chmod 700 ~/.ssh'</code></pre> With the .ssh directory prepared on your Rails Machine you need to copy your public key to the .ssh/authorized_keys file. Then make sure the permissions on that file allow only the deploy user to read and write. <pre><code>scp ~/.ssh/id_rsa.pub deploy@your_account.railsmachina.com:~/.ssh/authorized_keys ssh deploy@your_account.railsmachina.com 'chmod 600 ~/.ssh/authorized_keys'</code></pre> Now you have created and deployed your SSH keypair. Using the keys you have just created along with the SSH Agent you can deploy your apps effortlessly with Capistrano. So just finish up the section on Using the SSH-Agent and it will be smooth sailing from there. *Using SSH-Agent* To safely use the SSH keys you just created, you must have a running SSH Agent that your shell session can find. If you are a Mac user this is most easily accomplished by starting the agent with the BASH eval command <pre><code>eval `ssh-agent`</code></pre> If you are a Linux user the ssh-agent is usually already running and your shell can find it without trouble. If the following ssh-add command works, you should be fine. The final step in this SSH Saga is to add your key to the agent using the ssh-add command. It will prompt you for the passphrase and then load your key into the ssh-agent. Now, any time you ssh to your Rails Machine from this shell as the deploy user, the SSH Agent will authenticate for you. <pre><code>ssh-add</code></pre> If you are uneasy about leaving your SSH key hanging around in memory all the time, you can use the -t option for ssh-add and tell it to remove the key after a specified period of time. So, to expire your key after 8 hours use ssh-add -t 8h or you can manually delete your key with ssh-add -D. *Even easier ways to use SSH-Agent* The problem with SSH-Agent is that you have to add your key by supplying your passphrase in each terminal session. No fun. What we'd rather do is supply our password once and never be asked again during the X session. This is where keychain comes in. Install keychain on the Linux of your choice (<code>sudo apt-get install keychain</code> on Debian), or "on your Mac":http://www.sshkeychain.org. Then you can add something like this to your session: <pre><code>keychain /home/rob/.ssh/id_rsa</code></pre> Now you can enjoy secure, fast logins. 2008-08-01T08:55:18-04:00 486 UsingSSHKeys 1 2008-08-05T15:24:28-04:00 2 *The Symptoms* When using image science or other libraries which make use of inline Ruby, you may get an error like this: <pre><code>Permission denied - /.ruby_inline</code></pre> you might also notice errors such as: <pre><code>Expected /var/www/apps/myapp/current/config/../app/models/attachment.rb to define Attachment</code></pre> *The Solution* The problem is that your mongrels are trying to write to a directory they do not have write permissions to. Since your mongrel_cluster runs as deploy, the fix is to make sure ruby_inline will write to a directory that your deploy user does have permission on. Create the file <code>config/initializers/ruby_inline.rb</code> with the line: <pre><code>ENV['HOME'] = "/home/deploy" if ENV['RAILS_ENV'] == 'production'</code></pre> Add the file to svn, commit, and redeploy. 2008-08-01T08:55:14-04:00 451 PermissionDeniedSavingAttachment false 1 2008-08-05T15:24:04-04:00 3 Gregg Pollack (gregg at patchedsoftware dot com) contributed this walkthrough. The following are the commands will get trac running on your server. # sudo vi /etc/sysconfig/rhn/sources<br /> ## add 'yum rpmforge http://apt.sw.be/redhat/el4/en/i386/dag/' at the end of this file # sudo rpm --import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt # wget http://dag.wieers.com/packages/rpmforge-release/rpmforge-release-0.3.4-1.el4.rf.i386.rpm # rpm -Uvh rpmforge-release-0.3.4-1.el4.rf.i386.rpm # sudo up2date -i trac # sudo yum install httpd-devel # wget http://apache.mirrors.tds.net/httpd/modpython/mod_python-3.2.10.tgz # tar -xzvf mod_python-3.2.10.tgz # cd mod_python-3.2.10 # ./configure --with-apxs2=/usr/sbin/apxs # sudo yum install python-devel # make # su # make install # sudo vi /etc/httpd/conf/httpd.conf # Add <code>LoadModule python_module /usr/lib/httpd/modules/mod_python.so</code> # Make a trac directory - mkdir /var/www/apps/trac # Create a trac project - trac-admin /var/www/apps/trac/ProjectA initenv # Added to httpd.config <pre><code><VirtualHost *:80> ServerName trac.projectA.com <Location /> SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonOption TracEnv /var/www/apps/trac/ProjectA PythonOption TracUriRoot / </Location> <Location "/login"> AuthType Basic AuthName "trac" AuthUserFile /etc/svn-auth-file Require valid-user </Location> </VirtualHost></code></pre> As you can see, we're using and svn-auth-file to do security. Checkout the [[InstallingMod_dav_svn|mod_dav_svn tutorial]] if you don't know how. Restart Apache, and you should be golden. If you want more security (since the default trac allows anyone to go in and post stuff), move all the Auth lines in the second location tag into the first, so that Basic Authentication is needed to view the site at all. 2008-08-01T08:55:13-04:00 443 InstallingTrac false 1 2008-08-05T15:23:27-04:00 1 3 Once you have received notification that your Rails Machine is ready you should follow these instructions to secure it. *Local User Accounts* There are three users that you need to concern yourself with: you, deploy, and root. When you are notified that your Rails Machine is ready, you will also be told what your username is. Your personal account is intended to be just an unprivileged local user. deploy is the user that will own your web apps and the user your mongrel cluster will run as. The user root is, of course, the privileged user on your Rails Machine. First log in to your server using ssh and change your password: <pre><code>ssh you@your_account.railsmachina.com passwd</code></pre> Your root password is stored in your users home directory in a text file called root.txt. We don't want to keep that laying around and we are going to have you change that as we proceed. Take a look at that root password now: <pre><code>cat root.txt</code></pre> Using the password you just printed to your screen you can now log in as root: <pre><code>su - root</code></pre> Lets now change that password. Make sure you don't forget this password. You may not use it that often, thats one of the great things about Rails Machine, but you really don't want to forget it: <pre><code>passwd</code></pre> We have already created the 'deploy' user for you. All you need to do is set its password. Don't forget this password either. You will use the 'deploy' user all the time. All of the Capistrano tasks are performed by the 'deploy' user on your Rails Machine. <pre><code>passwd 'deploy'</code></pre> Now that we have changed all of our user passwords we need to start using the shadow password file. This is simple and a common security measure: <pre><code>pwconv</code></pre> *Database Users* The previous steps took care of the system passwords for our three existing users. We need to change the 'root' and 'deploy' user's mysql passwords. First we connect to mysql as root using the root password from root.txt <pre><code> mysql -u root -p mysql> SET PASSWORD = PASSWORD('new_pass'); mysql> GRANT ALL PRIVILEGES ON *.* TO 'deploy'@'localhost' IDENTIFIED BY 'some_pass' WITH GRANT OPTION; mysql> quit; </code></pre> You are now done securing your Rails Machine. Log out of your root shell, delete the root.txt file and end your ssh session: <pre><code> exit rm root.txt exit </code></pre> Now your server is ready for [[5MinuteDeployment|deploying applications]]! *Making logins a breeze* Next, you should read about [[UsingSSHKeys|Using SSH Keys]] rather than typing your password every time you log in. 2008-08-01T08:55:11-04:00 429 GettingStartedWithRailsMachine false 1 2008-08-05T15:22:59-04:00 1 3 To get access to your Subversion repositories through the web, you need to install mod_dav_svn. Gregg Pollack (gregg at patchedsoftware dot com) contributed this walkthrough. *1. Install mod_dav_svn* <pre><code>sudo yum install mod_dav_svn</code></pre> *2. Edit /etc/httpd/conf/httpd.conf* Search for the <code>LoadModule</code> lines, and add these lines to the bottom: <pre><code>LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so</code></pre> *3. Create an HTTP authentication file* To setup and create the authentication file for the first time, run: <pre><code>sudo /usr/sbin/htpasswd -cm /etc/svn-auth-file some_username</code></pre> To add additional users to this file, use <pre><code>sudo /usr/sbin/htpasswd -m /etc/svn-auth-file new_username</code></pre> *4. Edit the Apache config for your app, /etc/httpd/conf/apps/your_app.conf* <pre><code><VirtualHost *:80> ServerName svn.your_domain.com <Location /> DAV svn SVNPath /var/www/apps/your_app/repos AuthType Basic AuthName "Authorization Realm" AuthUserFile /etc/absolute-auth-file Require valid-user </Location> </VirtualHost></code></pre> *5. Restart Apache* <pre><code>sudo /etc/init.d/httpd restart</code></pre> *7. Test it out* Open http://svn.your_domain.com in your browser. It should prompt for authorization, and then show you the repository! *8. Want to enable SSL security so your passwords and code aren't sent in plaintext?* This is assuming you don't already have your own Cert. If you do have your own cert, skip down to the bottom of the page. First you'll want to create your own private cert (if you don't have one and don't want to pay for one). Follow these instructions to create your own. You'll need to input a passphrase you can remember for later too. <pre><code>mkdir ~/sslcert cd ~/sslcert openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt</code></pre> *9. Edit your virtualhost tag again* Change the port, and add the three SSL lines: <pre><code><VirtualHost *:443> ServerName svn.youdomain.com SSLEngine On SSLCertificateFile /home/deploy/sslcert/server.crt SSLCertificateKeyFile /home/deploy/sslcert/server.key </code></pre> *10. Verify DNS settings* If you're using a different subdomain, "svn.yourdomain.com", make sure your DNS has a CNAME Record called svn so it forwards properly. You wouldn't need to worry about this if all subdomains forward to your server. *11. Restart apache* <pre><code>sudo /etc/init.d/httpd restart</code></pre> Now visit https://svn.yourdomain.com and you should be prompted for the cert, and for authorization, and you're golden. *12. Optional: removing the SSL passphrase* You will be asked for your key every time you restart apache. To get around this: <pre><code>cd ~/sslcert cp server.key server.key.orig openssl rsa -in server.key.orig -out server.key</code></pre> h2. So you have your own CERT? I'm going to assume you configured this using railsmachine's scripts, and that your webserver conf file (/etc/httpd/conf/apps/your_app.conf) has two parts, one for port 80 and another for port 443. I'm also going to assume that your Certificate is setup properly. *1. Adding an alias* Under your port 443 virtual host, create an alias for your svn server if you like: <pre><code>ServerAlias svn.yourdomain.com</code></pre> If you do use svn.yourdomain.com make sure your dns has a CNAME Record called svn so it forwards properly. You wouldn't need to worry about this if all subdomains forward to your server. *2. Add your location directives* <pre><code><Location /svn> DAV svn SVNPath /var/www/apps/your_app/repos AuthType Basic AuthName "Authorization Realm" AuthUserFile /etc/absolute-auth-file Require valid-user </Location></code></pre> This is a little different then the Location we used the first time. Notice this time we're giving a path name "Location /svn", so we're only directed to svn if we go to that path in our URL. *3. Apache rewrite rules* Now we need to tell apache, that we DON'T want to redirect incoming requests that have SVN in the URL to our mongrel cluster. Put the following line BEFORE the <code>RewriteRule ^/(.*)$ balancer://servername_cluster%{REQUEST_URI} [P,QSA,L]</code> directive: <pre><code>RewriteCond %{REQUEST_URI} !^/svn*</code></pre> *4. Restart the server* <code>sudo /etc/init.d/httpd restart</code> Visit https://domain_name.com/svn/ h2. Adding Multiple Repositories *1. Add Locations* All you need to do to add multiple repositories, without adding more IP addresses, is add additional Location directives. <pre><code><Location /domain1/svn> DAV svn SVNPath /var/www/apps/domain1/repos AuthType Basic AuthName "Authorization Realm" AuthUserFile /etc/domain1-auth-file Require valid-user </Location> <Location /domain2/svn> DAV svn SVNPath /var/www/apps/domain2/repos AuthType Basic AuthName "Authorization Realm" AuthUserFile /etc/domain2-auth-file Require valid-user </Location></code></pre> *2. The Apache base URL* If you want to be able to have a different base url, just add a new alias: <pre><code>ServerAlias svn.domain1.com ServerAlias svn.domain2.com</code></pre> 2008-08-01T08:55:12-04:00 437 InstallingMod_dav_svn false 1 2008-08-05T15:19:27-04:00 1 7 If you need to install Ruby 1.8.5 on your server, it's a straightforward task. <pre><code>cd /etc/yum.repos.d wget http://dev.centos.org/centos/4/CentOS-Testing.repo yum install --enablerepo=c4-testing ruby ruby-devel ruby-docs ruby-libs ri</code></pre> 2008-08-01T08:55:12-04:00 441 InstallingRuby1-8-5 1 2008-08-03T16:52:27-04:00 2 Moved to CreatingRestrictedUsers 2008-08-01T08:55:10-04:00 425 CreatedRestrictedUsers 1 2008-08-03T16:37:14-04:00 2 If you have several Rails Machines, you may need to adjust a few settings to get the most efficient and secure possible communications between your servers. Each of your server has a private address in addition to the public IP address. These private addresses can communicate with each other without traversing our firewall so that they are faster and somewhat more secure than using the public addresses. You can check the private address of the server by running <code>ifconfig eth1</code>. For example, I might have two servers with these private addresses: <pre><code> server1 10.0.10.51 server2 10.0.10.52 </code></pre> After I've checked the private addresses with ifconfig, I can add this line to /etc/hosts on server1: <pre><code>10.0.10.52 server2.railsmachina.com server2</code></pre> And I would add this line to /etc/hosts on server2: <pre><code>10.0.10.51 server1.railsmachina.com server1</code></pre> Now I can <code>ping server2</code> (or server2.railsmachina.com) from server1 and it will ping the private address. Pinging the private address for server1 will likewise work on server2. 2008-08-01T08:55:10-04:00 423 CommunicationsWithinTheCluster false 1 2008-08-03T16:31:32-04:00 1 3 There is no 'official' limit to the number of applications that you can run on your Rails Machine. There is, however, a technical limitation based on how much RAM is available. Each of your mongrel processes is going to consume between 25-80 MB of RAM. On a base-level Rails Machine VPS with 256 MB of RAM, this means that 3-5 mongrel processes is a reasonable number. So, you can run 3-5 separate apps if you're willing to only have 1 process per app, or you could run a single application with 3-5 server processes. It all depends on your application's needs- if you are running RMagick or other memory-hungry libraries, you will not be able to run as many mongrels. You can check the memory each mongrel is using by running <code>ps aux | grep mongrel_rails</code> and looking at the 6th column of the output. You can check the current memory usage for the entire system by looking at the buffers/cache line of <code>free -m</code> 2008-08-01T08:55:11-04:00 432 HowManyApplicationsCanIRun 1 2008-08-03T16:23:17-04:00 2 The following steps should be performed on your local development machine and not your shiny new Rails Machine. * 1) Get the gems <pre><code>sudo gem install capistrano -v 1.4.1 sudo gem install gem_plugin daemons sudo gem install mongrel mongrel_cluster railsmachine sudo gem install termios </code></pre> The termios gem prevents passwords from being displayed in capistrano. It may not compile on Windows. * 2) Create your rails application <pre><code>rails my_app cd my_app</code></pre> * 3) Setup mysql database Edit database.yml and specify the production database name, user name, and a password. These can be anything you like (_except_ <code>deploy</code>, which is a privileged account). Set the database host to <code>localhost</code>. The database and user will be created for you on the server. * 4) Capify <pre><code>cap --apply-to .</code></pre> * 5) Railsmachinify <pre><code>railsmachine --apply-to . --name my_app --domain my_domain.com</code></pre> Say Yes to overwrite deploy.rb. For domain, use the public URL for your server. You will need to [[AddingAHostToDNS|add this host to your domain]] in your DNS server. You can also use your_account.railsmachina.com if you don't have a domain yet. * 6) Setup Capistrano structure on server <pre><code>cap -a setup</code></pre> * 7) Setup Subversion *NOTE*: If you already have a Subversion repository, go to step 7b. * 7a) Create svn repository on server, import application, checkout working copy. <pre><code>cap -a setup_scm cd ../my_app_machine</code></pre> Continue to step 8 * 7b) Only if you already have a publicly accessible svn repository: Edit the line in your deploy.rb that begins "set :repository" . That's it. * 8) Create the database user and configure Apache and mongrel_cluster <pre><code>cap -a setup_servers</code></pre> * 9) Checkout the latest code on the server, symlink, and start mongrel_cluster <pre><code>cap -a cold_deploy</code></pre> * 10) Restart apache <pre><code>cap -a restart_web</code></pre> Now test it! Open a browser and hit your page! After making changes to your application, commit to Subversion and then update with: <pre><code>cap -a deploy</code></pre> Or, if you have new migrations: <pre><code>cap -a deploy_with_migrations</code></pre> 2008-08-01T08:55:11-04:00 428 DeploymentWithCapistrano1 false 1 2008-08-03T16:22:35-04:00 1 4 Our main data center is located in the Atlanta NAP in Atlanta, GA. Our premium bandwidth is a Route Science optimized BGP consisting of Telia, Global Crossing, Savvis, Level 3, and others. Peering is through the Atlanta Internet Exchange. Our data center is staffed 24/7 with technicians to handle hardware or network failures. 2008-08-01T08:55:09-04:00 409 AboutDataCenters 1 2008-08-03T16:19:08-04:00 2 For enhanced security, your Rails Machine does not allow root logins via ssh. To access the root account, login as deploy and run <code>sudo su -</code>. You can also login as a different user and run <code>su -</code>- you'll need to supply the root password. 2008-08-01T08:55:16-04:00 469 SshSecurity false 1 2008-08-03T16:15:42-04:00 1 3 Xen is an open-source virtualization solution. The Xen hypervisor acts as a thin layer between the hardware and the operating system, allowing multiple virtual servers to run simultaneously on a single physical server. Each virtual server acts independently of the others, with its own allocated area of RAM and virtual disks. For more information, see the Xen website, http://www.xensource.com/ 2008-08-01T08:55:18-04:00 487 WhatIsXen 1 2008-08-03T16:10:11-04:00 2 Removing a Rails application from your server is a relatively simple process. First, shut down your application's mongrel servers (from your local development machine) <pre><code>cap app:stop</code></pre> Now, in a shell on your Rails Machine VPS, do the following. Be warned, this will remove your SVN repository as well, so back that up (/var/www/apps/[yourapp]/repos) first if you need to keep it! <pre><code>sudo rm -rf /var/www/apps/[yourapp] sudo rm /etc/mongrel_cluster/[yourapp].conf sudo rm /etc/httpd/conf/apps/[yourapp].conf sudo /etc/init.d/httpd restart</code></pre> 2008-08-01T08:55:14-04:00 453 RemoveAnApplication false 1 2008-08-03T16:08:07-04:00 1 3 You can set your server's timezone by running this command: sudo cp /usr/share/zoneinfo/YOUR_ZONE_HERE /etc/localtime Want your server to be updated from network time servers? <pre><code>sudo su - yum install ntp chkconfig --levels 235 ntpd on ntpdate 0.pool.ntp.org /etc/init.d/ntpd start exit</code></pre> You can change the timeservers by editing /etc/ntp.conf 2008-08-01T08:55:15-04:00 464 SettingTheServerTimezone 1 2008-08-03T15:57:03-04:00 2 Before submitting a support request, it's a good idea to run through this checklist so that we can help you as quickly and efficiently as possible. h2. If your server is not reachable Check to see if the server responds to web, SSH, or ping requests. *If your server is not responding at all*, please "submit a new request":https://support.railsmachine.com/index.php?pg=request. We will investigate and get you back online as quickly as possible. *If you cannot SSH to your server, but it does respond to web or ping requests* then your server has probably run OutOfMemory and killed sshd. "Submit a new support request":https://support.railsmachine.com/index.php?pg=request along with your deploy password. We will restart the service for you. *If your application does not show up in your browser but you can log in through SSH*, check your application and mongrel logs to be sure everything is started properly. Try restarting Apache and your Mongrel cluster with Capistrano. <pre><code>cap app:restart web:restart</code></pre> Also, check the output of <code>dmesg</code> on the server to see if your server has run OutOfMemory and killed mongrels or http workers. h2. Application problems The first place to check is your production and mongrel logs. These will be located in /var/www/apps/your_app/shared/log <pre><code>cd /var/www/apps/my_app/shared/log tail -n 200 production.log cat mongrel.8000.log #check the logs for each mongrel instance </code></pre> Check any errors you see in these files. It may be that you forgot to install a gem required by your application. If you are getting an error message but aren't sure what it means, try searching for it in this wiki. If that fails, try googling it. More than likely someone else has run into the exact same problem and this will help you fix it even faster than putting in a support request. If you do need to put in a support request, let us know what you've tried so far and what errors you might have found. 2008-08-01T08:55:16-04:00 470 SupportRequestChecklist 1 2008-08-03T15:37:06-04:00 2 With the most recent version of Capistrano (2.3), you need to add this line to your deploy.rb: <pre>set :runner, 'deploy'</pre> Commit the change to subversion and redeploy. "Reference":http://groups.google.com/group/capistrano/browse_thread/thread/0d396a96d1946ba3 2008-08-01T08:55:10-04:00 419 CapErrorNoPasswdForApp 1 2008-08-03T15:15:32-04:00 2 It is very common to have a folder under your public directory where users can upload files- photos, documents, etc. You might be using attachment_fu or file_column to accomplish this. Since Capistrano checks out a fresh copy of your code each time, we want to make sure the uploaded files are still going to be there afterwards. Make sure you don't have those upload folders under version control, then uncomment and update this line in deploy.rb: <pre><code>set :app_symlinks, %w{photo document asset}</code></pre> Remember to commit your changes. The next time you deploy, the railsmachine gem will create folders under /var/www/apps/yourapp/shared/public and will create symlinks from your latest code to that location. 2008-08-01T08:55:09-04:00 416 AppSymlinksForUploadingToPublic 1 2008-08-03T15:01:25-04:00 2 There are couple of ways you can go about monitoring processes on your server. * You can use a "3rd party service":http://www.google.com/search?q=server+monitoring&ie=utf-8&oe=utf-8&aq=t&rls=com.ubuntu:en-US:official&client=firefox-a to alert you when your services are not available. * You can install [[RunningMonit|monit]], "god":http://god.rubyforge.org/, or another system on your server. 2008-08-01T08:55:13-04:00 446 MonitoringProcesses 1 2008-08-03T13:21:48-04:00 1 You can usually manage the DNS for your domain through the company you registered with. For instance, Go Daddy provides tool called "Total DNS". If your registrar does not provide DNS hosting, you might check out "DNS Made Easy":http://dnsmadeeasy.com. No matter who does your DNS, the steps are basically the same. Create a new "A Record" pointing the new host name to the IP address of your Rails Machine. When you create a record for yourdomain.com, don't forget to add one for "www"...in case your visitors still use that. If you need to check the IP address of your server, you can <code>ping</code> it, or use <code>host</code>, or run <code>ifconfig eth0</code> on the server itself. 2008-08-01T08:55:09-04:00 411 AddingAHostToDNS 1 2008-08-03T13:12:14-04:00 1 The first release of the Machinify gem lays the foundation for building stacks with different components and different platforms with a common interface. Tasks are included for installing Apache 2.2, Mongrel, mongrel_cluster, Rails, and mysql on Ubuntu Feisty Fawn. To get up and running, execute the following: <pre><code> sudo aptitude install -y ruby rubygems sudo gem update --system sudo gem install rake machinify machinify . rake stack:install </code></pre> If you need RMagick, you can run rake imagemagick:install. There are a number of tasks available for installing a single package, server role (web, app, db), and basic service management commands. Tasks include: <pre><code> rake apache:install # Installs apache with worker mpm rake apache:restart # Restarts the apache process rake imagemagick:install # Installs Image Magick and RMagick rake mongrel:cluster:install # Installs scripts for managing mongrel clusters rake mysql:client:install # Install mysql client and library rake mysql:server:install # Install mysql and ruby library rake mysql:server:restart # Restarts the mysql process rake rails:install # Installs rails rake stack:install # Installs a full web application stack rake svn:install # Installs Subversion revision control system </code></pre> In addition, there are package independent tasks that will be configurable in an upcoming release: <pre><code> rake web:install # Installs web server stack rake web:restart # Restarts the web server process rake db:client:install # Installs database client stack rake db:server:install # Installs database server stack </code></pre> Run @rake -T@ to see the full list. You can also create your own stacks with custom tasks. 2008-08-01T08:55:13-04:00 445 Machinify false 1 2008-08-01T13:03:16-04:00 1 3