These configurations depends on capistrano. It deploys to a staging and a production environment. It uses:
- nginx with support for unicorn and passenger (both totally configurable).
- Bonus 1: one of the most secure nginx configuration regarding SSL, being capable of grade A at Qualys SSL Labs test
- Bonus 2: support for automatically starting a websocket server when using the gem websocket-rails and passenger.
- unicornherder, monitored by supervisord (runing its web interface at port 9001), to manage the unicorn instances
- delayed_job to run background processing, if the
use_delayed_job
flag is set indeploy.rb
. - monit (running its web interface at port 2812) to manage
the database (mysql or postgres, configurable), nginx
and to watch for the resource usage of unicorn instances and
all the previous services. Check each file under
recipes/templates/monit
for the resource limit of the services. - whenever and backup gems to backup the database, user uploaded files,
and logs. If the flag
backup
is set ondeploy.rb
. The script will do daily backups of the database and keep one week of dailies, one month of weeklies, and a year of monthlies. The uploaded files will be kept synced through RSync. Please, take a look at the backup model templates and customize them to match your needs if the options indeploy.rb
aren't enough, the backup gem is too complete and full of tools for us to parameterize everything in there. You can find its docs here. - logrotate to rotate the logs, either by size or time, if
rotate_log
is set indeploy.rb
. Size AND time conditions are yet not supported, because logrotate 3.81 is still not present in most Linux distributions. - installs paperclip-optimizer (a gem to losslessly compress every image uploaded through paperclip) dependencies if the flag is set in
deploy.rb
.
Before deploy to production, use the following gems:
-
brakeman: To mitigate the security problems
-
rack-mini-profiler: To mitigate database performance issues
-
simplecov: To mitigate missing tests
-
exception_notification: To warning about live errors on production
After create the VPS, with a ssh key exclusive for the projet (see below), you must follow this steps.
cd ~/.ssh
ssh-keygen -t rsa -C '<me@mail.com>'
If you have some locale error like:
locale: Cannot set LC_ALL to default locale: No such file or directory
Run:
echo "pt_BR.UTF-8 UTF-8" >> /var/lib/locales/supported.d/local && dpkg-reconfigure locales
apt-get -y update && apt-get -y upgrade
Create the staging environment. Just run the command above and make the necessary modifications for staging environment:
cp config/environments/production.rb config/environments/staging.rb
On the server:
adduser deploy --ingroup sudo
Get the password here
On your machine run:
ssh-copy-id -i ~/.ssh/id_rsa_<project>.pub deploy@<server>
Logged in as deploy user, run:
ssh git@gitlab.com
Add to your Gemfile (updating the versions):
gem 'unicorn', '~> 4.7.0'
group :development do
gem 'capistrano', '~> 2.15.5', require: false
end
Run bundle install
then run capify .
.
Uncomment the line load 'deploy/assets'
on the Capfile
. Then copy all files
of this project to config dir, except the Capfile, that should be copied to
the rails root path.
Remember to choose a database (mysql or postgresql) and set wether you use SSL
or not in the deploy.rb
file and all the other project specific settings in
there.
Ajust the recipe project_dependencies for your project needs
Before install, you must check if your new ssh-key is added:
ssh-add -L
If you don't see your key, you can add typing the following command:
ssh-add <path_to_key>
Then, you are able to install:
cap <environment> deploy:install
cap <environment> deploy:setup
secret_key_base
atconfig/secrets.yml
cap <environment> deploy:cold
sudo apt-get install sendmail
After that, just run cap <environment> deploy
.