Ruby on Rails VPS provisioning handbook

README.md

User

sudo useradd -D -s /bin/bash # This makes bash the default useradd shell
useradd app -m
usermod -aG sudo app

Add public key to authorized_keys

su - app
mkdir ~/.ssh
vim ~/.ssh/authorized_keys && paste the public key here

Login with the app user

ssh app@IP

PostgreSQL

sudo apt update
sudo apt install postgresql postgresql-contrib libpq-dev
sudo -i -u postgres
sudo -u postgres createuser -s app

.rbenv

sudo apt install git curl libssl-dev libreadline-dev zlib1g-dev autoconf bison build-essential libyaml-dev libreadline-dev libncurses5-dev libffi-dev libgdbm-dev
curl -fsSL https://github.com/rbenv/rbenv-installer/raw/HEAD/bin/rbenv-installer | bash
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
source ~/.bashrc
type rbenv
rbenv install 3.0.4

Nginx

sudo apt install nginx

Rails credentials file

EDITOR=vi RAILS_ENV=production bin/rails credentials:edit

Node

curl https://get.volta.sh | bash
volta install node

#Systemd

# /etc/systemd/user/myservice_puma.service
[Unit]
Description=Puma HTTP Server
After=network.target

[Service]
Type=simple
WorkingDirectory=/var/www/lussyshop.com/current
ExecStart=/home/app/.rbenv/bin/rbenv exec bundle exec puma -C ./config/puma.rb
Restart=always

[Install]
WantedBy=multi-user.target

Nginx config

upstream app {
        server unix:/var/www/lussyshop.com/shared/tmp/sockets/puma.sock fail_timeout=0;
}

server {
        listen 443 ssl;
        server_name lussyshop.com www.lussyshop.com;
        root /var/www/lussyshop.com/current/public;
        try_files $uri/index.html $uri @app;

        ssl_certificate /etc/letsencrypt/live/lussyshop.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/lussyshop.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

        location @app {
                proxy_pass http://app;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header Host $http_host;
                proxy_redirect off;
        }

        error_page 500 502 503 504 /500.html;
        client_max_body_size 4G;
        keepalive_timeout 10;
}

server {
        listen 80;
        server_name lussyshop.com www.lussyshop.com;

        if ($host = www.lussyshop.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot


        if ($host = lussyshop.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot
}