This is bash script which creates virtual box prepared to run Ruby On Rails web server.

rails-thin-vbox-bash-friends

#!/bin/bash
# set up your server
# ssh [email protected] < rails-vbox
#
# set up vagrant box
# vagrant up
# vagrant ssh < rails-vbox

export DOMAIN='example.com'
export HOSTNAME='mail.example.com'

export SYSTEM_USER='rails'
export SYSTEM_GROUP='rails'
export SYSTEM_PASSWORD='password'
export SYSTEM_HOME=/home/${SYSTEM_USER}

export RAILS_ENV='staging'
export RAILS_BASE_DIR=${SYSTEM_HOME}/${RAILS_ENV}

export POSTGRESQL_DB="${SYSTEM_USER}_${RAILS_ENV}"
export POSTGRESQL_USER=${SYSTEM_USER}
export POSTGRESQL_PASSWORD='rdeveloper'

export SSH_AUTHORIZED_KEYS='ssh-rsa public-key-here [email protected]'
export SSH_CONFIG=$(cat <<EndOfString
Host git.ithouse.lv
    Port 2204
    Hostname 92.240.69.3
EndOfString
)

MONIT_ALERT_EMAIL='[email protected]'
MONIT_PROJECT='Rails New Project'

# update the apt-get
sudo apt-get -q -y update --fix-missing

###########################################################################
# Postfix mailer
###########################################################################
sudo DEBIAN_FRONTEND=noninteractive apt-get -q -y install postfix
POSTFIX_MAIN_CF=$(cat <<EndOfString
smtpd_banner = \$myhostname ESMTP \$mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:\${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:\${data_directory}/smtp_scache
myhostname = ${HOSTNAME}
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = ${HOSTNAME}, localhost.localdomain, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
EndOfString
)
echo "${POSTFIX_MAIN_CF}" | sudo tee /etc/postfix/main.cf > /dev/null

sudo /etc/init.d/postfix restart

###########################################################################
# redis
###########################################################################
sudo apt-get -q -y install redis-server libhiredis-dev
sudo /etc/init.d/redis-server restart

###########################################################################
# firewall
###########################################################################
sudo ufw status verbose

###########################################################################
# imagemagick
###########################################################################
sudo apt-get -q -y install imagemagick

###########################################################################
# Postgres database server
###########################################################################
sudo apt-get -q -y install postgresql-9.1 postgresql-client-9.1 postgresql-contrib-9.1 postgresql-server-dev-9.1
# UNIX user rails_web will connnect to DB rails_web without password promt
sudo -u postgres psql -c "CREATE USER ${POSTGRESQL_USER} WITH PASSWORD '${POSTGRESQL_PASSWORD}' CREATEDB"
sudo -u postgres psql -c "CREATE DATABASE ${POSTGRESQL_DB} WITH OWNER ${POSTGRESQL_USER}"


###########################################################################
# Ruby system wide
###########################################################################
sudo apt-get -q -y install git-core curl build-essential zlib1g zlib1g-dev libssl-dev openssl autoconf libc6-dev ncurses-base libtool bison ca-certificates libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev
#sudo apt-get -q -y install libreadline5 libreadline5-dev libreadline6 libreadline6-dev
sudo apt-get -q -y install libreadline-gplv2-dev lib64readline-gplv2-dev
sudo apt-get -q -y install ruby1.9.1-dev
sudo gem install rake bundler pg
# thin web server
sudo gem install thin

###########################################################################
# nginx config
###########################################################################
sudo apt-get -q -y install nginx
sudo rm /etc/nginx/conf.d/default.conf
sudo rm /etc/nginx/conf.d/example_ssl.conf
sudo mkdir -p /etc/nginx/sites-enabled/
sudo mkdir -p /etc/nginx/sites-available/
NGINX_CONF=$(cat <<EndOfString

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}
EndOfString
echo ${NGINX_CONF} | sudo tee /etc/nginx/nginx.conf > /dev/null

THIN_NGINX=<<EndOfString
upstream rails_${RAILS_ENV} {
    server unix:/tmp/thin.${RAILS_ENV}.0.sock;
    server unix:/tmp/thin.${RAILS_ENV}.1.sock;
}

server {
    listen 80;
    server_name _;

    # Redirects www subdomain to non-subdomain
    if (\$host ~* www\.(.*)) {
        set \$host_without_www \$1;
        rewrite ^(.*)\$ \$scheme://\$host_without_www\$1 permanent;
    }

    access_log  /var/log/nginx/${RAILS_ENV}_access.log main;
    error_log /var/log/nginx/${RAILS_ENV}_errors.log error;

    proxy_set_header Host \$http_host;
    proxy_set_header X-Real-IP \$remote_addr;
    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto \$scheme;

    # Increase the maximum file upload size to 20MB
    client_max_body_size 20m;

    root ${SYSTEM_HOME}/${RAILS_ENV}/current/public;

    location / {
        try_files \$uri /maintenance.html @dynamic_content;
    }

    location @dynamic_content {
        gzip on;
        proxy_pass http://rails_${RAILS_ENV};
    }

    location ~ ^/assets/ {
        gzip_static on; # to serve pre-gzipped version
        expires max;
        add_header Cache-Control public;
    }

    location ~ ^/uploads/ {
        expires max;
        add_header Cache-Control public;
    }
}
EndOfString
)
echo "${THIN_NGINX}" | sudo tee /etc/nginx/sites-available/${RAILS_ENV}.conf > /dev/null

sudo ln -s /etc/nginx/sites-available/${RAILS_ENV}.conf /etc/nginx/sites-enabled/${RAILS_ENV}.conf
sudo /etc/init.d/nginx restart


###########################################################################
# monit
###########################################################################
sudo apt-get -q -y install monit
MONITRC=$(cat <<EndOfString
set daemon 120            # check services at 2-minute intervals
set logfile /var/log/monit.log
set idfile /var/lib/monit/id
set statefile /var/lib/monit/state
set mailserver localhost port 25    # mailserver must be correctly configured
set eventqueue
     basedir /var/lib/monit/events # set base dir where events will be stored
     slots 100                     # optionally limit the queue size
set alert ${MONIT_ALERT_EMAIL}  # receive all alerts
set httpd port 2812 and
   use address localhost  # only accept connection from localhost
   allow localhost        # allow localhost to connect to the server and
   allow admin:monit      # require user 'admin' with password 'monit'
   allow @monit           # allow users of group 'monit' to connect (rw)
include /etc/monit/conf.d/*
GROUP thin_${RAILS_ENV}
set mail-format { subject: ${MONIT_PROJECT} \$SERVICE \$EVENT at \$DATE }
EndOfString
)
echo "${MONITRC}" | sudo tee /etc/monit/monitrc > /dev/null

# monit -g thin_staging status
THIN_MONIT=$(cat <<EndOfString
check process thin.${RAILS_ENV}.0
    with pidfile ${RAILS_BASE_DIR}/shared/pids/thin.0.pid
    alert ${MONIT_ALERT_EMAIL} only on { timeout, nonexist }
    start program = "/usr/local/bin/thin start -C ${RAILS_BASE_DIR}/shared/config/thin_cluster.yml"
        as uid ${SYSTEM_USER} and gid ${SYSTEM_GROUP}
    stop program = "/usr/local/bin/thin stop -C ${RAILS_BASE_DIR}/shared/config/thin_cluster.yml"
        as uid ${SYSTEM_USER} and gid ${SYSTEM_GROUP}
    if totalmem > 200 MB for 4 cycles then restart
    if cpu > 90% for 4 cycles then restart
    if loadavg(5min) > 10 for 8 cycles then restart
    group thin_${RAILS_ENV}

check process thin.${RAILS_ENV}.1
    with pidfile ${RAILS_BASE_DIR}/shared/pids/thin.1.pid
    alert ${MONIT_ALERT_EMAIL} only on { timeout, nonexist }
    start program = "/usr/local/bin/thin start -C ${RAILS_BASE_DIR}/shared/config/thin_cluster.yml"
        as uid ${SYSTEM_USER} and gid ${SYSTEM_GROUP}
    stop program = "/usr/local/bin/thin stop -C ${RAILS_BASE_DIR}/shared/config/thin_cluster.yml"
        as uid ${SYSTEM_USER} and gid ${SYSTEM_GROUP}
    if totalmem > 200 MB for 4 cycles then restart
    if cpu > 90% for 4 cycles then restart
    if loadavg(5min) > 10 for 8 cycles then restart
    group thin_${RAILS_ENV}

EndOfString
)
echo "${THIN_MONIT}" | sudo tee /etc/monit/conf.d/thin.${RAILS_ENV}.monit > /dev/null

###########################################################################
# logrotate
###########################################################################
sudo apt-get -q -y install logrotate
THIN_LOGROTATE=$(cat <<EndOfString
${RAILS_BASE_DIR}/current/log/*.log {
    daily
    rotate 10
    copytruncate
    delaycompress
    compress
    notifempty
    missingok
    size=100M
    create 640 ${SYSTEM_USER} ${SYSTEM_GROUP}
    postrotate
        monit -g thin_${RAILS_ENV} restart
    endscript 
}
EndOfString
)
echo "${THIN_LOGROTATE}" | sudo tee /etc/logrotate.d/thin_${RAILS_ENV} > /dev/null

###########################################################################
# User for rails
###########################################################################
cat > /tmp/rails-user <<EndOfRailsUserFile
#!/bin/bash
# turn back home for rails
export HOME=${SYSTEM_HOME}

mkdir ~/.ssh
touch ~/.ssh/authorized_keys
echo "${SSH_AUTHORIZED_KEYS}" >> ~/.ssh/authorized_keys
touch ~/.ssh/config
echo "${SSH_CONFIG}">> ~/.ssh/config
chmod 0700 ~/.ssh
chmod 0600 ~/.ssh/authorized_keys
chmod 0600 ~/.ssh/config
# ssh keys
ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa -q


# add user's ssh public key in git.ithouse.lv
cat ~/.ssh/id_rsa.pub

mkdir -p ${RAILS_BASE_DIR}/shared/config
cat > ${RAILS_BASE_DIR}/shared/config/thin_cluster.yml <<EndOfString
---
pid: tmp/pids/thin.pid
address: 0.0.0.0
timeout: 30
wait: 60
socket: /tmp/thin.${RAILS_ENV}.sock
log: log/thin.log
max_conns: 1024
require: []                                                                                                                                     
environment: ${RAILS_ENV}
max_persistent_conns: 512
servers: 2
daemonize: true
chdir: ${RAILS_BASE_DIR}/current
EndOfString

cat > ${RAILS_BASE_DIR}/shared/config/database.yml <<EndOfString
${RAILS_ENV}:
  encoding: utf8
  adapter: postgresql
  host: localhost
  database: ${POSTGRESQL_DB}
  username: ${POSTGRESQL_USER}
  password: ${POSTGRESQL_PASSWORD}
EndOfString
EndOfRailsUserFile

sudo groupadd ${SYSTEM_GROUP}
sudo useradd ${SYSTEM_USER} -d ${SYSTEM_HOME} -m -g ${SYSTEM_GROUP} -s /bin/bash -p "encrypted-password"
echo "${SYSTEM_USER}:${SYSTEM_PASSWORD}" | sudo chpasswd # Eternal Sin.
sudo install -o ${SYSTEM_USER} -g ${SYSTEM_GROUP} -m 0744 -D /tmp/rails-user ${SYSTEM_HOME}/bin/rails-user
sudo -u ${SYSTEM_USER} ${SYSTEM_HOME}/bin/rails-user

sudo /etc/init.d/monit restart