sudo yum group install "Development Tools"
sudo yum install openssl-devel libcurl-devel
sudo mkdir -p /opt/rails/mycoolapp/shared
sudo chcon -R -h -t httpd_sys_content_t /opt/rails/
sudo useradd nginx
sudo chown -R nginx:nginx /opt/rails
sudo su - nginx
git clone https://github.com/rbenv/rbenv.git ~/.rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
echo 'eval "$(rbenv init -)"' >> ~/.bash_profile
exit
sudo su - nginx
mkdir -p "$(rbenv root)"/plugins
git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build
git clone https://github.com/maljub01/rbenv-bundle-exec.git ~/.rbenv/plugins/rbenv-bundle-exec
git clone https://github.com/sstephenson/rbenv-gem-rehash.git ~/.rbenv/plugins/rbenv-gem-rehash
rbenv install 2.7.1
In order to avoid headaches with SELinux, we'll install NGINX/Passenger with yum instead of using the generic installation method. This ensures all of our labels and such are set properly for us.
Follow the instructions here: https://www.phusionpassenger.com/docs/advanced_guides/install_and_upgrade/nginx/install/oss/el8.html
Don't forget to enable NGINX after you install it.
sudo systemctl enable nginx
/etc/nginx/conf.d/passenger.conf
passenger_root /usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini;
passenger_ruby /home/nginx/.rbenv/versions/2.7.1/bin/ruby;
passenger_instance_registry_dir /var/run/passenger-instreg;
/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
error_page 500 502 503 504 /50x.html;
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name mycoolapp.example.com;
root /opt/rails/mycoolapp/current/public;
passenger_enabled on;
rails_env production;
}
}
mkdir /opt/rails/mycoolapp/shared/log
touch /opt/rails/mycoolapp/shared/log/production.log
sudo chcon --reference /var/log/nginx/access.log /opt/rails/mycoolapp/shared/log/production.log
chmod 700 /opt/rails/mycoolapp/shared/log/production.log
Set your deployment configuration to symlink to the persistent logfile. Using Capistrano, for example:
execute :ln, '-s', shared_path.join("log/#{fetch(:stage)}.log"), release_path.join("log/#{fetch(:stage)}.log")
Ideally you should use Let's Encrypt to set up your SSL. The details of this step should prove useful for applications running on internal servers that need to sign their own certificates.
sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/mycoolapp.key -out /etc/nginx/ssl/mycoolapp.crt
sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
sudo chcon -R --reference /etc/nginx/nginx.conf /etc/nginx/ssl/
sudo chmod 700 /etc/nginx/ssl/
Update your server configuration in /etc/nginx/nginx.conf:
server {
listen 80;
listen 443 ssl;
server_name mycoolapp.example.com;
root /var/rails/mycoolapp/current/public;
passenger_enabled on;
rails_env production;
ssl_certificate /etc/nginx/ssl/mycoolapp.crt;
ssl_certificate_key /etc/nginx/ssl/mycoolapp.key;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
}
sudo yum install mariadb-server mariadb-devel
sudo systemctl start mariadb
sudo systemctl enable mariadb
/usr/bin/mysql_secure_installation
mysql -uroot -p
create database mycoolapp_production;
create user 'mycoolapp'@'localhost' identified by 'strongPassword123';
grant all on mycoolapp_production.* to 'mycoolapp'@'localhost';
flush privileges;