Welcome back. This series is going through the process of setting up a scalable production VPS for a ruby on rails app, from a non-sysadmin perspective. The first post is here.

Setting up Sudo

So last time we had a root login, and we’d created a non-root user for day to day use. Obviously we’re going to have a lot of tasks that require root access, we want this user to be able to execute commands as root, providing they enter their password, which is what the sudo command does.

On our cut down Ubuntu installation, sudo is not installed by default. Logged in as root, perform the following.

  apt-get update
  apt-get dist-upgrade
  apt-get install sudo
  visudo

The first line above updates our local directory of available software, followed by an upgrade of any packages that have changed since our version of Ubuntu. Then “apt-get install” installs the new software package sudo. Apt-get is the debian (and thus Ubuntu) package management system. It grabs software, and resolves dependencies, and makes the world a bright shiny place. We’ll be using it a lot today.

Once sudo is installed, the visudo command brings up a file which you can edit, allowing you to add your new user to the list of people who can use sudo. Add the following line to the file (replacing YOUR_USER with your non-root username):

  YOUR_USER ALL=(ALL) ALL

After that, test it out. Log in as YOUR_USER, and try prefixing a command with sudo, such as “sudo ps”. It should ask for YOUR_USER’s password the first time you do this for each session.

Using SSH keys

For increased security, it’s really recommended that you use ssh keys, rather than just passwords. If your local development machine is a *nix box of some sort (including a mac), then this is really straightforward. It’s basically a case of creating a private and public key pair locally, and then putting the public key on the server. This is described well elsewhere, so I suggest that you follow the instructions here:

http://www.ece.uci.edu/~chou/ssh-key.html

And then come back. You probably have SSH version 2. Unlike the article above, however, I strongly suggest setting a passphrase for your key (the article linked above just presses return, you aren’t going to be that silly). You should also ensure that the authorized_keys file has the minimum necessary permissions. Logged in as YOUR_USER, perform:

  chmod 0700 ~/.ssh
  chmod 0600 ~/.ssh/authorized_keys

When this is done, make sure that you can login as YOUR_USER, and you should only be asked for your ssh key passphrase locally, not your password. If everything is working fine, you can turn off passwords completely, meaning that you need your ssh key to login (so make a backup of it). You can also turn off external root logins (since we can use sudo).

In the file, /etc/ssh/sshd_config, set the following values:

  PasswordAuthentication no
  UsePAM no
  UseDNS no
  PermitRootLogin no

Installing Ruby and Rails

Now, this is an area that is very well documented. The best source of information, full of nice wordy explanations (much like this article), is on the rails wiki here:

http://wiki.rubyonrails.org/rails/pages/RailsOnUbuntu

I encourage you to go and read it, because I’m not going to repeat it all here. You can skip the SSL support and ImageMagick sections, unless you’re are using those libraries. Where the article has two alternatives, being “the proper way”, and “the recommended way”, I also recommend that you use “the recommended way”, which is to install rails using gems rather than debian packages.

As a quick reference, below is a summary of the steps to perform, taken directly from that guide.

Uncomment the following two lines from /etc/apt/sources.list (requires sudo).

  # deb http://archive.ubuntu.com/ubuntu/ dapper universe
  # deb-src http://archive.ubuntu.com/ubuntu/ dapper universe  # deb http://security.ubuntu.com/ubuntu dapper-security universe
  # deb-src http://security.ubuntu.com/ubuntu dapper-security universe

Execute the following commands.

  sudo apt-get update
  sudo apt-get install ruby irb ri rdoc ruby1.8-dev build-essential
  wget http://rubyforge.org/frs/download.php/11289/rubygems-0.9.0.tgz
  tar xzf rubygems-0.9.0.tgz
  cd rubygems-0.9.0
  sudo ruby setup.rb
  sudo gem update
  sudo gem install rails —include-dependencies

There you are, you should have rails working and installed. If you hit any problems, have a look at the actual wiki article, as I left out all the discussion in my quick cut and paste.

Installing MySQL

I’m no expert on the pros and cons of various databases, and so mysql is still my database of choice, mainly due to its ubiquitousness rather than any more well informed reason.

To install:

  sudo apt-get install libmysql-ruby mysql-server

Coming up Next

We’ll get our rails application running on a high port with a single mongrel process, to test that everything works. Also, we’ll talk a bit about good places to install such things, and we’ll make sure that we can deploy and upgrade our application with Capistrano.

Credits

I’m not actually responsible for most of the recipes above. Technical proof-reading has been supplied by my colleague Mike Bailey. Articles referenced include Mike’s currently unreleased rails setup recipes, and the following great wiki pages.

http://wiki.rubyonrails.org/rails/pages/RailsOnUbuntu
http://wiki.slicehost.com/doku.php?id=slice_setup_from_onrails.org