capistrano3-ubuntu-server-prepare 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c1fe1f7b1282af103530abc20eafec876fdcbdf1
+  data.tar.gz: 95cbd7717c834ec58b8dbde21b37fc631ae2659b
+SHA512:
+  metadata.gz: 04efad9be18d41106de0be0deb33f94050ac739a8935279304ba01d11e0edc1a2e3b34e65d60db41702bb0e9c1fe1a17cb91d71b64b8ea5b9e356f44ba01ede0
+  data.tar.gz: 25bda5d0620e33d84b370f0de30b92c16065af5dbf0e86a930cc3b96add93c55dfc1c886c5c2a693d79c5b322512509f1171f25fe437c93f414e354c60437fb0

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in capistrano-ubuntu-server-prepare.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 goooseman
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,176 @@
+# capistrano3-ubuntu-server-prepare
+
+This Capistrano (v3) task helps you to configure your blank ubuntu server before your first  deploy.
+
+It can:
+* Make SSH more secure ('PermitRootLogin no', 'UseDNS no', 'AllowUsers username' SSH settings)
+* Make swap (It asks for the size, default is 512k)
+* Update and upgrade your server
+* Install NGINX from source with or without Pagespeed module
+* Install PostgreSQL and create user (It asks for db username and password)
+* Install Redis
+* Install RVM with latest Ruby, Rails and Bundler
+* Copy your private ssh key (so you can login to your private git repo like BitBucket from the server)
+* Install imagemagick (Needed by Paperclip)
+* Install any additional Ubuntu packages (It asks which exactly)
+
+You can run configuration wizard, which will ask you what to do and for some additional settings, and will do all the work, so you can go and drink some coffee. Or you can look at the source and run any of the tasks on its own.
+
+Note! It requires nginx, redis and unicorn config files in 'config/production' folder of your project. You can get them by running ``` rake ubuntu_server_prepare:copy_config ```
+
+**Attention!** My nginx and unicorn configuration files are made for your application running from /var/www/application/current. So add ``` set :application, 'application' ``` to your ``` config/deploy.rb ``` before first deploy or edit the configs.
+
+For a complete usage instructions see [usage](#usage)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+group :development do
+	gem 'capistrano'
+	gem 'capistrano3-ubuntu-server-prepare'
+end
+```
+
+And then execute:
+
+    $ bundle
+
+Run
+``` ruby
+ rake ubuntu_server_prepare:copy_config
+```
+ and edit config files in ``` config/production ```
+
+ Add
+``` ruby
+require 'capistrano3/ubuntu-server-prepare'
+```
+to your ``` Capfile ``` (If non exists run ``` cap install ```).
+
+
+## Usage
+
+Just imagine: you have some blank Ubuntu server. All you need to do manually is creating not root user, ``` visudo```ing it and copying ssh keys, so you can login from your local machine without password.
+
+  So login as root to your server and do the following:
+
+* ``` adduser deployer ``` (name can be anything)
+* ``` echo "deployer ALL=(ALL) ALL" >> /etc/sudoers ``` (change deployer to your name)
+
+On your local machine:
+
+* ``` ssh-copy-id deployer@111.111.111.111 ``` (change deployer to your username and 111.111.111.111 to your server ip)
+* Add
+``` ruby
+group :development do
+	gem 'capistrano'
+	gem 'capistrano3-ubuntu-server-prepare'
+end
+```
+to your project ``` Gemfile ```
+* Run ``` bundle install ``` from your project folder
+* Run ``` rake ubuntu_server_prepare:copy_config ```
+* Edit ``` config/production ``` config files, if you want
+* Add ``` require 'capistrano3/ubuntu-server-prepare' ``` to your ``` Capfile ``` (``` cap install ``` if there isn't any)
+* Be sure that line ``` require 'capistrano/rvm' ``` in your ``` Capfile ``` is commented.You can uncomment it after the process finishes.
+* Edit ``` config/deploy/production.rb ``` so the only uncommented line will looks like
+``` ruby
+server '111.111.111.111', user: 'deployer', roles: %w{web app db}
+```
+* Run ``` cap production ubuntu_server_prepare ``` to run configuration wizard
+* Answer all the questions and go to drink some coffee
+
+**Attention!** My nginx and unicorn configuration files are made for your application running from /var/www/application/current. So add ``` set :application, 'application' ``` to your ``` config/deploy.rb ``` before first deploy or edit the configs.
+
+## What to do next?
+
+So your server is configured, what to do next? How to deploy your app? OK, it is really easy:
+
+* Be sure that settings for production are right in ``` db/database.yml ```
+* Open your ``` Gemfile ``` and be sure you have these gems:
+``` ruby
+group :development do
+	gem 'capistrano'
+	gem 'capistrano-rails'
+	gem 'capistrano-bundler'
+	gem 'capistrano3-unicorn'
+	gem 'capistrano-rvm'
+	gem 'capistrano3-ubuntu-server-prepare'
+	gem 'capistrano3-git-push'
+end
+group :production do
+	gem 'unicorn'
+end
+```
+* Open your ``` Capfile ``` and be sure you have these lines:
+``` ruby
+# Load DSL and set up stages
+require 'capistrano/setup'
+
+# Include default deployment tasks
+require 'capistrano/deploy'
+require 'capistrano3/ubuntu-server-prepare'
+require 'capistrano3/unicorn'
+require 'capistrano3/git-push'
+require 'capistrano/rvm'
+require 'capistrano/bundler'
+require 'capistrano/rails'
+```
+* Open ``` config/deploy.rb ``` and paste your git server address in ``` set :repo_url ``` (You can use [BitBucket](https://bitbucket.org) for a good free private repository)
+* Add
+``` ruby
+set :unicorn_config_path, "#{current_path}/config/production/unicorn/unicorn.rb"
+```
+* Add
+``` ruby
+set :linked_dirs, fetch(:linked_dirs, []).push('bin', 'log', 'tmp/pids', 'tmp/cache', 'tmp/sockets', 'vendor/bundle', 'public/system')
+```
+
+* Add
+``` ruby
+  task :setup do
+    before "deploy:migrate", :create_db
+    invoke :deploy
+  end
+
+  task :create_db do
+    on roles(:all) do
+      within release_path do
+        with rails_env: fetch(:rails_env) do
+          execute :rake, "db:create"
+        end
+      end
+    end
+  end
+```
+right after ``` namespace :deploy do ``` line
+* Add
+``` ruby
+before :deploy, 'git:push'
+before 'deploy:setup', 'git:push'
+
+after 'deploy:publishing', 'deploy:restart'
+namespace :deploy do
+  task :restart do
+    invoke 'unicorn:legacy_restart'
+  end
+end
+```
+to the end of the file
+* Run ``` cap production deploy:setup ``` for the first time (it will run rake db:create), next times use ``` cap production deploy ```
+
+## Folder Structure
+```
+/usr/local/nginx/conf/nginx.conf # NGINX conf
+/etc/redis/ # Redis conf
+/var/www/
+-- log/ # Nginx and Redis log files here
+-- run/ # Nginx and Redis pid files here
+-- application/
+---- current/ # Your Rails app
+------ log/ # Rails and Unicorn log file here
+------ tmp/pids/ # Unicorn pid files here
+------ tmp/sockets/ # Unicorn socket files here
+```

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/capistrano-ubuntu-server-prepare.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = "capistrano3-ubuntu-server-prepare"
+  spec.version       = "0.0.1"
+  spec.authors       = ["goooseman"]
+  spec.email         = ["inbox@goooseman.ru"]
+  spec.summary       = "A task for Capistrano v3 to prepare Ubuntu 14.04 server for first deployment"
+  spec.description   = "Can install nginx, ngx_pagespeed, postgreSQL, Redis, RVM, Ruby, Rails, Bundler"
+  spec.homepage      = "http://github.com/goooseman/capistrano3-ubuntu-server-prepare"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "highline"
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_runtime_dependency 'capistrano', '~> 3.1', '>= 3.1.0'
+end

data/config/production/nginx/nginx.conf

@@ -0,0 +1,136 @@
+user nginx web;
+
+pid /var/www/run/nginx.pid;
+error_log /var/www/log/nginx.error.log;
+
+events {
+  worker_connections 1024; # increase if you have lots of clients
+  accept_mutex off; # "on" if nginx worker_processes > 1
+  use epoll; # enable for Linux 2.6+
+  # use kqueue; # enable for FreeBSD, OSX
+}
+
+http {
+  # nginx will find this file in the config directory set at nginx build time
+  include mime.types;
+  types_hash_max_size 2048;
+  server_names_hash_bucket_size 64;
+  # fallback in case we can't determine a type
+  default_type application/octet-stream;
+
+  # click tracking!
+  access_log /var/www/log/nginx.access.log combined;
+
+  # you generally want to serve static files with nginx since neither
+  # Unicorn nor Rainbows! is optimized for it at the moment
+  sendfile on;
+
+  tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
+  tcp_nodelay off; # on may be better for some Comet/long-poll stuff
+
+  # we haven't checked to see if Rack::Deflate on the app server is
+  # faster or not than doing compression via nginx.  It's easier
+  # to configure it all in one place here for static files and also
+  # to disable gzip for clients who don't get gzip/deflate right.
+  # There are other gzip settings that may be needed used to deal with
+  # bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule
+  gzip on;
+  gzip_http_version 1.0;
+  gzip_proxied any;
+  gzip_min_length 0;
+  gzip_vary on;
+  gzip_disable "MSIE [1-6]\.";
+  gzip_proxied expired no-cache no-store private auth;
+  gzip_comp_level 9;
+  gzip_types text/plain text/xml text/css
+             text/comma-separated-values
+             text/javascript application/x-javascript
+             application/atom+xml;
+
+  # this can be any application server, not just Unicorn/Rainbows!
+  upstream app_server {
+    server unix:/var/www/application/current/tmp/sockets/.unicorn.sock fail_timeout=0;
+  }
+
+  server {
+
+
+
+    charset utf-8;
+    # enable one of the following if you're on Linux or FreeBSD
+    listen 80 default deferred; # for Linux
+    # listen 80 default accept_filter=httpready; # for FreeBSD
+
+    # If you have IPv6, you'll likely want to have two separate listeners.
+    # One on IPv4 only (the default), and another on IPv6 only instead
+    # of a single dual-stack listener.  A dual-stack listener will make
+    # for ugly IPv4 addresses in $remote_addr (e.g ":ffff:10.0.0.1"
+    # instead of just "10.0.0.1") and potentially trigger bugs in
+    # some software.
+    # listen [::]:80 ipv6only=on; # deferred or accept_filter recommended
+
+    client_max_body_size 4G;
+    server_name _;
+
+    # ~2 seconds is often enough for most folks to parse HTML/CSS and
+    # retrieve needed images/icons/frames, connections are cheap in
+    # nginx so increasing this is generally safe...
+    keepalive_timeout 5;
+
+    # path for static files
+    root /var/www/application/current/public;
+
+    # Prefer to serve static files directly from nginx to avoid unnecessary
+    # data copies from the application server.
+    #
+    # try_files directive appeared in in nginx 0.7.27 and has stabilized
+    # over time.  Older versions of nginx (e.g. 0.6.x) requires
+    # "if (!-f $request_filename)" which was less efficient:
+    # http://bogomips.org/unicorn.git/tree/examples/nginx.conf?id=v3.3.1#n127
+    try_files $uri/index.html $uri.html $uri @app;
+
+    location ~ ^/(assets)/  {
+      root /var/www/application/current/public;
+
+      expires max;
+      add_header Cache-Control public;
+    }
+    location @app {
+      # an HTTP header important enough to have its own Wikipedia entry:
+      #   http://en.wikipedia.org/wiki/X-Forwarded-For
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+      # enable this if you forward HTTPS traffic to unicorn,
+      # this helps Rack set the proper URL scheme for doing redirects:
+      # proxy_set_header X-Forwarded-Proto $scheme;
+
+      # pass the Host: header from the client right along so redirects
+      # can be set properly within the Rack application
+      proxy_set_header Host $http_host;
+
+      # we don't want nginx trying to do something clever with
+      # redirects, we set the Host: header above already.
+      proxy_redirect off;
+
+      # set "proxy_buffering off" *only* for Rainbows! when doing
+      # Comet/long-poll/streaming.  It's also safe to set if you're using
+      # only serving fast clients with Unicorn + nginx, but not slow
+      # clients.  You normally want nginx to buffer responses to slow
+      # clients, even with Rails 3.1 streaming because otherwise a slow
+      # client can become a bottleneck of Unicorn.
+      #
+      # The Rack application may also set "X-Accel-Buffering (yes|no)"
+      # in the response headers do disable/enable buffering on a
+      # per-response basis.
+      # proxy_buffering off;
+
+      proxy_pass http://app_server;
+    }
+
+    # Rails error pages
+    error_page 500 502 503 504 /500.html;
+    location = /500.html {
+      root /var/www/application/current/public;
+    }
+  }
+}

data/config/production/nginx/nginx_with_pagespeed.conf

@@ -0,0 +1,160 @@
+user nginx web;
+
+pid /var/www/run/nginx.pid;
+error_log /var/www/log/nginx.error.log;
+
+events {
+  worker_connections 1024; # increase if you have lots of clients
+  accept_mutex off; # "on" if nginx worker_processes > 1
+  use epoll; # enable for Linux 2.6+
+  # use kqueue; # enable for FreeBSD, OSX
+}
+
+http {
+  # nginx will find this file in the config directory set at nginx build time
+  include mime.types;
+  types_hash_max_size 2048;
+  server_names_hash_bucket_size 64;
+  # fallback in case we can't determine a type
+  default_type application/octet-stream;
+
+  # click tracking!
+  access_log /var/www/log/nginx.access.log combined;
+
+  # you generally want to serve static files with nginx since neither
+  # Unicorn nor Rainbows! is optimized for it at the moment
+  sendfile on;
+
+  tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
+  tcp_nodelay off; # on may be better for some Comet/long-poll stuff
+
+  # we haven't checked to see if Rack::Deflate on the app server is
+  # faster or not than doing compression via nginx.  It's easier
+  # to configure it all in one place here for static files and also
+  # to disable gzip for clients who don't get gzip/deflate right.
+  # There are other gzip settings that may be needed used to deal with
+  # bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule
+  gzip on;
+  gzip_http_version 1.0;
+  gzip_proxied any;
+  gzip_min_length 0;
+  gzip_vary on;
+  gzip_disable "MSIE [1-6]\.";
+  gzip_proxied expired no-cache no-store private auth;
+  gzip_comp_level 9;
+  gzip_types text/plain text/xml text/css
+             text/comma-separated-values
+             text/javascript application/x-javascript
+             application/atom+xml;
+
+  # this can be any application server, not just Unicorn/Rainbows!
+  upstream app_server {
+    server unix:/var/www/application/current/tmp/sockets/.unicorn.sock fail_timeout=0;
+  }
+
+  server {
+    # PageSpeed
+    pagespeed on;
+    pagespeed FileCachePath /var/ngx_pagespeed_cache;
+    location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" {
+      add_header "" "";
+    }
+    location ~ "^/ngx_pagespeed_static/" { }
+    location ~ "^/ngx_pagespeed_beacon$" { }
+    location /ngx_pagespeed_statistics {
+      allow 127.0.0.1; allow 5.228.169.73; deny all;
+    }
+    location /ngx_pagespeed_global_statistics {
+      allow 127.0.0.1; allow 5.228.169.73; deny all;
+    }
+    pagespeed MessageBufferSize 100000;
+    location /ngx_pagespeed_message {
+      allow 127.0.0.1; allow 5.228.169.73; deny all;
+    }
+    location /pagespeed_console {
+      allow 127.0.0.1; allow 5.228.169.73; deny all;
+    }
+
+
+
+
+
+
+    charset utf-8;
+    # enable one of the following if you're on Linux or FreeBSD
+    listen 80 default deferred; # for Linux
+    # listen 80 default accept_filter=httpready; # for FreeBSD
+
+    # If you have IPv6, you'll likely want to have two separate listeners.
+    # One on IPv4 only (the default), and another on IPv6 only instead
+    # of a single dual-stack listener.  A dual-stack listener will make
+    # for ugly IPv4 addresses in $remote_addr (e.g ":ffff:10.0.0.1"
+    # instead of just "10.0.0.1") and potentially trigger bugs in
+    # some software.
+    # listen [::]:80 ipv6only=on; # deferred or accept_filter recommended
+
+    client_max_body_size 4G;
+    server_name _;
+
+    # ~2 seconds is often enough for most folks to parse HTML/CSS and
+    # retrieve needed images/icons/frames, connections are cheap in
+    # nginx so increasing this is generally safe...
+    keepalive_timeout 5;
+
+    # path for static files
+    root /var/www/application/current/public;
+
+    # Prefer to serve static files directly from nginx to avoid unnecessary
+    # data copies from the application server.
+    #
+    # try_files directive appeared in in nginx 0.7.27 and has stabilized
+    # over time.  Older versions of nginx (e.g. 0.6.x) requires
+    # "if (!-f $request_filename)" which was less efficient:
+    # http://bogomips.org/unicorn.git/tree/examples/nginx.conf?id=v3.3.1#n127
+    try_files $uri/index.html $uri.html $uri @app;
+
+    location ~ ^/(assets)/  {
+      root /var/www/application/current/public;
+
+      expires max;
+      add_header Cache-Control public;
+    }
+    location @app {
+      # an HTTP header important enough to have its own Wikipedia entry:
+      #   http://en.wikipedia.org/wiki/X-Forwarded-For
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+      # enable this if you forward HTTPS traffic to unicorn,
+      # this helps Rack set the proper URL scheme for doing redirects:
+      # proxy_set_header X-Forwarded-Proto $scheme;
+
+      # pass the Host: header from the client right along so redirects
+      # can be set properly within the Rack application
+      proxy_set_header Host $http_host;
+
+      # we don't want nginx trying to do something clever with
+      # redirects, we set the Host: header above already.
+      proxy_redirect off;
+
+      # set "proxy_buffering off" *only* for Rainbows! when doing
+      # Comet/long-poll/streaming.  It's also safe to set if you're using
+      # only serving fast clients with Unicorn + nginx, but not slow
+      # clients.  You normally want nginx to buffer responses to slow
+      # clients, even with Rails 3.1 streaming because otherwise a slow
+      # client can become a bottleneck of Unicorn.
+      #
+      # The Rack application may also set "X-Accel-Buffering (yes|no)"
+      # in the response headers do disable/enable buffering on a
+      # per-response basis.
+      # proxy_buffering off;
+
+      proxy_pass http://app_server;
+    }
+
+    # Rails error pages
+    error_page 500 502 503 504 /500.html;
+    location = /500.html {
+      root /var/www/application/current/public;
+    }
+  }
+}