2. Setup a VPS Manually
To serve web pages you need to setup a web server and secure it. This involves updating your server, installing the rails specific parts, securing it by denying brute force against the ssh and using least privileged users to run the app. If you missed it from the description this book will use a Ubuntu/Nginx/Rails/Postgres stack.
Feel free to glance at the steps if your more experienced.
The dummy ip I will use is 148.211.114.67 and I gave it the hostname SleepyKitten1303.
user@local:~$ ssh root@148.211.114.67
The authenticity of host ‘148.211.114.67 (148.211.114.67)’ can’t be established.
ECDSA key fingerprint is 79:95:46:1a:ab:37:11:8e:96:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)? yes
That scary message is just warning you it has never connected to this server before.
You should see this. If not make sure you have the correct ip and no spaces.
root@148.211.114.67’s password:
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-24-virtual i686)
- Documentation: https://help.ubuntu.com/
Now that you are logged in as the root adminstrator you need to secure the vps. Change the root password.
root@SleepyKitten1303:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Now we add a non root user as a layer of additional security.
root@SleepyKitten1303:~# adduser user
Adding user `user’ …
Adding new group `user’ (1000) …
Adding new user
user' (1000) with groupuser’ …Creating home directory `/home/user’ …
Copying files from `/etc/skel’ …
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for user
Enter the new value, or press ENTER for the default
Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] Y
root@SleepyKitten1303:~#
Reload the ssh service and exit.
reload ssh
exit
ssh user@148.211.114.67
Now to update the system.
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get dist-upgrade -y
Restart the system
sudo reboot
Wait a minute and log in again.
Now let’s secure the SSH port. Malware, viruses, worms… whatever you call them will scan your server’s ports for SSH services. If they detect them they will repeatly try to access them with different passwords until they guess the correct one. This is called brute forcing. You can install software called fail2ban to block repeated attempts to access your site.
sudo apt-get install fail2ban -y
Fail2ban works by keeping track of the ip addresses that try to access your system. By default if an ip address enters an incorrect password 3 times it is banned for one hour.
The default configuration file is at /etc/fail2ban/jail.conf. It is a good idea to copy the configuration file in case you decide to modify it and make a mistake.
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
(Optional) Whenever you make changes to fail2ban (and most services) you need to restart them.
sudo service fail2ban restartuser@SleepyKitten1303:~$ sudo service fail2ban restart * Restarting authentication failure monitor fail2ban [ OK ]
Now you actually get to install Ruby and Rails. The default version that ships with Ubuntu is usually horribly out of date. So we will use rvm, a Ruby manager to download and build a recent Ruby for us!
curl -L get.rvm.io | bash -s stable
You should get a nice flurry of text. One of the more important ones was to ‘source’, reload a file for your (bash) terminal.
source /etc/profile.d/rvm.sh
or as a user (Don’t copy and paste the text. My book generator formats the ~ copies as a different character):
source ~/.profile
Now we ask RVM to check our system for the requirements to build Ruby.
rvm requirements
Now install Ruby 1.9.3
rvm install 1.9.3
RVM allows mutiple Ruby instances. Even more, it allows mutiple gemsets per each instance. You can find more information on this in the rails book.
For now set 1.9.3 as the default.
rvm use 1.9.3 --default
You may get this error.
RVM is not a function, selecting rubies with ‘rvm use …’ will not work.
You need to change your terminal emulator preferences to allow login shell.
Sometimes it is required to use
/bin/bash --loginas the command.Please visit https://rvm.io/integration/gnome-terminal for an example.
Relogin (Or you can simply exit the ssh and log back in)
/bin/bash --login
rvm use 1.9.3 --default
If you get this message you’re good. ( or Using '/home/user/.rvm/gems/ruby-1.9.3-pXXX' if installing to a user.)
Using '/usr/local/rvm/gems/ruby-1.9.3-pXXX'
By the time you read this Ruby 2.0 and Rails 4 will be out. However, as a new user you will want to stick with this older, more mature versions until the community documentation catches up with these new releases.
Now tell RVM to handle gems.
rvm rubygems current
Congratuations. You now have a working Ruby environment on a vps.