lamp part 3
======================================================
DEBIAN - LAMP Part 3
======================================================
---------------------------------------------
1) mod_ssl/open_ssl -> https://
2) Ruby on Rails (RoR) on your local server
3) RoR on a remote server
---------------------------------------------
======================================================
======================================================
1) SSL - mod_ssl/open_ssl -> https://
==================================
Secure Sockets Layer, SSL, is the standard security technology
for creating an encrypted link between a web server and a
browser. This link ensures that all data passed between the web
server and browser remain private and integral.
In order to be able to generate an SSL link, a web server
requires an SSL Certificate:
- An SSL Certificate enables encryption of sensitive
information during online transactions.
- Each SSL Certificate contains unique, authenticated
information about the certificate owner.
- A Certificate Authority verifies the identity of the
certificate owner when it is issued.
Last 2 steps are not required to have an encrypted link between
the browser and the server, but the client will then have
"SSL warnings" because the certificate is not signed by an
"official" Authority like Verisign, Rapidssl, Thawte, etc.
On your Debian-Server:
Install the required tools:
$ apt-get install openssl ca-certificates
Generate a self-signed certificate:
$ mkdir /etc/apache2/ssl # directory for the certificate
$ openssl req $@ -new -x509 -days 365 -nodes -out \
/etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
Activate Mod_SSL Apache module:
$ a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
Check: /etc/apache2/ports.confThere should be a conditional "Listen 443" there.
-> this makes apache listen to the https (443) port.
And finally update /etc/apache2/sites-enabled/000-default, and add this part at the end:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
ErrorLog /var/log/apache2/ssl_error.log
CustomLog /var/log/apache2/ssl_access.log common
DocumentRoot "/var/www/"
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews +Includes
AllowOverride AuthConfig
Order allow,deny
allow from all
Check the configurationsyntax
$ apache2ctl configtest
Restart apache:
$ /etc/init.d/apache2 restart
$ tail -f /var/log/apache2/*log
And try to visit https://IPADDR/test/ and /phpmyadmin/
-> everything should now be encrypted & secure, and the "hits"
should new come in ssl_access.log and not access.log anymore.
More information:
- http://www.modssl.org/
- http://www.securityfocus.com/infocus/1818
- http://www.onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-s...
- http://www.modssl.org/docs/2.8/ssl_faq.html#ToC28 if you
want to create and order a real certificate. In this case you'll
need something like:
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
in your apache setup after you got your certificate signed by
rapidssl, thawte, or others.
======================================================
======================================================
"Ruby on Rails is an open-source web framework that's optimized for
programmer happiness and sustainable productivity. It lets you write
beautiful code by favoring convention over configuration."
"Before Ruby on Rails, web programming required a lot of verbiage,
steps and time. Now, web designers and software engineers can
develop a website much faster and more simply, enabling them
to be more productive and effective in their work."
-- Bruce Perens, Open Source Luminary
======================================================
======================================================
2) Ruby On rails setup @abbts debian system
========================================
2.1) Install and test the Ruby Interpreter
-------------------------------------
First, we need a few more packages, to install the "ruby"-interpreter
on your system:
$ apt-get install ruby libzlib-ruby rdoc libopenssl-ruby \
irb libiconv-ruby ruby1.8-dev libreadline-ruby \
libsqlite3-ruby libdbd-sqlite3-ruby
Test the installation:
$ ruby -v
ruby 1.8.7
To check if ruby is correctly installed, try a simple "hello world"
program (after creating the .rb file...) :
$ cat /usr/local/bin/hello_world.rb
#!/usr/bin/ruby
puts 'Hello World!'
$ /usr/local/bin/hello_world.rb
Hello World!
$
or more complex, but still valid, to show the "power" of ruby:
$ cat /usr/local/bin/hello_world2.rb
#!/usr/bin/ruby
# The Greeter class
class Greeter
def initialize(name)
@name = name.capitalize
end
def salute
puts "Hello #{@name}!"
end
end
# Create a new object
g = Greeter.new("world")
# Output "Hello World!"
g.salute
$ /usr/local/bin/hello_world2.rb
Hello World!
Check http://www.ruby-lang.org/en/documentation/quickstart/
for more information about the language basics.
2.2) Install RubyGems
----------------
Next step: we need the "rubygems" tool. It is a kind of package
manager, but just for ruby-based stuff. As usual under debian stable,
the standard package is quite old (current version today: 1.3.1)
$ apt-cache show rubygems |grep Version
Version: 1.2.0-3
So we will install this part "by hand", from source.
$ cd /usr/local/src/
$ wget http://rubyforge.org/frs/download.php/69365/rubygems-1.3.6.tgz
$ tar xvzf rubygems-1.3.6.tgz
$ cd rubygems-1.3.6
$ ruby setup.rb
Executable is installed under /usr/bin/gem1.8 : create a symlink
in /usr/bin:
$ cd /usr/bin
$ ln -s gem1.8 gem
$ gem --help
RubyGems is a sophisticated package manager for Ruby. This is a
basic help message containing pointers to more information.
We will also need the mySQL C Libraries/Bindings
$ apt-get install libmysqlclient15-dev
$ gem install mysql -- -with-mysql-config=/usr/bin/mysql_config
[...]
Successfully installed mysql-2.7
1 gem installed
Check:
$ gem list
*** LOCAL GEMS ***
mysql (2.8.1)
$
2.3) Install the Rails Framework
---------------------------
Now we are finally ready to install "Rails":
$ gem install rails --include-dependencies
Successfully installed rake-0.8.7
Successfully installed activesupport-2.3.5
Successfully installed activerecord-2.3.5
Successfully installed rack-1.0.1
Successfully installed actionpack-2.3.5
Successfully installed actionmailer-2.3.5
Successfully installed activeresource-2.3.5
Successfully installed rails-2.3.5
8 gems installed [... +docs ...]
$
2.4) Test the Rails Framework and create a new project
-------------------------------------------------
Test your Rails installation by starting a new project:
$ cd /var/www/
$ mkdir railtest
$ cd railtest
$ rails myrailsapp -d mysql
-> now have a look at the contents of the railtest/myrailsapp/
directory. It contains your whole Rails-Framework. The README
file may be interesting as well.
Now to test your application, you can start a webserver
directely integrated in the framework. It's not strong/stable
enough for production, but ideal for development and debugging:
$ cd myrailsapp/
$ ruby script/server
=> Booting WEBrick...
=> Rails 2.x.x application started on http://0.0.0.0:3000
=> Ctrl-C to shutdown server; call with --help for options
[2009-03-02 23:33:43] INFO WEBrick 1.3.1
[2009-03-02 23:33:43] INFO ruby 1.8.5 (2006-08-25) [i486-linux]
[2009-03-02 23:33:43] INFO WEBrick::HTTPServer#start: port=3000
And then check http://IPADDR:3000/ in your browser.
Please continue with Part2 and Part3 of
http://wiki.rubyonrails.org/getting-started/first-rails-app-walkthrough
until http://IP:3000/users is working. You can then continue with
Part4 to Part7 later today if you have some time left.
You will need to update config/database.yml with your mysql password...(and restart your ruby server afterwards).
At the end, you should be able to access http://IP:PORT/users andadd/edit/delete users (which are in a mysql-based table)
2.5) Integrate Rails to Apache (Mongrel/FastCGI)
-------------------------------------------
Now we would like to be able to run this rail application from
our "real" webserver (apache): it will require some work, and
the installation of different tools:
- Mongrel: Mongrel is a fast HTTP library and server for Ruby
that is intended for hosting Ruby web applications of any kind
using plain HTTP rather than FastCGI or SCGI.
- FastCGI: http://www.fastcgi.com/
Let's start:
$ apt-get install dpatch fakeroot debhelper libtool dpkg-dev \
autoconf automake m4 bison flex gcc make subversion cvs
$ gem install mongrel
$ gem install fastthread
$ gem install capistrano
$ gem install openwferu-scheduler
You can see a list of the installed "gems" with:
$ gem list
FastCGI installation "by hand":
$ cd /usr/local/src/
$ wget http://www.fastcgi.com/dist/fcgi.tar.gz
$ tar xvzf fcgi-2.4.0.tar.gz
$ cd fcgi-2.4.0
$ ./configure
$ make
$ make install
Install Apache2 fcgi-module (backup your conf first):
$ gem install fcgi
$ cp -Rp /etc/apache2 /etc/apache2_backup_yyyymmdd
$ apt-get install libapache2-mod-fcgid
$ /etc/init.d/apache2 force-reload
Update /etc/apache2/mods-enabled/fcgid.conf with:
AddHandler fcgid-script .fcgi
SocketPath /var/lib/apache2/fcgid/sock
DefaultInitEnv RAILS_ENV development
IdleTimeout 600
ProcessLifeTime 3600
MaxProcessCount 8
DefaultMinClassProcessCount 3
DefaultMaxClassProcessCount 3
IPCConnectTimeout 8
IPCCommTimeout 48
Activate mod_rewrite with:
$ a2enmod rewrite
$ /etc/init.d/apache2 force-reload
Update /etc/apache2/sites-enabled/000-default, and replace
everything under by:
ServerAdmin webmaster@localhost
DocumentRoot /var/www/railtest/myrailsapp/public/
Options ExecCGI FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Copy dispatch.fcgi to your Rail Project public directory (if not existing yet):
$ cp /usr/lib/ruby/gems/1.8/gems/rails-2.3.5/dispatches/dispatch.fcgi /var/www/railtest/myrailsapp/public/
$ chmod a+x /var/www/railtest/myrailsapp/public/dispatch.fcgi
Create: /var/www/railtest/myrailsapp/public/.htaccess with:
AddHandler fcgid-script .fcgi
Options +FollowSymLinks +ExecCGI
RewriteEngine On
RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
ErrorDocument 500 "Application errorRails application \
failed to start properly"
Restart the webserver:
$ apache2ctl configtest
$ /etc/init.d/apache2 restart
$ tail -f /var/log/apache2/*log
And then try:
http://IPADDR/
http://IPADDR/users
http://IPADDR/rails/info/properties
-> it should look the same as with the integrated test server from
Ruby on Rails, but everything will go through apache/fcgi.
Source/more info:
- http://www.unix-tutorials.com/go.php?id=971
- http://my.opera.com/subjam/blog/show.dml/793677
- http://laurentbois.com/2008/04/22/install-ruby-on-rails-on-linux-debian-...
- http://wiki.rubyonrails.org/getting-started/installation/linux
======================================================
======================================================
3) RoR on a remote server
======================
As a last RoR trainig, try to setup and run the same Rail-based
application on moon.omx.ch. Ruby and Gem are already installed as
freebsd-packages, so you only have to run:
[omueller@ks39410 ~]$ gem install rails
to install your own "rails" environment (it will takes some time (5-10 min), please don't run it when theCPU load is to high to prevent server crash, thanks.)
Update the PATH for this session:
[omueller@ks39410 ~]$
export PATH=$PATH:/home/abbts/USER/.gem/ruby/1.8/bin
[omueller@ks39410 ~]$ mkdir railtest
[omueller@ks39410 ~]$ cd railtest/
[omueller@ks39410 ~/railtest]$
and follow again steps 1 to 3 (at least) under:
http://wiki.rubyonrails.org/getting-started/first-rails-app-walkthrough
If you are not the first one starting the webserver under port
3000 on moon, you will have to select another free port... : check
"ruby script/server --help" to see how to do that.
Now if you have some time left, you can continue with steps Part4
to Part7 on your own server, or on moon.
======================================================
======================================================