Skip to content

Deployment (CentOS)

Jump to bottom Edit New page
wvengen edited this page Jan 5, 2016 · 3 revisions

This page has been superseded by Deployment (Debian).

We're using a CentOS 6 virtual machine at leaseweb.de to host a foodsoft instance. This page is a log of things that were needed to get a deployed website. There's also a page on deployment on Debian

General system setup

  • Creation of users, public-key ssh access.
  • Disable unused services 
    chkconfig cups off    # printing system
chkconfig autofs off  # auto mounter

Foodsoft with Ruby on Rails

  • Creation of user foodsoft to run applications
  • Install RVM as user 
    yum install bash curl git patch
\curl -L https://get.rvm.io | bash -s stable
    Then login/logout, or source rvm. See rvm requirements to see what to install for Ruby.
  • Checkout foodsoft 
    git clone https://github.com/foodcoops/foodsoft.git
cd foodsoft
    and setup according to instructions.
  • Install MySQL server, to be used for at least the production database 
    yum install mysql-server
service mysqld start
/usr/bin/mysql_secure_installation
    For extra security, add a line containing skip-networking to /etc/my.cnf's mysqld section and restart. Then create a database for foodsoft using mysql: 
    create database foodsoft;
grant all on foodsoft.* to foodsoft identified by 'somesecretpassword';
    Configure foodsoft to use this database (using socket in /var/lib/mysql/mysql.sock).
  • Install redis (not-so-optional component for foodsoft) 
    wget http://mirror.1000mbps.com/fedora-epel/6/i386/epel-release-6-8.noarch.rpm
rpm -i epel-release-6.8.noarch.rpm
yum update
yum install redis
chkconfig redis on
service redis start
  • Install foodsoft dependencies 
    yum -y groupinstall "Development Tools"
yum -y install zlib zlib-devel sqlite-devel mysql-devel \
       curl-devel libxml2-devel libxslt-devel libffi-devel readline-devel
rvm install ruby
cd /path/to/foodsoft
gem install bundler
bundle install
  • Setup databases rake db:setup and/or RAILS_ENV=production rake db:setup
  • Setup Apache web server
    • yum install httpd httpd-devel
    • edit /etc/httpd/conf/httpd.conf and update ServerAdmin
    • run system-config-firewall-tui and enable 'WWW' and 'Secure WWW' ports in the firewall
  • Setup Passenger for running Ruby on Apache 
    gem install passenger # as user
passenger-install-apache2-module
    Now copy the module to /etc/httpd/modules so that it is controlled by root. Then create /etc/httpd/conf.d/passenger.conf with the suggested configuration lines, but point to /etc/httpd/modules/mod_passenger.so in LoadModule for safety.
  • Create Apache config for Rails in /etc/httpd/conf.d/foodsoft.conf. This creates a Ruby on Rails instance on /foodsoft, and redirects to it by default. In this way multiple applications can still run on this host. 
    # comment or remove the virtualhost section when using ssl
<VirtualHost *:80>
  RailsBaseURI /foodsoft
  RewriteEngine On
  RewriteOptions Inherit
</VirtualHost>

# see also ssl.conf when using https
<Directory /home/foodsoft/foodsoft/public>
  # This relaxes Apache security settings.
  AllowOverride all
  # MultiViews must be turned off.
  Options -MultiViews
</Directory>

<Directory /var/www/html/foodsoft>
  Options -MultiViews
</Directory>

RewriteEngine On
# Redirect to foodsoft by default
RewriteRule ^/$ /foodsoft/f/ [R,L]
# don't break old links
RewriteRule ^/f/(.*)$ /foodsoft/f/$1 [R,L]
  • Enable background worker, for now using a crontab entry. Run crontab -e and add the line 
    @reboot ~/.rvm/bin/rvm in ~/foodsoft do rake resque:work QUEUE=foodsoft_notifier &
    And optionally run the command as user foodsoft to get going right away.

Use HTTPS

Since this web application uses passwords and is about money as well, we really can't do without properly secured pages.

  • yum install mod_ssl
  • Get certificate, e.g. from gogetssl (Positive SSL)
  • Install key in /etc/tls/pki/private/foodcoop.key, cert in /etc/tls/pki/cert/foodcoop.crt. Concat chain when needed (as explained here). Do check permissions on key.
  • Modify /etc/httpd/conf.d/ssl.conf to include at least 
    ServerName order.foodcoop.nl
<VirtualHost _default_:80>
  Redirect permanent / https://order.foodcoop.nl/
</VirtualHost>
<VirtualHost _default_:443>
  DocumentRoot /path/to/foodsoft/public
  SSLCertificateFile /etc/pki/tls/certs/foodcoop.crt
  SSLCertificateKeyFile /etc/pki/tls/private/foodcoop.key
  SSLCertificateChainFile /etc/pki/tls/certs/foodcoop-chain.crt
  # Each Rails app needs its own line here
  RailsBaseURI /foodsoft
  RewriteEngine On
  RewriteOptions Inherit
</VirtualHost>
    and check that in the plain http configuration, /path/to/foodsoft/public is declared outside of the the VirtualHost.
  • Configure foodsoft to require ssl by enabling config.force_ssl in config/environments/production.rb.
  • Restart web server: service httpd restart

Foodsoft configuration changes

Most default foodsoft configuration settings are ok. Still, we have some changes, some of which are due to us having multiple foodsoft installations on a single host using a path.

  • config/app_config.yml, the default app config file
  • config/initializers/session_store.rb - add domain: 'order.foodcoop.nl', path: '/foodsoft' to the session_store (cookie-based) (change path according to instance path)
  • config/initializers/production.rb - check online payment settings

Performance tuning

  • Enable gzip compression, this can save some tenths of seconds (I guess more on mobile) - /etc/httpd/conf.d/gzip.conf
  • ...database?
Add a custom footer
Add a custom sidebar
Clone this wiki locally