環境
CentOS
# cat /etc/redhat-release CentOS Linux release 7.8.2003 (Core)
yum update
インストール: kernel.x86_64 0:3.10.0-1127.18.2.el7 kernel-devel.x86_64 0:3.10.0-1127.18.2.el7 更新: bind-export-libs.x86_64 32:9.11.4-16.P2.el7_8.6 bind-libs.x86_64 32:9.11.4-16.P2.el7_8.6 bind-libs-lite.x86_64 32:9.11.4-16.P2.el7_8.6 bind-license.noarch 32:9.11.4-16.P2.el7_8.6 bind-utils.x86_64 32:9.11.4-16.P2.el7_8.6 bpftool.x86_64 0:3.10.0-1127.18.2.el7 ca-certificates.noarch 0:2020.2.41-70.0.el7_8 curl.x86_64 0:7.29.0-57.el7_8.1 dbus.x86_64 1:1.10.24-14.el7_8 dbus-libs.x86_64 1:1.10.24-14.el7_8 git.x86_64 0:1.8.3.1-23.el7_8 grub2.x86_64 1:2.02-0.86.el7.centos grub2-common.noarch 1:2.02-0.86.el7.centos grub2-pc.x86_64 1:2.02-0.86.el7.centos grub2-pc-modules.noarch 1:2.02-0.86.el7.centos grub2-tools.x86_64 1:2.02-0.86.el7.centos grub2-tools-extra.x86_64 1:2.02-0.86.el7.centos grub2-tools-minimal.x86_64 1:2.02-0.86.el7.centos kernel-headers.x86_64 0:3.10.0-1127.18.2.el7 kernel-tools.x86_64 0:3.10.0-1127.18.2.el7 kernel-tools-libs.x86_64 0:3.10.0-1127.18.2.el7 libcurl.x86_64 0:7.29.0-57.el7_8.1 libsss_idmap.x86_64 0:1.16.4-37.el7_8.4 libsss_nss_idmap.x86_64 0:1.16.4-37.el7_8.4 mokutil.x86_64 0:15-8.el7 ntpdate.x86_64 0:4.2.6p5-29.el7.centos.2 perl-Git.noarch 0:1.8.3.1-23.el7_8 python-perf.x86_64 0:3.10.0-1127.18.2.el7 rsyslog.x86_64 0:8.24.0-52.el7_8.2 selinux-policy.noarch 0:3.13.1-266.el7_8.1 selinux-policy-targeted.noarch 0:3.13.1-266.el7_8.1 sos.noarch 0:3.8-9.el7.centos sssd-client.x86_64 0:1.16.4-37.el7_8.4 systemd.x86_64 0:219-73.el7_8.9 systemd-libs.x86_64 0:219-73.el7_8.9 systemd-python.x86_64 0:219-73.el7_8.9 systemd-sysv.x86_64 0:219-73.el7_8.9
rbenv
# git clone https://github.com/sstephenson/rbenv.git ~/.rbenv Cloning into '/root/.rbenv'... remote: Enumerating objects: 14, done. remote: Counting objects: 100% (14/14), done. remote: Compressing objects: 100% (13/13), done. remote: Total 2861 (delta 3), reused 4 (delta 1), pack-reused 2847 Receiving objects: 100% (2861/2861), 553.04 KiB | 423.00 KiB/s, done. Resolving deltas: 100% (1784/1784), done.
ruby-build
# git clone https://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build Cloning into '/root/.rbenv/plugins/ruby-build'... remote: Enumerating objects: 52, done. remote: Counting objects: 100% (52/52), done. remote: Compressing objects: 100% (35/35), done. remote: Total 11047 (delta 24), reused 32 (delta 13), pack-reused 10995 Receiving objects: 100% (11047/11047), 2.34 MiB | 1.87 MiB/s, done. Resolving deltas: 100% (7282/7282), done.
パスを通す
# echo '# rbenv' >> ~/.bash_profile # echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile # echo 'eval "$(rbenv init -)"' >> ~/.bash_profile
Ruby依存パッケージインストール
インストール: openssl-devel.x86_64 1:1.0.2k-19.el7 readline-devel.x86_64 0:6.2-11.el7 zlib-devel.x86_64 0:1.2.7-18.el7 依存性関連をインストールしました: keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-46.el7 libcom_err-devel.x86_64 0:1.42.9-17.el7 libkadm5.x86_64 0:1.15.1-46.el7 libselinux-devel.x86_64 0:2.5-15.el7 libsepol-devel.x86_64 0:2.5-10.el7 libverto-devel.x86_64 0:0.2.5-4.el7 ncurses-devel.x86_64 0:5.9-14.20130511.el7_4 pcre-devel.x86_64 0:8.32-17.el7
ruby
# rbenv install 2.7.1 Downloading ruby-2.7.1.tar.bz2... -> https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.1.tar.bz2 Installing ruby-2.7.1... Installed ruby-2.7.1 to /root/.rbenv/versions/2.7.1
node.js
# webpack用 # curl -sL https://rpm.nodesource.com/setup_14.x | bash - 省略 # sudo yum install -y nodejs インストール: nodejs.x86_64 2:14.7.0-1nodesource
yarn
# webpack用 # npm install --global yarn /usr/bin/yarn -> /usr/lib/node_modules/yarn/bin/yarn.js /usr/bin/yarnpkg -> /usr/lib/node_modules/yarn/bin/yarn.js + yarn@1.22.4 added 1 package in 0.314s
Nginx(リバースプロキシ用)
インストール: nginx.x86_64 1:1.16.1-1.el7 依存性関連をインストールしました: dejavu-fonts-common.noarch 0:2.33-6.el7 dejavu-sans-fonts.noarch 0:2.33-6.el7 fontconfig.x86_64 0:2.13.0-4.3.el7 fontpackages-filesystem.noarch 0:1.44-8.el7 gd.x86_64 0:2.0.35-26.el7 gperftools-libs.x86_64 0:2.6.1-1.el7 libX11.x86_64 0:1.6.7-2.el7 libX11-common.noarch 0:1.6.7-2.el7 libXau.x86_64 0:1.0.8-2.1.el7 libXpm.x86_64 0:3.5.12-1.el7 libjpeg-turbo.x86_64 0:1.2.90-8.el7 libxcb.x86_64 0:1.13-1.el7 libxslt.x86_64 0:1.1.28-5.el7 nginx-all-modules.noarch 1:1.16.1-1.el7 nginx-filesystem.noarch 1:1.16.1-1.el7 nginx-mod-http-image-filter.x86_64 1:1.16.1-1.el7 nginx-mod-http-perl.x86_64 1:1.16.1-1.el7 nginx-mod-http-xslt-filter.x86_64 1:1.16.1-1.el7 nginx-mod-mail.x86_64 1:1.16.1-1.el7 nginx-mod-stream.x86_64 1:1.16.1-1.el7 # sudo systemctl start nginx
アプリのファイル
/etc/nginx/conf.d/kisi.conf
# pumaとはUNIXドメインソケット接続で通信
upstream puma {
server unix:///root/Project/kisi/tmp/sockets/puma.sock;
}
server {
listen 80;
server_name localhost;
keepalive_timeout 30;
root /root/Project/kisi;
# basic認証
auth_basic "Private Property";
auth_basic_user_file /etc/nginx/.htpasswd;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://puma;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ~* \.(ico|css|gif|jpe?g|png|js|woff2|woff|ttf)(\?[0-9]+)?$ {
expires max;
break;
}
error_page 500 502 503 504 /500.html;
}
共通設定ファイル
/etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user root;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# server {
# listen 80 default_server;
# listen [::]:80 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# proxy_pass http://127.0.0.1:3000;
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
production設定
シークレット
# bundle exec rails secret 文字列を控える # cat config/secrets.yml production: secret_key_base: 文字列を入力する
config/environments/production.rb
+ config.public_file_server.enabled = true + config.assets.compile = true
config/puma.rb
+# Change to match your CPU core count
+workers 2
+
+# Min and Max threads per worker
+threads 1, 6
+
+# Project folder
+app_dir = File.expand_path("../..", __FILE__)
+
+# Default to production
+rails_env = ENV.fetch("RAILS_ENV") { "production" }
+environment rails_env
+
+# Set up socket location
+#bind "unix://#{app_dir}/tmp/puma/puma.sock"
+bind "unix://#{Rails.root}/tmp/sockets/puma.sock"
+
+# Logs
+stdout_redirect "#{app_dir}/log/puma.stdout.log", "#{app_dir}/log/puma.stderr.log", true
+
+# Set master PID and state locations
+pidfile "#{app_dir}/tmp/puma/pid"
+state_path "#{app_dir}/tmp/puma/state"
+
+# Establish db connection for new processes
+on_worker_boot do
+ require "active_record"
+ ActiveSupport.on_load(:active_record) do
+ ActiveRecord::Base.establish_connection(YAML.load_file("#{app_dir}/config/database.yml")[rails_env])
+ end
+end
# Allow puma to be restarted by `rails restart` command.
plugin :tmp_restart
+
+# Puma control rack application
+activate_control_app
config/puma/production.rb
+# UNIX Domain Socket Settings
+app_root_path = "#{File.expand_path("../../..", __FILE__)}" # get application root path
+bind "unix://#{app_root_path}/tmp/sockets/puma.sock"
package-lock.json
省略
package.json
省略
yarn.lock
省略
メモ
Apache(httpd)をアンインストール
インストール
インストール: httpd.x86_64 0:2.4.6-93.el7.centos 依存性関連をインストールしました: httpd-tools.x86_64 0:2.4.6-93.el7.centos
アンインストール
削除しました: httpd.x86_64 0:2.4.6-93.el7.centos
Apache依存パッケージ
インストール
インストール: httpd-devel.x86_64 0:2.4.6-93.el7.centos 依存性関連をインストールしました: apr-devel.x86_64 0:1.4.8-5.el7 apr-util-devel.x86_64 0:1.5.2-6.el7 cyrus-sasl.x86_64 0:2.1.26-23.el7 cyrus-sasl-devel.x86_64 0:2.1.26-23.el7 expat-devel.x86_64 0:2.1.0-11.el7 libdb-devel.x86_64 0:5.3.21-25.el7 openldap-devel.x86_64 0:2.4.44-21.el7_6
アンインストール
削除しました: apr-util-devel.x86_64 0:1.5.2-6.el7 依存性の削除をしました: httpd-devel.x86_64 0:2.4.6-93.el7.centos 削除しました: apr-devel.x86_64 0:1.4.8-5.el7
残ったファイル
/var/log/httpd/access_log /var/log/httpd/error_log /etc/httpd/conf/httpd.conf.rpmsave # /etc/httpd/conf/httpd.confが保存されている
さくらのVPSの設定
以下のパケットフィルタで80/443ポートを開放してあげる。
これないといくらサーバ起動しても403 Forbiddenされてアクセスできない。
ちなみにSELinuxはデフォルトでOFFになってたから問題なかった。
