Eric Guo's blog.cloud-mes.com

Hoping writing JS, Ruby & Rails and Go article, but fallback to DevOps note

Install Rails App on Amazon Linux 2023 From Scratch

Permalink

Install pre-request

sudo dnf install nodejs

sudo dnf install nginx

sudo dnf install git

Install yarn

sudo curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo

sudo yum install yarn

Install rbenv and ruby-build

cd # as a ec2-user

git clone https://github.com/rbenv/rbenv .rbenv

echo 'eval "$(~/.rbenv/bin/rbenv init - bash)"' >> ~/.bash_profile

mkdir -p "$(rbenv root)"/plugins

git clone https://github.com/rbenv/ruby-build "$(rbenv root)"/plugins/ruby-build

git clone https://github.com/andorchen/rbenv-china-mirror.git "$(rbenv root)"/plugins/rbenv-china-mirror

Install ruby 3.2.2

sudo dnf install -y gcc rust patch make bzip2 openssl-devel libyaml-devel libffi-devel readline-devel zlib-devel gdbm-devel ncurses-devel

rbenv install 3.2.2

rbenv global 3.2.2

echo "gem: --no-document" > ~/.gemrc

Fix permission for deploy folder

sudo mkdir /var/www

cd /var/www

sudo mkdir oauth2id

sudo chown ec2-user:ec2-user oauth2id/

Do puma config

cap staging deploy

cap staging puma:config

Install additional tools

This maybe require by gems like unf_ext

sudo dnf install autoconf gcc-g++

Install CronTab which require by ACME.

sudo yum install cronie -y

sudo systemctl enable crond.service

sudo systemctl start crond.service

sudo systemctl status crond.service

Install ACME

git clone https://github.com/acmesh-official/acme.sh.git

cd ./acme.sh

./acme.sh --install -m your@email.com

Fix node error

Add to /etc/environment

NODE_OPTIONS="--openssl-legacy-provider"

PLease notice such NODE_OPTIONS will break VS code / Cursor if set in local.

New nginx conf

Sample nginx configure file
upstream puma_oauth2id_staging {

  server unix:/var/www/oauth2id/shared/tmp/sockets/puma.sock fail_timeout=0;

}

 
server {

  listen 80;

  server_name sso-id.com;

  return 301 https://$host$1$request_uri;

}

 
server {

  listen 443;

  ssl on;

  ssl_certificate /home/ec2-user/.acme.sh/sso-id.com_ecc/fullchain.cer;

  ssl_certificate_key /home/ec2-user/.acme.sh/sso-id.com_ecc/sso-id.com.key;

  server_name sso-id.com;

  root /var/www/oauth2id/current/public;

  try_files $uri/index.html $uri @puma_sccsa_production;

 
  client_max_body_size 4G;

  keepalive_timeout 10;

 
  error_page 500 502 504 /500.html;

  error_page 503 @503;

 
  location @puma_sccsa_production {

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header Host $host;

    proxy_redirect off;

    proxy_set_header Upgrade $http_upgrade;

    proxy_set_header Connection "Upgrade";

    proxy_set_header X-Forwarded-Proto https;

    proxy_pass http://puma_oauth2id_staging;

    # limit_req zone=one;

    access_log /var/www/oauth2id/shared/log/nginx.access.log;

    error_log /var/www/oauth2id/shared/log/nginx.error.log;

  }

 
  location ^~ /assets/ {

    gzip_static on;

    expires max;

    add_header Cache-Control public;

  }

 
  location ^~ /packs/ {

    gzip_static on;

    expires max;

    add_header Cache-Control public;

  }

 
  location = /50x.html {

    root html;

  }

 
  location = /404.html {

    root html;

  }

 
  location @503 {

    error_page 405 = /system/maintenance.html;

    if (-f $document_root/system/maintenance.html) {

      rewrite ^(.*)$ /system/maintenance.html break;

    }

    rewrite ^(.*)$ /503.html break;

  }

 
  if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){

    return 405;

  }

 
  if (-f $document_root/system/maintenance.html) {

    return 503;

  }

}

Comments