Eric Guo's blog.cloud-mes.com

in HTML5, JavaScript, Ruby & Rails, Python, and Cloud MES!

CentOS Rails Server With Oracle on VMware Installation Log

Permalink

First CentOS server installed in VMware as thape SSO server.

Install software in root account

Update system

Run as root:

yum update
yum install -y git zlib zlib-devel gcc-c++ patch readline readline-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison curl sqlite-devel
wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh epel-release-latest-7.noarch.rpm
yum --enablerepo=epel install htop
reboot

As VMware admin required, not disable the PermitRootLogin in /etc/ssh/sshd_config

Setup a user account

adduser deployer
gpasswd -a deployer wheel
visudo # add deployer ALL=(ALL) NOPASSWD: ALL at end
sudo su - deployer
mkdir .ssh
chmod 700 .ssh
vi .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

Also disable root login and password via PermitRootLogin in /etc/ssh/sshd_config

Before exis, make sure you can login via ssh deployer@ip_address, other wise, check file permission.

Install rbenv and ruby-build

cd # as a deployer
git clone git://github.com/sstephenson/rbenv.git .rbenv
cd ~/.rbenv && src/configure && make -C src
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
~/.rbenv/bin/rbenv init
# As an rbenv plugin
mkdir -p "$(rbenv root)"/plugins
git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build

Install Ruby 2.6.3

rbenv install -l
rbenv install 2.6.3
rbenv global 2.6.3
echo 'eval "$(rbenv init -)"' >> ~/.bash_profile
echo "gem: --no-document" > ~/.gemrc
gem install bundler
gem install bundler -v 1.17.3

Install Javascript Runtime

Run as root:

curl -sL https://rpm.nodesource.com/setup_10.x | bash -
sudo yum install nodejs
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
sudo yum install yarn
# if you behind GFW
npm config set registry https://registry.npm.taobao.org/ --global
npm config set disturl https://npm.taobao.org/dist --global
yarn config set registry https://registry.npm.taobao.org/ --global
yarn config set disturl https://npm.taobao.org/dist --global

Install nginx

sudo yum install epel-release
sudo yum install nginx
chkconfig nginx on
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload

Fix permission for CentOS

sudo mkdir /var/www
cd /var/www
sudo mkdir cybros
sudo chown deployer:deployer cybros/

and disable selinux(https://linuxize.com/post/how-to-disable-selinux-on-centos-7/),

or further read nginx permission denied

Install Oracle Instant Client

Download Version 12.2.0.1.0 and following ruby-oci8 document

sudo rpm -i ./oracle-instantclient12.2-basic-12.2.0.1.0-1.x86_64.rpm
sudo rpm -i ./oracle-instantclient12.2-devel-12.2.0.1.0-1.x86_64.rpm
sudo rpm -i ./oracle-instantclient12.2-sqlplus-12.2.0.1.0-1.x86_64.rpm
cd /usr/local/bin
sudo ln -s /usr/bin/sqlplus64 sqlplus
export LD_LIBRARY_PATH=/usr/lib/oracle/12.2/client64/lib
gem install ruby-oci8
Append to ~/.bashrc
export LD_LIBRARY_PATH=/usr/lib/oracle/12.2/client64/lib
export NLS_LANG=en_US.UTF-8

Install FreeTDS to connect to SQL Server

sudo su -
wget ftp://ftp.freetds.org/pub/freetds/stable/freetds-1.00.111.tar.gz
tar -xzf freetds-1.00.111.tar.gz
cd freetds-1.00.111
./configure --prefix=/usr/local --with-tdsver=7.3
make
make install
logout # as deployer
gem install tiny_tds

Install MySQL

Install the percona server via yum.

After install, do the secure installation for root.

mysql -u root -p
CREATE DATABASE cybros_prod character set UTF8mb4 collate utf8mb4_bin;
CREATE USER 'cybros_prod'@'localhost' IDENTIFIED BY 'new_password';
GRANT ALL ON cybros_prod.* TO 'cybros_prod'@'localhost';
FLUSH PRIVILEGES;

Install Ruby on Rails Production Based on Amazon Linux 2 AMI (HVM)

Permalink

Based my last rbenv and CentOS Ruby on Rails production environment install log, but this time on AWS!

But will only record the difference as below:

Run sudo amazon-linux-extras install nginx1.12 instead of sudo yum install nginx to install nginx.

Seems AMI provide their own version of below package.

0 ansible2 available [ =2.4.2 =2.4.6 ]
2 httpd_modules available [ =1.0 ]
3 memcached1.5 available [ =1.5.1 ]
4 nginx1.12=latest enabled [ =1.12.2 ]
5 postgresql9.6 available [ =9.6.6 =9.6.8 ]
6 postgresql10 available [ =10 ]
8 redis4.0 available [ =4.0.5 =4.0.10 ]
9 R3.4 available [ =3.4.3 ]
10 rust1 available \
[ =1.22.1 =1.26.0 =1.26.1 =1.27.2 =1.31.0 ]
11 vim available [ =8.0 ]
13 ruby2.4 available [ =2.4.2 =2.4.4 ]
15 php7.2 available \
[ =7.2.0 =7.2.4 =7.2.5 =7.2.8 =7.2.11 =7.2.13 =7.2.14 ]
16 php7.1 available [ =7.1.22 =7.1.25 ]
17 lamp-mariadb10.2-php7.2 available \
[ =10.2.10_7.2.0 =10.2.10_7.2.4 =10.2.10_7.2.5
=10.2.10_7.2.8 =10.2.10_7.2.11 =10.2.10_7.2.13
=10.2.10_7.2.14 ]
18 libreoffice available [ =5.0.6.2_15 =5.3.6.1 ]
19 gimp available [ =2.8.22 ]
20 docker=latest enabled \
[ =17.12.1 =18.03.1 =18.06.1 ]
21 mate-desktop1.x available [ =1.19.0 =1.20.0 ]
22 GraphicsMagick1.3 available [ =1.3.29 ]
23 tomcat8.5 available \
[ =8.5.31 =8.5.32 =8.5.38 ]
24 epel available [ =7.11 ]
25 testing available [ =1.0 ]
26 ecs available [ =stable ]
27 corretto8 available [ =1.8.0_192 =1.8.0_202 ]
28 firecracker available [ =0.11 ]
29 golang1.11 available [ =1.11.3 ]
30 squid4 available [ =4 ]
31 php7.3 available [ =7.3.2 ]
32 lustre2.10 available [ =2.10.5 ]

OpenID Connect Learning Notes

Permalink

最近在做面向大中型企业的 oauth2id 方案,这个领域有很多术语,比如OAuth2, OpenID Connect,同时也有很多相同概念的术语,例如SSO(Single Sign On),CAS(Central Authentication Service)

中文的资料相当少,入门性的有阮一峰的理解OAuth 2.0,英文资料较多:

这篇介绍了ASP.net端的

https://andrewlock.net/an-introduction-to-openid-connect-in-asp-net-core/

openid的FAQ也值得一读:

https://openid.net/connect/faq/

Reinstall Macbook 2016 With MacOS 10.14.4

Permalink

Two years after running MacOS 10.12.6, I decide to switch to a new job so have to re-install my MBP to 10.14.4 to make sure nothing left in my old computer.

Here is the list of application/software/tools currently heavy use:

MacStore apps:

Evernote
Xcode
QQ
Wechat
Aware
Pages
Numbers
Keynote
iMovie
Elmedia Video Player
Pixelmator
PDF Export
Squash
Affinity Designer
Youku
Drop - Color Picker
Polarr Photo Editor Pro
Mate
腾讯视频
Telegram Desktop
Tweetbot 2
AdGuard for Safari

Install tools via brew

brew install ansible
brew install bash
brew install elasticsearch
brew install eslint
brew install go
brew install hub
brew install jenv
brew install jq
brew install memcached
brew install mtr
brew install node
brew install overmind
brew install p7zip
brew install pandoc
brew install percona-server
brew install postgresql
brew install prettier
brew install proxychains-ng
brew install puma-dev
brew install redis
brew install ruby
brew install sqlite
brew install sshuttle
brew install unrar
brew install vim
brew install yamllint
brew install yarn

Install tools via brew cask

brew cask install adoptopenjdk8
brew cask install airserver
brew cask install anaconda
brew cask install chromedriver
brew cask install data-integration
brew cask install firefox
brew cask install google-chrome
brew cask install googleappengine
brew cask install java
brew cask install paw
brew cask install rubymine
brew cask install sourcetree
brew cask install sublime-text-dev
brew cask install surge
brew cask install typora
brew cask install viscosity
brew cask install zoomus

Install from web / download:

Excel
PowerPoint
Word
Remote Desktop Connection
SQLPro Studio
微信开发者工具
百度网盘

Append below lines to .bash_profile to activate conda.

source /usr/local/anaconda3/etc/profile.d/conda.sh
conda activate

New brew relay on CommandLineTools, acturally there is no need and node need xcode existing, so run below to fix.

sudo xcode-select --switch /Applications/Xcode.app/Contents/Developer/

Some gem need special handle

gem install libxml-ruby -v '3.1.0' -- --use-system-libraries=true --with-xml2-include="$(xcrun --show-sdk-path)"/usr/include/libxml2
gem install nokogiri -v '1.10.2' -- --use-system-libraries=true --with-xml2-include="$(xcrun --show-sdk-path)"/usr/include/libxml2

Deploy Another Rails App in the Same CentOS Server

Permalink

Assure the first Rails app is running as user deployer and second as user scschub.

Setup second user account

adduser scschub
gpasswd -a scschub wheel
visudo # add scschub ALL=(ALL) NOPASSWD: ALL at end
sudo su - scschub
mkdir .ssh
chmod 700 .ssh

Install rbenv and ruby-build

cd # as a deployer
git clone git://github.com/sstephenson/rbenv.git .rbenv
cd ~/.rbenv && src/configure && make -C src
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
~/.rbenv/bin/rbenv init
# As an rbenv plugin
mkdir -p "$(rbenv root)"/plugins
git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build

Install Ruby 2.6.3

rbenv install -l
rbenv install 2.6.3
rbenv global 2.6.3
eval "$(rbenv init -)" >> ~/.bash_profile
echo "gem: --no-document" > ~/.gemrc
gem install bundler

Fix permission for CentOS

sudo mkdir /var/www
cd /var/www
sudo mkdir scschub
sudo chown scschub:scschub scschub/

Copy puma config.rb and other shared link files

cap production puma:config

Create mysql DB

CREATE USER 'cybros_staging'@'localhost' IDENTIFIED BY '4Z6ys0exOr-)';
CREATE DATABASE cybros_staging character set UTF8mb4 collate utf8mb4_bin;
GRANT ALL PRIVILEGES ON cybros_staging.* to 'cybros_staging'@'localhost';
FLUSH PRIVILEGES;

Create postgresql role

sudo su - postgres
createuser scschub --pwprompt
psql
ALTER ROLE scschub LOGIN
CREATE ROLE sccsa_users;
GRANT sccsa_users TO deployer;
GRANT sccsa_users TO scschub;
ALTER ROLE deployer INHERIT;
ALTER ROLE scschub INHERIT;

Allow both user can access the same data.

psql -d sccsa_production
ALTER TABLE wechat_sessions OWNER TO sccsa_users;
ALTER SEQUENCE wechat_sessions_id_seq OWNER TO sccsa_users;

Further reference.

How to Resolve Safari Download Filename Not Support Chinese

Permalink

Found from stackoverflow, which I think should including in send_data acturally….

def make_and_send_pdf(pdf_name, options = {})
options = { :disposition => 'attachment' }.merge(options)
file_name = "#{pdf_name}.pdf"
send_data(
make_pdf(options),
filename: ERB::Util.url_encode(file_name),
type: 'application/pdf',
disposition: "#{options[:disposition]}; filename*= UTF-8''#{ERB::Util.url_encode(file_name)}"
)
end

Rbenv and CentOS Ruby on Rails Production Environment Install Log

Permalink

Original refer, install on a Aliyun server.

Install software in root account

Update system

Run as root:

yum update
yum install -y htop git zlib zlib-devel gcc-c++ patch readline readline-devel libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake libtool bison curl sqlite-devel
reboot

Setup a user account

adduser deployer
gpasswd -a deployer wheel
visudo # add deployer ALL=(ALL) NOPASSWD: ALL at end
sudo su - deployer
mkdir .ssh
chmod 700 .ssh

Also disable root login and password via PermitRootLogin in /etc/ssh/sshd_config

Before exis, make sure you can login via ssh deployer@ip_address, other wise, check file permission.

Install rbenv and ruby-build

cd # as a deployer
git clone git://github.com/sstephenson/rbenv.git .rbenv
cd ~/.rbenv && src/configure && make -C src
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
~/.rbenv/bin/rbenv init
# As an rbenv plugin
mkdir -p "$(rbenv root)"/plugins
git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build

Install Ruby 2.6.3

rbenv install -l
rbenv install 2.6.3
rbenv global 2.6.3
echo 'eval "$(rbenv init -)"' >> ~/.bash_profile
echo "gem: --no-document" > ~/.gemrc
gem install bundler

Install Javascript Runtime

Run as root:

curl -sL https://rpm.nodesource.com/setup_10.x | bash -
sudo yum install nodejs
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
sudo yum install yarn

Install postgresql

sudo yum install postgresql-server postgresql-contrib postgresql-devel
sudo postgresql-setup initdb
sudo systemctl start postgresql
sudo chkconfig postgresql on
sudo su - postgres
createuser deployer --pwprompt
psql
ALTER ROLE deployer LOGIN
CREATE DATABASE harman_vendor_production WITH ENCODING='UTF8' OWNER=deployer
/var/lib/pgsql/data/pg_hba.conf
# "local" is for Unix domain socket connections only
local all all peer
psql -d harman_vendor_production

Install nginx

sudo yum install epel-release
sudo yum install nginx

Fix permission for CentOS

sudo mkdir /var/www
cd /var/www
sudo mkdir jbl_product
sudo chown deployer:deployer jbl_product/

or further read nginx permission denied