Eric Guo's

Hoping writing JS, Ruby & Rails and Go article, but fallback to DevOps note

Install Rails App on Amazon Linux 2023 From Scratch


Install pre-request

sudo dnf install nodejs
sudo dnf install nginx
sudo dnf install git

Install yarn

sudo curl -sL -o /etc/yum.repos.d/yarn.repo
sudo yum install yarn

Install rbenv and ruby-build

cd # as a ec2-user
git clone .rbenv
echo 'eval "$(~/.rbenv/bin/rbenv init - bash)"' >> ~/.bash_profile
mkdir -p "$(rbenv root)"/plugins
git clone "$(rbenv root)"/plugins/ruby-build
git clone "$(rbenv root)"/plugin´ú┐s/rbenv-china-mirror

Install ruby 3.2.2

sudo dnf install -y gcc rust patch make bzip2 openssl-devel libyaml-devel libffi-devel readline-devel zlib-devel gdbm-devel ncurses-devel
rbenv install 3.2.2
rbenv global 3.2.2
echo "gem: --no-document" > ~/.gemrc

Fix permission for deploy folder

sudo mkdir /var/www
cd /var/www
sudo mkdir oauth2id
sudo chown ec2-user:ec2-user oauth2id/

Do puma config

cap staging deploy
cap staging puma:config

Install additional tools

This maybe require by gems like unf_ext

sudo dnf install autoconf gcc-g++

Install CronTab which require by ACME.

sudo yum install cronie -y
sudo systemctl enable crond.service
sudo systemctl start crond.service
sudo systemctl status crond.service

Install ACME

git clone
cd ./
./ --install -m

Fix node error

Add to /etc/environment


PLease notice such NODE_OPTIONS will break VS code / Cursor if set in local.

New nginx conf

Sample nginx configure file
upstream puma_oauth2id_staging {
server unix:/var/www/oauth2id/shared/tmp/sockets/puma.sock fail_timeout=0;
server {
listen 80;
return 301 https://$host$1$request_uri;
server {
listen 443;
ssl on;
ssl_certificate /home/ec2-user/;
ssl_certificate_key /home/ec2-user/;
root /var/www/oauth2id/current/public;
try_files $uri/index.html $uri @puma_sccsa_production;
client_max_body_size 4G;
keepalive_timeout 10;
error_page 500 502 504 /500.html;
error_page 503 @503;
location @puma_sccsa_production {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://puma_oauth2id_staging;
# limit_req zone=one;
access_log /var/www/oauth2id/shared/log/nginx.access.log;
error_log /var/www/oauth2id/shared/log/nginx.error.log;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
location ^~ /packs/ {
gzip_static on;
expires max;
add_header Cache-Control public;
location = /50x.html {
root html;
location = /404.html {
root html;
location @503 {
error_page 405 = /system/maintenance.html;
if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html break;
rewrite ^(.*)$ /503.html break;
if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
return 405;
if (-f $document_root/system/maintenance.html) {
return 503;