在阿里云上部署rails服务：mysql + unicorn + nginx

环境： debian 7

云主机初始化设置

添加一个部署服务的用户，而不是一直采用root用户

添加用户组及用户

  # 添加一个部署用户组
  groupadd deployers
  # 新建一个用户到该用户组
  adduser deployer1 -ingroup deployers
  # 上面的命令会提示你输入密码，和用户信息，密码一定要输，其他的信息就随意，空着也没事

用vi（或其他你喜欢的编辑器）打开sudoers文件(/etc/sudoers)，给用户组添加sudo权限，添加以下内容到该文件

  %sudo ALL=(ALL:ALL) ALL
  # 上面的语句后添加以下行：
  %deployers ALL=(ALL:ALL) ALL

为什么要如此设置？

• 出于安全考虑
• 采用用户组的方式，方便部署用户管理
• sudo权限设置，部署用户在部署时需要用到root权限，因此设置。部署用户需要用到root权限时，只要sudo + 命令就可以执行了

设置SSH连接

打开ssh设置文件（/etc/ssh/sshd_config），修改以下配置：

  # 修改默认的端口，可选范围1024 ~ 65536
  Port 123456

  # 禁止root用户通过ssh 登陆
  PermitRootLogin no
  # 或者更加保险一点，再设置只有指定的用户才可以登陆
  AllowUsers deployer1

重启ssh服务，使刚修改的设置生效。

ps：最好保留一个vps的登陆窗口，防止设置错误后，root用户和新建的用户都无法登陆，只能重置服务这个情况发生

  # 重启ssh服务
  sudo service ssh restart

  # 测试是否已经生效
  # 可以通过端口 123456 登陆，没有设置端口将登陆不了
  ssh -p 123456 deployer1@xxx.xxx.xxx.xxx
  # 验证以下root用户是否可以登陆
  ssh -p 123456 root@xxx.xxx.xxx.xxx

设置ssh key登陆，更加安全的选择

• 查看有没有现成的，如果有就不用再重复生成了

  ls ~/.ssh

  # 没有找到就直接重新生成一个
  ssh-keygen -C "your.email@example.com"

• 把公钥上传到服务器，使用ssh-copy-id命令（如果是mac用户，需要安装一下该软件：brew install ssh-copy-id）

# 这个命令将会在你的服务器上，deployer1用户的home目录下.ssh/目录下创建一个authorized_keys文件，并把公钥存储到这个文件中
# 有些教程说是可以通过直接在服务器上创建这个文件，然后把本地的公钥复制黏贴到这个文件中，我试了一下，不成功，可能是哪里复制有问题，但用这个命令就可以
ssh-copy-id -i ~/.ssh/id_rsa.pub -p 123456 deployer1@xxx.xxx.xxx.xxx

使用ufw管理你的防火墙

此程序可以很方便的管理你的防火墙，其后台是iptable

# 安装ufw，如果没有安装 w
sudo apt-get install ufw

启动ufw后，默认会关闭所有端口的连接，所以你需要通过一下的方式设置你需要访问的端口：

# 允许访问123456端口，协议包含：tcp和udp
sudo ufw allow 123456

# 如果服务器是用于网站用途，你需要打开80端口和443端口
sudo ufw allow 80
sudo ufw allow 443

更多的用法可以参考： http://wiki.ubuntu.org.cn/Ufw%E4%BD%BF%E7%94%A8%E6%8C%87%E5%8D%97 或者： sudo ufw -h

挂载你的数据盘，官方有详细的教程（http://help.aliyun.com/knowledge_detail.htm?knowledgeId=5974154）

这里简单的罗列一下：

• 查看数据盘：fdisk -l

# 如果显示类似的以下信息，则说明你又数据盘
Disk /dev/xvdb xxx GB, xxxxx bytes

• 对数据盘进行分区

fdisk -S 56 /dev/xvdb
# 执行该命令后，你可以按照其提示一步一步进行设置

# 再用 fdisk -l 就可以查看刚分好区的云盘了

• 格式化新分区：

mkfs.ext3 /dev/xvdb1

• 添加分区信息

# 命令行中执行以下命令，其中：/mnt 为目标挂载点，你也可以换成自己想要的挂载点，比如： /home/deployer1/data
echo '/dev/xvdb1  /mnt ext3    defaults    0  0' >> /etc/fstab

# 查看是否写入成功
cat /etc/fstab

• 挂载新分区

mount -a

# 然后通过df -h 就可以查看到新添加的云盘了

ps：如果你再添加分区信息时，设置了自己的挂载点，你需要保证的自己的挂载点存在，如果不存在，就需要通过 mkdir新建一个目录

安装mysql，并把mysql的数据文件夹设置到云盘

安装mysql

# 安装mysql
sudo apt-get install mysql-server

# ps 附上彻底卸载mysql的命令^_^
sudo apt-get autoremove --purge mysql-server mysql-server-5.0 mysql-common

添加一个用户

grant all privileges on *.* to 'username'@'%' identified by 'password';

# 以上命令添加了一个用户到mysql，我们就可以用username 和 password登陆mysql

设置外网可以访问

这个需要谨慎选择，有安全风险

# 打开mysql的端口，默认为3306端口
sudo ufw allow 3306

# mysql的配置文件（/etc/mysql/my.cnf）中，注释掉已下行
bind-address            = 127.0.0.1

修改数据存放目录

• 停止mysql

sudo service mysql stop

• 复制/var/lib/mysql 这个文件夹到指定的目录，比如/home/data

mv /var/lib/mysql /home/data/

• 修改mysql 配置文件：/etc/mysql/my.conf文件

找到： datadir = /var/lib/mysql

重新修改为： datadir = /home/data/mysql

• 重启mysql：

sudo service mysql start

设置unicorn

添加unicorn到Gemfile：

gem 'unicorn'

在应用的config/目录下新建unicorn.rb配置文件:

# Set the current app's path for later reference. Rails.root isn't available at
# this point, so we have to point up a directory.
app_path = File.expand_path(File.dirname(__FILE__) + '/..')

# The number of worker processes you have here should equal the number of CPU
# cores your server has.
worker_processes (ENV['RAILS_ENV'] == 'production' ? 4 : 1)

# You can listen on a port or a socket. Listening on a socket is good in a
# production environment, but listening on a port can be useful for local
# debugging purposes.
listen app_path + '/tmp/unicorn.sock', backlog: 64

# Time-out
timeout 300

# Set the working directory of this unicorn instance.
working_directory app_path

# Set the location of the unicorn pid file. This should match what we put in the
# unicorn init script later.
pid app_path + '/tmp/unicorn.pid'

# You should define your stderr and stdout here. If you don't, stderr defaults
# to /dev/null and you'll lose any error logging when in daemon mode.
stderr_path app_path + '/log/unicorn.log'
stdout_path app_path + '/log/unicorn.log'

# Load the app up before forking.
preload_app true

# Garbage collection settings.
GC.respond_to?(:copy_on_write_friendly=) &&
  GC.copy_on_write_friendly = true

# If using ActiveRecord, disconnect (from the database) before forking.
before_fork do |server, worker|
  defined?(ActiveRecord::Base) &&
    ActiveRecord::Base.connection.disconnect!
end

# After forking, restore your ActiveRecord connection.
after_fork do |server, worker|
  defined?(ActiveRecord::Base) &&
    ActiveRecord::Base.establish_connection
end

这个时候，可以通过已下命令测试一下rails 采用unicorn启动

# 在你自己的rails根目录下执行，就可以启动rails了
unicorn -c config/unicorn.rb

设置unicorn启动脚本

#!/bin/sh

# File: /etc/init.d/unicorn

### BEGIN INIT INFO
# Provides:          unicorn
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the unicorn web server
# Description:       starts unicorn
### END INIT INFO

# Feel free to change any of the following variables for your app:

# ubuntu is the default user on Amazon's EC2 Ubuntu instances.
USER=deployer1

# Replace [PATH_TO_RAILS_ROOT_FOLDER] with your application's path. I prefer
# /srv/app-name to /var/www. The /srv folder is specified as the server's
# "service data" folder, where services are located. The /var directory,
# however, is dedicated to variable data that changes rapidly, such as logs.
# Reference https://help.ubuntu.com/community/LinuxFilesystemTreeOverview for
# more information.
APP_ROOT="/path/to/your/rails_root_path"

# Set the environment. This can be changed to staging or development for staging servers.
RAILS_ENV=production

# This should match the pid setting in $APP_ROOT/config/unicorn.rb.
PID=$APP_ROOT/tmp/unicorn.pid

# A simple description for service output.
DESC="Unicorn app - $RAILS_ENV"

# Unicorn can be run using `bundle exec unicorn` or `bin/unicorn`.
UNICORN="unicorn"

# Execute the unicorn executable as a daemon, with the appropriate configuration
# and in the appropriate environment.
UNICORN_OPTS="-c $APP_ROOT/config/unicorn.rb -E $RAILS_ENV -D"
CMD="RAILS_ENV=$RAILS_ENV $UNICORN $UNICORN_OPTS"

# Give your upgrade action a timeout of 60 seconds.
TIMEOUT=60
# end of custom options

# Store the action that we should take from the service command's first
# argument (e.g. start, stop, upgrade).
action="$1"

# Make sure the script exits if any variables are unset. This is short for
# set -o nounset.
set -u

# Set the location of the old pid. The old pid is the process that is getting replaced.
old_pid="$PID.oldbin"

# Make sure the APP_ROOT is actually a folder that exists. An error message from
# the cd command will be displayed if it fails.
cd $APP_ROOT || exit 1

# A function to send a signal to the current unicorn master process.
sig () {
  test -s "$PID" && kill -$1 `cat $PID`
}

# Send a signal to the old process.
oldsig () {
  test -s $old_pid && kill -$1 `cat $old_pid`
}

# A switch for handling the possible actions to take on the unicorn process.
case $action in
  # Start the process by testing if it's there (sig 0), failing if it is,
  # otherwise running the command as specified above.
  start)
    sig 0 && echo >&2 "$DESC is already running" && exit 0
    su - $USER -c "$CMD"
    ;;

  # Graceful shutdown. Send QUIT signal to the process. Requests will be
  # completed before the processes are terminated.
  stop)
    sig QUIT && echo "Stopping $DESC" exit 0
    echo >&2 "Not running"
    ;;

  # Quick shutdown - kills all workers immediately.
  force-stop)
    sig TERM && echo "Force-stopping $DESC" && exit 0
    echo >&2 "Not running"
    ;;

  # Graceful shutdown and then start.
  restart)
    sig QUIT && echo "Restarting $DESC" && sleep 2 \
      && su - $USER -c "$CMD" && exit 0
    echo >&2 "Couldn't restart."
    ;;

  # Reloads config file (unicorn.rb) and gracefully restarts all workers. This
  # command won't pick up application code changes if you have `preload_app
  # true` in your unicorn.rb config file.
  reload)
    sig HUP && echo "Reloading configuration for $DESC" && exit 0
    echo >&2 "Couldn't reload configuration."
    ;;

  # Re-execute the running binary, then gracefully shutdown old process. This
  # command allows you to have zero-downtime deployments. The application may
  # spin for a minute, but at least the user doesn't get a 500 error page or
  # the like. Unicorn interprets the USR2 signal as a request to start a new
  # master process and phase out the old worker processes. If the upgrade fails
  # for some reason, a new process is started.
  upgrade)
    if sig USR2 && echo "Upgrading $DESC" && sleep 10 \
      && sig 0 && oldsig QUIT
    then
      n=$TIMEOUT
      while test -s $old_pid && test $n -ge 0
      do
        printf '.' && sleep 1 && n=$(( $n - 1 ))
      done
      echo

      if test $n -lt 0 && test -s $old_pid
      then
        echo >&2 "$old_pid still exists after $TIMEOUT seconds"
        exit 1
      fi
      exit 0
    fi
    echo >&2 "Couldn't upgrade, starting 'su - $USER -c \"$CMD\"' instead"
    su - $USER -c "$CMD"
    ;;

  # A basic status checker. Just checks if the master process is responding to
  # the `kill` command.
  status)
    sig 0 && echo >&2 "$DESC is running." && exit 0
    echo >&2 "$DESC is not running."
    ;;

  # Reopen all logs owned by the master and all workers.
  reopen-logs)
    sig USR1
    ;;

  # Any other action gets the usage message.
  *)
    # Usage
    echo >&2 "Usage: $0 <start|stop|restart|reload|upgrade|force-stop|reopen-logs>"
    exit 1
    ;;
esac

配置nginx

安装nginx

sudo apt-get install nginx

配置nginx脚本，新建文件/etc/nginx/sites-available/sitename文件，添加如下的配置项

upstream app {
        # 这里的路径设置一定要和unicorn中配置的sock位置保持一致，不然nginx和unicorn将无法通信
        server unix:/path/to/your/rails_app_path/tmp/unicorn.sock fail_timeout=0;
}

server {
        listen   80; ## listen for ipv4; this line is default and implied
        server_name localhost;

        root /path/to/your/rails_app_path/public;

        try_files $uri/index.html $uri @app;

        # serve静态资源
        location ^~/assets/ {
                gzip_static on;
                expires max;
                add_header Cache-Control public;
        }

        location @app {
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_redirect off;
                proxy_pass http://app;
        }

        error_page 500 502 503 504 /500.html;
        client_max_body_size 4G;
        keepalive_timeout 10;
}

在/etc/nginx/sites-enabled/文件夹下添加指向/etc/nginx/sites-available/sitename文件的软连接

sudo ln -s ../sites-available/sitename sitename

参考链接

http://wiki.ubuntu.org.cn/Ufw%E4%BD%BF%E7%94%A8%E6%8C%87%E5%8D%97 http://help.aliyun.com/knowledge_detail.htm?knowledgeId=5974154 http://www.gotealeaf.com/blog/setting-up-your-production-server-with-nginx-and-unicorn http://vladigleba.com/blog/2014/03/27/deploying-rails-apps-part-4-configuring-nginx/