Phusion Passenger

Phusion Passenger on Ubuntu

Ubuntu

Overview

The following a guide to configuring Phusion Passenger on Ubuntu for serving up your Ruby on Rails applications.

Requirements

It is assumed that you are familiar Ruby, Ruby on Rails, Apache, Phusion Passenger, and Ubuntu. It is also assumed that you have a Ubuntu Server or VM setup and configured with a proper server stack that includes Apache, MySQL, Ruby, Ruby on Rails, etc. You can learn how to setup and configure a fresh Ubuntu Server by reading my Ubuntu page before preceding.

Setup

Phusion Passenger will warn you of missing software but lets go ahead and beat Phusion Passenger to the punch by executing the following commands from the command line:

  1. sudo apt-get install libopenssl-ruby
  2. sudo apt-get install apache2-prefork-dev

Now we can install Phusion Passenger:

  1. sudo gem install passenger
  2. sudo passenger-install-apache2-module

 
Apache Configuration
 
Edit the /etc/apache2/httpd.conf or /etc/apache2/apache2.conf file (depending on how your server is setup, use one or the other but not both) by adding the following to the end of the file:

  • LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.0.6/ext/apache2/mod_passenger.so
  • PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.0.6
  • PassengerRuby /usr/bin/ruby1.8
  • PassengerDefaultUser www-data

NOTE: Be mindful of the Phusion Passenger version as you might need to adjust the version numbers for your particular release. Otherwise, just use the notes provided for you during the Phusion Passenger install.

Finally, execute the the following commands from the command line:

  1. sudo usermod -a -G www-data <your user login>
  2. sudo a2enmod ssl

The first command ensures the default www-data user group is group to your primary user account owning the server files. Otherwise, Phusion Passenger will assume to run the Rails app as root which might cause problems. The last command tells Apache to enable SSL support (you might or might not want this).

Apache Non-Secure Virtual Hosts

Edit your virtual host file (example: /etc/apache2/sites-available/example) so that the following is used:

NameVirtualHost *:80
<VirtualHost *:80>
ServerName one.example.com
DocumentRoot /web/one/public

<Directory /web/one/public/ />
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>

Repeat the <VirtualHost/> block for each Rails site you want to setup.
Restart Apache to pick up the new changes by executing the following command line: sudo /etc/init.d/apache2 restart

Apache Secure Virtual Hosts

Edit your virtual host file (example: /etc/apache2/sites-available/example-ssl) so that the following is used:

NameVirtualHost *:443
   <VirtualHost *:443>
      ServerName www.yourhost.com
      DocumentRoot /somewhere/public

SSLEngine on 
      SSLCertificateFile    /etc/ssl/certs/<your server name>.crt
      SSLCertificateKeyFile /etc/ssl/private/<your server name>.key
   </VirtualHost>

Repeat the <VirtualHost/> block for each Rails site you want to setup.

NOTE: While this setup will allow you to host multiple secure Rails sites it will not allow you to use a different SSL certificate for each as that is impossible. Even if you change the SSL certificate for each virtual host only the first one defined will be used.

Restart Apache to pick up the new changes by executing the following command line: sudo /etc/init.d/apache2 restart

How to Generate Your Own SSL Certificates

Run the following commands to create a temporary SSL key and certificate for testing with your applications:

  1. openssl genrsa -des3 -out server.key 1024
  2. openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt

Make sure to copy these files to the appropriate location by executing the following commands:

  • mv server.crt /etc/ssl/certs/<your server name>.crt
  • mv server.key /etc/ssl/private/<your server name>.key
  • chmod 400 /etc/ssl/certs/<your server name>.crt
  • chmod 400 /etc/ssl/private/<your server name>.key

The files names and paths need to match as to what you entered in your virtual host file for port 443 (as mentioned above).

NOTE: To get up and running quickly without creating your own SSL keys and certificates, simply use the snake oil files as listed in the /etc/apache2/sites-available/default-ssl Apache configuration file.
 
Resources

Tags: ,

Sunday, March 15th, 2009 Software 7 Comments

Search

 

Twitter

Aeonscope Tweets

Categories