Phase Shift

Configuring Vagrant using Puppet with RVM and MySQL for Rails development

2012-03-19T00:00:00Z

We're a small team here at Phase Shift. One of the biggest challenges we face is standardizing our development environment across different platforms. We have several Windows, OSX and Ubuntu machines in use as development machines and our usual production environment is Linux based. Ideally, each development machine would be set up with the exact same software and configuration as our production machines, but in practice, this is almost impossible. Enter hardware virtualization.

We've used VirtualBox in the past to setup environments on development machines. This worked, but was clunky and difficult to maintain consistency in software versions across each developer's instance. We thought of using custom scripts to keep things in synch, but never got good results. After reading up on Vagrant, we knew this was the setup we've been after.

How this will work

Once a developer has Vagrant and VirtualBox setup on their machine, they will download the project's source and run vagrant up. That's really it! Vagrant will run a VM instance with the project loaded and all dependencies installed and configured. The developer can make changes to the code locally and have those changes reflected instantly within the VM. Port forwarding will allow access to the server running on the VM through a local browser. Access to the VM is through SSH, so any SSH client will work. Sounds great? All we need to do is a little setup and configuration at the beginning to get the project ready.

What we need installed

Our typical new Rails application is running on Ruby 1.9.3 and is using MySQL as the datastore. Some applications may require other software such as Memcached, Redis, or MongoDB. For this setup, we're using RVM to manage our ruby installation. Once this VM is setup, it will have RVM, Ruby 1.9.3, Rails, and MySQL installed and running. Other packages can be added in easily, as you'll see below.

NOTE: We use a custom Vagrant box built on Ubuntu 11.10, but this setup should work just fine on the default Vagrant box - lucid32. For other custom boxes, checkout Vagrantbox.es.

Let's get started

First, create a new directory to put this new project. Next, install Vagrant per the setup instructions, up to the point of running vagrant up. We're going to define some custom Puppet settings to get the items we need installed before continuing.

Create a puppet directory directly under your project. We'll put all of our puppet setup scripts here. Your directory structure should look like this:

:::bash
your_project/
  puppet/
  Vagrantfile

Open up your project's Vagrantfile and add the following configuration for Puppet and Rails:

:::ruby
config.vm.forward_port 3000, 3000

config.vm.provision :puppet do |puppet|
  puppet.manifests_path = "puppet/manifests"
  puppet.module_path    = "puppet/modules"
  puppet.manifest_file  = "development.pp"
end

This tells Vagrant to check these directories for Puppet configuration when initializing up our instance. We're also forwarding port 3000 since rails s starts on this port.

Defining your Puppet Configuration

We'll be using RVM to manage our ruby installations within the VM instance. Brandon Turner has done all of the hard work to get Puppet and RVM working with his project puppet-rvm. We'll be using this for our setup.

You'll need to put puppet-rvm into the puppet/modules directory as rvm:

:::bash
git clone git://github.com/blt04/puppet-rvm.git puppet/modules/rvm

Next, in the puppet/manifests directory, make a new file named development.pp. This file will define all of our Puppet configuration. Paste the following into the file:

:::ruby
# development.pp
stage { 'req-install': before => Stage['rvm-install'] }

class requirements {
  group { "puppet": ensure => "present", }
  exec { "apt-update":
    command => "/usr/bin/apt-get -y update"
  }

  package {
    ["mysql-client", "mysql-server", "libmysqlclient-dev"]: 
      ensure => installed, require => Exec['apt-update']
  }
}

class installrvm {
  include rvm
  rvm::system_user { vagrant: ; }

  if $rvm_installed == "true" {
    rvm_system_ruby {
      'ruby-1.9.3-p0':
        ensure => 'present';
    }
  }
}

class doinstall {
  class { requirements:, stage => "req-install" }
  include installrvm
}

include doinstall

There's a lot going on here. Let's explain what each part does:

:::ruby
stage { 'req-install': before => Stage['rvm-install'] }

The puppet-rvm package uses Puppet run stages to set itself as the first package to run. We need to run apt-get update and install our packages before this happens. So, we are creating our own run stage, and running ours before puppet-rvm's.

:::ruby
class requirements {
  group { "puppet": ensure => "present", }
  exec { "apt-update":
    command => "/usr/bin/apt-get -y update"
  }

  package {
    ["mysql-client", "mysql-server", "libmysqlclient-dev"]: 
      ensure => installed, require => Exec['apt-update']
  }
}

This is where we define the packages we need to install. You can see we define a list of packages, including mysql-client, and we require that apt-get update is run before installation. Also, we're ensuring that a group puppet is present on the system. If you need other packages, just add them to the list.

:::ruby
class installrvm {
  include rvm
  rvm::system_user { vagrant: ; }

  if $rvm_installed == "true" {
    rvm_system_ruby {
      'ruby-1.9.3-p0':
        ensure => 'present';
    }
  }
}

Here, we are installing RVM as a system install, but are not setting it as the system default. Vagrant has a "system" ruby installed by default, and we want to make sure this remains the default. We are also adding the vagrant user as an RVM system user to avoid needing rvm-sudo when running ruby executables.

:::ruby
class doinstall {
  class { requirements:, stage => "req-install" }
  include installrvm
}

include doinstall

Finally, we hook our requirements setup into our custom Puppet run stage and install both the requirements and RVM setups we defined. The final line runs our setup.

Running Vagrant for the first time

For reference, your project directory should now look like this:

:::bash
your_project/
  puppet/
    manifests/
      development.pp
    modules/
      rvm/
        ...
  Vagrantfile

Now you can run vagrant up and watch as Vagrant sets up the VM instance and installs all of our pre-requisites. This may take some time depending on the speed of your system.

Once the VM is up and running, follow the Vagrant SSH instructions to SSH into the VM. Once in the VM, do the following:

:::bash
cd /vagrant
rvm use 1.9.3
gem install rails
rails new .

This will install rails and setup a new application within the project directory. A good idea here is to use an .rvmrc file to automatically use the version of ruby we want as well as a gemset for our application:

:::bash
# .rvmrc
rvm use 1.9.3@your_project --create

Finally, add this project into your favorite source control and you're good to go!

Rewriting Online Real Estate with Fizbeaux.com

2012-03-14T00:00:00Z

Silicon Bayou News has written an article about our newest product, Fizbeaux.com. We're trying to change the local real estate world by making it easier for independent sellers to list and sell their home online. We're also changing the way potential buyers search for and find properties online, with advanced tools and maps.

Are you looking to sell your home online? Give Fizbeaux a try today.

Setting up a custom Weave 0.5 server

2009-10-09T00:00:00Z

Weave is a synchronization engine from Mozilla Labs for all your browser information (settings, history, bookmarks, etc, etc). It is a free add-on for Firefox and you can freely use Mozilla's servers to store your information. This guide, however, is for anyone interested in setting up their own secure Weave server.

There are instructions on the Mozilla Labs places, but they are a bit scattered and it took some digging before I could get things working. Hopefully this guide will give a simple single locations for anyone interested.

Assumptions

For this guide I will assume PHP 5.1+, a working Apache 2 server with SSL, and MySQL (SQLite can easily be substituted here, it should be obvious where). As Mozilla notes, whatever web server you use, WebDAV can't be enabled on that server.

Server Configuration

First things, grab the latest version of the Weave Server from Mozilla Labs at http://hg.mozilla.org/labs/weaveserver in whichever format you prefer. Extract the files into a folder accessible by your web server. The "server" folder will be the web root, so we can go ahead an setup a virtual server configuration similar to the following example (replace the paths accordingly):

:::apache
<VirtualHost weave.my.domain:443>

  ServerName weave.my.domain
  DocumentRoot /var/www/weaveserver/server/

  ErrorLog /var/log/apache2/weave-error.log
  CustomLog /var/log/apache2/weave-access.log combined

  SSLEngine on
  SSLCertificateFile /path/to/server.cert.crt
  SSLCertificateKeyFile /path/to/server.cert.key

  <Directory "/var/www/weaveserver/server/">

    Options Indexes FollowSymLinks
    AllowOverride none
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "Weave Server"
    AuthUserFile /path/to/auth/file
    require valid-user

  </Directory>

  Alias /0.5 /var/www/weaveserver/server/0.5/index.php
  Alias /user/1 /var/www/weaveserver/server/user/1/index.php

</VirtualHost>

As you can see from this Apache config, there are some file that need to be generated. Specifically, an SSL Certificate and key, and a basic authentication file. I will run through these briefly below, if you are good with generating these, just skip down a bit.

Generating a Self-Signed SSL Certificate

First, generate a key:

:::bash
openssl genrsa -des3 -out server.key 1024

Generate a certificate signing request (CSR):

:::bash
openssl req -new -key server.key -out server.csr

Optional – At this point you can remove the password from the key if you wish… please be aware of the security risks before doing this:

:::bash
cp server.key server.key.pass
openssl rsa -in server.key.pass -out server.key

Finally, generate the certificate:

:::bash
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Make sure the Apache Virtual Host configuration paths match the locations of the key and certificate files.

Creating a Password File

Generate an htpasswd file using the following command:

:::bash
htpasswd -c weaveserver.pwd

You will be prompted to enter a password for the user you created. Make sure to update the AuthUserFile path in the Apache Virtual Server config to point to this file.

Note: You need to have the same user name(s) and password(s) in the htpasswd file as you plan on having setup in the Weave user database table (covered later).

Database Setup

Create a new database and create the two tables as follows:

:::sql
CREATE DATABASE weave;
USE weave;

CREATE TABLE `wbo` (
  `username` varbinary(32) NOT NULL default '',
  `collection` varbinary(64) NOT NULL default '',
  `id` varbinary(64) NOT NULL default '',
  `parentid` varbinary(64) default NULL,
  `predecessorid` varbinary(64) default NULL,
  `modified` decimal(12,2) default NULL,
  `sortindex` int(11) default NULL,
  `depth` tinyint(4) default NULL,
  `payload` longtext,
  `payload_size` int(11) default NULL,
  PRIMARY KEY  (`username`,`collection`,`id`),
  KEY `parentindex` (`username`,`collection`,`parentid`),
  KEY `modified` (`username`,`collection`,`modified`),
  KEY `weightindex` (`username`,`collection`,`sortindex`),
  KEY `predecessorindex` (`username`,`collection`,`predecessorid`),
  KEY `size_index` (`username`,`payload_size`)
) ENGINE=InnoDB;

CREATE TABLE `users`
(
  `username` varchar(32) PRIMARY KEY,
  `md5` varbinary(32),
  `email` varbinary(64),
  `status` tinyint,
  `location` text,
  `alert` text
) ENGINE=InnoDB;

That should be it for the database! Feel free to adjust the database name to your own liking, and be sure to grant select, select, insert, delete, and update permissions to whichever MySQL user you plan on accessing this with from weave. In case anyone forgot the grant syntax:

:::sql
GRANT SELECT, INSERT, UPDATE, DELETE ON weave.* TO 'myuser'@'localhost';

If you are creating this user, be sure to set the password by adding " IDENTIFIED BY 'mypassword' " on the end of the above statement.

Weave Server Configuration

Navigate to the weaverserver/server/user/1 folder. Copy weave_user_constants.php.dist to weave_user_constants.php and set the following items:

:::php
<?php
...
define('WEAVE_STORAGE_ENGINE', 'mysql');
...
define('WEAVE_MYSQL_STORE_READ_HOST', '');
define('WEAVE_MYSQL_STORE_READ_DB', '');
define('WEAVE_MYSQL_STORE_READ_USER', '');
define('WEAVE_MYSQL_STORE_READ_PASS', '');
...
define('WEAVE_AUTH_ENGINE', 'mysql');
...
define('WEAVE_MYSQL_AUTH_HOST', '');
define('WEAVE_MYSQL_AUTH_DB', '');
define('WEAVE_MYSQL_AUTH_USER', '');
define('WEAVE_MYSQL_AUTH_PASS', '');
...
define('WEAVE_REGISTER_STORAGE_LOCATION', 'weave.my.domain');

These settings are pretty obvious once you read over the comments. The first group of settings is for the database that stores the synchronized data, and just sets the type and connection information. The second is basically the same thing, but points to the database that has the table of users to authenticate against. The final setting above only needs to be set if you are using the same database to house both the storage and authentication data.

Now do essentially the exact same steps for weaveserver/server/0.5/default_constants.php.dist. That is, copy it over to default_constants.php and then edit the similar sections to set the connection strings for the authentication and storage database(s). The only difference is that instead of specifying the WEAVE_REGISTER_STORAGE_LOCATION, which will not exist, set the following line if both the authentication and store tables are in the same database:

:::php
<?php
...
define('WEAVE_SHARE_DBH', '1');

If you are using different databases, just leave this one alone. Also, you can easily use Sqlite as well by setting the various engine variables to sqlite and configuring the path to the stores (this is pretty self explanatory once you read through the constants files).

CAPTCHA

If you want to use CAPTCHA when creating an account, you will need to grab a public and private key from http://recaptcha.net and make some changes to the Apache and Weaver Server configs. This is completely optional (just ignore the CAPTCHA field if you don't set this up when creating a new user).

Back in weaveserver/server/user/1/weave_user_constants.php set the following to 1:

:::php
<?php
...
define('WEAVE_REGISTER_USE_CAPTCHA', 1);

Now copy weaveserver/server/misc/1/weave_misc_constants.php.dist to weave_misc_constants.php and add in your public and private keys. Finally, add an alias to your Apache config as follows:

:::apache
Alias /misc/1/captcha_html /server/misc/1/captcha.php

Test It!

Now everything should be configured, so install the Weave add-on for Firefox if you haven't already (http://labs.mozilla.com/weave/). At the time of writing this, the latest was 0.7.

Open a new tab in Firefox and type about:config and search for extensions.weave.clusterURL. Set this to your Weave Server URL (i.e. https://weave.my.domain/). Make sure to include the trailing slash.

Now open weave and go to the user creation screen. At the bottom of the form box there is an option that says "Create my account with:," select "A custom Weave server" and input your server into the textbox below (i.e. – https://weave.my.domain/). Again here, make sure you include a trailing slash as the underlying code doesn't check and append if needed.

If all goes well, you should be able to put in a username and have it tell you that it is available (if it says it is not available, and its not already in the database, check the log in the top right of the page under tools -> debug log to see what the problem is). If you didn't setup CAPTCHA, just leave it blank and create your user once you filled in an email and password. Now enter your pass phrase and you should be set! Select what you would like to sync and how, then either wait or manually kick off a sync by going to "Signed in as" -> "Sync now" in the upper right. If everything went correctly, your data should be sent over SSL and encrypted into your server's database.

References

Multiple Secure Subdomains with a Wildcard SSL Certificate

2008-10-27T00:00:00Z

This guide is a walk through for configuring multiple secure subdomains using a wildcard SSL certificate and Apache2 on Ubuntu 8.04.

For those not familiar with the problems for this setup, a little background is in order (if you want to get to the meat of things, just skip down). If you have your domain, example.com, it is convenient to organize things into subdomains. For example, maybe you have code repositories at code.example.com or a development environment for testing at test.example.com. But what if you want both of these subdomains to be secure? A standard SSL certificate for example.com does not validate for any of the subdomains since the addresses do not match. You could get separate certificates for each subdomain, but configuring those can be tricky and time consuming. Wildcard SSL certificates allow a single certificate for any immediate subdomain of the base, i.e. *.example.com.

So problem solved right? Well, not exactly... due to the SSL protocol you cannot use name-based virtual hosts in Apache with SSL. Since only IP-based virtual hosts can be used Apache requires a single Virtual Host for all port 443 (SSL) traffic per IP address. The way around this is to dynamically set the document root after receiving a request on port 443. It may sound complicated, but the steps are pretty easy once you see how it is done.

Generating the Wildcard Certificate

First off, you need a wildcard SSL certificate. You can purchase one commercially or just generate one yourself. If you want to roll your you have to have Apache with mod-ssl. (Note that if you are not running as root you will need to sudo all of the below commands):

:::bash
apt-get install apache2 apache2-common

Now we can generate the certificate. First we generate a key:

:::bash
openssl genrsa -out server.key 2048
chmod 400 server.key

Next we generate a certificate signing request (CSR). This is where we can designate the wildcard. Run the command below and you will be prompted with a series of questions. When prompted for Common Name, you would normally enter your domain name. We want a wildcard so enter *.example.com, replacing example.com with your domain name:

:::bash
openssl req -new -key server.key -out server.csr

Finally, create the self-signed wildcard certificate (the below example is valid for a year; change the number of days to reflect how long you want the certificate to be valid):

:::bash
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Configuring Apache

First enable the Apache SSL module if it isn't already:

:::bash
a2enmod ssl

We also need to enable the vhost_alias module:

:::bash
a2enmod vhost_alias

Apache needs to be told to listen on port 443. Edit the ports.conf file in /etc/apache2 and add the following:

:::apache
Listen 443

Now we need a Virtual Host to handle all the port 443 traffic. I recommend creating and editing a new file in /etc/apache2/sites-available:

:::bash
vi /etc/apache2/sites-available/ssl.example.com

Now to configure the Virtual Host. Add the following to the newly created file:

:::apache
ServerAdmin webmaster@localhost
ServerName *.example.com
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
VirtualDocumentRoot /var/www/%0/

A little explanation is in order here. The ServerName (and any ServerAlias as well) uses the wildcard notation (i.e. *.example.com) since we want to handle multiple subdomains. Next are the directives to enable SSL and you will need to adjust the SSLCertificateFile path to point to your certificate. The last line is where the magic happens using the VirtualDocumentRoot directive. Thanks to the vhost_alias module, we can set the document root based on the address.

Say we have the two example subdomains from earlier, code.example.com and test.example.com. We have our wildcard certificate in place and someone tries to go to http://code.example.com. The %0 signifies that the entire string from the address should be substituted, yielding a DocumentRoot of /var/www/code.example.com. If someone tried test.example.com, it would become /var/www/test.example.com. The documentation on the vhost_alias module shows all the options for getting parts or all of the address string for substituting into the DocumentRoot.

Using this method, you can dynamically determine what the root document path should be and serve the correct information. The only catch is that you will have to adhere to a naming scheme that follows however you design your rewrite rule (in my example above, it will be /var/www/<full subdomain path>. But being forced to use a consistent naming scheme for your sites (which should probably be done anyway...) is a pretty good tradeoff for running multiple secure subdomains on a single IP address with a single SSL certificate.

One last thing, make sure to reload Apache so the changes take effect:

:::bash
/etc/init.d/apache force-reload

If you are looking for a good host that will give you full control over your server, be sure to check out Linode. We use them for all our Linux hosting and love it!

Installing MySQL gem on Windows & cygwin for Rails

2008-10-26T00:00:00Z

This post assumes that you've followed the Setting up Rails on Windows with Cygwin guide and are using Cygwin on Windows for your Rails development.

If you're upgrading to Rails 2.2 (or running on edge), you'll need to build the mysql gem from source, as it's being removed from the Rails pacakge. You'll know if you need to do this if you get the following error when building your app:

:::bash
!!! The bundled mysql.rb driver has been removed from Rails 2.2. Please install the mysql gem and try again: gem install mysql.

Installing Mysql from Source

First thing you'll need to do is to download the source files from MySQL.

The next steps are all from the command line (and will probably take a while to complete!):

:::bash
tar xzvf mysql-5.0.67.tar.gz
cd mysql-5.0.57
./configure
make
make install

UPDATE: As those who've commented here have noted, a common error you may come across while running make is:

:::bash
readline/readline.h:70:29: sys/ttydefaults.h: No such file or directory

The easiest way to solve this issue is to download the readline packages from cygwin (using the cygwin installer) and running

:::bash
./configure --without-readline CFLAGS=-O2

Instead of plain ./configure

Also note, if you've already run ./configure you'll need to clean up the directory by running

:::bash
make distclean

This will actually install the entire MySQL library, but we won't be using it. We just needed the library files to build the gem with. Once MySQL is built, you just need to install the gem, and you're good to go:

gem install mysql Don't forget to tell MySQL which configuration we want to load. By default, it'll try to use a local socket, but we want it to use the server we installed in Windows (outside of cygwin). Check out the Getting Cygwin/Rails to work with MySQL section of our previous guide.

Setting up Rails on Windows with Cygwin

2008-10-02T00:00:00Z

Update: If you're using Rails 2.2, you'll need to perform some extra work to get MySQL working.

Getting Started

I like developing in Ruby on Rails, but I don't own a Mac. I've found that setting up a Rails development environment within Windows can get frustrating and cumbersome at times. I've also found that using Cygwin helps to keep all of the Rails related libraries all in one easy to manage location. OK, enough of the boring stuff, let's open up that command prompt and get started!

But wait! Before we begin, I have to talk about one more thing. One of the frustrating things for me while I was learning Rails was watching all of these Rails screencasts and seeing everyone use Textmate. Textmate is awesome for Rails development, but it's not available for Windows (and will probably never be). Luckily, Alexander Stigsen has been developing a great Textmate app for Windows called "e". I use e (the text editor) almost everyday and it is great for development in Rails (other languages have good support as well). One cool thing is that e relies on Cygwin for some of the bundles, so if you do install and use e, you'll get Cygwin as part of the package.

If you don't want to use e, that's cool too. Just download the Cygwin setup file and follow the same steps (just ignore any asides about setting up e). Let's roll.

Installing Cygwin

First things first and that's installing Cygwin. Either grab the Cygwin standalone setup, or grab and install e and get to the Cygwin setup screens.

Note to e users: e will setup and install Cygwin the first time you run e, not upon installation of e. Also, make sure to select "manual" configuration of Cygwin instead of "automatic".

In the package selection screen, select the libraries that you'll need. Note, to make the package selection easier, hit the "View" button to change from "category" to "full". For reference, here's what I install (the bold ones are the really important ones for Rails):

ruby
subversion
make
openssh
openssl
openssl-devel
sqlite
git (if you're into that sort of thing)
git-completion
nano

A few other packages you may want to pick up:

gcc
gcc-g++
ImageMagick
libmagick-devel

Once the Cygwin installation is complete, you'll be ready to get Rails up and running.

IMPORTANT NOTE: Every command from this point assumes you are executing through a Cygwin command prompt (Not the Windows default command prompt). Also, I'm assuming you're using nano as your text editor. If not, just replace the command with your favorite one.

Installing Ruby Gems

You'll need to pick up Ruby Gems to be able to get Rails going. Download the latest release, un-tar and run the setup script:

:::bash
wget http://rubyforge.org/frs/download.php/43985/rubygems-1.3.0.tgz
tar -xzf rubygems-1.3.0.tgz
cd rubygems-1.3.0
ruby setup.rb

If you get an error like No such file to load -- ubygems (LoadError), all you need to do is run the following from the command line:

:::bash
unset RUBYOPT

And rerun the Ruby Gems setup.

Install Rails (Finally!)

Once Ruby Gems is all set up, you'll just need to run a few commands to get the rails and associated gems.

:::bash
gem install rails

I like to install a few helpful gems to get things started:

:::bash
gem install capistrano mongrel railsmachine gem_plugin daemons rspec

Testing It All Out

Open up a command prompt and type:

:::bash
rails test_site
cd test_site
./script/server

Open up a browser and head to http://localhost:3000/. Your rails site should be up and running! Congratulations, you're ready to work with Rails.

Getting Cygwin/Rails to Work With MySQL

By default Rails will use the sqlite database driver, but you may want to develop using MySQL. This can be tricky. In my experience, the best way to install MySQL for use with Rails/Cygwin is to install the Windows version of MySQL (not the MySQL package via Cygwin). Once MySQL is installed, you'll need to setup a config file to tell Cygwin to use 127.0.0.1 instead of localhost when connecting (or you might run into an error saying it couldn't find tmp/mysql.sock).

In Cygwin:

:::bash
cd /etc/
nano my.cnf

Type the following into the file:

:::ini
[client]
host=127.0.0.1
[mysqld]
host=127.0.0.1

Save the file and you're done. No more mysql.sock errors!

Rails 2.2 Update for MySQL

If you're using Rails 2.2, you'll need to install MySQL and the gem from source.

If you're using MySQL on Windows, I suggest installing the MySQL GUI Tools Suite. They're great tools for managing and querying data from your MySQL databases. Give them a try.

Nice Trick for e

A really nice thing about Textmate is the ability to cd into a rails directory and type:

:::bash
mate .

Textmate pops open with the current directory set as the current project. Great stuff. Now how about getting that kind of functionality with e and Cygwin? Easy:

:::bash
cd ~/
nano bash.rc

Add the following to the file:

:::bash
alias e="cygstart e"

Save and close the file, restart Cywgin and try it out:

:::bash
e .

Console 2

Cygwin's console is pretty neat, but we can do better. I personally love using Console 2, which gives you the ability to put cygwin into a tabbed environment (among other things such as colors and transparency).

Getting Cygwin to work with Console 2 is pretty straightforward. Just install Console 2 (be sure to get the 2.0 release *), Go to "Settings > Tabs" and click "Add". You can name the tab anything you'd like ("Cygwin" works just fine). The only thing to do is set the shell parameter to:

:::text
c:\cygwin\bin\bash --login -i

Save the settings and now you've got a rocking command line app to do all of your Rails work in.

* If you're on Windows XP 64bit, you'll need to download an older version of the 2.0 release. I recommend getting version 2.00b124.

Start Programming Already!

As you can see, it doesn't take too much work to have a great development environment for Rails on a Windows platform. Go start creating the next great app!

One final note: I've set this all up on a Windows XP 32 bit platform, but it should work just fine on 64 bit and Vista (32 or 64 bit). The only thing to watch out for is to install the correct version of Console 2 if you're using Windows XP 64 bit (which you can find in the Console 2 notes above.

Happy programming!

Ubuntu 8.04 LTS 64-bit Server on Linode

2008-08-07T00:00:00Z

This guide is a step by step walk through for setting up an Ubuntu 8.04 LTS 64-bit server on Linode.

Assuming a Linode 360 with 12288 megs of space, partition as follows:

Ubuntu Image: 11776MB
Swap: 512

The default swap size is only 256MB, but the recommended standard is to use between 1 to 2 times the amount of RAM installed on the machine. A base Linode has 360MB of RAM, so 512 is a safe size to use.

Getting Started

First thing, grab your favorite text editor, such as nano or vi using aptitude or apt-get.

:::bash
aptitude install nano

If you would like auto completion in interactive shells, edit your bash.bashrc file

:::bash
nano /etc/bash.bashrc

and uncomment the following block to look as follows

:::bash
[...]
# enable bash completion in interactive shells
if [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
[...]

For some reason bash-completion is not installed by default

:::bash
aptitude install bash-completion

There is no need to reboot, just restart bash and autocomplete should be working for interactive shells

:::bash
bash

To try it out, you can do something like aptitude inst<tab> and it should complete as aptitude install

If you enjoy having using manpages, you will need to install the man binary.

:::bash
aptitude install man-db

You may have seen perl warnings complaining that the locale information is not set when trying to install anything from the repositories. To get this fixed, first install the locales package

:::bash
aptitude install locales

and then define your locale information with the following command.

:::bash
localedef -i en_US -c -f UTF-8 en_US.UTF-8

Be sure to replace the locale name if you need something other than en_US.

Now we need to get everything up to date

:::bash
aptitude update
aptitude safe-upgrade

Clean up any old update files and reclaim some space

:::bash
aptitude autoclean

Server Configuration

HowtoForge has a great guide for setting up an Ubuntu 8.04 server. Credit goes to them for several of the server configuration sections listed below, and I highly recommend supporting them and checking out their library of guides.

By default, Ubuntu will have DHCP enabled. To get a static IP address, edit the interfaces file

:::bash
nano /etc/network/interfaces

Replace the line

:::text
iface eth0 inet dhcp

with the following (substitute the values for your Linode's information)

:::bash
iface eth0 inet static
address 192.168.1.150
netmask 255.255.255.0
gateway 192.168.1.1

Restart networking

:::bash
/etc/init.d/networking restart

Edit your hosts file

:::bash
nano /etc/hosts

Add a line mapping your host name to your server IP. For example

:::bash
[...]
127.0.0.1    localhost
[...]

becomes

:::bash
[...]
127.0.0.1    localhost
192.168.1.150    example.com    example
[...]

Add the host name to the hostname file (it should be empty)

:::bash
nano /etc/hostname

and add your host name

:::bash
example.com

Start the hostname.sh shell script

:::bash
/etc/init.d/hostname.sh start

Test that everything is working by running

:::bash
hostname

It should display your host name.

Install Applications

MySQL

:::bash
aptitude install mysql-server mysql-client libmysqlclient15-dev

You will be prompted to enter and re-enter a root password for MySQL.

Apache

:::bash
aptitude install apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert

PHP5/Ruby

:::bash
aptitude install libapache2-mod-php5 libapache2-mod-ruby php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-imap php5-json php5-mcrypt php5-memcache php5-mhash php5-ming php5-mysql php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

Edit /etc/apache2/mods-available/dir.conf

:::bash
nano /etc/apache2/mods-available/dir.conf

Change

:::apache
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm

to (adding index.shtml index.php3 to the line above)

:::apache
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm index.shtml index.php3

Enable common apache modules

:::bash
a2enmod ssl
a2enmod suexec
a2enmod include
a2enmod rewrite

eAccelerator for PHP (optional)

:::bash
cd /usr/src
wget http://bart.eaccelerator.net/source/0.9.5.3/eaccelerator-0.9.5.3.tar.bz2
tar -xvjf eaccelerator-0.9.5.3.tar.bz2
cd eaccelerator-0.9.5.3
phpize
./configure
make
make install

Create the eaccelerator cache directory and assign the right ownership to it (the owner and group has to be the user and group apache is running as – in this case www-data) by executing the commands:

:::bash
mkdir /tmp/eaccelerator
chown -R www-data:www-data /tmp/eaccelerator/

The last thing to do is to enable eAccelerator in your php.ini file:

:::bash
nano /etc/php5/apache2/php.ini

And add the following lines to the end of the file:

:::ini
;uncomment if you want to use as a Zend extension
;zend_extension="/usr/lib/php5/eaccelerator.so"
extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

For more information on what these settings do, check out the eAccelerator config file settings page.

Reload Apache to load the new modules

:::bash
/etc/init.d/apache2 force-reload

Go to your site (i.e. http://192.168.1.150) and you should see the default Apache page displaying "It works!"

To test that Apache is parsing PHP, make a new php file for Apache to display

:::bash
nano /var/www/test.php

and add the following

:::php
<?php
phpinfo();

Go to the test page (i.e. http://192.168.1.150/test.php) and you should see all the information about your PHP install.

It is a good idea to synchronize the clock to an internet time server

:::bash
aptitude install ntp ntpdate

If you want a little protection from brute force attacks, fail2ban is an easy tool that uses IPTables and does the hard stuff for you.

:::bash
aptitude install fail2ban

Fail2ban has a main configuration file that you should not edit. Instead the main config file is used as the default and local configurations override those settings when needed. This way you can create finer grained control and still have the defaults in place to catch situations for which you haven't defined rules. To start, copy over the main config file into a local config file to edit.

:::bash
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Now edit the local config file

:::bash
nano /etc/fail2ban/jail.local

The comments in the config file explain the options pretty well. A quick rundown of some of the basics:

ignoreip - Space separated list of IPs that will never be banned. Localhost is added by default, and you should add any machines that you don't think fail2ban needs to monitor for brute force attacks (such as your personal computers).

bantime - The time an IP address will be blocked if it exceeds the maximum number of login attempts. After that time, the IP will be removed from the banned list and allowed to login again. Set this to -1 if you want bans to remain in effect indefinitely.

maxretry - The maximum number of login attempts before the IP is banned.

action - This determines the how fail2ban reacts when an IP exceeds the allowed number of logins. There are 3 predefined shortcuts so you don't have to figure out the syntax on this. The first, action_, just bans the IP. action_mw will ban the IP and send you an e-mail with a whois report on that IP. Last, action_mwl will ban the IP and send an e-mail with a whois report and the relevant log file lines that caused the IP to be banned. The default is action = %(action_)s. To change to one of the other shortcuts, replace only the action_ part. For example, if you wanted to ban with e-mail alerts containing the whois report and log file lines you would use action = %(action_mwl)s since the shortcut for is action_mwl.

destmail - If you elect to receive emails from fail2ban, this specifies the e-mail address to which it should send the notifications. The last thing to do in the config file is enable the sections that correspond to the services you want to monitor. These are under the JAILS section. This is done by setting the enabled flag to true for a given section. For the simple server above, I would recommend the following:

:::ini
...
[ssh]
enabled = true
port    = ssh
filter  = sshd
logpath  = /var/log/auth.log
maxretry = 6
...
[apache]
enabled = true
port    = http,https
filter  = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 6
...

After you get your configuration in place, restart the fail2ban service

:::bash
/etc/init.d/fail2ban

I am not going to cover how to setup a mail server here because there is now a wonderful guide on HowToForge. Using the HowtoForge guide for Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 8.04 LTS) will give you a mail server that supports IMAP and POP with virtual users and domains all configured via a MySQL database and much more.

Note that if you do use the mail server guide and run fail2ban, enable the [postfix], [courierpop3], [courierimap], and [sasl] sections in the fail2ban jail.local file.