The Flying Developer

Home About Me Twitter GitHub Contact

26 May 2014
Ubuntu, Nginx, Unicorn, Rails, Capistrano, rbenv, Oh My!


Here are the steps I use when creating new servers to host my apps on. Both and are set up this way.

Why not automate this?

One day I’m sure I will. For now though, I still have a lot to learn. Getting my hands dirty is my preferred way to do this.

Is this a tutorial?

Not really. I don’t claim any of the things I do are best practices, or even secure. I’ve cherry-picked the things that worked for me from other sources and mashed them together so that I can reference them in future.

Spin up an instance

Your choice: AWS, Digital Ocean, Linode, etc.

I’m using Ubuntu 14.04.

Get SSH access

This varies by provider, but I recommend adding an authorized key and logging in with that, rather than a password.

Digital Ocean lets you select from pre-uploaded keys to install, making the process straightforward.

Install prerequisites

root@remote $ apt-get update
root@remote $ apt-get install curl git postgres postgres-contrib libpq-dev git-core zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libxml2-dev libxslt1-dev nodejs nginx

Details on why each of these packages are needed can be found at the bottom of this post.

Create deploy user


From an account with root access:

root@remote $ adduser deploy
root@remote $ passwd -l deploy

Give the deploy user an authorized key

root@remote $ su - deploy
deploy@remote $ cd ~
deploy@remote $ mkdir .ssh
deploy@remote $ echo "some public key" >> .ssh/authorized_keys
deploy@remote $ chmod 700 .ssh
deploy@remote $ chmod 600 .ssh/authorized_keys

Configure Postgres


Set up a db account for the deploy user, and a database for your app.

root@remote $ sudo -u postgres createuser --superuser deploy
root@remote $ sudo -u postgres create database <db-name>

Install rbenv (and ruby-build)


deploy@remote $ git clone ~/.rbenv
deploy@remote $ git clone ~/.rbenv/plugins/ruby-build
deploy@remote $ echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
deploy@remote $ echo 'eval "$(rbenv init -)"' >> ~/.bash_profile

Restart your shell.

Install a ruby:

deploy@remote $ rbenv install <favourite-ruby-version>

Set up app server-side

Make all the dirs

deploy@remote $ mkdir ~/apps
deploy@remote $ mkdir ~/apps/<app-name>
deploy@remote $ mkdir ~/apps/<app-name>/shared

Create unicorn log dir

Copy over any linked files, e.g.

user@local $ scp config/database.yml deploy@server-ip:~/apps/<app-name>/shared/config/database.yml

If you’re using dotenv:

deploy@remote $ touch ~/apps/<app-name>/shared/.env

Install bundler

deploy@remote $ gem install bundler

Create Devise secret key

deploy@remote $ echo "DEVISE_SECRET_KEY=xxxxxxxxxxxxx" >> ~/apps/<app-name>/shared/.env

Create other environment variables in the same fashion (Rails secret, API keys, etc.)

Create nginx config for your site

upstream app_server {
  server unix:/tmp/unicorn.<app-name>.socket fail_timeout=0;

server {
  listen 80;
  server_name <app-domain>;

  root /home/deploy/apps/<app-name>/current/public;

  location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;

    if (-f $request_filename/index.html) {
      rewrite (.*) $1/index.html break;

    if (-f $request_filename.html) {
      rewrite (.*) $1.html break;

    if (!-f $request_filename) {
      proxy_pass http://app_server;

If you’re using SSL, The following will allow you to redirect all insecure requests to the secure version of your site (i.e. HTTP -> HTTPS)

server {
  listen 80;
  server_name <app-domain>;
  return 301 https://$host$request_uri;

server {
  listen 443 ssl;
  server_name <app-domain>;
  ssl_certificate     /etc/nginx/ssl/<app-host>.chained.crt;
  ssl_certificate_key /etc/nginx/ssl/<app-host>.key;

  root /home/deploy/apps/<app-name>/current/public;
  # rest of your config goes here as normal

Deployment config


require 'capistrano/setup'

require 'capistrano/deploy'

require 'capistrano/rbenv'

require 'capistrano/rails'

require 'capistrano3/unicorn'

Dir.glob('lib/capistrano/tasks/*.cap').each { |r| import r }


# config valid only for Capistrano 3.1
lock '3.2.1'

set :application, 'app-name'
set :repo_url, 'git@wherever.git'

set :linked_files, %w{config/database.yml .env}
set :linked_dirs, %w{tmp/pids}

set :unicorn_config_path, "config/unicorn.rb"

set :rbenv_type, :user # or :system, depends on your rbenv setup
set :rbenv_ruby, '2.1.1'
set :rbenv_prefix, "RBENV_ROOT=#{fetch(:rbenv_path)} RBENV_VERSION=#{fetch(:rbenv_ruby)} #{fetch(:rbenv_path)}/bin/rbenv exec"
set :rbenv_map_bins, %w{rake gem bundle ruby rails}
set :rbenv_roles, :all # default value

namespace :deploy do

  desc 'Restart application'
  task :restart do
    on roles(:app), in: :sequence, wait: 5 do
      invoke 'unicorn:restart'

  after :publishing, :restart

  after :restart, :clear_cache do
    on roles(:web), in: :groups, limit: 3, wait: 10 do
      # Here we can do anything such as:
      # within release_path do
      #   execute :rake, 'cache:clear'
      # end



set :stage, :production

set :deploy_to, '~/apps/app-name'

set :branch, 'master'

set :rails_env, 'production'

# Simple Role Syntax
# ==================
# Supports bulk-adding hosts to roles, the primary
# server in each group is considered to be the first
# unless any hosts have the primary property set.
role :app, %w{deploy@app-host}
role :web, %w{deploy@app-host}
role :db,  %w{deploy@app-host}


# Set environment to development unless something else is specified
env = ENV["RAILS_ENV"] || "development"

# Production specific settings
if env == "production"
  app_dir = "app-name"
  worker_processes 4

# listen on both a Unix domain socket and a TCP port,
# we use a shorter backlog for quicker failover when busy
listen "/tmp/unicorn.#{app_dir}.socket", :backlog => 64

# Preload our app for more speed
preload_app true

# nuke workers after 30 seconds instead of 60 seconds (the default)
timeout 30

# Help ensure your application will always spawn in the symlinked
# "current" directory that Capistrano sets up.
working_directory "/home/deploy/apps/#{app_dir}/current"

# feel free to point this anywhere accessible on the filesystem
user 'deploy', 'deploy'
shared_path = "/home/deploy/apps/#{app_dir}/shared"

stderr_path "#{shared_path}/log/unicorn.stderr.log"
stdout_path "#{shared_path}/log/unicorn.stdout.log"

pid "#{shared_path}/tmp/pids/"

before_fork do |server, worker|
  # the following is highly recomended for Rails + "preload_app true"
  # as there's no need for the master process to hold a connection
  if defined?(ActiveRecord::Base)

  # Before forking, kill the master process that belongs to the .oldbin PID.
  # This enables 0 downtime deploys.
  old_pid = "#{shared_path}/pids/"
  if File.exists?(old_pid) && != old_pid
    rescue Errno::ENOENT, Errno::ESRCH
      # someone else did our job for us

after_fork do |server, worker|
  # the following is *required* for Rails + "preload_app true",
  if defined?(ActiveRecord::Base)


You should now be able to deploy your app:

user@local $ cap production deploy

Required packages

  • curl - HTTP tool. Used by all sorts of things
  • git - Installs git, which we’ll need to deploy our app
  • postgres - The database for our app
  • postgres-contrib - Required for the postgres gem to build
  • libpq-dev - Header files for linking to postgres
  • build-essential - Required to build native gems
  • zlib1g-dev - Gzip implementation
  • libssl-dev - Part of OpenSSL, needed for ssl
  • libreadline-dev - Rails dependency
  • libyaml-dev - YAML support
  • libxml2-dev - XML support
  • libxslt1-dev - More XML support
  • nodejs - JS runtime
  • nginx - Webserver for routing requests to Rails

Thanks for reading! If you like my writing, you may be interested in my book: Healthy Webhook Consumption with Rails

David at 12:45


Home About Me Twitter GitHub Contact