Big things to do when deploying a rails app

后端 未结 3 1321
刺人心
刺人心 2021-02-02 02:38

In the question What little things do I need to do before deploying a rails application I am getting a lot of answers that are bigger than \"little things\". So this question is

相关标签:
3条回答
  • 2021-02-02 03:05

    Set up Capistrano to deploy You'll want to learn capistrano if you don't already know it, and use it to deploy your code in an automated way. This will involve setting up your shared directory and shared resources like database.yml.

    Install C Based MySQL gem If you don't have all the required libs, this can take a little while, but less than 20 minutes.

    Make sure you aren't vulnerable to common web application attacks Session fixation, session hijacking, cross-site scripting, SQL injection (probably you don't have to worry much about SQL injection). Be sure you use h() when outputting user-entered data in a view screen. Lots of good material online about this.

    Choose a server architecture Nginx, Mongrel, FastCGI, CGI, Apache, Passenger: there is a lot to choose from. Think about how your app will be used and decide on the best architecture, then set it up.

    Set up Exception Notifier or Exception Logger You will want your app to warn you when it breaks. Set one of these tools up to track production exceptions. Note: Exception notifier will warn you when routing errors occur (i.e. when people fat-finger URLs or script kiddies attack you): so think about what you want the framework to do when that happens and adjust accordingly.

    Make sure all of your passwords are out of source control If you have database.yml, mail.yml (if you use yaml_mail_config) or other sensitive files in source control, get them out of there, replace them with database.yml.example, and put them in the shared/ folder on your server.

    Ensure that your DB is locked down. A lot of people forget to secure MySQL when setting up their new production Rails box. Don't be like them.

    Make sure all of the little web-files are in place If you are planning to be listed in Google, generate a sitemap.xml file. If you are planning to use an .htaccess file for something, make sure it's there. If you need a robots.txt file to prevent certain areas of your site from being indexed, make one. If you want a good looking 404 Page, make sure it's set up correctly. If you want a "Be Right Back" page to be present when you deploy, make sure that you have a Capistrano maintenance file specified and Nginx or Apache knows how and when to redirect to it.

    Get your SSL Certs in place If you are going to use SSL, make sure you get certificates that are valid on your production domain, and set them up.

    0 讨论(0)
  • 2021-02-02 03:24

    Use some process monitoring

    Sometimes your processes (mongrels in many cases) will die or other bad things will happen to them. For example a memory leak could cause the memory consumption to increase indefinitely or a process could start using all your CPU.

    monit and god are both good choices to save you from this fate. They can also be set to hit a url on your site to check for a 200 response code.

    Set up server monitoring

    Some suggestions in this space: fiveruns, newrelic, scout

    These tools will record detailed metrics on your servers and are invaluable when something goes wrong and you need to see what actually happened. They also give you real time information on server load.

    If you have a cluster this kind of reporting is even more critical.

    Backup

    Write a script to periodically backup your database and any other assets that your users can upload. S3 might be a good choice for this.

    0 讨论(0)
  • 2021-02-02 03:29

    Choose a web server / load balancer

    My preferred server is nginx, but the common pattern is to start with apache + mod_proxy_http.

    0 讨论(0)
提交回复
热议问题