Digital Ocean offers 2 types of droplets (servers):
- Droplets with a clean Linux install.
- Droplets with some application preinstalled: “One-click apps”
Let’s have a look at the One-click Rails installation they offer. I’ll describe what you get and what I like about, what I don’t like about it and I’ll give some tips on how to use it.
“Welcome to One-click apps, what do they do? Do they do things? Let’s find out!”
update by Digital Ocean:
On the same day that I published this post, Digital Ocean updated their image. Which is good news for the users but makes this post less useful.
Notable differences besides the newer versions are that they replaced Unicorn with Puma and got rid of the .unicorn.sh script. I’ll write a new review of their installation tomorrow.
Hi! We launched a brand-new Rails one-click based on 18.04 delivering Ruby 2.5.1 and Rails 5.2.1 this morning as we completed the rebase of all our one-clicks to the latest LTS (we always wait for .1 to rebase to a new LTS)
— Ryan Quinn (@RyanPQ) September 13, 2018
What do you get?
The current version of the Digital Ocean Rails install will give you an Ubuntu 16.04 server with:
- Ruby version 2.4.0 through RVM
- Postgres database
- Nginx webserver
- Unicorn app server
- Letsencrypt for SSL certs
- Empty Rails 5.0.2 app
Bad: Suggested size too big
They suggest a pretty big Droplet (4GB of ram) but it works fine with the smallest size (1GB of ram). It’s cheaper to start small and upgrade later.
Bad: the server is not the latest LTS
The server runs Ubuntu 16.04 LTS which is good but not the best. I don’t like doing dist-upgrades on production systems. My strategy is to start with the latest Ubuntu server LTS version and keep that version until Ubuntu’s support runs out after 4 years or when I need a version of some dependency that’s not available in that LTS version. Both situations rarely happen. The benefit of keeping the same LTS version is that it becomes more reliable over time and the amount of updates becomes less. You get the same security updates as newer versions so this approach is perfectly safe.
Bad: latest updates not installed
The server doesn’t have the latest updates installed and that’s the first thing you should do before you get started with a server. These updates may contain changes that will break things, so it’s best to get that out of the way with this oneliner:
apt update && apt dist-upgrade && apt-get autoremove && apt-get clean && reboot
The “&&” will only run the next command if the previous has finished without errors. One “&” will run a command in the background and not wait for the others to finish, so if you use one “&” it will become a big mess because it will start upgrading before the update is finished!
I think they should run updates more often on their images or run the updates automatically after the first boot. This is a waste of everyone’s time.
Good: preconfigured firewall
The server comes with a firewall preinstalled and preconfigured. That’s great and excactly what I would to. You can change the settings with the ufw command or directly with iptables (not recommended).
Good: security-updates enabled
Automatic security updates are enabled and automatic reboots are not. Enabling automatic security updates is good, because they do not contain changes in functionality they should not break things. You can enable automatic reboots if you want to in /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Automatic-Reboot "true"; Unattended-Upgrade::Automatic-Reboot-Time "02:00";
Bad: RVM and Ruby
Ruby is installed through RVM and the RVM-installation is a bit broken. You can upgrade to the latest stable version and fix the configuration with these steps:
apt-get install gnupg2 gpg2 --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 rvm get stable --auto-dotfiles
echo rvm_silence_path_mismatch_check_flag=1 >> ~/.rvmrc
That will silence the error.
Bad: deploy with Filezilla or WinSCP
Digital Ocean suggests that you use Filezilla, WinSCP or Rsync to upload your application. Although uploading files this way will work it’s very prone to errors and takes too much time. And I understand that they have to offer you the option to use a password because not everyone understands how to use ssh-keys. But you shouldn’t! Use ssh-keys, I’ll write about that in another post.
Suggestion: Use a git-hook to deploy your app
There are a lot of ways to deploy an app to a server. A simple way to deploy is to use a git and a git-hook instead of scp: git-hook to deploy
Move the empty Rails app that’s on the server out of the way before using that method with:
mv rails_project/ rails_project.bak
Could be better: Unicorn
The server uses Unicorn to run the Rails application. Although not my preference this is a good choice. In the original rails projects folder that comes with the installation is a script (.unicorn.sh) that does the magic. So don’t delete that when you remove the empty rails project. And don’t forget to add the unicorn gem to your project or install it system wide.
Bad: missing log rotation
It looks like the Rails log (log/production.log) and Unicorn log (/var/log/unicorn/unicorn.log) are not rotated. So you’ll have to add that manually to prevent your disk from filling up.
Bad: letsencrypt not working
Yes, there is a letsencrypt package installed but you are better of installing the current version from github or ppa:certbot/certbot with this howto. The MOTD (message you see when you login) even suggests that howto. So we agree. The recent version of cerbot will setup your nginx configuration for you.
Conclusion: should you use DO One Click Rails installation?
No, you can use it after some tweaks but in my opinion it’s not worth the effort. You won’t end up with a nice and stable installation. I’m working on a tutorial for a perfect Rails installation, if you subscribe to my mailinglist below I’ll let you know when it’s finished.