Setup Nginx+Redis+Ruby+Passenger+Monit+Swap on AWS
Steps are for Ubuntu 16.04 LTS
01). Change timezone to IST
sudo timedatectl set-timezone Asia/Kolkata
02). Upgrade NodeJs
sudo apt-get update
sudo npm cache clean -f
sudo npm install -g n
sudo n stable
03). Install NPM
sudo apt-get install npm
04). Install PIP and PIP3
sudo apt-get -y install python-pip
sudo apt-get -y install python3-pip
05). Install AWS Client (try without sudo first)
<sudo> pip install awscli —user
06). Run AWS Configure and configure it
aws configure
AWS Access Key ID [None]: <IAM access key ID>
AWS Secret Access Key [None]: <IAM secret access key>
Default region name [None]: <check instance zone and paste it here>
output format [None]: json
07). Install libcurl
sudo apt-get install libcurl4-openssl-dev
08). Install Ruby
sudo apt-get update
sudo apt-get install -y curl gnupg build-essential
Install RVM
sudo gpg —keyserver hkp://keys.gnupg.net —recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
curl -sSL https://get.rvm.io | sudo bash -s stable
sudo usermod -a -G rvm `whoami`
if sudo grep -q secure_path /etc/sudoers; then sudo sh -c "echo export rvmsudo_secure_path=1 >> /etc/profile.d/rvm_secure_path.sh" && echo Environment variable installed; fi
curl -sSL https://get.rvm.io | sudo bash -s stable
sudo usermod -a -G rvm `whoami`
if sudo grep -q secure_path /etc/sudoers; then sudo sh -c "echo export rvmsudo_secure_path=1 >> /etc/profile.d/rvm_secure_path.sh" && echo Environment variable installed; fi
When you are done with all this, re-login to your server to activate RVM
Install Ruby 2.5.0
rvm install ruby-2.5.0
rvm —default use ruby-2.5.0
rvm —default use ruby-2.5.0
Install Bundler for managing application gem dependencies
gem install bundler —no-rdoc —no-ri
09). Install latest Nginx
sudo add-apt-repository ppa:nginx/stable
sudo apt-get update
sudo apt-get install nginx
10). Install Passenger packages
# Install PGP key and add HTTPS support for APT
sudo apt-get install -y dirmngr gnupg
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
sudo apt-get install -y apt-transport-https ca-certificates
# Add our APT repository
sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger xenial main > /etc/apt/sources.list.d/passenger.list'
sudo apt-get update
# Install Passenger + Nginx
sudo apt-get install -y nginx-extras passenger
Check Installation (if rvmsudo won't work then try sudo)
rvmsudo /usr/bin/passenger-config validate-install
You should now see Nginx processes and Passenger processes
rvmsudo /usr/sbin/passenger-memory-stats
If you do not see any Nginx processes or Passenger processes, then you probably have some kind of installation problem or configuration problem.
Update Regularly
sudo apt-get update
sudo apt-get upgrade
sudo apt-get upgrade
11). Install Monit
sudo apt-get install monit
sudo chmod 700 /etc/monit/monitrc
sudo vim /etc/monit/monitrc
Comment as follows, and save the ‘monitrc’ file
#include /etc/monit/conf.d/*
#include /etc/monit/conf-enabled/*
Need to create application-specific configurations in /etc/monit/conf.d
then uncomment above comment for conf.d and reload monit by "sudo monit reload"
#include /etc/monit/conf.d/*
#include /etc/monit/conf-enabled/*
Need to create application-specific configurations in /etc/monit/conf.d
then uncomment above comment for conf.d and reload monit by "sudo monit reload"
12). Add Swap Space
Create a Swap File at data EBS volume's (mount-dir) swapspace folder, make sure you allocate 50% of RAM (4 GB in case of m5.large)
sudo mkdir swapspace
sudo fallocate -l 4G /mount-dir/swapspace/swapfile
sudo fallocate -l 4G /mount-dir/swapspace/swapfile
Verify that the correct amount of space was reserved
ls -lh /mount-dir/swapspace/swapfile
Output should be something like
-rw-r—r-- 1 root root 4.0G Aug 20 11:14 /mount-dir/swapspace/swapfile
Enabling the Swap File
sudo chmod 600 /mount-dir/swapspace/swapfile
Verify the permissions change by typing:
ls -lh /mount-dir/swapspace/swapfile
Output
-rw------- 1 root root 1.0G Aug 20 11:15 /mount-dir/swapspace/swapfile
Now mark the file as swap space
sudo mkswap /mount-dir/swapspace/swapfile
Enable the swap file, allowing our system to start utilizing it
sudo swapon /mount-dir/swapspace/swapfile
Verify that the swap is available
sudo swapon —show
Output
NAME TYPE SIZE USED PRIO
/swapfile file 1024M 0B -1
/swapfile file 1024M 0B -1
13). Install Redis
sudo apt-get update
sudo apt-get install build-essential tcl
Download and Extract the Source Code
cd /tmp
curl -O http://download.redis.io/redis-stable.tar.gz
tar xzvf redis-stable.tar.gz
cd redis-stable
curl -O http://download.redis.io/redis-stable.tar.gz
tar xzvf redis-stable.tar.gz
cd redis-stable
Build and Install Redis
make
make test
sudo make install
make test
sudo make install
Configure Redis
sudo mkdir /etc/redis
sudo cp /tmp/redis-stable/redis.conf /etc/redis
sudo vim /etc/redis/redis.conf
sudo cp /tmp/redis-stable/redis.conf /etc/redis
sudo vim /etc/redis/redis.conf
In the file, find the supervised directive. Currently, this is set to no. Since we are running an operating system that uses the systemd init system, we can change this to systemd:
/etc/redis/redis.conf
. . .
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
# supervised no - no supervision interaction
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
# supervised auto - detect upstart or systemd method based on
# UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
# They do not enable continuous liveness pings back to your supervisor.
supervised systemd
. . .
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
# supervised no - no supervision interaction
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
# supervised auto - detect upstart or systemd method based on
# UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
# They do not enable continuous liveness pings back to your supervisor.
supervised systemd
. . .
Next, find the dir directory. This option specifies the directory that Redis will use to dump persistent data. We need to pick a location that Redis will have write permission and that isn't viewable by normal users.
We will use the /var/lib/redis directory for this, which we will create in a moment:
/etc/redis/redis.conf
. . .
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir /var/lib/redis
. . .
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir /var/lib/redis
. . .
Save and close the file when you are finished.
Create a Redis systemd Unit File
Next, we can create a systemd unit file so that the init system can manage the Redis process.
Create and open the /etc/systemd/system/redis.service file to get started:
· sudo nano /etc/systemd/system/redis.service
Inside, we can begin the [Unit] section by adding a description and defining a requirement that networking be available before starting this service:
/etc/systemd/system/redis.service
[Unit]
Description=Redis In-Memory Data Store
After=network.target
Description=Redis In-Memory Data Store
After=network.target
In the [Service] section, we need to specify the service's behavior. For security purposes, we should not run our service as root. We should use a dedicated user and group, which we will call redis for simplicity. We will create these momentarily.
To start the service, we just need to call the redis-server binary, pointed at our configuration. To stop it, we can use the Redis shutdown command, which can be executed with the redis-cli binary. Also, since we want Redis to recover from failures when possible, we will set the Restart directive to "always":
/etc/systemd/system/redis.service
[Unit]
Description=Redis In-Memory Data Store
After=network.target
[Service]User=redisGroup=redisExecStart=/usr/local/bin/redis-server /etc/redis/redis.confExecStop=/usr/local/bin/redis-cli shutdownRestart=always
Description=Redis In-Memory Data Store
After=network.target
[Service]User=redisGroup=redisExecStart=/usr/local/bin/redis-server /etc/redis/redis.confExecStop=/usr/local/bin/redis-cli shutdownRestart=always
Finally, in the [Install] section, we can define the systemd target that the service should attach to if enabled (configured to start at boot):
/etc/systemd/system/redis.service
[Unit]
Description=Redis In-Memory Data Store
After=network.target
[Service]
User=redis
Group=redis
ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf
ExecStop=/usr/local/bin/redis-cli shutdown
Restart=always
[Install]WantedBy=multi-user.target
Description=Redis In-Memory Data Store
After=network.target
[Service]
User=redis
Group=redis
ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf
ExecStop=/usr/local/bin/redis-cli shutdown
Restart=always
[Install]WantedBy=multi-user.target
Save and close the file when you are finished.
Create the Redis User, Group and Directories
Now, we just have to create the user, group, and directory that we referenced in the previous two files.
Begin by creating the redis user and group. This can be done in a single command by typing:
sudo adduser --system --group --no-create-home redis
Now, we can create the /var/lib/redis directory by typing:
sudo mkdir /var/lib/redis
We should give the redis user and group ownership over this directory:
sudo chown redis:redis /var/lib/redis
Adjust the permissions so that regular users cannot access this location:
sudo chmod 770 /var/lib/redis
Add the line vm.overcommit_memory=1 and net.core.somaxconn=65535 to the bottom of /etc/sysctl.conf
sudo vi /etc/sysctl.conf
Existing permissions don't allow you to edit THP as the warning suggests, so instead do
sudo apt install hugepages
then add the command sudo hugeadm --thp-never at the bottom of your .bashrc, with something like sudo vim ~/.bashrc. Then reboot
sudo reboot
Start the Redis Service
Start up the systemd service by typing:
· sudo systemctl start redis
Check that the service had no errors by running:
· sudo systemctl status redis
You should see something that looks like this:
Output● redis.service - Redis Server
Loaded: loaded (/etc/systemd/system/redis.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2016-05-11 14:38:08 EDT; 1min 43s ago
Process: 3115 ExecStop=/usr/local/bin/redis-cli shutdown (code=exited, status=0/SUCCESS)
Main PID: 3124 (redis-server)
Tasks: 3 (limit: 512)
Memory: 864.0K
CPU: 179ms
CGroup: /system.slice/redis.service
└─3124 /usr/local/bin/redis-server 127.0.0.1:6379
. . .
Test the Redis Instance Functionality
To test that your service is functioning correctly, connect to the Redis server with the command-line client:
redis-cli
In the prompt that follows, test connectivity by typing:
ping
You should see:
Output
PONG
PONG
Check that you can set keys by typing:
set test "It's working!"
Output
OK
OK
Now, retrieve the value by typing:
get test
You should be able to retrieve the value we stored:
Output
"It's working!"
"It's working!"
Exit the Redis prompt to get back to the shell:
exit
As a final test, let's restart the Redis instance:
sudo systemctl restart redis
Now, connect with the client again and confirm that your test value is still available:
redis-cli
get test
The value of your key should still be accessible:
Output
"It's working!"
"It's working!"
Back out into the shell again when you are finished:
exit
Enable Redis to Start at Boot
If all of your tests worked, and you would like to start Redis automatically when your server boots, you can enable the systemd service.
To do so, type:
sudo systemctl enable redis
Output
Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /etc/systemd/system/redis.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /etc/systemd/system/redis.service.
No comments:
Post a Comment