From 0b16f30a9bde21a43b7fae4c6a598eb43397f0fc Mon Sep 17 00:00:00 2001 From: rharmonson Date: Thu, 26 Jun 2014 10:58:36 -0700 Subject: [PATCH] added other considerations --- ...acks-2.2.2-on-CentOS-6.5-Minimal-x86_64.md | 108 +++++++++++++++++- 1 file changed, 107 insertions(+), 1 deletion(-) diff --git a/Installing-Tracks-2.2.2-on-CentOS-6.5-Minimal-x86_64.md b/Installing-Tracks-2.2.2-on-CentOS-6.5-Minimal-x86_64.md index d23fef7..9085778 100644 --- a/Installing-Tracks-2.2.2-on-CentOS-6.5-Minimal-x86_64.md +++ b/Installing-Tracks-2.2.2-on-CentOS-6.5-Minimal-x86_64.md @@ -18,6 +18,10 @@ Build Overview 1. Apache2 1. Done(?) +Other Considerations +1. SELinux Passenger Module +1. Phusion Passenger, Rails, & Sub-URIs +1. Nginx reverse proxy ## 1. Base operating system @@ -1430,4 +1434,106 @@ Create actons specifying context and project. Alternatively, You can simply create an action specifying a new context and project. Tracks will auto-create them. For example, create an action to 'replace toilet seal' and specify context 'home' and project 'bathroom remodel.' - ;) Enjoy! \ No newline at end of file + ;) Enjoy! + +#Other Consdierations + + +----- +##SELinux Passenger Module + +The process that follows can be used for creating security modules for SELinux. Alternatively, you can disable SELinux, but that would be unwise. + +Temporarily go into SELinux permissive mode. +``` +$ sudo setenforce 0 +``` + +Restart Apache +``` +$ sudo service httpd restart +``` + +Start using your Rails application +Walk through SELinux log and generate new SELinux policy module +``` +$ sudo grep httpd /var/log/audit/audit.log | audit2allow -M passenger +``` + +Install newly created SELinux module +``` +$ sudo semodule -i passenger.pp +``` + +Switch SELinux back into enforcing mode. +``` +$ sudo setenforce 1 +``` + +----- +##Phusion Passenger, Rails, & Sub-URIs + +In the course of using ruby, rails, and passenger, you may need to create multiple sites or apps not just one. Using Passenger sub-uris will accomplish this task. In addition, when using Nginx (see below), using a sub-uri simplifies configuration and reduces hours of banging your head on your desk. + +With Tracks, update the site.yml to use a subdir, then update Apache's configuration to reflect the virtual host shown below. So for www.somedomain.com we will use subdir tracks which result with http://www.somedomain.com/tracks. + +???Is this really needed? Confusing for it appears to be functioning with it commented out.??? +Remove the comment '#' and update to read subdir: "/tracks" +``` +$ vi /home/tracks/tracks/config/site.yml +``` + +Update the virtual host to read as follows: +``` +$ sudo vi /etc/httpd/conf/httpd.conf + + + ServerName trk.harmonson.net + DocumentRoot /home/tracks/tracks/public + +Alias /tracks /home/tracks/tracks/public + + + PassengerBaseURI /tracks + PassengerAppRoot /home/tracks/tracks + + + + Allow from all + # This relaxes Apache security settings. + AllowOverride all + # MultiViews must be turned off. + Options -MultiViews + # Uncomment this if you're on Apache >= 2.4: + #Require all granted + + + +``` + + +Restart Apache for changes to take effect. +``` +$ sudo service httpd restart +``` + +----- +##Nginx reverse proxy + +Nginx is a very efficient web service which I use as a reverse proxy. Below is an example of a working Nginx 1.4 location config using the Tracks build above and sub-uri /tracks. This is only /location not a complete nginx.conf. +``` +### Tracks +location /tracks/ { + auth_basic "off"; + +## Set Headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + +## Tracks Backend + proxy_pass http://192.168.1.111/tracks/; + proxy_redirect off; +} +``` \ No newline at end of file