Wednesday, September 18, 2013

Deploying multiple Rails apps to same domain using sub URI's, nginx and passenger.

I recently had a requirement where I had to run two different Rails app's on the same domain with different sub URI's. The following was what I wanted to achieve:
www.example.com - Load Rails App1
www.example.com/app2 - Load Rails App2
This is very easy to achieve provided you are using Passenger Phusion + nginx. I made the following changes to the server block in nginx.conf
server {
  listen 80; 
  server_name www.example.com;
  root /var/www/app1/public;
  passenger_enabled on;
  passenger_base_uri /app2;
}
Look at how the
root
is pointing to app1's public folder. And look at the new addition
passenger_base_uri
directive. Now, we need to carry out the final step - symlink app2's public folder to /var/www/app1/public/app2.
ln -s /var/www/app2/public /var/www/app1/public/app2 
Once the symlink is created, restart nginx and you are ready to serve different Rails apps on the same domain.

References:

Wednesday, September 11, 2013

Configuring FTP access on Ubuntu 12.04 LTS server

Configuring FTP on Ubuntu is fairly trivial, but securing it requires some learning. Here's what I had to do configure FTP and allow users to access it.

1. Install the FTP server

 sudo apt-get install vsftpd

2. Create a new user

You can additionally disable shell access to the ftpuser., in my case I needed shell access.
 sudo useradd ftpuser
You can skip the step 2 and use the "ftp" user that gets created when you install vsftpd. In my case I needed a new user.

3. Restrict the ftpuser's access to file system and jail them to their home dir

Edit the /etc/vsftpd.conf and make the following change
 chroot_local_user = Yes

4. Restart vsftpd 

 sudo /etc/init.d/vsftpd restart 
You should be able to access and write to ftpuser's home directory now.

Additional Details:


Change default FTP upload directory for the ftp user created by vsftpd:

 sudo mkdir /srv/file_dir/ftp
 sudo usermod -d /srv/file_dir/ftp ftp 
The -d option to usermod changes the home directory of ftp user to /srv/file_dir/ftp

Allow ftpuser to access a specific folder outside home directory when chroot is enabled.

Lets assume you need FTP access to /var/www/files, then we need to do something like this:
 mkdir /home/ftpuser/www_files
 mount --bind /var/www/files /home/ftpuser/www_files 
Now, the /var/www/files directory is bound to your /home/ftpuser/www_files and is visible in your home directory listing. In case you get permission errors , make sure the ftpuser has enough access to -/var/www/files

To make the changes permanent add the following configuration to /etc/fstab
 /var/www/files /home/ftpuser/www_files none bind 0 0

Enable Anonymous downloads

If you wish to enable anonymous downloads edit /etc/vsftpd.conf and change.
 anonymous_enable=Yes 
It is recommended to turn off this feature unless you are absolutely certain you need this.

References:

https://help.ubuntu.com/12.04/serverguide/ftp-server.html
http://www.ducea.com/2006/07/27/allowing-ftp-access-to-files-outside-the-home-directory-chroot/
http://linux.about.com/od/commands/l/blcmdl8_usermod.htm