VPS Chef

Hack to environment variables in to the Puma Jungle

(There's a post title I never thought I'd write)

If you have any Ruby web apps deployed with Puma (on Linux), you may have run in to the problem whereby there is no obvious way of bringing in Environment Variables before the Apps spin up.  In a previous version of the Puma Jungle (system startup scripts for spinning up Puma apps [see here https://github.com/puma/puma/tree/master/tools/jungle/init.d]) there was a clear place to `source` a file before the App was launched.

This doesn't seem to exist in newer versions, so my dirty hack to get it working is:

  • Put your dot file .my_app_vars_v1 in to the root of your web app
  • Edit the file /usr/local/bin/run-puma
  • Change the last line to read:  cd $app && . .*vars* && exec bundle exec puma -C $config 2>&1 >> $log

The addition of the . .*vars* will "source" the file (the dot notation is a shorthand, terminal agnostic equivalent of "source")

The better solution would be to add an additional line in to the parser for /etc/puma.conf to specify a variables file, but that's for another day...


Jekyll, rsync and Nginx File Permissions (Linux)

I'm a heavy user of Jekyll and rsync to deploy static websites.  I've never really felt the need to go down the git deploy route when rsync can handle most use cases (throwing away version control, multiple contributors etc).

However, I have only just cracked the nut on rsync + nginx permissions.  I've had a real mixed bag of experiences with different VPS' and versions of Ubuntu and nginx, but I have finally worked out the holy grail of permissions.

The problem has always been the permissions on the static files, and the nginx user (typically www-data) being denied read permissions.  Easy enough to fix, but every time you rsync as a normal user you lose the fix and nginx can no longer read your files.

Fixing nginx + rsync permissions for Jekyll deployments

So, assuming you have a normal user account called vpschef you need to:

sudo usermod -aG www-data vpschef

Assuming that nginx is running in the group www-data (you can find out with ps aux | grep nginx) - this adds your normal user in to the same group.

N.B. The alternative is to grant www-data regular logon/SSH permissions so it can rsync the files, but this is an additional security consideration that does not need to be made.

Now, if you have NOTHING in your /srv or /var/www directory you can run:

sudo chown www-data:www-data /srv

To change the ownership of your web directory to www-data user and group.  Note that if you already have content and sub-folders deployed in this directory, you need to pass the -R recursive flag to chown to propagate ownership to all existant files.

To clean up some of the permissions here we prevent anyone NOT in this group for reading/executing in this directory tree:

sudo chmod 770 /srv

Remembering to pass -R again to chmod if you have content here already.

Finally, the piece that has caused me so much hassle over the last few months is we need to run setuid/setgid to set the group permission to NEWLY CREATED files and folders:

sudo chmod g+s /srv

Subsequently, all new files written in to /srv will have the correct permissions for nginx to read and execute.

Have you had this problem, did you come up with a better solution than this?  Let us know below!


Tiny VPS Options (Low Memory, Low Cost) in 2014

There are lots of uses for LMLC VPS (Low Memory Low Cost); simple proxy servers for private use or hosting a series of static websites being some of the most popular.  For example, I use a Candian VPS to experience browsing as a Canadian might, whilst I have websites running on 64Mb instances that are very unlikely to need any more resource (static sites).

Out of the box, these days, a standard LAMP server will test a 512Mb VPS instance, but there's no reason - if you're not using memory hungry toolchains - that you can't get by with a 128Mb instace - in fact, they are probably my favourite!

So, here's a roundup of low cost, low memory VPS (updated mid 2014).

TinyVZ Linux VPS hosting.

Tiny OpenVZ Based VPS Services For Clueful Clients

This is actually a spin-off/sister company of RAM Host, which is a fairly respectable player in the budget VPS world (think $5 per month).  However, this TinyVZ brand offers 128Mb RAM (dedicated) OpenVZ at $15 per year or KVM at $35.

Even if looks a little bit too much like prgmr to be coincidence, it's definitely worth a look.  You won't mind much in the way of a control panel here, so you'll need the technical capacity.

prgmr.com

We don't assume you are stupid. Since 2005

The original no frills VPS service.  You really do know what you need to be doing here, and with a 64Mb slice of the VPS pie costing $48 per year it's not the most cost effective, but it is Xen (so more performant than OpenVZ) and makes you feel like you're using a very well managed service which doesn't over sell their kit.

Secure Dragon LLC.

Secure Dragon LLC. is a strong contender in the online service industry because our staff has the knowledge and experience of the mystical creature we chose to represent us.

These guys are my provider of choice at the moment thanks to their 64Mb OpenVZ instances starting at $9.99 per year.  Good, custom control panel and good communication from the team.  Highly recommended if you need a quick low memory VPS at low cost.

RamNode LLC

I've been a long time fan + customer of RamNode, and only recently are they able to make it in to this post with the introduction on a $15 per year 128Mb OpenVZ tier.

Available in 3 US cities + The Netherlands, this is a great option for a low memory, low cost VPS from a reputable provider (they've been around for a while).

Note the link above is an affiliate link

Other Low Memory, Low Cost Providers

There are a handful of other providers out there doing LMLC VPS on a yearly plan.  Drop me a note in a comment if you think they are worth checking out.  My main critera for curating this list is provider reliability (in terms of has the company been operating for more than 6 months), as it's particularly frustrating to fork out a yearly cost (albeit a small one) to find the provider has disappeared a few months later.


How to setup Jekyll virtual private server

This is a great write up of getting Jekyll up and running on a VPS.  I am currently doing something fairly similar but without the stats capture (nice touch) and the Git integration.  I've been using Rsync which in turn has been playing havoc with file permissions (tough nut to crack), so I plan on spinning up a few more instances to try this technique out.

I will briefly describe the whole process of preparing Debian-based VPS server to host blog built using Jekyll static site generator.

Story source →


New Trend in VPS Attacks - Litecoin mining

I've been looking in to Litecoin and other Cryptocurrencies later, and given my parallel penchance for VPS', this blog posting on VPS takeover for Litecoin mining was particularly timely:

That wasn't the end of the matter, I was in for a rude shock when I logged into my Amazon account to check for unauthorised usage. $3000+ in pending charges. Woah!

I've had a few VPS' taken over either via weak passwords or in a more frustrating case of a user account having her email breached and scanning for access details.  In both cases the attacker has set up SSH brute forcing to compromise other servers - not the end of the world and relatively easy to kill and block once you get alerted.

However, for pay-per-use instances along the lines of EC2, this new trend in spinning up litecoin mining instances is certainly a new one!  From various comments it looks like he may not have to pay the full amount, but a good lesson to us all to stay on top of server security; especially on pay per use.

For those interested, Litecoin is the new trend in mining - it can be done most effectively with GPUs - more so that Bitcoin which has been saturated with ASIC devices - but you can still make some headway with good old fashioned CPU mining.

Story source >>