Andreas Schneider

a cosmological pedestrian

Diaspora and mod_passenger

by · Friday, January 21, 2011

Maybe you’ve heard already of the privacy aware, personally controlled, open source social network Diaspora. I’ve wanted to try Diaspora so I’ve setup my own seed of Diaspora, they are called pods.

I don’t wanted to run Diaspora with thin so I decided to go with mod_passenger on apache2. I will describe what you need to do to set it up and get it running with mod_passenger.

Instructions

  1. I’ve created a user for diaspora which is in the group www. This is the group apache2 is running as. So you can give write access to this group on directories diaspora needs write access.
  2. To get the basics you should read the official howto first. You should install the required packages and checkout the repository as the user diaspora.
  3. Create and edit config/app_config.yml and config/database.yml as described in the howto. You don’t need to run script/server I will cover this in the following instructions.
  4. If you have created the config files, set up the mysql database then you should create the initial database layout. You can do this with RAILS_ENV=production rake db:seed:dev.
  5. Don’t forget to run jammit to precompile the css files with: bundle exec jammit. You need to redo this step every time you pull changes from the git repository.
  6. Time to install mod_passenger and get it loaded by apache2. You need a virtual host configuration for your pod which should look like this:

            # General setup for the virtual host
        DocumentRoot "/path/to/diaspora/pod/public"
        ServerName pod.example.com:443
        ServerAdmin 
        ErrorLog /var/log/apache2/pod/error_log
        TransferLog /var/log/apache2/pod/access_log

        SetEnv RAILS_ENV production
        # This enables mod_passenger
        Include /etc/apache2/conf.d/mod_passenger.conf

        <Directory "/path/to/diaspora/pod/public">
                Options +FollowSymlinks -MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>
  7. You need to run two processes in the background, one of them is websocket: RAILS_ENV=production ruby script/websocket_server.rb &
  8. The second process is a resque worker. It is responsible for background tasks. You can start it with: RAILS_ENV=production QUEUE=receive,mail,receive_local,socket_webfinger,http_service,http,receive_salmon bundle exec rake resque:work

Feel free to ask questions, I will try to extend the howto.

apparmor and mod_passenger

It is possible to protect passenger with apparmor. You need to create the following wrapper:

passenger.c

#include 

int main(int argc, char *argv[]) {
    return execv("/usr/bin/ruby", argv);
}

I’ve compiled it with gcc -o passenger passenger.c and move it to /usr/local/bin/passenger. Then set the variable PassengerRuby “/usr/local/bin/passenger” and created an apparmor profile for it.

Tags:

You may also like...

2 Responses

  1. André says:
    Tuesday, February 8, 2011 at 18:18

    Thanks for the nice post.
    I’m searching for a way to protect my rails applications via apparmor. Thanks for the clue with the wrapper, this helped me a lot.
    I’m completely new to apparmor, so it would help me to see an example of a profile for a rails app.

    It would be very nice, if you could publish your profile or send me an email.

  2. Andreas Schneider says:
    Tuesday, February 8, 2011 at 18:32

    Create an empty one, set it to complain mode and use logprof to add what’s missing 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *