Diaspora and mod_passenger

Maybe you’ve heard already of the privacy aware, personally controlled, open source social network Diaspora. I’ve wanted to try Diaspora so I’ve setup my own seed of Diaspora, they are called pods.

I don’t wanted to run Diaspora with thin so I decided to go with mod_passenger on apache2. I will describe what you need to do to set it up and get it running with mod_passenger.


  1. I’ve created a user for diaspora which is in the group www. This is the group apache2 is running as. So you can give write access to this group on directories diaspora needs write access.
  2. To get the basics you should read the official howto first. You should install the required packages and checkout the repository as the user diaspora.
  3. Create and edit config/app_config.yml and config/database.yml as described in the howto. You don’t need to run script/server I will cover this in the following instructions.
  4. If you have created the config files, set up the mysql database then you should create the initial database layout. You can do this with RAILS_ENV=production rake db:seed:dev.
  5. Don’t forget to run jammit to precompile the css files with: bundle exec jammit. You need to redo this step every time you pull changes from the git repository.
  6. Time to install mod_passenger and get it loaded by apache2. You need a virtual host configuration for your pod which should look like this:

            # General setup for the virtual host
            DocumentRoot "/path/to/diaspora/pod/public"
            ServerName pod.example.com:443
            ErrorLog /var/log/apache2/pod/error_log
            TransferLog /var/log/apache2/pod/access_log
            SetEnv RAILS_ENV production
            # This enables mod_passenger
            Include /etc/apache2/conf.d/mod_passenger.conf
            <Directory "/path/to/diaspora/pod/public">
                    Options +FollowSymlinks -MultiViews
                    AllowOverride All
                    Order allow,deny
                    Allow from all
  7. You need to run two processes in the background, one of them is websocket: RAILS_ENV=production ruby script/websocket_server.rb &
  8. The second process is a resque worker. It is responsible for background tasks. You can start it with: RAILS_ENV=production QUEUE=receive,mail,receive_local,socket_webfinger,http_service,http,receive_salmon bundle exec rake resque:work

Feel free to ask questions, I will try to extend the howto.

apparmor and mod_passenger

It is possible to protect passenger with apparmor. You need to create the following wrapper:



int main(int argc, char *argv[]) {
    return execv("/usr/bin/ruby", argv);

I’ve compiled it with gcc -o passenger passenger.c and move it to /usr/local/bin/passenger. Then set the variable PassengerRuby “/usr/local/bin/passenger” and created an apparmor profile for it.

You may also like...

2 Responses

  1. André says:

    Thanks for the nice post.
    I’m searching for a way to protect my rails applications via apparmor. Thanks for the clue with the wrapper, this helped me a lot.
    I’m completely new to apparmor, so it would help me to see an example of a profile for a rails app.

    It would be very nice, if you could publish your profile or send me an email.

  2. Create an empty one, set it to complain mode and use logprof to add what’s missing 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *