Rails app is not working on VPS server. want to publish catarse open-source crowdfunding app. But 403 forbidden error is returned.
My settings are as follows.(user name is 'hoge')
- Ubuntu 14.04
- PostgreSQL 9.4
nginx settings
/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Unicorn Settings
##
upstream unicorn {
server unix:/home/hoge/railsapp/tmp/sockets/unicorn.sock fail_timeout=0;
}
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-available/default (and /etc/nginx/sites-enabled/default is same.)
# Default server configuration
#
server {
listen 80;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /home/hoge/railsapp/public;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404 @unicorn;
}
location /assets/ {
root /home/hoge/railsapp/public/assets;
}
location @unicorn {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://unicorn;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /home/hoge/railsapp/pubilc;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
# fastcgi_pass unix:/var/run/php5-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
unicorn settings
/home/hoge/railsapp/config/unicorn.rb
# Due to catarse's heavy page load, we are setting it to 4 workers
# 1024/4 = 240MB for each web worker
# 512/4 = 128MB for each web worker (in this case, make it 3 worker processes)
if ENV['WORKER_PROCESSES']
worker_processes ENV['WORKER_PROCESSES'].to_i
else
worker_processes 2
end
user 'hoge', 'hoge'
# Requests with more than 30 sec will be killed
timeout 300
working_directory "/home/hoge/railsapp/public"
# Preload entire app for fast forking.
preload_app true
listen "/home/hoge/railsapp/tmp/sockets/unicorn.sock"
pid "/home/hoge/railsapp/tmp/pids/unicorn.pid"
before_fork do |server, worker|
Signal.trap 'TERM' do
puts 'Unicorn master intercepting TERM and sending myself QUIT instead'
Process.kill 'QUIT', Process.pid
end
defined?(ActiveRecord::Base) and
ActiveRecord::Base.connection.disconnect!
end
after_fork do |server, worker|
Signal.trap 'TERM' do
puts 'Unicorn worker intercepting TERM and doing nothing. Wait for master to sent QUIT'
end
defined?(ActiveRecord::Base) and
ActiveRecord::Base.establish_connection
end
stderr_path File.expand_path('log/unicorn-err.log', ENV['RAILS_ROOT'])
stdout_path File.expand_path('log/unicorn-out.log', ENV['RAILS_ROOT'])
# Please, run it like this `bundle exec unicorn_rails -c config/unicorn.rb -p 3000`
# And change port or other params as you'd like.
/etc/init.d/unicorn
#!/bin/sh
# File: /etc/init.d/unicorn
### BEGIN INIT INFO
# Provides: unicorn
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the unicorn web server
# Description: starts unicorn
### END INIT INFO
# Feel free to change any of the following variables for your app:
USER=hoge
# Replace [PATH_TO_RAILS_ROOT_FOLDER] with your application's path. I prefer
# /srv/app-name to /var/www. The /srv folder is specified as the server's
# "service data" folder, where services are located. The /var directory,
# however, is dedicated to variable data that changes rapidly, such as logs.
# Reference https://help.ubuntu.com/community/LinuxFilesystemTreeOverview for
# more information.
#APP_ROOT=[PATH_TO_RAILS_ROOT_FOLDER]
APP_ROOT=/home/hoge/railsapp/public
# Set the environment. This can be changed to staging or development for staging
# servers.
RAILS_ENV=production
# This should match the pid setting in $APP_ROOT/config/unicorn.rb.
PID=$APP_ROOT/tmp/pids/unicorn.pid
# A simple description for service output.
DESC="Unicorn app - $RAILS_ENV"
# If you're using rbenv, you may need to use the following setup to get things
# working properly:
RBENV_RUBY_VERSION=`cat $APP_ROOT/.ruby-version`
RBENV_ROOT="/usr/local/rbenv"
PATH="$RBENV_ROOT/bin:$PATH"
SET_PATH="cd $APP_ROOT && rbenv rehash && rbenv local $RBENV_RUBY_VERSION"
# Unicorn can be run using `bundle exec unicorn` or `bin/unicorn`.
#UNICORN="bin/unicorn"
UNICORN="bundle exec unicorn"
# Execute the unicorn executable as a daemon, with the appropriate configuration
# and in the appropriate environment.
UNICORN_OPTS="-c $APP_ROOT/config/unicorn.rb -E $RAILS_ENV -D"
CMD="$SET_PATH && $UNICORN $UNICORN_OPTS"
# Give your upgrade action a timeout of 60 seconds.
TIMEOUT=60
# Store the action that we should take from the service command's first
# argument (e.g. start, stop, upgrade).
action="$1"
# Make sure the script exits if any variables are unset. This is short for
# set -o nounset.
set -u
# Set the location of the old pid. The old pid is the process that is getting
# replaced.
old_pid="$PID.oldbin"
# Make sure the APP_ROOT is actually a folder that exists. An error message from
# the cd command will be displayed if it fails.
cd $APP_ROOT || exit 1
# A function to send a signal to the current unicorn master process.
sig () {
test -s "$PID" && kill -$1 `cat $PID`
}
# Send a signal to the old process.
oldsig () {
test -s $old_pid && kill -$1 `cat $old_pid`
}
# A switch for handling the possible actions to take on the unicorn process.
case $action in
# Start the process by testing if it's there (sig 0), failing if it is,
# otherwise running the command as specified above.
start)
sig 0 && echo >&2 "$DESC is already running" && exit 0
su - $USER -c "$CMD"
;;
# Graceful shutdown. Send QUIT signal to the process. Requests will be
# completed before the processes are terminated.
stop)
sig QUIT && echo "Stopping $DESC" exit 0
echo >&2 "Not running"
;;
# Quick shutdown - kills all workers immediately.
force-stop)
sig TERM && echo "Force-stopping $DESC" && exit 0
echo >&2 "Not running"
;;
# Graceful shutdown and then start.
restart)
sig QUIT && echo "Restarting $DESC" && sleep 2 \
&& su - $USER -c "$CMD" && exit 0
echo >&2 "Couldn't restart."
;;
# Reloads config file (unicorn.rb) and gracefully restarts all workers. This
# command won't pick up application code changes if you have `preload_app
# true` in your unicorn.rb config file.
reload)
sig HUP && echo "Reloading configuration for $DESC" && exit 0
echo >&2 "Couldn't reload configuration."
;;
# Re-execute the running binary, then gracefully shutdown old process. This
# command allows you to have zero-downtime deployments. The application may
# spin for a minute, but at least the user doesn't get a 500 error page or
# the like. Unicorn interprets the USR2 signal as a request to start a new
# master process and phase out the old worker processes. If the upgrade fails
# for some reason, a new process is started.
upgrade)
if sig USR2 && echo "Upgrading $DESC" && sleep 10 \
&& sig 0 && oldsig QUIT
then
n=$TIMEOUT
while test -s $old_pid && test $n -ge 0
do
printf '.' && sleep 1 && n=$(( $n - 1 ))
done
echo
if test $n -lt 0 && test -s $old_pid
then
echo >&2 "$old_pid still exists after $TIMEOUT seconds"
exit 1
fi
exit 0
fi
echo >&2 "Couldn't upgrade, starting 'su - $USER -c \"$CMD\"' instead"
su - $USER -c "$CMD"
;;
# A basic status checker. Just checks if the master process is responding to
# the `kill` command.
status)
sig 0 && echo >&2 "$DESC is running." && exit 0
echo >&2 "$DESC is not running."
;;
# Reopen all logs owned by the master and all workers.
reopen-logs)
sig USR1
;;
# Any other action gets the usage message.
*)
# Usage
echo >&2 "Usage: $0 <start|stop|restart|reload|upgrade|force-stop|reopen-logs>"
exit 1
;;
esac
</start|stop|restart|reload|upgrade|force-stop|reopen-logs>
Here's nginx error log.
[error] 24421#24421: *16 directory index of "/home/hoge/railsapp/public" is forbidden, client: 153.229.108.244, server: _, request: "GET / HTTP/1.1", host: "27.120.80.169"
Here's directory owner and permission settings
$ls -l # @ /home/hoge
drwxrwxr-x 18 www-data www-data 4096 Dec 22 21:31 railsapp
$ls -l # @ /home/hoge/railsapp
-rwxrwxr-x 1 www-data www-data 753 Dec 22 20:01 Cheffile
-rwxrwxr-x 1 www-data www-data 1894 Dec 22 20:01 Cheffile.lock
-rwxrwxr-x 1 www-data www-data 711 Dec 22 20:01 Dockerfile
-rwxrwxr-x 1 www-data www-data 3437 Dec 22 20:01 Gemfile
-rwxrwxr-x 1 www-data www-data 18185 Dec 22 20:01 Gemfile.lock
-rwxrwxr-x 1 www-data www-data 1068 Dec 22 20:01 MIT-LICENSE
-rwxrwxr-x 1 www-data www-data 239 Dec 22 20:01 Procfile
-rwxrwxr-x 1 www-data www-data 4626 Dec 22 20:01 README.md
-rwxrwxr-x 1 www-data www-data 3512 Dec 22 20:01 RUNNING_WITH_DOCKER.md
-rwxrwxr-x 1 www-data www-data 343 Dec 22 20:01 Rakefile
-rwxrwxr-x 1 www-data www-data 3977 Dec 22 20:01 Vagrantfile
drwxrwxr-x 13 www-data www-data 4096 Dec 22 20:01 app
-rwxrwxr-x 1 www-data www-data 501 Dec 22 20:01 app.json
drwxrwxr-x 2 www-data www-data 4096 Dec 22 20:01 bin
-rwxrwxr-x 1 www-data www-data 781 Dec 22 20:01 bower.json
-rwxrwxr-x 1 www-data www-data 0 Dec 22 20:07 captured_stderr20161222-32197-m2pdpc
-rwxrwxr-x 1 www-data www-data 270 Dec 22 20:01 circle.yml
drwxrwxr-x 5 www-data www-data 4096 Dec 24 00:10 config
-rwxrwxr-x 1 www-data www-data 255 Dec 22 20:01 config.ru
drwxrwxr-x 4 www-data www-data 4096 Dec 24 00:21 db
drwxrwxr-x 2 www-data www-data 4096 Dec 22 20:01 deploy
-rwxrwxr-x 1 www-data www-data 425 Dec 22 20:01 dev.Dockerfile
drwxrwxr-x 3 www-data www-data 4096 Dec 22 20:01 doc
-rwxrwxr-x 1 www-data www-data 3954 Dec 22 20:01 docker-compose.yml
drwxrwxr-x 4 www-data www-data 4096 Dec 22 20:01 lib
drwxrwxr-x 2 hoge hoge 4096 Dec 23 18:17 log
drwxrwxr-x 4 www-data www-data 4096 Dec 22 21:20 node_modules
-rwxrwxr-x 1 www-data www-data 192 Dec 22 20:01 package.json
drwxrwxr-x 4 www-data www-data 4096 Dec 22 21:23 public
drwxrwxr-x 19 www-data www-data 4096 Dec 22 20:01 spec
drwxrwxr-x 5 www-data www-data 4096 Dec 23 17:40 tmp
drwxrwxr-x 5 www-data www-data 4096 Dec 22 20:22 vendor
and try changing all directories' mode 777, but 403 error has continued.
This is my first experience of deployment to VPS server. so it is maybe missing information that becomes clue.
Please tell me any ideas to resolve it.
Thanks.