Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
h1. EC2 on Rails
h2. Deploy a Ruby on Rails app on EC2 in five minutes
Main Page: "http://ec2onrails.rubyforge.org":http://ec2onrails.rubyforge.org
Code on Github: "http://github.com/pauldowman/ec2onrails":http://github.com/pauldowman/ec2onrails
EC2 on Rails is an Ubuntu Linux server image for "Amazon's EC2 hosting service":http://www.amazon.com/b/ref=sc_fe_l_2/102-6342260-7987311?ie=UTF8&node=201590011&no=3435361 that's ready to run a standard Ruby on Rails application with little or no customization. It's a Ruby on Rails "virtual appliance":http://en.wikipedia.org/wiki/Virtual_appliance.
If you have an EC2 account and can start EC2 instances you're five minutes away from deploying your Rails app.
EC2 on Rails is "opinionated software":http://gettingreal.37signals.com/ch04_Make_Opinionated_Software.php: the opinion is that for many rails apps the server setup can be generalized and shared the same way as the web application framework itself. For many people (Twitter, this isn't for you) the server image can be treated the same way as other shared libraries. And if the day comes when your needs areunique enough that EC2 on Rails can't be configured to work for you then you can bundle your own image from it or fork the build source and customize it.
But until then, why spend your time configuring servers?
Features of the EC2 image:
h2. Using the image
This documentation will be improved soon, for now hopefully this covers the basics.
The current AMI id's are:
I will keep these images available for as long as possible, they will not be deleted for at least a few years.
h4. 1. Install the gem
sudo gem install ec2onrails
h4. 2. Add the config files to your Rails app
You will need to place "Capfile":http://github.com/pauldowman/ec2onrails/raw/master/examples/Capfile in the root of your rails folder, and put "deploy.rb":http://github.com/pauldowman/ec2onrails/raw/master/examples/deploy.rb and "s3.yml":http://github.com/pauldowman/ec2onrails/raw/master/examples/s3.yml in the config folder.
Within your rails directory, run
wget -q -O Capfile http://github.com/pauldowman/ec2onrails/raw/master/examples/Capfile wget -q -O config/deploy.rb http://github.com/pauldowman/ec2onrails/raw/master/examples/deploy.rb wget -q -O config/s3.yml http://github.com/pauldowman/ec2onrails/raw/master/examples/s3.yml
Be sure to customize those files and read the comments.
In your database.yml file, add host: db_primary
to the host of other database configuration options. After running "cap ec2onrails:server:set_roles" it will resolve to the instance defined in your Capistrano "db" role.
h4. 3. Start up one or more instances of the image.
There is nothing EC2 on Rails-specific here yet (though soon there will be a Capistrano task to do this for you), if you've started EC2 instances before you can skip this section. Otherwise, I'm not going to lie, this part is complicated and will take a lot more than 5 minutes the first time.
Read the "running an instance section":http://docs.amazonwebservices.com/AWSEC2/2007-08-29/GettingStartedGuide/running-an-instance.html in Amazon's getting started guide.
For the AMI id's of the current images do cap ec2onrails:ami_ids
from within the app that you configured in the previous step (they're also listed earlier on this page).
NOTE: Only use the images that match the current version of the gem.
Please see the "change log":http://github.com/pauldowman/ec2onrails/raw/master/gem/CHANGELOG for release notes, and see the "list of open issues":http://rubyforge.org/tracker/?atid=17558&group_id=4552&func=browse.
As is "standard for public AMI's":http://docs.amazonwebservices.com/AWSEC2/2007-08-29/DeveloperGuide/public-ami-guidelines.html, password-based logins are disabled. You log in with your own "public/private keypair":http://docs.amazonwebservices.com/AWSEC2/2007-08-29/GettingStartedGuide/running-an-instance.html.
Most basic things can be configured automatically by the Capistrano tasks, but if you want to you can login by ssh as a user named "admin" (has sudo ability) or as "app" (the user that the app runs as, does not have sudo ability). The Capistrano tasks automatically use the app user to deploy the app, and the admin user for server admin tasks that require sudo.
IMPORTANT: Double-check "your firewall settings":http://docs.amazonwebservices.com/AWSEC2/2007-08-29/GettingStartedGuide/running-an-instance.html. Be sure that you haven't allowed public access to any ports other than TCP 22 and TCP 80 (and possibly TCP 443 if you're going to enable HTTPS). If you're using multiple instances, be sure to allow them network access to each other.
h4. 4. Copy your public key from the server to keep Capistrano happy
This is a workaround for a quirk in Capistrano. Technically all you should need to connect to the server is the private key file, the public key is on the server. But for some reason "Capistrano requires that you have both the public key and the private key files together on the client":http://groups.google.com/group/capistrano/browse_thread/thread/1102208ff925d18.
There is a Capistrano task that tries to fix this for you. From within the root of your rails app do:
cap ec2onrails:get_public_key_from_server
Note, this will only work if you have an external ssh command in the path, it won't work for most Windows users.
h4. 5. Deploy the app with Capistrano
Now that the gem is installed, your deploy.rb is configured and you can start and stop EC2 instances, this is the only thing you'll need to do from now on.
cap deploy:cold
Yes, it's that easy! The setup task will set the server's timezone, install any gems and Ubuntu packages that you specified in the config file, and create your database.
That's it, your app is now running on EC2!!
h2. Capistrano tasks
"Capistrano":http://capify.org is the most commonly used Rails deployment tool. It comes with many standard "tasks", and the EC2 on Rails gem includes Capistrano tasks specifically for configuring the server instance.
Capistrano is run from the command-line using the "cap" command, with a task name given as an argument.
h3. Commonly-used tasks
You'll mostly need just the following Capistrano tasks:
cap ec2onrails:ami_ids
Shows the AMI id's of the images that match the current version of the gem.
cap ec2onrails:db:enable_ebs
This task will move the primary mysql database onto an Amazon Elastic Storage Block (EBS) volume. You can call this task with the optional SIZE parameter defined (defaults to 10 gigs) like
cap ec2onrails:db:enable_ebs SIZE=10
You should then specify your own volume (or the one created by this task) in your capistrano deploy.rb file like so:
role :db, "ec2-xx-xxx-xx-xxx.compute-1.amazonaws.com", :primary => true, :ebs_vol_id => 'vol-12345abc'
NOTE MySQL EBS is not enabled by default. You may call this task at anytime to move your MySQL over to EBS, but just make sure you keep track of the volume-id that is printed out by this task and use it to modify your deploy.rb file
cap ec2onrails:server:set_roles
Customizes each instance for it's role(s) (as defined in your Capistrano deploy.rb file). Run this after starting or stopping instances. For now this just makes sure that only the appropriate services (Apache, Mongrel, and/or MySQL) are running. Eventually this will customize settings for the running services also. Note that an instance can have more than one role. If there's only one instance it will have all roles.Note that due to the way that Capistrano works all tasks are run against all hosts that are currently defined in the deploy.rb file. So if you start a new instance then add it to your deploy.rb you will need to run "cap ec2onrails:setup" again which will be run on all existing instances.
h3. Database management tasks
cap ec2onrails:db:archive
Archive the MySQL database to the bucket specified in your deploy.rb. This is for archiving a snapshot of your database into any S3 bucket. For example, you might want to do this before deploying.
cap ec2onrails:db:restore
Restore the MySQL database from the bucket specified in your deploy.rb For example, I use this to restore the current production data (from my actual production backup bucket) onto a staging server that has the current production version of my app. I then deploy the new version which tests migrations exactly as they'll run on the production server.
To get a full list of the Capistrano tasks at any time type cap -T
from with your rails app root.
h2. Building the image
The EC2 on Rails server image is built using "Eric Hammond's EC2 Ubuntu build script":http://alestic.com/
Note that building your own AMI is not necessary, other options are:
Instructions:
32-bit: ami-f51aff9c 64-bit: ami-f21aff9b
scp -i _IDENTITY_ pk-XXXXXXXXXX.pem root@_HOSTNAME_:/mnt/ scp -i _IDENTITY_ cert-XXXXXXXXXX.pem root@_HOSTNAME_:/mnt/
rsync -rlvzcC --delete --exclude='output*' --exclude='.git' --rsh='ssh -i _IDENTITY_' _EC2ONRAILS_ root@_HOSTNAME_:/mnt/
Note: make sure NOT to include a trailing slash on the ec2onrails directory name, rsync behaves differently when copying directories if there is no slash at the end of the folder name! After this step you should have a directory on the server named /mnt/ec2onrails (e.g. use /rails/ec2onrails not /rails/ec2onrails/ or /rails/ec2onrails/.)
ssh -i _IDENTITY_ root@_HOSTNAME_
ruby /mnt/ec2onrails/server/build \ --bucket ec2onrails \ --prefix ec2onrails-custom \ --arch _ARCH_ --user XXXX-XXXX-XXXX \ --access-key XXXXXXXXXX \ --secret-key XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX \ --private-key /mnt/pk-XXXXXXXXXX.pem \ --cert /mnt/cert-XXXXXXXXXX.pem
h2. Mailing lists
There are two Google groups, one for "announcements":http://groups.google.com/group/ec2-on-rails-announce (usually just new release announcements) and one for "discussion":http://groups.google.com/group/ec2-on-rails-discuss.
h2. Comments
Comments are welcome. Send an email to "Paul Dowman":http://pauldowman.com/contact/ or to the "Google group":http://groups.google.com/group/ec2-on-rails-discuss. If you find bugs please file them "here":http://rubyforge.org/tracker/?atid=17558&group_id=4552&func=browse or send me an "email":http://pauldowman.com/contact/.
h2. Change log
See the "change log":http://github.com/pauldowman/ec2onrails/raw/master/gem/CHANGELOG.
h2. How to submit patches
Please read the "8 steps for fixing other people's code":http://drnicwilliams.com/2007/06/01/8-steps-for-fixing-other-peoples-code/. The source code can be checked out anonymously using:
git clone git://github.com/pauldowman/ec2onrails.git
Patches can be submitted to the "RubyForge Tracker":http://rubyforge.org/tracker/?atid=17560&group_id=4552&func=browse or "emailed directly to me":http://pauldowman.com/contact/ .
h2. Contributors
(In alphabetical order)
"Adam Greene":http://github.com/skippy "Arpit Jain":http://github.com/arpitjain11 "Barry Paul":http://github.com/bpaul "Ben Woosley":http://github.com/Empact "Chris Nolan":http://github.com/ChrisNolan Ed Wagner "Mark Lane":http://github.com/DrMark "Paul Dowman":http://github.com/pauldowman "Pivotal Labs":http://github.com/pivotal "Randy Harmon":http://github.com/rjharmon "Robert J. Berger":http://github.com/rberger "Sebastian Johnsson":http://github.com/Agiley (If you've contributed code and you're not listed here I apologize, please send me an email!)
h2. License
This code is free to use under the terms of the GPL v2.
If you find EC2 on Rails useful please "recommend Paul Dowman":http://www.workingwithrails.com/person/10131-paul-dowman at Working With Rails.
Copyright 2007 Paul Dowman, http://pauldowman.com/ This is free software, and you are welcome to redistribute it under certain conditions. This software comes with ABSOLUTELY NO WARRANTY. See the file named COPYING for details.
FAQs
Unknown package
We found that gigpark-ec2onrails demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.