Adversity

Adversity

We are not immune to hardships and struggles. Just a few weeks ago my father was rushed to the hospital due to liver problems complicated by his long history of diabetes. It was a hard time for our family, resulting in stress and worry, as well as a hard time financially since we need to provide the best medical care available to ensure the recovery of my father.

With prayers from family members and friends, my father was discharged in the hospital after 3 weeks of confinement. Recent laboratory tests show that his liver has recovered and is now on his way to full recovery. This experience led me to reflect the following and made me share the effects of the event to my own life.

Draw near to God

The common reaction when something bad happens to us is to ask God,

“Why?”
“Why me?”
“Why are you punishing me?”

We want these questions answered, as if we should not experience any hardship during our stay in this world. Job from the Old Testament offers a very interesting perspective on this:

But he said to her, “You speak as one of the foolish women speaks. Shall we indeed accept good from God and not accept adversity?” In all this Job did not sin with his lips. – Job 2:10

This tells us that the attitude we have when we receive blessings from God should not change when we are experiencing adversity or bad times. This does not mean that we should rejoice when we encounter trouble, but be willing to accept it as a part of this life, regardless of what you think you have done before or if you think you do not deserve it.

Remember that the Apostles, the closest followers of Christ, have suffered a great deal and died horrible deaths. If they have gone through that, being holy and loyal followers of God, why are we thinking we are better than them and thus expect better treatment?

Draw near to your family

Problems expose an important fact that we always forget or ignore during times of prosperity: the importance of having support from your family. No matter how your relationship is with your siblings, parents, or loved ones, in times of hardship you will realize that you will have nowhere to go but to them.

When my father was hospitalized, my wife and my in-laws gave me the support that I needed so I can go back to my home town and attend to my parent’s needs. When I was there at the hospital and my mother needed help in some errands like cooking, cleaning and purchasing goods, my cousins offered their support without asking anything in return. It reminded me of a saying (I had forgotten where it came from):

When you grow old, you will be near the people around you when you are a child.

I am not sure if the words are correct, but the message is that we should not forget the people around us when we were children: our family, cousins, neighbors and our friends. As we grow and mature and set up our own lives, sometimes the tendency is for us to neglect these people as we associate with our new friends and connections in our career. However, as we grow older and weaker we will find that the people we need and those that truly care for us are actually the ones that we know when we were children.

Learn what is important

Adversity also gives us a clearer view on what is important. For me, it gave me a renewed conviction that the most important things in life are things that we do not see.

So we fix our eyes not on what is seen, but on what is unseen, since what is seen is temporary, but what is unseen is eternal. – 2 Corinthians 4:18

Money, our careers, and our physical belongings do not even matter when faced with our own mortality or of a loved one. We should look at things in the long-term, and so we will realize that some of the things that make us worry (missed deadlines, meetings, work schedules), do not even matter a few years from now. Thinking of my first job many years ago I am certain that there are instances when I feel that events at work are more important than family, but I do not even remotely remember those events at all! What I do remember are those missed opportunities to be with my family and those moments that I ignored because of work.

Review your philosophy in life

I am drawn to the philosophy of Stoicism. It teaches a lot of things about adversity and how we should think about the troubles and bad things that happen in our life. One important aspect of this philosophy is called Negative Visualization, where we imagine the things that make us worry and focus on that thought.

What if I lost my family?
What if I lost my job and income?
What if I had an accident and became blind?

Thinking of such things make us appreciate what we have right now and should cause us to not take things for granted. It is important however not to overdo these thoughts so that we become gloomy and negative in our lives, instead this exercise should increase our contentment and happiness on the things that we have and the situation that we are in right now.

I also find it important not to dwell on things that we have no control of. Especially during times of trouble there will be some things that are beyond our control, like the actions and emotions of other people, things that happen inside our own bodies (and most especially other people’s bodies), or events that have happened in the past. Worrying and arguing about these kinds of things is from my perspective a waste of time and energy since it does not affect the end result. Instead of worrying, we should focus on the things that we can control and influence, do your best in handling those things, and in doing so eliminate/reduce any regret that we may feel if the outcome is not what we hoped for.

 

I hope these things can help other people going through some hard times. To sum up my thoughts, we should be willing to accept both blessing and adversity into our lives. Both of these things are instruments from God that can strengthen us and increase our joy in our lives. It is up to us how we will deal with these events and how they affect us.

Recommended Personal Finance Podcasts

Podcasts are a great way to consume content. It allows you to multitask by enabling you to increase your knowledge while doing manual, repetitive tasks. Personally I listen to podcasts while washing dishes, cleaning baby bottles, or while cleaning the house. This makes sure that I continue my learning and make those seemingly tedious tasks more “productive”.

There are many personal finance podcasts out there, but here are the ones that stood out with me. This list may be updated in the future as I am exposed to more podcasts.

Radical Personal Finance

https://radicalpersonalfinance.com/archive/

Joshua Sheats, MSFS, CFP®, CLU®, ChFC®, CASL®CAP®RHU®REBC® is a former financial advisor turned personal finance podcast host. He has acquired many certifications and is very knowledgable about topics related to finance. His podcasts cover a wide breadth and depth of topics and he is an effective interviewer as well.

A big difference between Radical Personal Finance (RPF) and other podcasts are the length of the shows, usually lasting for more than an hour. Joshua’s speaking style is engaging though, so it is not hard to listen to it for an extended period of time.

He also has strong opinions about some topics particularly regarding education, which he says is just a tool of the government in order to control the people. Because of this he is an advocate of independent educational programs like homeschooling. Being a Christian, he is also aligning his financial decisions with Christian values, but he is also taking into account good financial habits coming from other beliefs, like Judaism.

 

MadFIentist

http://www.madfientist.com/podcast/

Brandon is a software developer, and I heard he is specifically a Ruby on Rails developer like me! He has an interesting take on early retirement and has a deep technical background on the tips and tricks you can employ if you are aspiring for early retirement. He is an excellent interviewer as well and all of the people that he interviews on his show are big names in the field of personal finance.

The techniques and formulas that he describe in his website and podcast apply mostly to a US audience, like mega-backdoor Roth, Roth conversion ladders, and so forth. If you are listening outside the US, these may not be specifically applicable to you, however the general concepts regarding frugality and finances are very much applicable.

Brandon is limiting his podcasts to less than an hour, which may be a good fit for most people, however personally I find that there should probably more depth in his shows if he allowed his time freely for discussion.

 

Money for the Rest of Us

http://moneyfortherestofus.net/episodes/

David Stein is a retired investment manager and unlike some of the podcast hosts about personal finance, has actually achieved early retirement and financial independence using his skills in investment.

The podcast is very useful for beginners, especially the first few episodes, as David makes complex economic and financial topics more accessible and easy to understood for normal people, hence the podcast title. After many years working on the investment space he has deep technical knowledge on how money and the economy works, and guides you on how you can use this knowledge in your own financial journey.

David talks somewhat slowly and I had gotten feedback that it makes them go to sleep, which is a shame since I find the topics and the way he explains it really interesting if you can get past the speaking style. Also as the podcast episodes go on, it becomes more about him citing specific examples in his life that apply to the current topic, and can sometimes seem too general and not practical. For more practical discussion he has set up a separate (paid) service in https://moneyfortherestofushub.com.

 

You Need a Budget (YNAB)

https://itunes.apple.com/us/podcast/you-need-a-budget-ynab/id477248343
http://youneedabudget.libsyn.com/

Jesse Mecham, the podcast host, is also the CEO of the company YNAB (You Need a Budget). His budgeting software tool started out as a spreadsheet that they personally used to manage their own money and get out of their difficult financial situation. Since then it has evolved into a desktop, web and a mobile application and has helped users around the world to manage and budget their money. I have read only positive reviews of the YNAB software although I have not personally tried it.

Their philosophy is summarized as follows:

  1. Give every dollar a job
  2. Save for a rainy day
  3. Roll with the punches
  4. Live on last month’s income

The podcast focuses on each of the four principles and Jesse provides practical tips and tricks on how to apply these principles in your personal budget. Each episode is only around 15 minutes long, so this is suitable for quick breaks, quick commutes, or whenever you have a bit of a free time. These bite-sized episodes maintain the focus of each topic and prevents it from branching out into several topics.

 

Side Hustle Show

http://www.sidehustlenation.com/side-hustle-show/

Nick Loper is the founder of Side Hustle Nation, a great resource for people who want to set up their own personal projects or side hustle, with the purpose of generating income from those projects. Nick is also the host of the podcast Side Hustle Show where he interviews successful side hustlers and extracts their experience so that listeners can also generate ideas for their own side businesses.

The interviews come from all different types of projects and different methods, and you may find that you need to personally choose which ones you want to listen to that fits your personality.

 

Leapreneur Insights (Philippines)

http://www.leapreneur.com/leapreneur-insights/

Jerry Ilao is an entrepreneur that interviews other Philippine entrepreneurs on how they have achieved success and what are the trials that they faced.

This is a Philippine-based show so the language is in Filipino. The interviews are also done in a conversational format which often sounds informal, and so it has a different style than most of the existing podcasts relating to finance.

3 Steps to Building Wealth

All of us want to have a prosperous life. A life where all our needs and the needs of our loved ones are met, and a life where we can pursue our purpose and dreams without worrying about the basics needs of every day. Pursuing this kind of life starts with simple steps where you build, accumulate, and grow your wealth.

There are already many books, videos, and articles that show you how to build wealth. Here I will give my own take on this subject matter, which I believe is condensed into three steps:

  1. Create your surplus
  2. Increase your surplus
  3. Optimize your lifestyle

While these steps are implemented in order, it does not stop at the last step. Instead it loops back to the first step, forming a virtuous cycle.

Wealth Cycle

Create your surplus

This is the first step that you need to take in order to build wealth. At the end of the month or year, your income must be greater than your expenses in order to create surplus.

Income – Expenses > 0

What is surplus? Based on the dictionary definition:

A surplus is an amount of something left over when requirements have been met; an excess of production or supply over demand.

In terms of wealth, surplus is the amount of money left after all of our expenses and financial obligations have been met. If you have debt, then the above formula changes to take into account the amount that you need to pay for your debt:

Income – Expenses – Debt Payments > 0

As you can see, if you have debt it is going to be more difficult to generate surplus. Therefore, as a general rule you will need to get out of debt before you can build wealth. However, this may not be the best course of action for certain kinds of debt, for example, your mortgage which is not practical to pay everything first.  On the other hand, bad debt like credit card interest and consumer loan debt (for gadgets, furniture, etc) need to be paid out first before you can have a surplus, i.e. get the Debt Payments value down to zero:

Income – Expenses – 0 > 0

The general principle is to always live below your means, whatever the scenario.

In the book The Richest Man in Babylon, the wise businessman said:

Part of what you earn is yours to keep.

You must make it into a habit to save a portion of your salary or earnings when you receive them. For many of us, we only save what is left after we pay for our expenses, such that:

Savings = Income – Expenses

In order to create a surplus and build wealth, we need to keep part of what we earn first:

Income – Savings = Expenses

When we receive our salary or income, we need to take out the Savings portion first, and then live on what is left of the money. Let’s say you are an employee and is being paid at the beginning of the month. It can be a helpful practice that when you receive your pay for the month, the very first transaction you do is to deposit your savings to your bank/investments before you pay the very first bill of the month. In this way, you condition your mind to live only on what is left of your money for the rest of the month.

Increase your surplus

The next step is to increase the amount of surplus that you have. Given our previous formula:

Income – Expenses > 0

There are three ways to increase the amount of surplus.

The first way is to increase your income. A few examples on how to achieve this is:

  • Increase the salary that you are able to take home, if employed
  • Add new sources of income
  • Increase your business’ profits
  • Invest your surplus wisely
  • Sell things that you own that you no longer use

The second way is to decrease your expenses. This means that you need to take a look at your possessions and identify which of the things that you pay for actually give you value. Do you need to have the maximum bandwidth for internet? Do you need all of the channels in your cable TV? Are you eating out too much and too often? Do you have a car that you no longer use?

Answering these questions enable us to see which areas in our Expenses that we can reduce or eliminate while maintaining our quality of life. Few other examples on how to decrease your expenses are:

  • Cancel subscriptions that you no longer use/need (magazines that you don’t read, gym memberships you do not go to, etc)
  • Learn to DIY for common tasks like plumbing and basic auto repairs
  • Learn to cook so you do not have to eat out as much
  • Utilize purchases for as long as possible, for example, do not replace your phone every year as its utility doesn’t really diminish the next year

The third and best way is to do both. By increasing your income and reducing your expenses, your surplus will multiply as you need a lesser amount to live your lifestyle. Again, the main concept in this is to live below your means.

Optimize your lifestyle

So you are happily creating your surplus and finding ways to increase it. At the beginning, this activity seems exciting and energizing as you realize the impact of what you are doing for your future.

Soon you may get the following comments from your friends or your loved ones:

  • “you are so cheap”
  • “you don’t hang out with us anymore, what’s up?”
  • “you only live once, enjoy it!”
  • “what good is money for if you do not get to spend it?”

And then you start to look at your co-workers, friends and relatives and notice that they seem to be happier than you are. New clothes, new gadgets, vacations and weekly trips to popular bars litter your social media feed. You then ask yourself:

What am I doing to myself? I work so hard every day, and I deserve to be as happy as them!

And so you start to go back to your spending habits before, and after a few weeks you find yourself to the point where you started.

What happened here?

Its possible that you are over-allocating the Savings portion of your income and you allocate too little to your Expenses so you feel very tight when it comes to money. If you find yourself in this position one solution is to allocate more into your expenses and leisure until you do not feel too financially tight. However, it is also important not to ease too much as to go back to your previous situation where you will begin to accumulate consumer debt due to spending.

Building wealth is a marathon, not a sprint. Popular media constantly highlights people who have achieved “overnight success”, but the reality is more often than not, their success is the result of years and years of failure and hard work. In a similar manner, you need to continue pushing through your objectives even though it seems like there is no progress or you don’t notice any short-term improvements. As building a successful business takes years of effort, so is building personal wealth, so you need to make sure that you can continue doing the same things over and over again: saving, investing in yourself, investing your surplus, and finding ways to better your life.

Some people may try to shortcut the process through saving a lot of their money aggressively and sacrificing their personal happiness for a reward in the future, but this only works for certain kinds of personalities. Sometimes doing so burns them out and therefore fail to achieve their goals or become miserable and disoriented. A more practical approach is to work on your goals consistently over the long term, instead of doing it very intensely over the short term. In order to be able to work on something consistently, you must be happy and content with your everyday situation, or else you will find the whole process very difficult.

Ask yourself these questions:

  • Can spending more on things I love make me happier that I am now?
  • Am I spending time with my loved ones?
  • Do I have any hobbies or passion that takes my mind off my job?
  • Do I need a personal philosophy in life?
  • Do I celebrate small successes and achievements?

By making sure that we are happy and contented in our daily life, and at the same time working on building and increasing out surplus, you will be surprised on what you have achieved in a few years!

Building wealth is a marathon, not a sprint. Make sure you live while doing it!

A Man With Savings

This a print ad by the American company First Federal Savings back in 1963, encouraging people to save money in their bank. Although created more than 50 years ago, its message still resonates and remains valuable up to this day and age.

A Man With Savings

Your savings, believe it or not, affect the way you stand, the way you walk, the tone of your voice. In short, your physical well-being and self-confidence. A man without savings is always running. He must. He must take the first job offered, or nearly so. He sits nervously on life’s chairs because any small emergency throws him into the hands of others.

Without savings, a man must be too grateful. Gratitude is a fine thing in its place. But a constant state of gratitude is a horrible place in which to live. A man with savings can walk tall. He may appraise opportunities in a relaxed way, have time for judicious estimates and not be rushed by economic necessity.

A man with savings can afford to resign from his job if his principles so dictate. And for this reason he’ll never need to do so. A man who can afford to quit is much more useful to his company, and therefore more readily promoted. He can afford to give his company the benefit of his most candid judgments.

A man with savings can afford the wonderful privilege of being generous in family or neighborhood emergencies. He can take the level stare of any man … friend, stranger or enemy. That ability shapes his personality and character.

The ability to save has nothing to do with the size of income. Many high-income people spend it all. They are on a treadmill, darting through life like minnows.

The dean of American bankers, J.P. Morgan, once advised a young broker:

“Take waste out of your spending; you’ll drive the haste out of your life.”

If you don’t need money for college, a home or retirement, then save for self-confidence. The state of your savings does have a lot to do with how tall you walk.

 

A Financial Independence Primer

This blog has a tagline Tech and Financial Independence, but so far I have only posted tech and programming-related articles. Over the next months this blog will focus on the Financial Independence part of the equation.

What is Financial Independence?

Financial independence (referred to as FI in the community) is the state in which you no longer need to work for money. That is, your current assets (money, investments, businesses, etc) are enough to sustain your cost of living until the end of your life.

Early retirement/retire early (RE) involves accumulating assets fast enough to be financially independent prior to the standard retirement age. People aiming for early retirement generally reach it in their 30s or 40s, and is achieved by having a high savings rate, typically 50% of their income and above.

Financial independence and early retirement (FIRE) are closely related, but these are two exclusive concepts. You can be financially independent even though you did not retire early, but you cannot achieve early retirement without being financially independent first.

Why do I want to be financially independent?

The reasons for this are tied to what your goals are and what aspects of your life are important to you.

  • Would you like to travel the world?
  • Do you like to contribute to society (through charity, establishing a foundation, etc)?
  • Do you want to leave an inheritance for the next generation?

All of these things involve financial planning. For goals that involve giving to the community, this is especially important. You will not be able to help others unless you have helped yourself first.

How do I become one?

Based on the definition, your assets needs to be able to support your lifestyle and all the expenses it will incur. Note that these assets have to be liquid (that is, you can convert it to cash if needed), and/or has to provide (mostly) passive income. If you are a salaried employee, you cannot count your monthly salary towards this as the availability of this income depends on your employer and market conditions. Also, if you hold stocks or options of your company and you cannot sell them or convert them into cash, then you cannot count them as assets as well as those are illiquid.

Most types of assets that you can use fall on these categories:

  • Paper assets – stocks, bonds, funds, and other related form of investments
  • Owning a business – income that you earn from businesses may not really be “passive” as it still requires some amount of time and effort to manage, but you can still have an estimate of the amount of income that is guaranteed on a regular basis
  • Real estate – rental income that you earn every month with minimal effort, plus the value of the property that appreciates over time
  • Commodities –  gold and other precious metals that you can barter and trade
  • Retirement Accounts/Pension – In the US, they have 401ks, IRAs and the like. In the Philippines, we can consider SSS pensions and the (hopefully) upcoming PERA law. This is closely related to the Paper Assets category.

Money and Evil

Perhaps one of the most commonly misquoted sayings from the Bible is that money is evil. The Bible does not say that money is evil, but rather the love of money is the root of all evil.

“For the love of money is a root of all kinds of evil.” (1 Timothy 6:10)

Money is a tool, and a tool is not inherently good or bad until you use it for a specific purpose. Referring to the Parable of the Unjust Steward, we will see a similar theme:

The master commended the dishonest manager because he had acted shrewdly. For the people of this world are more shrewd in dealing with their own kind than are the people of the light. I tell you, use worldly wealth to gain friends for yourselves, so that when it is gone, you will be welcomed into eternal dwellings.

No matter your beliefs, we all know that we can take nothing from this world. The Bible teaches us to use our material possessions wisely by helping others and spreading good to the world.

Money and Happiness

Money does not buy happiness. However, money can buy you time, and happiness requires time. As an exercise, think of the things that make you happy. Perhaps your list can include:

  • relaxing by the beach
  • reading books the entire day without worrying about anything
  • spending time with your children
  • traveling with your partner
  • planting and growing a garden without worrying about what to eat

To accomplish these, you will need time, which we normally do by consuming our limited vacation days from work or waiting for a holiday. More often than not, we also look forward to the weekends to do things that make us happy as the rest of the week is already consumed by work.

How will money help us on these things? By buying time, you will be able to free up your schedule to do the things you enjoy, like:

  • hiring a babysitter or a daycare to take care of your children while you and your partner travel or go on a date
  • delegating your common and menial tasks to other people to free up time to spend with your children
  • negotiating a 4-day workweek with your employer so you have an additional day of the week all for yourself
  • building up your assets so you no longer need to work for money, and thus you free up your schedule for doing things that you love

Do what you love, and you will not work another day

If you genuinely love your work right now, then you are very lucky indeed! If you are enjoying your time while working, you may feel like you no longer need to plan for the future. The thing is, even if you love your work, there may come a time when your work will “no longer love you” or that your work will disappear altogether.

No industry is permanent; what may seem like a lucrative career now may no longer be desirable in a decade (most likely even sooner). As you grow older, your capabilities also get limited, which in turn affects the happiness that you derive from work. Therefore it is important to plan ahead financially whether you love your work or not.

Is it possible for me?

You may ask, “But I will need a lot of money to support my needs! I will not be able to accumulate this.”.

Are you sure?

First you need to be clear with yourself if your possessions really provide you happiness. Gadgets that become “obsolete” after one year, cars that you do not need, subscriptions to services that you do not utilize, do you really need them to be happy? Figure out what really makes you happy and prioritize your spending accordingly.

Financial independence requires that your assets be able to support your lifestyle expenses. Have you considered reducing your expenses so that the amount that you need to be financially independent is lower?

The goal may seem daunting, but you should realize that financial independence is not a single goal, it is made up of several stages that you can achieve one by one. We will expand on these concepts on future articles.

 

Hopefully this will give you an idea on what the goal of financial independence is, and get you fired up in thinking on how you plan to achieve it.

Solutions for some SSH problems

SSH (Secure Shell) is one of the most useful tools in the Unix arsenal. It provides a secure way of logging in and connecting to a remote server, allowing users to access and control the remote system through the network.

This article will enumerate some of the common SSH use cases and potential problems as well as solutions for each.

Passwordless SSH

Normally, when you SSH to a remote server, you will be required to enter your password to that server:

~$ ssh [email protected]
Password:

If you are running automated scripts like Capistrano that needs SSH access to a remote system, this can pose a problem as it pauses the execution of your script. To solve this or if you just get tired of providing your password every time you SSH, then its time to utilize SSH public keys.

Public keys are used to identify your system with the remote system you are logging into. First you need to generate your public key using this command:

ssh-keygen -t rsa

~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/marvs/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/marvs/.ssh/id_rsa.
Your public key has been saved in /home/marvs/.ssh/id_rsa.pub.
The key fingerprint is:
5b:ee:0a:c6:46:4e:3f:ed:27:38:8c:74:55:4d:93:78 [email protected]

You can press Enter for every prompt in the process and it should be ok. This will generate the public key in:

/home/USERNAME/.ssh/id_rsa.pub

Then copy the generated key into the remote server’s authorized_keys file. SSH provides a convenience method for this (assuming you are connecting to the “REMOTE” server with username “marvs”:

ssh-copy-id -i [email protected]

You can also manually copy the key using SSH:

cat ~/.ssh/id_rsa.pub | ssh [email protected] "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Which is basically a shortcut for:

[email protected]> scp ~/.ssh/id_rsa.pub [email protected]:[email protected]
[email protected]> ssh [email protected]
Password: windowphonebookchivas
[email protected]> mkdir -p .ssh
[email protected]> cat [email protected] >> ~/.ssh/authorized_keys
[email protected]> rm [email protected]

Now when you SSH to the remote server:

ssh [email protected]

It should no longer prompt you for a password given that you are using the local machine with the correct public key. If you re-generated your public keys, or if you want to use another machine, you will need to add the ~/.ssh/id_rsa.pub file again into the remote machine’s ~/.ssh/authorized_keys file.

Unable to SSH again

Let’s say you tried to SSH into a remote machine that you had access before, and then you are greeted by this message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.

This means that the SSH keys of the remote server has changed for some reason, and your local machine can no longer recognize it. While the message looks scary, most of the time this is not as horrible as it looks.

To solve this, you just need to re-establish trust between your local machine and the remote machine. You will need to remove the key corresponding to the remote machine in your ~/.ssh/known_hosts file.

It is possible to update the file manually and remove the offending line. However there is an easier way using another SSH convenience method:

~$ ssh-keygen -R HOST

This will remove the key information of HOST in your known_hosts file. Some example uses are:

~$ ssh-keygen -R 123.456.7.8
~$ ssh-keygen -R mambin.com
~$ ssh-keygen -R ec2-123-456-7-8.compute-1.amazonaws.com

You can then use the SSH command again to log in to the remote server, which updates your known_hosts file with the new key.

Non-default SSH port

The default SSH port is port 22. To improve the security of a server from malicious attackers that scan that particular port for vulnerabilities, one may choose to set the SSH port to another value.

This can pose a problem to programs that use SSH to connect to the remote server, since by default it will use port 22. To use a different port when using SSH, just use the -p flag:

ssh -p PORT [email protected]
ssh -p 2222 [email protected]

If you do not want to use the -p flag everytime you use SSH, then you can also set your local SSH configuration to use another port. To do this, edit (or create) your .ssh/config file:

nano ~/.ssh/config

Host mambin.com
    Port 4567

Host *
    Port 2222

You can specify host-specific configuration for more granular control. In the example above, when you SSH to mambin.com, you are specifying that you are connecting to port 4567. Therefore,

ssh [email protected]

is the same as

ssh -p 4567 [email protected]

For all other remote hosts, the SSH command will use port 2222 as specified in the Host * configuration.

Locked out of system and cant SSH

If you installed Fail2Ban to secure your system, you may sometimes find yourself banned from your own server. This happens when you are sharing an IP Pool with other people using your ISP. If your server is on the cloud and not available for access physically, this is very troubling indeed.

When this happens, what you can do is to find out if your cloud hosting provider has a VNC feature that you can use. Virtual Network Computing (VNC) applications allows you to control a remote system by transmitting keyboard and mouse commands. If you are using DigitalOcean, then you can follow these steps:

1. Get your IP address

On a new tab, get your current IP address by visiting https://toolsphere.com/whatsmyip and taking note of your IP address.

2. Log in to your hosting account
3. Go to the VNC Console menu

do_console_menu

4. Wait for the VNC to load and log in using your username and password

do_console

5. Once logged in, perform the following commands:

Open the hosts.allow file and include your IP address:

sudo nano /etc/hosts.allow

# Allow all SSH connections from 192.168.0.10
sshd:	192.168.0.10

# Allow all SSH connections from 192.169.0.0 - 192.169.0.999
sshd:	192.169.0.

As you can see, you can set whether to allow only specific IP addresses or allow a range of IP addresses to allow SSH access to. Remember that when allowing multiple addresses, you must end the configuration line with a dot. For example:

sshd: 123.122.
sshd: 123.122.0.

Note that by allowing a broader range of IPs the less the security of your system is. If you set it very specifically though, you may run into a scenario where you need to update the hosts.allow file everyday as a different IP address is assigned to you from the IP pool. It is up to you to determine the balance between convenience and security.

After saving the file, restart the SSH service:

sudo service ssh restart

Exit the VNC console and you should now be able to connect via SSH to your remote server again.

How to create a Ruby gem

ruby_gemRuby gems are a way of adding functionality to programs written in Ruby, including the popular web application framework Ruby on Rails. Gems are also a way for people to share their code to the world and contribute to open source.

This is a step-by-step guide to show you how to create and publish your own Ruby gem to Rubygems.org.

Create a git repository

You can use any git service like Github, Gitlab, or Bitbucket for this purpose. In this article we will use Github to share our gem.

gem_github

Ignore the README, LICENSE, and .gitignore as we will generate those later.

Clone your repository

git clone [email protected]:yourname/onepunchman.git

This will clone an (almost) empty repository. To build our gem, we will use Bundler’s gem creator command to get a skeleton framework so that we can start quickly. This gem creator also provides useful defaults which make our life easier when creating Ruby gems.

We start by creating a temporary directory where we will place the generated code of Bundler’s gem builder.

mkdir TEMPORARY
cd TEMPORARY
bundle gem onepunchman

It will ask some questions on what additional files to include:

Do you want to include a code of conduct in gems you generate?
Codes of conduct can increase contributions to your project by contributors who prefer collaborative, safe spaces. You can read more about the code of conduct at contributor-covenant.org. Having a code of conduct means agreeing to the responsibility of enforcing it, so be sure that you are prepared to do that. For suggestions about how to enforce codes of conduct, see bit.ly/coc-enforcement. y/(n): y
Code of conduct enabled in config

Do you want to license your code permissively under the MIT license?
This means that any other developer or company will be legally allowed to use your code for free as long as they admit you created it. You can read more about the MIT license at choosealicense.com/licenses/mit. y/(n): y
MIT License enabled in config

Do you want to generate tests with your gem?
Type 'rspec' or 'minitest' to generate those test files now and in the future. rspec/minitest/(none): minitest

It is recommended that you include the Code of Conduct declaration, and set the license to MIT License so that others can freely use your code for any purpose. When deciding on the test framework, RSpec is fine but Minitest is the more lightweight option and still does the job.

The previous command will generate the following files:

create onepunchman/Gemfile
create onepunchman/.gitignore
create onepunchman/lib/onepunchman.rb
create onepunchman/lib/onepunchman/version.rb
create onepunchman/onepunchman.gemspec
create onepunchman/Rakefile
create onepunchman/README.md
create onepunchman/bin/console
create onepunchman/bin/setup
create onepunchman/CODE_OF_CONDUCT.md
create onepunchman/LICENSE.txt
create onepunchman/.travis.yml
create onepunchman/test/test_helper.rb
create onepunchman/test/onepunchman_test.rb

The main file is located at lib/onepunchman.rb. This file sets up the entire gem and is the one that is included when you run “require ‘onepunchman'”.

Copy all the files under TEMPORARY/onepunchman into the “onepunchman” directory you cloned from github. Make sure you do not include the .git hidden folder.

Update the gemspec

The gemspec defines the details of the gem such as author information, description, dependencies, etc. Update this file to put in the gem’s description, which will be shown publicly once we push this to Rubygems.org.

Gem::Specification.new do |spec|
spec.name = "onepunchman"
spec.version = Onepunchman::VERSION
spec.authors = ["Juan dela Cruz"]
spec.email = ["[email protected]"]

spec.summary = %q{Destroy all bugs with one punch!}
spec.description = %q{This gem fixes all the bugs in your application using a single command.}
spec.homepage = "https://rubygems.org/gems/onepunchman"
spec.license = "MIT"

...(other details here)...
end

Build your gem

You can now try to build or package your gem (without any functionality).

gem build onepunchman.gemspec

WARNING: open-ended dependency on minitest (>= 0, development) is not recommended
if minitest is semantically versioned, use:
add_development_dependency 'minitest', '~> 0'
WARNING: See http://guides.rubygems.org/specification-reference/ for help

When this error message appears, edit the gemspec file to set the minimum versions for all your dependencies.

spec.add_development_dependency "bundler", "~> 1.10"
spec.add_development_dependency "rake", "~> 10.0"
spec.add_development_dependency "minitest", '~> 5'

The build command will create onepunchman-0.1.0.gem. You have now created your own gem, but at the moment it doesn’t do anything.

Add your functionality

Your newly-created gem does not do anything at this point. To add functionality to your gem, we will need to add code in Ruby classes. In this example we will add the code to perform “attacks”.

Add lib/onepunchman/attack.rb

class Onepunchman::Attack
def initialize
end

def normal_punch
print "Normal punch!"
return "boom!"
end

def serious_punch
print "Serious punch!"
return "BOOM!"
end

end

Require the file in lib/onepunchman.rb

require "onepunchman/version"
require "onepunchman/attack"

module Onepunchman
# Your code goes here...
end

Run your gem

Now that you have included something that your gem will do, you can now test it out by running your gem and trying out the “attacks”. First we will need to install the dependencies that our gem needs using the following command:

./bin/setup

This runs bundle install and installs the dependencies of your gem. We can now then install the gem using the usual way, but we specify the actual packaged gem file instead of fetching it via the internet.

gem install onepunchman-0.1.0.gem

To test it out, we can open an IRB (Interactive Ruby) instance and require our gem.

irb
irb> require 'onepunchman'

Alternatively, we can also use the console command that is built in when we used Bundler’s gem creator.

./bin/console

This commands runs an IRB instance where your gem is automatically loaded.

> attack = Onepunchman::Attack.new
=> #
> attack.normal_punch
Normal punch! > "boom!"
> attack.serious_punch
Serious punch! > "BOOM!"

Write tests

It is important that you write tests for your gem. It serves two purposes: it maintains the quality of your code so you do not publish broken functionality, and it also serves as documentation on how your gem works.

When you look at the test folder, you will see two files:

  • test_helper.rb
  • onepunchman_test.rb

The test_helper.rb file loads your gem and the Minitest gem when you run tests. You do not need to modify this file unless you need additional configuration for your tests.

The sample tests in the onepunchman_test.rb already provide a test that checks whether you have a version specified or not:

require 'test_helper'

class OnepunchmanTest < Minitest::Test
  def test_that_it_has_a_version_number
    refute_nil ::Psei::VERSION
  end

  def test_it_does_something_useful
    assert false
  end
end

We will need to update the second test so that it actually tests the functionality. For instructions on how to create Minitest specs, please refer to the README.

In this example we will need to test that the normal punch and serious punch attacks return the correct response.

You can create Unit tests or Specs using Minitest:

require 'test_helper'
# An example using unit tests
class OnepunchmanTest < Minitest::Test
  def setup
    @saitama = Onepunchman::Attack.new
  end
  
  def test_that_it_has_a_version_number
    refute_nil ::Onepunchman::VERSION
  end

  def test_normal_punch
    assert_equal "boom!", @saitama.normal_punch
  end
end
require 'test_helper'
# An example using specs
describe Onepunchman do
  before do
    @saitama = Onepunchman::Attack.new
  end

  describe "when using a normal attack" do
    it "must respond strongly" do
      @saitama.normal_punch.must_equal "boom!"
    end
  end

  describe "when using a serious attack" do
    it "must respond VERY strongly" do
      @saitama.serious_punch.must_equal "BOOM!"
    end
  end
end

Run your tests using this command:

rake test

If all of your tests pass, it will show an output similar to this:

Run options: --seed 63377

# Running:

.Normal punch!.Normal punch!.Serious punch!.

Finished in 0.003868s, 1034.2599 runs/s, 1034.2599 assertions/s.

4 runs, 4 assertions, 0 failures, 0 errors, 0 skips

Publish your gem to RubyGems.org

Once we have added the functionality and the corresponding tests to our gem, we can now publish it to the world via Rubygems.org. You will need to provide your account details in order to push your gem.

$ gem push onepunchman-0.1.0.gem
Enter your RubyGems.org credentials.
Don't have an account yet? Create one at https://rubygems.org/sign_up
Email: [email protected]
Password:
Signed in.
Pushing gem to RubyGems.org...
Successfully registered gem: onepunchman (0.1.0)

Your gem is now published to Rubygems.org and you can view your gem using this URL:

https://rubygems.org/gems/onepunchman

Now on your Ruby or Rails code you can now install your published gem!

gem install onepunchman

Releasing new versions

During your gem's lifetime you will need to release a new version when you improve or change the functionality. To do this, update the version in lib/onepunchman/version.rb

module Onepunchman
VERSION = "0.2.0"
end

Then push your changes and mark your release:

$ git add
$ git commit -m "Release for 0.2.0"
$ git push
$ git tag -a v0.2.0 -m "Add new attacks"
$ git push --tags

Build the new version of your gem:

$ gem build onepunchman.gemspec

This will generate onepunchman-0.2.0.gem

Then publish the new version of your gem to Rubygems.org:

$ gem push onepunchman-0.2.0.gem

Install WordPress on Ubuntu

wp_logo

WordPress is one of (if not) the most popular Content Management System (CMS) in the world today. Using WordPress, it is quite easy to get started on blogging and since it has an active community around it, you will get regular updates and improvements as well.

You can start a blog using several hosted options like WordPress.com or Blogger/Blogspot for free. However, this comes at the cost of losing full control over your blog and most often prevents you from adding your own advertising in your blog in case you want to monetize it. Having your own WordPress installation provides total control on all aspects of your blog, like look and feel, plugins, and sometimes even better security.

This article assumes that you have already set up your server. We will also set up WordPress to run on the nginx web server instead of Apache.

Install MySQL

WordPress uses MySQL as its database. In Ubuntu, its pretty straightforward to install MySQL:

sudo apt-get install mysql-server

During the installation process, it will ask for the root password. Take note of this root password as you will need it to set up your application later on.

The configuration file is located at:

/etc/mysql/my.cnf

By default no configuration is needed and the MySQL service should be up and running. If you edited the configuration file or just need to restart the service in case of an issue:

sudo service mysql restart

In case you misplaced the root password, you can re-set the password using this command:

sudo dpkg-reconfigure mysql-server-5.5

Just replace the version number with the one installed in your system.

Install Nginx

Nginx is one of the most popular web servers today and is used by many high performance websites and web applications.

Note: If you are deploying Ruby on Rails applications in your server, you can skip this step and instead just use the installed Nginx via the passenger gem. More details can be found in this article.

The Ubuntu/Debian package manager provides a simple way of installing Nginx:

sudo apt-get update
sudo apt-get install nginx

If you are using Red Hat or CentOS, a similar package can be installed using this command:

sudo yum install nginx

If you want the maximum flexibility on installation options, then you can install Nginx from source using this guide from the official website.

Install PHP

PHP is the scripting language that WordPress is built upon, as well as many more web applications including Facebook. We will install PHP via the PHP-FPM module:

sudo apt-get install php5-fpm

We also need to install the PHP wrapper for the MySQL database that WordPress uses:

sudo apt-get install php5-mysql

Configure PHP

After that, we update some of the settings in our PHP installation.

First, we disable the feature that allows URLs to be “guessed” and return the closest match. While this can be useful for some cases, this can be a security hole allowing malicious users to execute arbitrary files in your system.

Open the configuration file and set cgi.fix_pathinfo to false:

sudo nano /etc/php5/fpm/php.ini

cgi.fix_pathinfo=0

Then we also set the correct path where the web server will listen to:

sudo nano /etc/php5/fpm/pool.d/www.conf

listen = /var/run/php5-fpm.sock

We also need to set the appropriate permissions so that PHP can read our WordPress files:

sudo nano /etc/php5/fpm/php-fpm.conf

Add the following at the end of the php-fpm.conf file and replace deploy with the user account you are using in the server:

listen.owner = deploy
listen.group = deploy

If you fail to do this, you may encounter this error when running the web server:

connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream

Restart the php-fpm program to apply the changes:

sudo service php5-fpm restart

Set up the WordPress server block

In the main Nginx configuration file, we can see this line:

include /etc/nginx/sites-enabled/*;

This means that Nginx also looks at the /etc/nginx/sites-enabled directory for additional configuration and includes files inside that directory. This is helpful in organizing server block configurations in the system especially if you are running multiple applications.

We then create the server block for WordPress under this directory:

sudo nano /etc/nginx/sites-enabled/wordpress.conf

In the wordpress.conf file, put in the following:

server {
  listen       80;
  server_name  mydomain.com www.mydomain.com;
  root /var/www/blog;
  index index.php index.html index.htm;

  location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
  }

  error_page 404 /404.html;

  error_page 500 502 503 504 /50x.html;
  location = /50x.html {
    root /var/www/blog;
  }

  # pass the PHP scripts to FastCGI server listening on the php-fpm socket
  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;            
  }

}

This means that when we go to our domain (http://mydomain.com), Nginx will look under the /var/www/blog directory and run it using PHP-FPM.

Download and install WordPress

Now we are ready to get the WordPress source files and are getting closer to running our own blog. Get the latest release to make sure you get the latest security updates and features:

wget https://wordpress.org/latest.tar.gz

Extract the files after the download is complete:

tar xvzf latest.tar.gz

Then copy the entire wordpress directory to /var/www/blog, where the Nginx server block root is located in the previous section:

sudo mv wordpress /var/www/blog

Create the MySQL database and user

WordPress needs a database to store all your posts, comments, and users. We need to create the MySQL database that wordpress will use, then create the database user and password. In this example we will use the following values (make sure you use a strong password instead of the example below!):

  • Database Name: wordpress
  • Database User: wordpressuser
  • Database Password: wordpresspassword

Open the MySQL console using this command:

mysql -u root -p

Inside the console, create the database:

mysql> CREATE DATABASE wordpress;

Create the user:

mysql> CREATE USER [email protected];

Set the user’s password:

mysql> SET PASSWORD FOR [email protected]= PASSWORD("wordpresspassword");

Allow the user we just created to have full access to the wordpress database:

mysql> GRANT ALL PRIVILEGES ON wordpress.* TO [email protected] IDENTIFIED BY 'wordpresspassword';
mysql> FLUSH PRIVILEGES;

Update the WordPress database configuration

Now that we have created the WordPress database and user, we now set this in the WordPress configuration file:

Copy the sample generated config file into the one we will use:

sudo cp /var/www/blog/wp-config-sample.php /var/www/blog/wp-config.php

Edit the wp-config.php file and update the values for the database name, user, and password:

sudo nano /var/www/blog/wp-config.php

/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');

/** MySQL database username */
define('DB_USER', 'wordpressuser');

/** MySQL database password */
define('DB_PASSWORD', 'wordpresspassword');

Initial WordPress Settings

Now when you go to your domain http://mydomain.com, it should show your empty WordPress blog. Log in to WordPress using this URL:

http://mydomain.com/wp-login.php

wp_login

After logging in, you will proceed to the Dashboard, where you can add new blog posts and pages, manage comments, and configure your blog.

wp_dashboard

On the sidebar, go to the Settings page to update your blog name, description, and URL:

wp_settings

Enter your domain name in the WordPress Address (URL) field. It is important that you initially set it to an http:// URL instead of https://, as it can cause you problems logging in if you set it immediately to https without properly configuring your server to support SSL/TLS.

Using an HTTPS domain

If you set your WordPress Address to an HTTPS URL and your server is not set up to accept HTTPS requests, it can cause redirect loops and other issues, preventing you from logging in to the Dashboard and updating the URL back to an HTTP URL. In case you get locked out of your own blog, you can make the URL change directly in the MySQL database.

Open the MySQL console using this command:

mysql -u root -p

When you get in the console, load the wordpress database we have created earlier:

mysql> use wordpress;

Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

Then we look the current setting WordPress URL:

mysql> select * from wp_options where option_name = 'siteurl';

+-----------+-------------+-------------------------+----------+
| option_id | option_name | option_value            | autoload |
+-----------+-------------+-------------------------+----------+
| 1         | siteurl     | https://mydomain.com    | yes      |
+-----------+-------------+-------------------------+----------+
1 row in set (0.01 sec)

Then we update that field with the HTTP URL:

mysql> update wp_options set option_value='http://mydomain.com' where option_id='1';

Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 0

If you are using CloudFlare to manage your domain and provide HTTPS support, you need to install the CloudFlare Flexible SSL plugin for HTTPS to work. To do this, go to the Plugins section of the Dashboard and search for “CloudFlare Flexible SSL”.

wp_cloudflare

Now you have a fully-functional WordPress blog that you can completely customize and control. Happy blogging!

Deploying Rails apps using Capistrano

Capistrano Logo Deploying your application to the web is not a one-time thing. There will be changes to the application code, new assets to include, database updates, and so on. Applying these changes to your web server includes a list of commands that we need to do every time we need to deploy.

Capistrano solves this problem by automating the deploy process so you can execute all of the steps in a single command. Automation prevents user errors while deploying like forgetting the precompile task when assets have changed, missing database migrations, and remembering the sequence of commands. Automation also enables your infrastructure to scale so that your code is automatically deployed to all application servers without logging in to each one to manually deploy your code.

In order to use Capistrano, you need to set up your web server first (we will use Nginx in this article). If you have already done this, please skip the first section of the article and proceed to installing and setting up Capistrano.

Note: This article assumes that you have already set up your server and are using Ruby on Rails as your application framework.

Nginx

Installation

We will install Nginx via the Passenger gem.

In order to do this, we need root privileges. If you are using RVM, it already provides a sudo command called rvmsudo, but if you are using rbenv, you need to install the rbenv-sudo plugin first:

git clone git://github.com/dcarley/rbenv-sudo.git ~/.rbenv/plugins/rbenv-sudo

We then install the passenger gem by adding this line to our Gemfile:

gem 'passenger'

Then install the gem and its binaries:

bundle install

And if you are using rbenv, update with the newly installed binaries:

rbenv rehash

We are now ready to install Nginx via Passenger:

If you are using RVM:

rvmsudo passenger-install-nginx-module

If you are using rbenv:

rbenv sudo passenger-install-nginx-module

Compared to installing Nginx via the Ubuntu package manager (sudo apt-get install nginx) this method of installing Nginx does not provide the start and stop scripts so we can conveniently control the web server process. Thus we need to manually provide this init script in our system:

wget -O init-deb.sh https://raw.github.com/JasonGiedymin/nginx-init-ubuntu/master/nginx
sudo mv init-deb.sh /etc/init.d/nginx

There is a small change that needs to be done in our init script, which is to specify the location of the Nginx install. By default this is located at /opt/nginx, so we set it accordingly:

sudo nano /etc/init.d/nginx

NGINXPATH=${NGINXPATH:-/opt/nginx}      # root path where installed

We make our init script executable:

sudo chmod +x /etc/init.d/nginx

Then we also set it so that Nginx runs automatically when you reboot the system:

sudo /usr/sbin/update-rc.d -f nginx defaults

Rails application server block

We will place all our application code in /var/www/. Make sure that the deploy user that we created has read and write access to this directory.

Next we need to configure Nginx so that it runs our code in /var/www/. Nginx provides a simple way to organize our server configuration in server “blocks” which is very useful especially if we are running multiple applications in the same server. It will look for additonal configuration in the /etc/nginx/sites-enabled directory and includes it when running the web processes.

However, we will not be putting our configuration directly in /etc/nginx/sites-enabled, instead we will create them in the /etc/nginx/sites-available directory. In this example, we assume we have a Rails application called myrailsapp.

Create and edit a new file called myrailsapp.conf in the sites-available directory:

sudo nano /etc/nginx/sites-available/myrailsapp.conf

In the empty file, put in the following:

server {
  listen       80;
  server_name  mydomain.com www.mydomain.com;
  root /var/www/myrailsapp/current/public;
  # passenger_min_instances 4;

  location / {
    passenger_enabled on;
  }
}

If you are using SSL certificates for your domain, place the certificate/certificate bundle and the key file in the /etc/nginx/ssl directory, then add the following as well in the myrailsapp.conf file:

server {
    listen       443;
    server_name  mydomain.com www.mydomain.com;
    root /var/www/myrailsapp/current/public;
    # passenger_min_instances 4;

    ssl                  on;
    ssl_certificate      /etc/nginx/ssl/mydomain_bundle.crt;
    ssl_certificate_key  /etc/nginx/ssl/mydomain.com.key;
    
    # Forward secrecy settings
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";

    location / {
       passenger_enabled on;
    }
}

Note that you need separate server blocks for HTTP requests (port 80) and HTTPS requests (port 443). We also set the HTTPS block to only support TLS, as the SSL protocol is already outdated and is insecure. The SSL ciphers are also set to exclude older, insecure cipher suites.

After creating the myrailsapp.conf file, we now create a symbolic link of that file to the /etc/nginx/sites-enabled directory. This is done so that when we want to disable a server block, we only need to delete the symbolic link in the sites-enabled directory without the need to modify or delete our original configuration in the sites-available directory.

sudo ln -s /etc/nginx/sites-available/myrailsapp.conf /etc/nginx/sites-enabled/myrailsapp.conf

Capistrano

Now that we have Nginx installed and our server blocks ready, it is time to set up Capistrano so we can do automated deploys to our servers.

In your Gemfile, add the Capistrano gem and other supporting gems depending on what other libraries we use in our application:

# Use Capistrano for deployment
gem 'capistrano'
gem 'capistrano-bundler'
gem 'capistrano-rvm'    # If you are using RVM
gem 'capistrano-rbenv'  # If you are using rbenv
gem 'capistrano-passenger'
gem 'capistrano-rails', group: :development

Install the gems:

bundle install

Generate the Capistrano configuration files:

bundle exec cap install

This will create the following files:

  • Capfile – for specifying modules to be included in Capistrano
  • config/deploy.rb – application-wide deploy settings
  • config/deploy/production.rb – deploy settings specific to the production environment
  • config/deploy/staging.rb – deploy settings specific to the staging environment
  • lib/capistrano/tasks – for including custom rake tasks for deployment

Application-specific configuration

Let’s start by updating the Capfile to require all modules that we need for the application. Typically this will mirror what supporting gems we have included in the Gemfile. This also loads any custom rake tasks we include in lib/capistrano/tasks.

# Load DSL and set up stages
require 'capistrano/setup'

# Include default deployment tasks
require 'capistrano/deploy'

# Include tasks from other gems included in your Gemfile
# require 'capistrano/rvm'     # Uncomment if you are using RVM
# require 'capistrano/rbenv'   # Uncomment if you are using rbenv
require 'capistrano/bundler'
require 'capistrano/rails'
require 'capistrano/passenger'

# Load custom tasks from `lib/capistrano/tasks` if you have any defined
Dir.glob('lib/capistrano/tasks/*.rake').each { |r| import r }

Next we update config/deploy.rb to set our application-wide deploy settings:

# config valid only for current version of Capistrano
lock '3.4.0'

set :application, 'myrailsapp'
set :repo_url, [email protected]:myrailsapp.git'

set :stages, ["staging", "production"]

# Default value for :linked_files is []
set :linked_files, fetch(:linked_files, []).push('config/database.yml', 'config/application.yml')

# Default value for linked_dirs is []
set :linked_dirs, fetch(:linked_dirs, []).push('log', 'tmp/pids', 'tmp/cache', 'tmp/sockets', 'vendor/bundle', 'public/system', 'public/uploads')

# Configuration for rvm
set :rvm_type, :user
set :rvm_ruby_version, '2.2.2'

# Configuration for passenger
set :passenger_restart_with_sudo, true
set :passenger_restart_command, 'service nginx restart'
set :passenger_restart_options, ''

namespace :deploy do
  after :restart, :clear_cache do
    on roles(:web), in: :groups, limit: 3, wait: 10 do
      # Here we can do anything such as:
      # within release_path do
      #   execute :rake, 'cache:clear'
      # end
    end
  end
end

Let’s take a look at each individual configuration:

set :application, 'myrailsapp'
set :repo_url, [email protected]:myrailsapp.git'

This sets the application name and where the code repository is fetched. By default, Capistrano assumes that you are using git as your SCM, but you are free to use any other types. If you are hosting your own git server, just replace github.com with your domain or IP address in the repo_url.

# Default value for :linked_files is []
set :linked_files, fetch(:linked_files, []).push('config/database.yml', 'config/application.yml')

Linked files are used to persist certain files in the application so that deploying does not erase or override their values. Common files that needs to be set as a linked file is the database configuration (config/database.yml) or any environment-setting libraries you use like dotenv or Figaro (config/application.yml). These files are stored in a “shared” directory, then gets copied over to the specific deploy directory during the deploy process.

# Default value for linked_dirs is []
set :linked_dirs, fetch(:linked_dirs, []).push('log', 'tmp/pids', 'tmp/cache', 'tmp/sockets', 'vendor/bundle', 'public/uploads')

Similar to linked files, linked directories are used to persist certain directories in the application between deploys. Common directories include the log and tmp directories, as well as the location of file uploads if you are storing them in the server itself (in this example in public/uploads).

# Configuration for rvm
set :rvm_type, :user
set :rvm_ruby_version, '2.2.2'

Here we specify the Ruby version we are using for the application, assuming we are using RVM. It is important to specify the correct Ruby version here so that the deploy process will work.

# Configuration for passenger
set :passenger_restart_with_sudo, true
set :passenger_restart_command, 'service nginx restart'
set :passenger_restart_options, ''

This sets the command that we use to restart Nginx. It is possible to use the init script /etc/init.d/nginx restart command, however in this example we will use the service nginx restart command. These commands work only using sudo, so we set passenger_restart_with_sudo to true.

Environment-specific configuration

We can specify different configurations depending on the environment, like setting a separate staging server IP address or a separate test branch. These settings are saved in the config/deploy/production.rb or config/deploy/staging.rb files.

An example of an environment-specific configuration is:

server '123.123.12.1', user: 'deploy', roles: %w{web app db}

set :deploy_to, '/var/www/myrailsapp'
set :domain, 'test.myrailsapp.com'
set :rails_env, 'staging'
set :branch, 'test'

In this example, we indicate that the deploy user will be used to access the server located at IP address 123.123.12.1. We also set that this user can manage the web server (web), application (app), and migration (db) components. In cases where the database is located on a different server, the db component will be on a separate line:

server '123.123.12.1', user: 'deploy', roles: %w{web app}
server '124.124.12.1', user: 'deploy', roles: %w{db}

The deploy_to parameter sets the location where our code will be in the server, in this example, the code will be on /var/www/myrailsapp.

The rails_env parameter sets the Rails environment (production or staging), and the branch parameter allows you to specify where the code will be pulled from depending on the environment. For example, the production environment will pull from the master branch, while the staging environment will pull from the test branch. By default Capistrano will use the master branch when deploying.

Deploy commands

Now that we have configured Capistrano, we can now test if everything works by running:

bundle exec cap production deploy --dry-run

This will tell us if there is something wrong with our set up, and the –dry-run flag will not do the actual deploy, allowing us to simulate the whole deploy process.

One common error is when the linked files are missing. In this case we need to ensure that this directory exists:

/var/www/myrailsapp/shared/config

And make sure we create the database.yml and application.yml files in there.

Once that is in place we are now ready to do the actual deploy:

bundle exec cap production deploy

SSH credentials

At the beginning of the deploy process, the Capistrano script will attempt to establish an SSH connection to the server in order to execute commands. This means that you will need to input your SSH password every time you deploy.

To fully achieve automated deploys, you will need to add your SSH public key to the authorized keys list in your server so that you no longer need to input your SSH password every time you connect to the server.

Your SSH public key is located at:

~/.ssh/id_rsa.pub

If this file does not exist yet, you can generate it using this command:

ssh-keygen -t rsa

It will prompt you to enter your passphrase, or you can just press Enter for all of the optional configurations and it will still work (albeit less secure).

Once you have your SSH public key in place, add this to your server’s authorized_keys list:

cat ~/.ssh/id_rsa.pub | ssh -p 22 [email protected] 'cat >> ~/.ssh/authorized_keys'

Replace the SSH port (22) if you are not using the default SSH port, and replace 123.123.12.1 with your server’s IP address or domain.

Passwordless commands

Towards the end of the Capistrano deploy script, it will try to restart Nginx to reload your applications. Restarting Nginx requires sudo privileges, and you will be asked to provide your sudo password before it can restart the web server.

If you do not want the deploy process to be interrupted by asking the sudo password, you can specify which commands no longer need a sudo password so your deploy user can directly call them. To do this, log in to your server and log in as root:

ssh [email protected]
sudo su

Once you are logged in as root, modify the sudoers file and add the permission for restarting Nginx and other services:

visudo

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

deploy ALL = NOPASSWD: /usr/sbin/service

Save the file, and you can test if the changes worked by logging out of the server, logging in again, and restarting Nginx:

sudo service nginx restart

If you are not prompted for your sudo password, then your changes to the sudoers file has worked.

If you added your SSH public key to your server and updated the sudoers file for passwordless sudo commands, your Capistrano set up is now fully automated. To deploy your application, just use this command, sit back and let Capistrano do all the work!

bundle exec cap production deploy

Custom Tasks

Capistrano also enables you to specify custom tasks. You can hook these tasks into the deploy process so that it automatically gets included when you deploy, or you can run them separately. In this example we will add a custom task that runs the Rails seed command:

bundle exec rake db:seed

You can put the custom task in config/deploy.rb or in lib/capistrano/tasks. In this example we will update deploy.rb and put in the seed task:

namespace :deploy do
  after :restart, :clear_cache do
    on roles(:web), in: :groups, limit: 3, wait: 10 do
      # Here we can do anything such as:
      # within release_path do
      #   execute :rake, 'cache:clear'
      # end
    end
  end
    
  task :seed do
    on primary fetch(:migration_role) do
      within release_path do
        with rails_env: fetch(:rails_env)  do
          execute :rake, 'db:seed'
        end
      end
    end
  end
end

After saving the file, we can now run the Rails seed task in our server via Capistrano:

bundle exec cap production deploy:seed

Install Ruby on Rails on Ubuntu

Ruby_on_Rails-logoAfter you set up your server, its time to deploy applications into it. One of the most popular web application frameworks is Ruby on Rails. This is built using the Ruby programming language and it enables developers to create web applications ranging from quick prototypes and Minimum Viable Products (MVPs) up to large distributed applications. Rails is an opinionated framework, meaning there is a standard way of doing things, but it can also be modified to suit your preferred architecture and coding style. By default however, Rails provides sensible and secure defaults that will help you run and deploy your applications quickly. Through using Ruby gems to augment functionality, you can create a fully-functional web application in a short amount of time.

We will start the process by setting up the dependencies needed for Ruby on Rails.

Install Git

Git is perhaps the most popular version control system today. By utilizing small functions and commands that do only one task (and does it well), it achieves tremendous flexibility and power.

Git is basically a command-line tool, however there are several graphical user interfaces (GUIs) built that support all major operating systems. A sample list can be found at https://git-scm.com/downloads/guis.

If you are using Ubuntu or any other Linux distribution, you can install git using the default package manager:

sudo apt-get install git

It is useful to specify global parameters in git, like your name and email address so that you do not need to specify it whenever you push to your repository.

git config --global user.name "Juan dela Cruz"
git config --global user.email "[email protected]"

To list the git configurations in your system:

git config --list

Install Ruby

Ruby is a programming language designed for developer happiness. It provides an elegant syntax that makes programming enjoyable. As Ruby on Rails is built on Ruby, we need to install Ruby itself in the system.

First we need to install the dependencies needed to compile and install Ruby. If you are using Ubuntu, this is as simple as the below command (other operating systems will have their equivalent packages):

sudo apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev

If you plan on using ImageMagick for image processing in your application, like if you have a photo upload feature that requires the image to be resized, you also need to install these dependencies:

sudo apt-get install imagemagick php5-imagick libmagickwand-dev

Managing Ruby versions

There are times when you need to run applications using different Ruby versions. In this case it is important to properly manage the Ruby versions installed in your system. Two of the most popular version managers are RVM and rbenv. As these two work essentialy the same, it is up to you which one you should choose to use. There are arguments that RVM muddles more on your system than rbenv, although personally I have used both in my projects and they both work quite well.

In this article we will use rbenv as our Ruby version manager. If you opt to use RVM instead, their website includes a tutorial on how to install RVM.

Basically we will fetch a predefined install script from the git repository and run that script in our system. Security-aware individuals may cringe at this method, but at the moment this is the simplest and quickest way to install programs.

git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
echo 'eval "$(rbenv init -)"' >> ~/.bash_profile
exec $SHELL

Then we install the script that makes it easy to build, compile and install Ruby:

git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bash_profile
exec $SHELL
source ~/.bash_profile

Once that is all set, we are now ready to install Ruby using rbenv:

rbenv install -v 2.2.3
rbenv global 2.2.3

Just replace the version number with the Ruby version you want to install. You can also install Ruby from source but take note that doing this will install Ruby in your local system and will not be managed in rbenv.

Install Bundler and Rails

When you installed Ruby, the package manager called Rubygems is also installed by default. Rubygems lets you install Ruby libraries called gems that provide specific functionality that you can include in your application. Ruby on Rails, the application framework that we will use, is also packaged as a gem. Ruby Toolbox is an awesome tool to find gems depending on your desired usage, and ranks it by popularity or activity.

When installing Ruby gems, the documentation is also installed by default. While there are cases when this local documentation is useful, most of the time you can refer to the internet for the documentation when you need it. You can opt not to include the gem documentation when you install gems and this will make the install faster and will consume less disk space.

To exclude the documentation when installing gems, use this command:

gem install rails --no-rdoc --no-ri

As typing this whenever you install gems can be tedious, you can also make this as the system default. Add the –no-document flag to your gemrc file:

echo "gem: --no-document" > ~/.gemrc

Make sure that Rubygems is updated to the latest stable version:

gem update --system

Now we are ready to install Bundler and Rails

gem install bundler
gem install rails

Bundler makes it easy to manage gems in your application using a configuration file called a Gemfile where you specify which gems and versions your application uses.

After installing new gems, we need to tell rbenv to use the latest binaries/executables that are included in the new installs.

rbenv rehash

Install a Javascript runtime library

Ruby on Rails’ asset pipeline requires a Javascript runtime library to be installed as well. Therubyracer is a Ruby gem that you can use for this purpose, however, the gem’s size can be an issue.

I recommend installing NodeJS and use it as the runtime library. You can install it from source from their home page, or you can use Ubuntu’s package manager to install it for you:

Add the NodeJS repository so Ubuntu can fetch it:

curl -sL https://deb.nodesource.com/setup | sudo bash -
sudo apt-get update
sudo apt-get install nodejs

Set up the database

A fully-functional web application needs a database to run. There are many free and available databases available and you should pick one that suits your needs. Relational databases like MySQL and PostgreSQL and document-oriented databases like MongoDB are some of the most popular choices.

In this article we will set up either MySQL or PostgreSQL.

Install MySQL

In Ubuntu, its pretty straightforward to install MySQL:

sudo apt-get install mysql-server

During the installation process, it will ask for the root password. Take note of this root password as you will need it to set up your application later on.

The configuration file is located at:

/etc/mysql/my.cnf

By default no configuration is needed and the MySQL service should be up and running. If you edited the configuration file or just need to restart the service in case of an issue:

sudo service mysql restart

In case you misplaced the root password, you can re-set the password using this command:

sudo dpkg-reconfigure mysql-server-5.5

Just replace the version number with the one installed in your system.

Install PostgreSQL

In Ubuntu, install the following packages:

sudo apt-get install postgresql postgresql-contrib libpq-dev

During the installation process, it will set up a default user called postgres. We will use this default user to create the database user we will use in our applications. In this example, we will create the pguser user.

sudo -u postgres createuser -s pguser

We then change the password of pguser using the PostgreSQL console:

sudo -u postgres psql

Inside the console, type the following commands:

\password pguser
...
(change password prompt)
...

While we are in the console, we can also create the PostgreSQL database that our application will use, and set the pguser user as the database owner so we get full access:

CREATE DATABASE webapp_development OWNER pguser;
\q

Create a new Rails application

Now that we have Ruby and a database installed, we can now create our Rails application. Let’s start by calling Rails’ new command to set up our application (called “awesomeapp” in this example).

rails new awesomeapp

Rails will automatically generate files inside the “awesomeapp” folder that contains everything necessary to run your application. It will also try to run bundle install and install the default Ruby gems set by Rails.

Open the Gemfile in the application folder and add the database wrapper gem that you need to use:

source 'https://rubygems.org'

gem 'rails', '4.2.4'
# If you are using MySQL
gem 'mysql2'
# If you are using PostgreSQL
gem 'pg'
# If you are using MongoDB
gem 'mongoid'
gem 'bson_ext'

...(your other gems below)...

After changing the Gemfile, install the new gems by running:

bundle install

We then need to set the database connection for our application by editing config/database.yml. The configuration will differ depending on which database you are using. If you are using MySQL:

development:
  adapter: mysql2
  database: awesomeapp_development
  username: root
  password: rootpassword
  host: localhost
  socket: /var/run/mysqld/mysqld.sock

If you are using PostgreSQL:

development:
  adapter: postgresql
  encoding: unicode
  host: localhost
  username: pguser
  password: pguserpassword
  database: awesomeapp_development
  pool: 5

We can now run our (empty) application using this command:

rails s

This command will spin up a local web server (Webrick by default) and run your application on port 3000. To visit your application using a browser, go to this URL:

http://localhost:3000

If you are using MySQL and encounter this error when accessing the above URL:

Specified 'mysql2' for database adapter, but the gem is not loaded. Add `gem 'mysql2'` to your Gemfile (and ensure its version is at the minimum required by ActiveRecord).

This is a known issue between the mysql2 gem and Rails, and you can solve it by using an older version of the mysql2 gem in your Gemfile:

gem 'rails', '4.2.4'
gem 'mysql2', '0.3.20'

If everything goes well, you will see this message in your browser:

Welcome to Rails!

Congratulations! You have successfully installed Ruby on Rails in your system and ready to create that awesome app!