Ruby On Rails For VPS Server

If you’ve outgrown Heroku’s “free” tier, it’s likely that you’ll want to examine the various ways you’re able to create a private VPS to run any Rails apps you may have.

In order to do this, you should really be looking at the various “cloud” hosting providers (such as Digital Ocean, Linode, etc) who have now started to offer inexpensive VPS hosting onto which you’re able to deploy custom web based applications.

Since Rails is one of the cornerstones of modern web development, it’s important to consider how to set up a private server to run it. It’s actually quite simple.

99% Software…

The most important thing to remember with this is that to set up an HTTP (“web”) server, you ONLY require SOFTWARE to get it working.

The “web” works off the back of TCP/IP (the underlying “protocol” for the “Internet”) – which basically says that if you know the “public” IP address of a computer system, TCP/IP gives you the ability to attempt to “connect” to it.

Each time you “ping” a system, or perform any sort of “handshaking”, it’s done through TCP/IP. This works in both a LAN (Local Area Network) and WAN (Wide Area Network) capacity, providing users with the ability to “connect” to other devices that are “connected” to the Internet.

The problem with TCP/IP is that whilst *every* system that’s “online” can be “pinged”, it cannot be accessed. TCP/IP uses “ports” which basically allow for particular data to be transferred in certain ways – firewall software (which is now built into most operating systems) block access to most ports, to prevent hacking.

The part where HTTP (Hyper Text Transfer Protocol) plays here is that it allows for a “public” set of connectivity – delivered through port 80 (or 443 if using SSL). ANY “HTTP” enabled computer system essentially “opens” a certain folder to the Internet, making it accessible via port 80 of the TCP/IP protocol. This is done with “HTTP” (“Web”) server software.

To run a “web server”, you basically need a computer that’s connected to the “Internet”, has a publicly accessible IP address and is able to accept incoming requests via the HTTP protocol on either port 80 or 443.

This is the beginnings of how you set up a custom VPS server…

Servers Are A Dime-A-Dozen

Thus, anyone with an Internet connection, computer and HTTP server software (NGinx/Apache) can setup a web server.

You don’t even need a domain name – just use your public IP. Domain names are provided by ICANN as a way to make it easier to access web servers – what most don’t know is that a “domain” name simply routes a request to particular IP address. It’s still incumbent on the domain owner & website developer to make that IP accessible to “web” traffic (port 80/443).

The point is that what you pay for “hosting” is really the infrastructure required to keep a server running & operational. “Shared” hosting is basically the ability to buy a “user account” on a HUGE server (used by 1,000’s of websites), whereby the “hosting company” will pay for all the electricity, maintenance and support to ensure maximum uptime.

The problem for most people is that whilst “shared” hosting is a great way to get a simple “WordPress” website online, if you want anything more exotic, you’re at a loss. Specifically, Rails and the likes of NodeJS or other “new” technologies (which require deeper OS integration for their dependencies).

The answer to this (for now) is to set up your own VPS servers. These allow you maximum control over the way in which the server works, and also gives you direct access to the underlying operating system (which means you’re able to add as many dependencies as you want).

To do this, however, takes some setting up. This is done by firstly understanding the core settings / components required to get the server running & online. The following steps will explain how to do this.

Setting Up a Server

  1. VPS Running Ubuntu
    The first step is to get a VPS instance. As mentioned, the best providers of these are the new “cloud” systems such as Vultr, DigitalOcean, AWS, etc. Don’t worry about paying huge money for this – $5/mo is perfect to start with. You also need to use an operating system which is widely supported and not going to add unnecessary expense. Use Linux. You’re never going to look at the server after you’ve set it up, so a costly Windows license won’t matter anyway. Ubuntu is currently the most popular Linux variant. Whilst you could use others, we just recommend Ubuntu for the sake of compatibility.
  2. Install NGinx/Apache
    Next, you need to install the *web* server software. This is what will open port 80 (or 443) to the world, and allow people to connect to the server with their web browser. It must be noted that you’ll also need to install the “application server” with the web server, which typically comes bundled as one package. Both NGinx & Apache have their respective methods of achieving this, which are available on their websites.
  3. Install Ruby & RubyGems
    After you have installed the web server, you need to get Ruby/RubyGems installed. Whilst there are a number of ways to do this, the underlying basis is to build Ruby from source (which requires the build tools) and to install RubyGems on top of it.
  4. Get GIT Set up
    The way you get a Rails application onto the server is with GIT. To get this set up, you need to first download the GIT application (which is done through apt-get), and then add a custom (“bare”) GIT repository on the server. You then need to set up your local repository to handle the GIT remote repo, which should allow you to push to it.
  5. Push The App & Get Any Extras Set Up
    After this, you need to ensure that you are able to push the app to the server via GIT, and then add any extras (such as a database etc). Obviously, how you do this will be dependent on the “stack” setup that you have.

Ultimately, the process is actually quite mundane, and exactly the same as the myriad of “hosting” providers out there.They just use an application such as CPanel or Plesk to ensure that users are able to “manage” their various features properly.

 

How To Avoid Data Loss

Data loss is crippling for any business, especially in the age of big data where companies rely on digital information to refine their marketing, contact prospects, and process transactions. Reducing the chances for data loss is a vital part of a data management strategy.

The first goal should be to prevent data loss from occurring in the first place. There are many reasons which could lead to data loss. A few of them are listed below:

1) Hard drive failures

2) Accidental deletions (user error)

3) Computer viruses and malware infections

4) Laptop theft

5) Power failures

6) Damage due to spilled coffee or water; Etc.

However, if a loss does occur, then there are several best practices you can implement to boost your odds of recovery.

Secondly, don’t put all your storage eggs in the cloud basket. The cloud is vital for cost-effective storage, but it does have some pitfalls that shouldn’t be ignored. Many examples of data loss have occurred from an employee simply dropping their computer or hard drive, so talk to staff members about best practices. SD cards are much more fragile and should never be used as a form of longer-term storage.

Here’s a look at top ways you can protect your data from loss and unauthorized access.

Back up early and often

The single most important step in protecting your data from loss is to back it up regularly. How often should you back up? That depends-how much data can you afford to lose if your system crashes completely? A week’s work? A day’s work? An hour’s work?

You can use the backup utility built into Windows (ntbackup.exe) to perform basic backups. You can use Wizard Mode to simplify the process of creating and restoring backups or you can configure the backup settings manually and you can schedule backup jobs to be performed automatically.

There are also numerous third-party backup programs that can offer more sophisticated options. Whatever program you use, it’s important to store a copy of your backup offsite in case of fire, tornado, or other natural disaster that can destroy your backup tapes or discs along with the original data.

Diversify your backups

You always want more than one backup system. The general rule is 3-2-1. You should have 3 backups of anything that’s very important. They should be backed up in at least two different formats, such as in the cloud and on a hard drive. There should always be an off-site backup in the event that there is damage to your physical office.

Use file-level and share-level security

To keep others out of your data, the first step is to set permissions on the data files and folders. If you have data in network shares, you can set share permissions to control what user accounts can and cannot access the files across the network. With Windows 2000/XP, this is done by clicking the Permissions button on the Sharing tab of the file’s or folder’s properties sheet.

However, these share-level permissions won’t apply to someone who is using the local computer on which the data is stored. If you share the computer with someone else, you’ll have to use file-level permissions (also called NTFS permissions, because they’re available only for files/folders stored on NTFS-formatted partitions). File-level permissions are set using the Security tab on the properties sheet and are much more granular than share-level permissions.

In both cases, you can set permissions for either user accounts or groups, and you can allow or deny various levels of access from read-only to full control.

Password-protect documents

Many productivity applications, such as Microsoft Office applications and Adobe Acrobat, will allow you to set passwords on individual documents. To open the document, you must enter the password. To password-protect a document in Microsoft Word 2003, go to Tools | Options and click the Security tab. You can require a password to open the file and/or to make changes to it. You can also set the type of encryption to be used.

Unfortunately, Microsoft’s password protection is relatively easy to crack. There are programs on the market designed to recover Office passwords, such as Elcomsoft’s Advanced Office Password Recovery (AOPR). This type of password protection, like a standard (non-deadbolt) lock on a door, will deter casual would-be intruders but can be fairly easily circumvented by a determined intruder with the right tools.

You can also use zipping software such as WinZip or PKZip to compress and encrypt documents.

Use EFS encryption

Windows 2000, XP Pro, and Server 2003 support the Encrypting File System (EFS). You can use this built-in certificate-based encryption method to protect individual files and folders stored on NTFS-formatted partitions. Encrypting a file or folder is as easy as selecting a check box; just click the Advanced button on the General tab of its properties sheet. Note that you can’t use EFS encryption and NTFS compression at the same time.

EFS uses a combination of asymmetric and symmetric encryption, for both security and performance. To encrypt files with EFS, a user must have an EFS certificate, which can be issued by a Windows certification authority or self-signed if there is no CA on the network. EFS files can be opened by the user whose account encrypted them or by a designated recovery agent. With Windows XP/2003, but not Windows 2000, you can also designate other user accounts that are authorized to access your EFS-encrypted files.

Note that EFS is for protecting data on the disk. If you send an EFS file across the network and someone uses a sniffer to capture the data packets, they’ll be able to read the data in the files.

Use disk encryption

There are many third-party products available that will allow you to encrypt an entire disk. Whole disk encryption locks down the entire contents of a disk drive/partition and is transparent to the user. Data is automatically encrypted when it’s written to the hard disk and automatically decrypted before being loaded into memory. Some of these programs can create invisible containers inside a partition that act like a hidden disk within a disk. Other users see only the data in the “outer” disk.

Disk encryption products can be used to encrypt removable USB drives, flash drives, etc. Some allow creation of a master password along with secondary passwords with lower rights you can give to other users. Examples include PGP Whole Disk Encryption and DriveCrypt, among many others.

Make use of a public key infrastructure

A public key infrastructure (PKI) is a system for managing public/private key pairs and digital certificates. Because keys and certificates are issued by a trusted third party (a certification authority, either an internal one installed on a certificate server on your network or a public one, such as Verisign), certificate-based security is stronger.

You can protect data you want to share with someone else by encrypting it with the public key of its intended recipient, which is available to anyone. The only person who will be able to decrypt it is the holder of the private key that corresponds to that public key.

Hide data with steganography

You can use a steganography program to hide data inside other data. For example, you could hide a text message within a.JPG graphics file or an MP3 music file, or even inside another text file (although the latter is difficult because text files don’t contain much redundant data that can be replaced with the hidden message). Steganography does not encrypt the message, so it’s often used in conjunction with encryption software. The data is encrypted first and then hidden inside another file with the steganography software.

Some steganographic techniques require the exchange of a secret key and others use public/private key cryptography. A popular example of steganography software is StegoMagic, a freeware download that will encrypt messages and hide them in.TXT,.WAV, or.BMP files.

Protect data in transit with IP security

Your data can be captured while it’s traveling over the network by a hacker with sniffer software (also called network monitoring or protocol analysis software). To protect your data when it’s in transit, you can use Internet Protocol Security (IPsec)-but both the sending and receiving systems have to support it. Windows 2000 and later Microsoft operating systems have built-in support for IPsec. Applications don’t have to be aware of IPsec because it operates at a lower level of the networking model. Encapsulating Security Payload (ESP) is the protocol IPsec uses to encrypt data for confidentiality. It can operate in tunnel mode, for gateway-to-gateway protection, or in transport mode, for end-to-end protection. To use IPsec in Windows, you have to create an IPsec policy and choose the authentication method and IP filters it will use. IPsec settings are configured through the properties sheet for the TCP/IP protocol, on the Options tab of Advanced TCP/IP Settings.

Secure wireless transmissions

Data that you send over a wireless network is even more subject to interception than that sent over an Ethernet network. Hackers don’t need physical access to the network or its devices; anyone with a wireless-enabled portable computer and a high gain antenna can capture data and/or get into the network and access data stored there if the wireless access point isn’t configured securely.

You should send or store data only on wireless networks that use encryption, preferably Wi-Fi Protected Access (WPA), which is stronger than Wired Equivalent Protocol (WEP).

Use rights management to retain control

If you need to send data to others but are worried about protecting it once it leaves your own system, you can use Windows Rights Management Services (RMS) to control what the recipients are able to do with it. For instance, you can set rights so that the recipient can read the Word document you sent but can’t change, copy, or save it. You can prevent recipients from forwarding e-mail messages you send them and you can even set documents or messages to expire on a certain date/time so that the recipient can no longer access them after that time.

To use RMS, you need a Windows Server 2003 server configured as an RMS server. Users need client software or an Internet Explorer add-in to access the RMS-protected documents. Users who are assigned rights also need to download a certificate from the RMS server.