An ethereal note-taking app in Ruby on Rails 8, deployed on AWS.
- Data encryption at rest
- Data encryption in transit
- Automatic note deletion after 30 days
- Lightweight application
- Server-side rendering and data control
- Production-ready for AWS
- Continuous Integration for better DevOps
- User authentication and authorization
- Ruby 3.4.9
- PostgreSQL 16
- Propshaft asset pipeline
- Importmap
- Simple CSS
- Solid Queue, Cache, & Cable
- Thruster
- Clone repository
- Ensure PostgreSQL 16 is installed and running
bundle install- If it's your first time setup, obtain config/credentials/development.key OR create your own secure-random secrets:
rm config/credentials/development*
bin/rails secret
bin/rails db:credentials:init
EDITOR=nano bin/rails credentials:edit -e developmentWhen in editor, create a file like so:
secret_key_base: <rails secret output>
database:
username: <postgres username>
password: <postgres password>
host: <postgres host>
port: <postgres port>
active_record_encryption:
<corresponding rails db:credentials:init output>bin/rails db:create db:migratebin/rails server- Open http://localhost:3000
-
(Fork and) clone this repository. Optional: if you want to modify the app, ensure the CI/CD runs and a new container image is published to GitHub container registry; then modify config/deploy.yml to point to your image.
-
Provision an AWS EC2 instance with an associated service role with Cloud Watch access. Enter its public IPv4 address, public DNS, and SSH key filename into config/deploy.yml.
-
Install Docker to the EC2 instance.
-
Provision an AWS RDS instance based off of PostgreSQL 16 with access to/from the EC2 instance.
-
Go to Quick Start step 4 and create your own production credentials. Replace
developmentwithproductionin the CLI commands and enter RDS credentials into the credentials file. -
Generate self-signed TLS certificates on local machine. If you require professional TLS certificates you need to purchase a domain and use AWS Route 53.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.crt-
Obtain a GitHub classic access token.
-
Run the command below, replacing your username and token accordingly:
GITHUB_USERNAME=<your username> GITHUB_TOKEN=<your token> bundle exec kamal setup-
Verify the site is running successfully. TLS should be automatically configured.
-
Go to Cron Jobs and install the crontab.
-
Go to User Management and create the first user.
-
Now sign in on the website and confirm its all working.
The crontab.txt file at the repo root must be installed on the host machine user's crontab. One way to do this is:
scp -i <ec2 key> ./crontab.txt ubuntu@<ec2 ip addr>:/home/ubuntu/
ssh -i <ec2 key> ubuntu@<ec2 ip addr>
crontab crontab.txtTo manage users, you must first remotely launch the interactive rails console. This will connect from your local machine to the remote production image and database.
GITHUB_USERNAME=<your username> GITHUB_TOKEN=<your token> bundle exec kamal app exec 'bin/rails console'Once inside the Rails console, you can use Ruby ActiveRecord to manipulate the database. The commands below will work from the Rails console.
User.create!(email: "<new email>", password: "<user password>", password_confirmation: "<same password>")User.find_by(email: "<target email>").destroy!User.find_by(email: "<target email>").update!(password: "<new password>", password_confirmation: "<identical password>")# Required
RAILS_MASTER_KEY= # decrypts config/credentials/production.yml.enc
# Optional
PURGE_NOTES_AFTER_DAYS=30 # auto-delete notes after this many days (default: 30)
GITHUB_USERNAME=<your username> GITHUB_TOKEN=<your token> bundle exec kamal deploy
- implement user-based turbo broadcasting to support multi-tab use
- fine grained control on note auto-deletion
- invite users with devise invitational
- fix turbo post creation visual bugs (clear form; remove no posts text)