consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #5696 from consuldemocracy/servers-docs

Browse Source 
Update documentation for Production and Staging servers
This commit is contained in:
Sebastia
2024-09-30 19:19:06 +02:00
committed by GitHub
parent 06c15ef481 ff74960ba3
commit 4114dcfb9d
27 changed files with 306 additions and 383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/en/SUMMARY.md
View File

@@ -16,14 +16,14 @@
* [Windows](installation/windows.md)
* [Vagrant](installation/vagrant.md)
* [Docker](installation/docker.md)
* [Production and Staging servers](installation/servers.md)
* [Production and staging servers](installation/servers.md)
* [Installer](installation/installer.md)
* [Create a deploy user](installation/create_deploy_user.md)
* [Generating SSH Key](installation/generating_ssh_key.md)
* [Manual installation (not recommended)](installation/manual_installation_production.md)
* [Digital Ocean](installation/digital_ocean.md)
* [Heroku](installation/deploying-on-heroku.md)
* [Mail Server Configuration](installation/mail_server_configuration.md)
* [Mail server configuration](installation/mail_server_configuration.md)
* [Basic configuration](installation/basic_configuration.md)
* [User documentation and guides](installation/documentation_and_guides.md)

14
docs/en/installation/create_deploy_user.md
View File

@@ -2,13 +2,13 @@
[The installer](https://github.com/consuldemocracy/installer) by default connects as the `root` user only to create a `deploy` user. This `deploy` user is the one who installs all libraries. If you do not have `root` access, please ask your system administrator to follow these instructions to create a user manually.
You could create a user called `deploy` or any other name. As as example, we are going to create a user named `jupiter`.
You could create a user called `deploy` or any other name. **In this example, we are going to create a user named `jupiter`**.
```bash
adduser jupiter
```
I'm using jupiter as the user name, you should change that for whatever makes sense to you. Input a password when prompted, and just leave empty the rest of the options.
**Remember to replace `jupiter` with whatever username makes sense for you**. Input a password when prompted, and leave the rest of the options empty.
Let's create a `wheel` group and add the user `jupiter` to this group.
@@ -17,7 +17,9 @@ sudo groupadd wheel
sudo usermod -a -G wheel jupiter
```
Now let's give sudo privileges to the `wheel` group and allow it to not use a password, this is important so that the installer doesn't get stalled waiting for a password.
**Remember to replace "jupiter" with the username you chose earlier.**
Now let's give sudo privileges to the `wheel` group and allow it to not use a password. This is important to ensure the installer doesn't stall waiting for a password.
First we open the sudoers file:
@@ -31,7 +33,7 @@ And we add this line at the end:
%wheel ALL=(ALL) NOPASSWD: ALL
```
Now we need to give the keys of the server to the new user. Dont close the server terminal window, because you can lock yourself out of your server if there is a mistake.
Now we need to give the keys of the server to the new user. Don't close the server terminal window, because you can lock yourself out of your server if there is a mistake.
Let's create the necessary directory in the server to upload the public key:
@@ -51,7 +53,7 @@ Open another local terminal window (not in the server) and type:
cat ~/.ssh/id_rsa.pub
```
Copy the content of your public key to the file authorized_keys that should still be open in the server.
Copy the content of your public key to the file `authorized_keys` that should still be open in the server.
Test that your user can log in by typing:
@@ -73,7 +75,7 @@ Type the following command to edit the SSH config file of the server:
sudo nano /etc/ssh/sshd_config
```
Look for the "PasswordAuthentication yes" line and change it to "PasswordAuthentication no". Type Control-K to close the nano editor and type:
Look for the "PasswordAuthentication yes" line and change it to "PasswordAuthentication no". Type `Control+X` to close the nano editor and type:
```bash
sudo service ssh restart

138
docs/en/installation/deploying-on-heroku.md
View File

@@ -5,13 +5,13 @@
This tutorial assumes that you have already managed to clone Consul Democracy on your machine and gotten it to work.
1. First, create a [Heroku](https://www.heroku.com) account if it isn't already done.
2. Install the [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli) and sign in using
2. Install the [Heroku CLI](https://devcenter.heroku.com/articles/heroku-cli) and sign in using:
```bash
heroku login
```
3. Go to your Consul Democracy repository and instantiate the process
3. Go to your Consul Democracy repository and instantiate the process:
```bash
cd consuldemocracy
@@ -22,7 +22,7 @@ This tutorial assumes that you have already managed to clone Consul Democracy on
If _your-app-name_ is not already taken, Heroku should now create your app.
4. Create a database using
4. Create a database using:
```bash
heroku addons:create heroku-postgresql
@@ -30,19 +30,7 @@ This tutorial assumes that you have already managed to clone Consul Democracy on
You should now have access to an empty Postgres database whose address was automatically saved as an environment variable named _DATABASE\_URL_. Consul Democracy will automatically connect to it when deployed.
5. **(Not needed)** Add a file name _heroku.yml_ at the root of your project and paste the following in it
```yml
build:
languages:
- ruby
packages:
- imagemagick
run:
web: bundle exec rails server -e ${RAILS_ENV:-production}
```
6. Now, generate a secret key and save it to an ENV variable named SECRET\_KEY\_BASE using
5. Now, generate a secret key and save it to an ENV variable named SECRET\_KEY\_BASE using:
```bash
heroku config:set SECRET_KEY_BASE=$(rails secret)
@@ -70,48 +58,72 @@ This tutorial assumes that you have already managed to clone Consul Democracy on
**Remember not to commit the file if you have any sensitive information in it!**
7. You can now push your app using
6. To ensure Heroku correctly detects and uses the node.js and ruby versions defined in the project, we need to make the following changes:
In package.json, add the node.js version:
```json
"engines": {
"node": "18.20.3"
}
```
and apply:
```bash
heroku buildpacks:add heroku/nodejs
```
In _Gemfile_, add the ruby version and run bundle:
```Gemfile
ruby file: ".ruby-version"
```
and apply:
```bash
heroku buildpacks:set heroku/ruby
```
7. You can now push your app using:
```bash
git push heroku your-branch:master
```
8. It won't work straight away because the database doesn't contain the tables needed. To create them, run
8. It won't work straight away because the database doesn't contain the tables needed. To create them, run:
```bash
heroku run rake db:migrate
heroku run rake db:seed
```
If you want to add the test data in the database, move `gem 'faker', '~> 1.8.7'` outside of `group :development` and run
```bash
heroku config:set DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL=true
heroku config:set DATABASE_CLEANER_ALLOW_PRODUCTION=true
heroku run rake db:dev_seed
```
9. Your app should now be ready to use. You can open it with
9. Your app should now be ready to use. You can open it with:
```bash
heroku open
```
You also can run the console on heroku using
You also can run the console on Heroku using:
```bash
heroku console --app your-app-name
```
10. Heroku doesn't allow to save images or documents in its servers, so it's necessary to setup a permanent storage space.
10. Heroku doesn't allow saving images or documents in its servers, so it's necessary to setup a permanent storage space.
See [our S3 guide](./using-aws-s3-as-storage.md) for more details about configuring Paperclip with S3.
See [our S3 guide](using-aws-s3-as-storage.md) for more details about configuring ActiveStorage with S3.
### Configure Sendgrid
### Configure Twilio Sendgrid
Add the SendGrid add-on in Heroku. It will create a SendGrid account for you with `ENV["SENDGRID_USERNAME"]` and `ENV["SENDGRID_PASSWORD"]`.
Add the Twilio SendGrid add-on in Heroku. This will create a Twilio SendGrid account for the application with a username and allow you to create a password. This username and password can be stored in the applications environment variables on Heroku:
Add this to `config/secrets.yml`, under the `production:` section:
```bash
heroku config:set SENDGRID_USERNAME=example-username SENDGRID_PASSWORD=xxxxxxxxx
```
Now add this to `config/secrets.yml`, under the `production:` section:
```yaml
mailer_delivery_method: :smtp
@@ -125,62 +137,4 @@ Add this to `config/secrets.yml`, under the `production:` section:
:enable_starttls_auto: true
```
Important: Turn on one worker dyno so that emails get sent.
## Optional but recommended
### Install rails\_12factor and specify the Ruby version
**The rails\_12factor is only useful if you use a version of Consul Democracy older than 1.0.0. The latter uses Rails 5 which includes the changes.**
As recommended by Heroku, you can add the gem rails\_12factor and specify the version of Ruby you want to use. You can do so by adding
```ruby
gem 'rails_12factor'
ruby 'x.y.z'
```
in the file _Gemfile\_custom_, where `x.y.z` is the version defined in the `.ruby-version` file in the Consul Democracy repository. Don't forget to run
```bash
bundle install
```
to generate _Gemfile.lock_ before committing and pushing to the server.
### Use Puma as a web server
Heroku recommends to use Puma to improve the responsiveness of your app on [a number of levels](http://blog.scoutapp.com/articles/2017/02/10/which-ruby-app-server-is-right-for-you).
If you want to allow more concurrency, uncomment the line:
```ruby
workers ENV.fetch("WEB_CONCURRENCY") { 2 }
```
You can find an explanation for each of these settings in the [Heroku tutorial](https://devcenter.heroku.com/articles/deploying-rails-applications-with-the-puma-web-server).
The last part is to change the _web_ task to use Puma by changing it to this in your _heroku.yml_ file:
```yml
web: bundle exec puma -C config/puma.rb
```
### Add configuration variables to tune your app from the dashboard
The free and hobby versions of Heroku are barely enough to run an app like Consul Democracy. To optimise the response time and make sure the app doesn't run out of memory, you can [change the number of workers and threads](https://devcenter.heroku.com/articles/deploying-rails-applications-with-the-puma-web-server#workers) that Puma uses.
My recommended settings are one worker and three threads. You can set it by running these two commands:
```bash
heroku config:set WEB_CONCURRENCY=1
heroku config:set RAILS_MAX_THREADS=3
```
I also recommend to set the following:
```bash
heroku config:set RAILS_SERVE_STATIC_FILES=enabled
heroku config:set RAILS_ENV=production
```
**Important:** Turn on one worker dyno so that emails get sent.

36
docs/en/installation/digital_ocean.md
View File

@@ -4,25 +4,23 @@ These instructions will help you register and buy a server in Digital Ocean to i
First you need to [sign up](https://cloud.digitalocean.com/registrations/new) and provide your personal information.
Once you are logged in, you need to create a Droplet (thats the name that Digital Ocean uses for a Virtual Server). Click on the “Create” green button at the top of the page and select "Droplets":
Once you have logged in, you'll need to create a Droplet (this is the name Digital Ocean uses for a cloud server) following this [guide](https://docs.digitalocean.com/products/droplets/how-to/create/) and configure it with the following recommendations:
![Digital Ocean Droplets](../../img/digital_ocean/droplets.png)
## Region
In the next page, you need to select Ubuntu (it should be pre-selected) and change the version **from 18.04 x64 to 16.04 x64**.
In the "Choose Region" section, to avoid latency in the service, select the region that is geographically closest to your users.
![Digital Ocean Choose an image](../../img/digital_ocean/image.png)
## Image
In the "Choose a size" section select the **$80/mo 16GB/6CPUs** option if this is going to be a production server. If you are just setting up a test system with a few users the cheapest $5/mo option can be enough.
In this "Choose an Image" section, we recommend selecting Ubuntu with the latest version supported by the installer, which in this case would be **24.04**.
![Digital Ocean Choose a size](../../img/digital_ocean/size.png)
## Size
Leave the rest of the options with their defaults until “Choose a datacenter”. Select the one that will be geographically closer to your users. If you are in the EU, select either Frankfurt or Amsterdam data centers.
In the "Choose Size" section, if the goal is to create a production server, we recommend choosing an option with at least **16GB of RAM**. If you are setting up a testing system or a staging environment with just a few users, the cheapest option may be sufficient.
![Digital Ocean Choose a region](../../img/digital_ocean/region.png)
## Authentication
In the "Add you SSH keys" section click "New SSH Key" button.
![Digital Ocean Add your SSH Keys](../../img/digital_ocean/ssh_keys.png)
In the "Choose Authentication Method" section, select "SSH Key" and click the "New SSH Key" button to add your key.
In the pop up window that appears you need to copy and paste the public key that we [generated in the previous step](generating_ssh_key.md). To see the content of this key in the terminal window type:
@@ -36,24 +34,16 @@ You should see a text like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDy/BXU0OsK8KLLXpd7tVnqDU+d4ZS2RHQmH+hv0BFFdP6PmUbKdBDigRqG6W3QBexB2DpVcb/bmHlfhzDlIHJn/oki+SmUYLSWWTWuSeF/1N7kWf9Ebisk6hiBkh5+i0oIJYvAUsNm9wCayQ+i3U3NjuB25HbgtyjR3jDPIhmg1xv0KZ8yeVcU+WJth0pIvwq+t4vlZbwhm/t2ah8O7hWnbaGV/MZUcj0/wFuiad98yk2MLGciV6XIIq+MMIEWjrrt933wAgzEB8vgn9acrDloJNvqx25uNMpDbmoNXJ8+/P3UDkp465jmejVd/6bRaObXplu2zTv9wDO48ZpsaACP your_username@your_computer_name
```
Select and copy all the text and paste it in the pop-up window like this:
![Digital Ocean New SSH Key](../../img/digital_ocean/new_ssh.png)
Please note that there will be two little green checks. If they are not there, retry copying the text because you probably left something out. Give your key a meaningful name, like **Consul_Democracy_key** and click "Add SSH Key" button.
Select all the text, paste it into the pop-up window in the "SSH Key content" field, add a meaningful name such as **Consul_Democracy_key**, and click the Add SSH Key button.
By using an SSH key instead of a user/password combination to access your server, it will be much more secure, as only someone with the private SSH key can access the server.
Now in the "Choose a hostname" section change the default for something more meaningful, like **consuldemocracyserver** for example.
## Hostname
![Digital Ocean hostname](../../img/digital_ocean/hostname.png)
Now, in the "Finalize Details" section, change the default value of the Hostname field to something more meaningful, like **consuldemocracyserver**.
At the bottom of the page youll see a summary of your options. Check that everything is OK and click the big green "Create" button.
![Digital Ocean create](../../img/digital_ocean/create.png)
It will take a few minutes, and at the end you will have a shiny new server. It will look like this in the Digital Ocean page:
![Digital Ocean server](../../img/digital_ocean/server.png)
Next to setup Consul Democracy in the server check the [installer's README](https://github.com/consuldemocracy/installer)
Next to setup Consul Democracy in the server check the [installer's README](https://github.com/consuldemocracy/installer).

4
docs/en/installation/installer.md
View File

@@ -1,5 +1,5 @@
# Installer
## Installation notes for Production and Staging servers
## Installation notes for production and staging servers
Check out the [installer's README](https://github.com/consuldemocracy/installer).
Check out the [installer's README](https://github.com/consuldemocracy/installer) for detailed installation instructions.

29
docs/en/installation/mail_server_configuration.md
View File

@@ -1,26 +1,19 @@
# Mail Server Configuration
# Mail server configuration
This is an example of how to integrate a mailing service with Consul Democracy.
In this example we use [Mailgun](https://www.mailgun.com/).
## Get an account from any email provider
## Create an account in Mailgun
To configure email in Consul Democracy, you will need:
![Creating an account in Mailgun](../../img/mailserver/mailgun-create-account.png)
* The _smtp_address_, which is the address of your email provider's SMTP server (e.g., smtp.yourdomain.com).
* The _domain_, which is the domain name of your application.
* The _user_name_ and _password_, which are the credentials provided by your email provider to authenticate with the SMTP server.
* Skip the credit card form
* And activate your account with the link sent by email
## Email configuration in Consul Democracy
## Domain configuration
* Go to the Domains section: ![Mailgun domain section](../../img/mailserver/mailgun-domains.png)
* Since you don't have a domain yet, you should click in the sandbox that is already created
* Remember the following credentials: ![Mailgun sandbox](../../img/mailserver/mailgun-sandbox.png)
## Consul Democracy mailing configuration
* Go to the `config/secrets.yml` file
* Change the lines on the file to configure the mail server under the section `staging`, `preproduction` or `production`, depending on your setup:
1. Go to the `config/secrets.yml` file.
2. On this file, change these lines under the section `staging`, `preproduction` or `production`, depending on your setup:
```yml
mailer_delivery_method: :smtp
@@ -34,5 +27,5 @@ In this example we use [Mailgun](https://www.mailgun.com/).
:enable_starttls_auto: true
```
* Fill `<smtp address>`, `<domain>`, `<user_name>` and `<password>` with your information
* Save the file and restart your Consul Democracy application
3. Fill `<smtp address>`, `<domain>`, `<user_name>` and `<password>` with your information.
4. Save the file and restart your Consul Democracy application.

15
docs/en/installation/manual_installation_production.md
View File

@@ -1,8 +1,8 @@
# Manual installation for production
**WARNING:** This method is *not recommended* and not officially supported, since you should use the [installer](https://github.com/consuldemocracy/installer) instead. Use this method if the installer isn't an option and you can already deal with PostgreSQL, puma or passenger, NGNIX and SSL (with letsencrypt, for instance).
**WARNING:** This method is *not recommended* and not officially supported, since you should use the [installer](https://github.com/consuldemocracy/installer) instead. Use this method only if the installer isn't an option and you have experience configuring PostgreSQL, Puma or Passenger, NGINX, and SSL (with letsencrypt, for instance).
This guide assumes you've already [installed all the necessary packages](prerequisites.md) on your system.
This guide assumes you've already [installed all the necessary packages](prerequisites.md) on your system. Make sure to install RVM to be able to install the Ruby version required by the project, which is defined in the .ruby-version file. Also, ensure you have installed FNM to install the Node.js version defined in the .node-version file.
The created directory structure herein is to be used with [capistrano](https://capistranorb.com/documentation/getting-started/structure/).
@@ -21,22 +21,24 @@ mkdir -p shared/public/assets shared/public/system shared/public/ckeditor_assets
## Initial release
Extract from the repo the first release to the respective directory, and create the symbolic link of the current release (replace `<latest_consuldemocracy_stable_version>` with the latest version number, like 1.3.1 or 1.4.1):
Extract from the repo the first release to the respective directory, and create the symbolic link of the current release. Be sure to replace `<latest_consuldemocracy_stable_version>` with the number of the latest stable version of Consul Democracy, such as 2.1.1 or 2.2.0. To find the most recent version, visit the releases section in the [Consul Democracy repository](https://github.com/consuldemocracy/consuldemocracy/releases)
```bash
mkdir releases/first
cd repo
git archive <latest_consuldemocracy_stable_version> | tar -x -f - -C ../releases/first
cd ..
ln -s releases/first current
```
## Gems installation
## Installing dependencies
Install the gems Consul Democracy depends on:
Install the dependencies for Consul Democracy:
```bash
cd releases/first
bundle install --path ../../shared/bundle --without development test
fnm exec npm install
cd ../..
```
@@ -53,7 +55,7 @@ ln -s ../../../shared/config/secrets.yml
cd ../../..
```
Edit the `shared/config/database.yml` file, filling in `username` and `password` with the data generated during the [PostgreSQL setup](debian.md#postgresql-94).
Edit the `shared/config/database.yml` file, filling in `username` and `password` with the data generated during the [PostgreSQL setup](debian.md#postgresql).
We now need to generate a secret key:
@@ -78,6 +80,7 @@ Create a database, load the seeds and compile the assets:
```bash
cd current
bin/rake db:create RAILS_ENV=production
bin/rake db:migrate RAILS_ENV=production
bin/rake db:seed RAILS_ENV=production
bin/rake assets:precompile RAILS_ENV=production

14
docs/en/installation/servers.md
View File

@@ -1,21 +1,21 @@
# Production and Staging servers
# Production and staging servers
## Recommended Minimum System Requirements
## Recommended minimum system requirements
### 1. Production Server
### 1. Production server
- Distribution: Ubuntu 16.04.X
- Supported distributions: Ubuntu 22.04, Ubuntu 24.04, Debian Bullseye or Debian Bookworm
- RAM: 32GB
- Processor: Quad core
- Hard Drive: 20 GB
- Database: Postgres
### 2. Staging Server
### 2. Staging server
- Distribution: Ubuntu 16.04.X
- Supported distributions: Ubuntu 22.04, Ubuntu 24.04, Debian Bullseye or Debian Bookworm
- RAM: 16GB
- Processor: Dual core
- Hard Drive: 20 GB
- Database: Postgres
If your city has a population of over 1.000.000, consider balancing your load using 2-3 production servers and a separate server for the database.
If your city has a population of over 1,000,000, consider balancing your load using 2-3 production servers and a separate server for the database.

85
docs/en/installation/using-aws-s3-as-storage.md
View File

@@ -1,87 +1,64 @@
# Using AWS S3 as file storage
While Consul Democracy keeps most of its data in a PostgreSQL database, all the files such as documents or images have to be stored elsewhere.
To take care of them, Consul Democracy uses the [Paperclip gem](https://github.com/thoughtbot/paperclip) (Warning: this gem is now deprecated and Consul Democracy will probably migrate to ActiveStorage in the future. Check that this is not already the case before using this guide).
By default, the attachments are stored on the filesystem. However, with services such as Heroku, there is no persistent storage which means that these files are periodically erased.
This tutorial explains how to configure Paperclip to use [AWS S3](https://aws.amazon.com/fr/s3/). It doesn't recommend S3 or the use of Amazon services and will hopefully be expanded to include configuration for [fog storage](http://fog.io/storage/).
Although Consul Democracy stores most of its data in a PostgreSQL database, in Heroku all files, such as documents or images, must be stored elsewhere, such as AWS S3.
## Adding the gem *aws-sdk-s3*
First, add the following line in your *Gemfile_custom*
Add the following line to your *Gemfile_custom*:
```ruby
gem 'aws-sdk-s3', '~> 1'
gem "aws-sdk-s3", "~> 1"
```
Make sure to have a recent version of paperclip (Consul Democracy is currently using 5.2.1, which doesn't recognize *aws-sdk-s3*). In your Gemfile, the line should be:
```ruby
gem 'paperclip', '~> 6.1.0'
```
Run `bundle install` to apply your changes.
And run `bundle install` to apply your changes.
## Adding your credentials in *secrets.yml*
This guide will assume that you have an Amazon account configured to use S3 and that you created a bucket for your instance of Consul Democracy. It is highly recommended to use a different bucket for each instance (production, preproduction, staging).
This guide assumes you have an Amazon account configured to use S3 and that you have created a bucket for your instance of Consul Democracy. It is strongly recommended to use a different bucket for each instance (production, preproduction, staging).
You will need the following information:
- the **name** of the S3 bucket
- the **region** of the S3 bucket (`eu-central-1` for UE-Francfort for example)
- the **hostname** of the S3 bucket (`s3.eu-central-1.amazonaws.com` for Francfort, for example)
- an **access key id** and a **secret access key** with read/write permission to that bucket
- The **name** of the S3 bucket.
- The **region** of the S3 bucket (`eu-central-1` for UE-Francfort for example).
- An **access_key** and a **secret_key** with read/write permission to that bucket.
**WARNING:** It is recommended to create IAM users that will only have read/write permission to the bucket you want to use for that specific instance of Consul Democracy.
**WARNING:** It is recommended to create IAM users (Identity and Access Management) who only have read/write permissions for the bucket you intend to use for that specific instance of Consul Democracy.
Once you have these pieces of information, you can save them as environment variables of the instance running Consul Democracy. In this tutorial, we save them respectively as *AWS_S3_BUCKET*, *AWS_S3_REGION*, *AWS_S3_HOSTNAME*, *AWS_ACCESS_KEY_ID* and *AWS_SECRET_ACCESS_KEY*.
Once you have these pieces of information, you can save them as environment variables of the instance running Consul Democracy. In this tutorial, we save them respectively as *S3_BUCKET*, *S3_REGION*, *S3_ACCESS_KEY_ID* and *S3_SECRET_ACCESS_KEY*.
Add the following block in your *secrets.yml* file:
```yaml
aws: &aws
aws_s3_region: <%= ENV["AWS_S3_REGION"] %>
aws_access_key_id: <%= ENV["AWS_ACCESS_KEY_ID"] %>
aws_secret_access_key: <%= ENV["AWS_SECRET_ACCESS_KEY"] %>
aws_s3_bucket: <%= ENV["AWS_S3_BUCKET"] %>
aws_s3_host_name: <%= ENV["AWS_S3_HOST_NAME"] %>
```bash
heroku config:set S3_BUCKET=example-bucket-name S3_REGION=eu-west-example S3_ACCESS_KEY_ID=xxxxxxxxx S3_SECRET_ACCESS_KEY=yyyyyyyyyy
```
and `<<: *aws` under the environments which you want to use S3 with, for example:
Now add the following block to your *secrets.yml* file:
```yaml
production:
[...]
<<: *aws
s3:
access_key_id: <%= ENV["S3_ACCESS_KEY_ID"] %>
secret_access_key: <%= ENV["S3_SECRET_ACCESS_KEY"] %>
region: <%= ENV["S3_REGION"] %>
bucket: <%= ENV["S3_BUCKET"] %>
```
## Configuring Paperclip
## Enabling the use of S3 in the application
First, activate Paperclip's URI adapter by creating the file *config/initializers/paperclip.rb* with the following content:
First, add the following line inside the `class Application < Rails::Application` class in the `config/application_custom.rb` file:
```ruby
Paperclip::UriAdapter.register
# Store uploaded files on the local file system (see config/storage.yml for options).
config.active_storage.service = :s3
```
Finally, add the following lines in the environment file of the instance which you want to use S3 with. In production, you should for example edit *config/environments/production.rb*.
Then, uncomment the s3 block that you will find in the *storage.yml* file:
```ruby
# Paperclip settings to store images and documents on S3
config.paperclip_defaults = {
storage: :s3,
preserve_files: true,
s3_host_name: Rails.application.secrets.aws_s3_host_name,
s3_protocol: :https,
s3_credentials: {
bucket: Rails.application.secrets.aws_s3_bucket,
access_key_id: Rails.application.secrets.aws_access_key_id,
secret_access_key: Rails.application.secrets.aws_secret_access_key,
s3_region: Rails.application.secrets.aws_s3_region,
}
}
```yaml
s3:
service: S3
access_key_id: <%= Rails.application.secrets.dig(:s3, :access_key_id) %>
secret_access_key: <%= Rails.application.secrets.dig(:s3, :secret_access_key) %>
region: <%= Rails.application.secrets.dig(:s3, :region) %>
bucket: <%= Rails.application.secrets.dig(:s3, :bucket) %>
```
You will need to restart to apply the changes.
You will need to restart the application to apply the changes.