Tag Archives: heroku

01Jan / 2012

Getting Heroku Cedar and Rails 3.1 Asset Pipeline to Play Nicely Together

I recently migrated a Ruby on Rails 3.1 app from the Heroku Bamboo stack to Heroku Cedar. If you’re doing the same, here are a few notes to help avoid snags on getting the Rails Asset Pipeline working efficiently.

Unlike Bamboo, Cedar does not offer Varnish as a reverse proxy cache, nor does it automatically gzip content. You need to do it yourself. Heroku recommends:

  1. Use memcached, with Dalli as the memcached client. Make sure to follow the Rails 3 section.
  2. Use Rack::Cache as a substitute for Varnish. Heroku links to this article which explains how to integrate Heroku with Rack::Cache. I couldn’t get it to work, so I hunted around and pieced together the folllowing riff.
In your runtime environment file (e.g. production.rb), add this:
require 'rack-cache'
My::Application.configure do
...
  # Enable Rack::Cache
  config.middleware.use Rack::Cache,
   :metastore => "memcached://#{ENV['MEMCACHE_SERVERS']}/meta",
   :entitystore => "memcached://#{ENV['MEMCACHE_SERVERS']}/body"

You can also set HTTP headers in production.rb as follows. (3600 is an example value, make this whatever you want.)

# Add HTTP headers to cache static assets for an hour
config.static_cache_control = "public, max-age=3600"

And you may want to add this to your config.ru to get gzip working:

use Rack::Deflater

References:

Posted in technology, Uncategorized

Tags: , , , , , ,

Permalink Leave a comment

04Aug / 2011

Heroku, MongoHQ, and Amazon S3 Backups

I spent a few hours yesterday convincing MongoHQ to back up a Mongo database to an Amazon S3 bucket via an Amazon “IAM” account. Here’s the secret recipe. Hopefully it saves someone time.

Context: MongoHQ, which I’m using with one of my work projects right now, is a service that hosts MongoDB databases. It integrates with Heroku, allowing you to get started on a Heroku app using MongoDB very quickly. MongoHQ supports hourly and daily backup of their databases to Amazon S3 buckets, but alas, not yet for databases provisioned automatically via Heroku. So if you want to step up to a backed-up database you’ll have to set up your own. Here are the steps I followed to do it.

Secret decoder ring:
S3 = Amazon Web Services Management Console, S3 tab.
IAM = Amazon Web Services Management Console, IAM tab.
MHQ = Mongo HQ console.
HKU = Heroku.

Recipe:

  1. S3 : Create a bucket for your app’s backups, e.g. “my-app-backups”.
  2. IAM: Create an IAM User account for MongoHQ to use, e.g. “mongohq”. Download the credentials and store them safely.
  3. IAM: Create an IAM Group to contain all users with backup permission, e.g. “myapp-backup-writers”.
  4. IAM: Add the mongohq User account to the newly created Group.
  5. IAM: Using the Permissions tab of the Group’s properties attach a new security policy, granting permission to write to the myapp-backups bucket. See below for a sample policy.
  6. MHQ: Sign up for your own MongoHQ account.
  7. MHQ: Create the database you wish to use with Heroku.
  8. MHQ: Select the “Backups” tab and enter the IAM User credentials from step 2.
  9. MHQ: Click “Save Settings”. If all is well you’ll see a message, “Setting Updated”.*
  10. MHQ: Create a new user on the Database Users tab.
  11. MHQ: Copy down the Mongo URI string from the Database Info tab, substituting your user name and password from step 10.
  12. HKU: In the root directory of your Heroku app do “heroku config:add MONGOHQ_URL=’URI’”. URI is the Mongo URI from step 11. (Normally Heroku sets this variable for you when it provisions a MongoHQ database. You’re overriding it with a link to your own database.)

* Step 9 is where I got stuck. It worked fine with my own personal security credentials, but not with the IAM account I created specifically for MongoHQ to use. (I wanted more security… giving your main account credentials to a 3rd party site isn’t smart.) I fiddled around with the security policy for quite a while, and eventually discovered I needed the “ListAllMyBuckets” permission. Here’s the security policy that worked for me:

    {
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [ "s3:ListAllMyBuckets" ],
          "Resource": "arn:aws:s3:::*"
        },
        {
          "Effect": "Allow",
          "Action": [
            "s3:PutObject",
            "s3:PutObjectAcl"
          ],
          "Resource": [
            "arn:aws:s3:::MY-APP-BACKUPS/*"
          ]
        }
      ]
    }

Posted in technology, Uncategorized

Tags: , , , , , , , ,

Permalink

Follow

Get every new post delivered to your Inbox.

Join 345 other followers