Production Rails

Best practices for running Rails in production

Gem coming soon! Get notified

Errors

Use an error reporting service like Rollbar.

Also, track 400 and 500 status codes.

ActiveSupport::Notifications.subscribe "process_action.action_controller" do |name, start, finish, id, payload|
  if !payload[:status] or payload[:status].to_i >= 400
    # track it
  end
end

Timeouts

Use Slowpoke for request and database timeouts.

gem 'slowpoke'

Throttling

Use Rack Attack to throttle and block requests.

Audits

Use an auditing library like Audited.

Slow Requests

Keep track of slow requests

ActiveSupport::Notifications.subscribe "process_action.action_controller" do |name, start, finish, id, payload|
  duration = finish - start
  if duration > 5.seconds
    # track here
  end
end

Unpermitted Parameters

ActiveSupport::Notifications.subscribe "unpermitted_parameters.action_controller" do |name, start, finish, id, payload|
  # track here
end

Failed Validations

module TrackErrors
  extend ActiveSupport::Concern

  included do
    after_validation :track_errors
  end

  def track_errors
    if errors.any?
      # track here
    end
  end
end

ActiveRecord::Base.send(:include, TrackErrors)

Failed CSRF

class ApplicationController < ActionController::Base
  def handle_unverified_request_with_tracking(*args)
    # track here

    handle_unverified_request_without_tracking(*args)
  end
  alias_method_chain :handle_unverified_request, :tracking
end

Logging

Use Lograge.

gem 'lograge'

Add the following to config/environments/production.rb.

config.lograge.enabled = true
config.lograge.custom_options = lambda do |event|
  options = event.payload.slice(:request_id, :user_id, :visit_id)
  options[:params] = event.payload[:params].except("controller", "action")
  # if you use Searchkick
  if event.payload[:searchkick_runtime].to_f > 0
    options[:search] = event.payload[:searchkick_runtime]
  end
  options
end

Add the following to app/controllers/application_controller.rb.

def append_info_to_payload(payload)
  super
  payload[:request_id] = request.uuid
  payload[:user_id] = current_user.id if current_user
  payload[:visit_id] = ahoy.visit_id # if you use Ahoy
end

Uptime Monitoring

Use an uptime monitoring service like Pingdom or Uptime Robot.

Monitor web servers, background jobs, and scheduled tasks.

Performance Monitoring

Use a performance monitoring service like New Relic or AppSignal.

Be sure to monitor:

Web Requests

requests by action - total time, count
errors - with affected users
queue time - X-Request-Start header
timeouts
404s
invalid authenticity token
unpermitted parameters
invalid form submissions

Background Jobs and Rake Tasks

jobs by type - total time, count
errors

Data Stores - Database, Elasticsearch, Redis

requests by type - total time, count
errors
CPU usage
space

External Services

requests by type - total time, count
errors

Web Server

Use a high performance web server like Unicorn.

gem 'unicorn'

Security

Use SSL to protect your users. Add the following to config/environments/production.rb.

config.force_ssl = true

Development Bonus

Fix double logging in the Rails console. Create config/initializers/log_once.rb with:

ActiveSupport::Logger.class_eval do
  def self.broadcast(logger)
    Module.new do
    end
  end
end

TODO

Redis timeout
Elasticsearch timeout
Background jobs
Scheduled jobs
Gemify parts

Thanks

cant_wait gem for database timeouts

tcast / production_rails