A Rails 8.0.3 application with Docker support.
- Rails 8.0.3 - Latest Rails version
- Hotwire - Turbo and Stimulus for modern, reactive UIs
- Solid Gems - SolidCache, SolidQueue, and SolidCable
- TimescaleDB - Time-series database for efficient metrics storage with automatic compression
- PostgreSQL - Production-ready database (in Docker)
- SQLite3 - Fallback for local development
- Kamal - Docker-based deployment tool
- Thruster - HTTP/2 proxy for Rails
- RuboCop - Code linting with Rails Omakase style
- Brakeman - Security vulnerability scanning
- Docker and Docker Compose installed
- That's it! No Ruby or Rails installation needed locally.
- Set up encryption keys:
First, copy the example environment file:
cp .env.example .envThen generate encryption keys:
docker-compose up -d db # Start database first
docker-compose run --rm web bin/rails db:encryption:initCopy the output keys into your .env file:
# .env
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=<paste_primary_key_here>
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=<paste_deterministic_key_here>
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=<paste_salt_here>Important: The .env file is gitignored and should NEVER be committed to version control. It contains sensitive encryption keys that protect your data.
- Build and start the application:
docker-compose up --build- Access the application:
Open your browser and navigate to http://localhost:3000
- Database setup:
The database will be created automatically on first run. If you need to manually run migrations:
docker-compose exec web rails db:create db:migrateStart the application:
docker-compose upStart in detached mode (background):
docker-compose up -dStop the application:
docker-compose downView logs:
docker-compose logs -f webRun Rails console:
docker-compose exec web rails consoleRun migrations:
docker-compose exec web rails db:migrateRun tests:
docker-compose exec web rails testInstall new gems:
docker-compose exec web bundle installGenerate a controller:
docker-compose exec web rails generate controller Welcome indexAccess bash shell in the container:
docker-compose exec web bashThe application uses a .env file for sensitive configuration:
.env- Your local environment variables (gitignored, never commit this!).env.example- Template showing what variables are needed (safe to commit)
Required variables in .env:
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY- For encrypting sensitive dataACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY- For deterministic encryptionACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT- Key derivation salt
Generate these keys with:
docker-compose run --rm web bin/rails db:encryption:initThe application is configured to use:
- PostgreSQL when running in Docker (hardcoded in
docker-compose.yml) - SQLite3 for local development without Docker
Database credentials (Docker):
- Host:
db - Port:
5432 - Username:
postgres - Password:
password - Database:
coolify_admin_development
These credentials are hardcoded in docker-compose.yml since they're only for local development.
🔒 Localhost-Only Binding (Secure by Default)
This development environment is configured for security:
- Rails server is bound to
127.0.0.1:3000(localhost only) - PostgreSQL is bound to
127.0.0.1:5432(localhost only) - External network access is blocked
- Only accessible from your local machine
This prevents:
- ❌ Remote access attempts
- ❌ Network port scans finding your dev server
- ❌ Accidental exposure of development database
- ❌ Security vulnerabilities from open ports
To verify security:
# Check port bindings
docker-compose ps
# Should show: 127.0.0.1:3000->3000/tcp and 127.0.0.1:5432->5432/tcp
# Verify network bindings
netstat -tuln | grep -E "(3000|5432)"
# Should show: 127.0.0.1:3000 and 127.0.0.1:5432.
├── app/ # Application code (models, views, controllers)
├── bin/ # Executables and scripts
├── config/ # Configuration files
├── db/ # Database migrations and schema
├── lib/ # Library code
├── public/ # Static files
├── storage/ # Active Storage files
├── test/ # Test suite
├── Dockerfile # Production Docker configuration
├── Dockerfile.dev # Development Docker configuration
├── docker-compose.yml # Docker Compose configuration
└── README.md # This file
- Make code changes - Files are mounted as volumes, so changes are reflected immediately
- Restart the server if needed - Press
Ctrl+Cand rundocker-compose upagain - Run migrations after creating them
- Commit your changes
This app includes Kamal for Docker-based deployment.
Important: Before deploying to production:
-
Generate NEW encryption keys for production:
# On your production server or in CI bin/rails db:encryption:init -
Set environment variables in your production environment:
- For Kamal: Add to
.kamal/secrets(gitignored) - For Heroku/similar: Use their environment variable management
- For Kubernetes: Use Secrets
Required production variables:
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=<production_key> ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=<production_key> ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=<production_salt> DATABASE_URL=<production_database_url> RAILS_MASTER_KEY=<from_config/master.key> - For Kamal: Add to
-
Deploy:
kamal init # Configure deployment kamal deploy # Deploy to production
- NEVER use development encryption keys in production
- NEVER commit
.env,.kamal/secrets, orconfig/master.keyto git - Each environment (dev, staging, prod) should have unique encryption keys
- If encryption keys are leaked, you must rotate them and re-encrypt all data
Port already in use:
# Stop any process using port 3000
lsof -ti:3000 | xargs kill -9
# Or change the port in docker-compose.ymlPermission issues:
# Rebuild with proper permissions
docker-compose down
docker-compose up --buildDatabase connection errors:
# Ensure database container is running
docker-compose ps
# Restart database
docker-compose restart dbClean slate:
# Remove all containers and volumes
docker-compose down -v
docker-compose up --buildThis project is available for use under your preferred license.