This is a template to get you started with Rails on Replit. It's ready to go so you can just hit run and start coding!
This template was generated using rails new (after you install the rails gem from the packager sidebar) so you can always do that if you prefer to set it up from scratch. We only made a couple changes to make to run it on Replit:
- bind the app on
0.0.0.0instead oflocalhost(see.replit) - allow
*.repl.cohosts (seeconfig/environments/development.rb) - allow the app to be iframed on
replit.com(seeconfig/application.rb)
Simply hit run! You can edit the run command from the .replit file.
Start every command with bundle exec so that it runs in the context of the installed gems environment. The console pane will give you output from the server but you can run arbitrary commands from the shell without stopping the server.
SQLite would work in development but we don't recommend running it in production. Instead look into using the built-in Replit database. Otherwise you are welcome to connect databases from your favorite provider.
The default setup runs Rails in development mode, which is fine for learning Rails and building small projects where security is not a big concern. If you are building more ambitious projects with users and access control, you may want to tighten up the app's security. Here are the steps to securing your app:
- Generate your master key
- Run the
rails credentials:editcommand - Edit your run command to run Rails in production mode
We'll go through each step in more detail below. You can also follow along with this 5 minute video which walks you through.
In rails, the master key is a master password that's used to encrypt all of the secret information
that is used by the application. Usually, this contained in a file config/master.key,
but in an repl, we don't store secrets in files because they are publicly viewable. Instead
we create a secret.
- Open the "Secrets (environment variables)" panel (the lock icon)
- Add a new secret with the key of RAILS_MASTER_KEY
- Run these commands in the shell to generate a random key:
irb
require 'securerandom'
puts SecureRandom.hex(16)
- Copy the random value from the shell to the secret value field
- Refresh the browser to let the secret take affect in the shell
This step will create the config/credentials.enc.yml file, which will contain the secret
values used by the Rails application and is encrypted with the master key. Even if someone
obtained config/credentials.enc.yml, they will not be able to read its contents without
your master key.
- In the shell, run:
rails credentials:edit
- This will open the
nanoeditor which will allow you to edit the file in YAML format. Here, you have the option of adding additional secret information, such as API keys for 3rd party services. It will initially contain a single secret value calledsecret_key_basewhich is used to encrypt session cookies. Hit Ctrl-X to exit nano and this file will be encrypted and saved.
Now we need to tell Rails to run in production mode. It will not use the credentials file otherwise. To do this:
- If don't see the
.replitfile, select "Show hidden files" under the triple dot menu on the "Files" panel. - Open
.replitand find the run command. Change it to read:rails server --binding=0.0.0.0 - Hit the run button, again, and now you are running in production mode!
There are some differences between how production mode works from dev mode. One difference is it won't show the normal Rails welcome screen.
If you were wondering why running in development is insecure, Rails generates a secret_key_base based on the name of your app. So if someone knows the name of your app, they can guess your secret_key_base. If you'd like to learn more about security in Rails, read Securing Rails Applications on rubyonrails.org.
If you need help you might be able to find an answer on our docs page. Feel free to report bugs and give us feedback here.