CRON Gone Wild … with ikura.

mar 16

Serving Erlang

Since OTP is such a powerful tool for creating servers, not surprising, I’m constantly installing Erlang on new hardware & virtualware.

I do this often, but not to a degree that warrants using a container solution, like docker. There’s always a few gotchas with installing OTP to, say, Digital Ocean. But after so many installations, my process is pretty solid.

A reference

After I fire up a fresh server, a prerequisite is to get users & timezones sussed out. I like to front-load annoying things right away. Then, using this guide, I’ve borrowed this & that to slightly harden the server, though I only go all in with this when the situation truly requires it.

Assuming we are shelled in for the first time as root to a Ubuntu machine, I add a new user (dale) via the following:

$ adduser dale # follow the prompts 
$ usermod -aG sudo dale
$ su - dale; cd
$ sudo ls -lhart /root # testing 1, 2, 3

Next, NTP & timezones need to be set up so our service won’t give us surprises down the road. There are a few tools (even graphical ones) to perform this task, but the following are the ones I use all the time:

$ sudo apt update
$ sudo dpkg-reconfigure tzdata # choose your zone
$ sudo apt install ntp

One can go whole hog with securing a server. But for nine out of ten servers, the requirements are such that a simple firewall will suffice. Using Ubuntu’s ufw tool, we’ll open ssh, and a few other ports.

$ sudo ufw allow ssh
$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw allow 25/tcp

You can glance at your handiwork with sudo ufw show added. If everything is to your liking, solidifying your new firewall is just one more step:

$ sudo ufw enable

With that, our basic firewall is in place. You can list your configuration at any time with sudo ufw status.


Before we install any languages we love, we should handle the language we take for granted: our spoken one. While the King’s English is for some, American English will suit me just fine (choose the one you prefer, of course).

To see what your OS installation has available to use, you can perform locale -a to take a gander at all the possible languages. If your language isn’t there, you will have to install it.

The server’s current language can be displayed via locale. If it isn’t to your liking, perform the following:

$ sudo locale-gen fr_FR.UTF-8
$ sudo dpkg-reconfigure locales 

…where the argument to the first is an example of French/UTF-8. All said & done, if you cat /etc/default/locale, you should see the environment variables looking something like the following:


You can edit that file by hand if you’re ever stuck & need to coerce things a bit.

The not-so-fun stuff

If you perform openssl version, and what’s yielded is ‘not found’ or you’re shown a version that’s tremendously bygone, it’s time to update OpenSSL. You can’t do much in OTP without a new-ish version of it humming away, so let’s jump on that pro-actively.

First, we should get a sense for any installation of OpenSSL already in place (if indeed it’s installed at all). The following can prove helpful:

$ apt-cache policy libssl-dev

If, again, nothing shows up, we should proceed with an install/update:

$ sudo apt install openssl libssl-dev

The interwebs are filled to the brim with helpful resources for those who march down this thorny path. Also note for later, the yield of the following:

$ sudo apt install apt-file
$ apt-file update
$ apt-file list libssl-dev # Note the listed include dirs

If you are installing OTP from source, you may need it.

OTP at last

With those four things behind us, it’s time to fill our hearts with something warm; let’s install Erlang! There are binaries, and pre-built packages out there, but we will take the worse-case scenario and build a somewhat new (at the time of writing) installation of OTP from source.

First, let’s install some GNU goodies. We need a C compiler & make. We can install those with ‘apt’ as follows:

$ sudo apt install gcc
$ sudo apt install make

You’ll also want to install ncurses, fop, xsltproc & odbc support:

$ sudo apt install libncurses5-dev fop xsltproc unixodbc-dev

Next, let’s create a corner for ourselves to work in:

$ cd; mkdir src; cd src

Moving along, let’s grab OTP from erlang.org :

$ wget erlang.org/download/otp_src_19.3.tar.gz

Finally, we can configure, make & install OTP. You can configure it with this guide by your side, or just do as follows:

$ tar xvf otp_src_19.3.tar.gz
$ cd otp_src_19.3
$ ./configure --with-ssl=/usr/include/openssl
$ make
$ sudo make install

N.B. The —with-ssl value is known from the above apt-file list libssl-dev yield. Adjust yours accordingly.

And with that, you are ready to go. Fire up an Erlang shell to make sure everything is working okay. You can do that like this:

$ erl
1> application:start(crypto). % How did we do?
2> init:stop().

If everything went smoothly, you are in good shape and won’t need to do much else for serving up oodles of OTP goodness.


I use relx for my release handling, and install it globally. If you’d like to leverage this great tool, you can install it in the following way. Note that this tool will probably be bundled into OTP one day, but for the time being, relx is quasi third-party.

$ cd; mkdir tmp; cd tmp
$ wget github.com/erlware/relx/archive/master.tar.gz
$ tar xvf master.tar.gz
$ cd relx-master
$ wget s3.amazonaws.com/rebar3/rebar3 && chmod +x rebar3
$ ./rebar3 as tmp escriptize
$ sudo cp _build/tmp/bin/relx /usr/local/bin/
$ cd; rm -fr ./tmp

If everything went okay, when you type which relx you should see it listed in the ‘/usr/local/bin’ directory.

THIS END UPWhat’s ikura?