adduser deploy --disabled-password
ssh-copy-id -i ~ /.ssh/id_rsa.pub [email protected] # on local machine
mkdir /home/deploy/.ssh
cp /root/.ssh/authorized_keys /home/deploy/.ssh
chown deploy:deploy /home/deploy/.ssh -R
chmod 600 /home/deploy/.ssh/authorized_keys
https://github.com/nodesource/distributions#installation-instructions
https://yarnpkg.com/en/docs/install
apt-get install git aptitude apt-transport-https
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo " deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
sudo apt-get install -y nodejs yarn
git clone https://github.com/sstephenson/rbenv.git /usr/local/rbenv
vim /etc/profile.d/rbenv.sh
# rbenv setup
export RBENV_ROOT=/usr/local/rbenv
export PATH=" $RBENV_ROOT /bin:$PATH "
eval " $( rbenv init -) "
Save and exit :wq! (Shift + ZZ)
chmod +x /etc/profile.d/rbenv.sh
Exit and login again to load rbenv
Install latest ruby-build
mkdir /usr/local/rbenv/plugins
git clone https://github.com/sstephenson/ruby-build.git /usr/local/rbenv/plugins/ruby-build
Install latest stable ruby
aptitude install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev
aptitude install libcurl4-openssl-dev libpcre3-dev libxml2 libxml2-dev libxslt1-dev
aptitude install libjemalloc-dev
# RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install 2.4.3
rbenv install 2.4.3
rbenv global 2.4.3
ruby --version
echo ' gem: --no-document' > /root/.gemrc
echo ' gem: --no-document' > /home/deploy/.gemrc
chown deploy:deploy /home/deploy/.gemrc
gem install bundler
Installing Passenger + Nginx on Ubuntu 16.04 LTS (with APT)
NOTICE: Use https://www.phusionpassenger.com/library/install/nginx/install/oss/ to find proper setup instructions
NOTICE: Find a way to add https://github.com/openresty/headers-more-nginx-module
Step 1: install Passenger packages
# Install our PGP key and add HTTPS support for APT
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
sudo apt-get install -y apt-transport-https ca-certificates
# Add our APT repository
sudo sh -c ' echo deb https://oss-binaries.phusionpassenger.com/apt/passenger xenial main > /etc/apt/sources.list.d/passenger.list'
sudo apt-get update
# Install Passenger + Nginx
sudo apt-get install -y nginx-extras passenger
Step 2: enable the Passenger Nginx module and restart Nginx
Edit /etc/nginx/nginx.conf
and uncomment include /etc/nginx/passenger.conf;
and restart nginx
vim /etc/nginx/nginx.conf
sudo service nginx restart
Step 3: check installation
passenger-config validate-install
passenger-memory-stats
Step 4: setup SSL (Optional)
NOTICE:
# Enable Diffie-Hellman for TLS
mkdir /etc/nginx/ssl
openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048
/etc/nginx/nginx.conf
user deploy;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 128m;
server_tokens off;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;
# passenger_pool_idle_time 0;
more_clear_headers 'Server' 'X-Powered-By' 'X-Runtime';
include /etc/nginx/passenger.conf;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
/etc/nginx/sites-enabled/default
server {
listen 80 default_server;
listen 443 ssl;
server_name example.com;
access_log /dev/null;
error_log /dev/null;
passenger_enabled on;
root /var/www/example.com/current/public;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_certificate /etc/nginx/ssl/example.com.pem;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
}
Install and configure PostgreSQL on Ubuntu 16.04 (with APT)
NOTICE: Use https://www.postgresql.org/download/linux/ubuntu/ to find proper installation instructions
Step 1: install postgressql-9.xx
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sh -c ' echo deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main > /etc/apt/sources.list.d/pgdg.list'
aptitude update
apt-get install postgresql-9.6 libpq-dev
Install and configure MySQL (Definitely NOT recommended)
aptitude install mysql-server mysql-client libmysqlclient-dev
vim /etc/mysql/my.cnf
[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4
[mysqld]
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
Add some PRIVILEGES for staging and/or production user
mysql -uroot -p
GRANT ALL PRIVILEGES ON `%\_staging` . * TO 'staging'@'localhost' IDENTIFIED BY '***';
GRANT ALL PRIVILEGES ON `%\_production` . * TO 'production'@'localhost' IDENTIFIED BY '***';
Install and configure monit
Configure httpd server (uncomment httpd part)
aptitude install monit
vim /etc/monit/monitrc
service monit restart
monit summary
visudo
deploy ALL=NOPASSWD:/usr/bin/monit
Download the Minio server's binary file:
curl -O https://dl.minio.io/server/minio/release/linux-amd64/minio
chmod +x minio
mv minio /usr/local/bin
For security reasons, we don't want to run the Minio server as root.
useradd -r minio -s /sbin/nologin
chown minio:minio /usr/local/bin/minio
Next, we need to create a directory where Minio will store files. This will be the storage location for the buckets you'll create.
mkdir /var/www/s3.example.com
chown minio:minio /var/www/s3.example.com
The /etc
directory is the most common location for server configuration files, so we'll create a place for Minio there.
mkdir /etc/minio
chown minio:minio /etc/minio
vim nano /etc/default/minio
MINIO_VOLUMES="/var/www/s3.example.com"
MINIO_OPTS="-C /etc/minio --address 127.0.0.1:9000"
Installing the Minio Systemd Startup Script
vim /etc/systemd/system/minio.service
[Unit]
Description=Minio
Documentation=https://docs.minio.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local/
User=minio
Group=minio
PermissionsStartOnly=true
EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "[ -n \"${MINIO_VOLUMES}\" ] || echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\""
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
# Let systemd restart this service only if it has ended with the clean exit code or signal.
Restart=on-success
StandardOutput=journal
StandardError=inherit
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0
# SIGTERM signal is used to stop Minio
KillSignal=SIGTERM
SendSIGKILL=no
SuccessExitStatus=0
[Install]
WantedBy=multi-user.target
# Built for ${project.name}-${project.version} (${project.name})
systemctl daemon-reload
systemctl enable minio
systemctl start minio
systemctl status minio
You should get output like the following:
● minio.service - Minio
Loaded: loaded (/etc/systemd/system/minio.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2018-03-18 19:15:19 UTC; 3 weeks 3 days ago
Docs: https://docs.minio.io
Main PID: 3266 (minio)
CGroup: /system.slice/minio.service
└─3266 /usr/local/bin/minio server -C /etc/minio --address 127.0.0.1:9000 /var/www/s3.example.com
Letsencrypt is used to for ssl certificate
vim /etc/nginx/sites-enabled/s3.example.com
server {
listen 80;
listen 443 ssl;
server_name s3.example.com;
location /.well-known {
alias /var/www/s3.example.com/.well-known;
}
location / {
proxy_set_header Host $http_host;
proxy_pass http://localhost:9000;
}
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_certificate /etc/letsencrypt/live/s3.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/s3.example.com/privkey.pem;
}
CarrierWave ImageOptimizer
The package will use these optimizers if they are present on your system:
Here's how to install all the optimizers on Ubuntu:
sudo apt-get install jpegoptim optipng pngquant gifsicle
And here's how to install the binaries on MacOS (using Homebrew ):
brew install jpegoptim optipng pngquant gifsicle