Skip to content

Instantly share code, notes, and snippets.

@alanstevens

alanstevens/install_all.sh

Created March 19, 2012 18:29
Show Gist options
  • Save alanstevens/2123030 to your computer and use it in GitHub Desktop.
Save alanstevens/2123030 to your computer and use it in GitHub Desktop.
Download ZIP
Server Setup
Raw
install_all.sh
#!/usr/bin/env bash
#
# execute this script as root with:
# curl https://raw.github.com/gist/2123030/install_all.sh | bash -s MyAwesomeHostName
#
if [[ ! "root" = "$(whoami)" ]] ; then
echo -e "****\nThis script must be run as root.\n****" && exit 1
fi
curl https://raw.github.com/gist/2123030/install_base.sh | bash -s $*
curl https://raw.github.com/gist/2123030/install_rvm.sh | bash
curl https://raw.github.com/gist/2123030/install_webserver.sh | bash
Raw
install_base.sh
#!/usr/bin/env bash
if [[ ! "root" = "$(whoami)" ]] ; then
echo -e "****\nThis script must be run as root.\n****" && exit 1
fi
function add_user(){
local user_name=$1
local public_key=$2
echo -e "\nAdding user account: $user_name\n"
#
# create user account and home directory
#
useradd -m -s /bin/bash $user_name
#
# add user to the rvm group to manage system rubies
#
usermod -aG rvm $user_name
#
# add user to the web group to manage web sites
#
usermod -a -G www-data $user_name
#
# write the user's public key to their authorized keys file
#
mkdir -p /home/$user_name/.ssh
curl $public_key > /home/$user_name/.ssh/authorized_keys
#
# set ownership and permissions on authorized_keys
#
chown -R $user_name:$user_name /home/$user_name/.ssh
chmod -R 0751 /home/$user_name/.ssh
#
# add user to sudoers list with no password required (account has no password)
#
grep $user_name /etc/sudoers
if [ $? -ne 0 ];then
(cat /etc/sudoers;echo "$user_name ALL=(ALL) NOPASSWD: ALL") >> ~/tmp_sudoers
chmod 0440 ~/tmp_sudoers
visudo -q -c -s -f ~/tmp_sudoers
if [ $? -ne 0 ];then
echo -e "\nERROR: There is a problem with the sudoers configuration.\n Please review ~/tmp_sudoers.\n" && return 1
fi
mv -f ~/tmp_sudoers /etc/sudoers
fi
}
#
# Upgrade installed packages to latest
#
echo -e "\nUpdating all installed packages\n"
locale-gen en_US.UTF-8
/usr/sbin/update-locale LANG=en_US.UTF-8
aptitude update
aptitude safe-upgrade -y
aptitude full-upgrade -y
#
# install and configure firewall
#
echo -e "\nInstalling and configuring firewall\n"
aptitude install ufw -y
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
cat /etc/ufw/ufw.conf | sed 's/ENABLED=no/ENABLED=yes/g' > ~/ufw.conf
chmod 0644 ~/ufw.conf
mv -f ~/ufw.conf /etc/ufw/ufw.conf
#
# create rvm group for managing system rubies
#
mkdir -p /usr/local/rvm
groupadd rvm
chown -R root:rvm /usr/local/rvm
chmod -R g+w /usr/local/rvm
#
# create alan and andrew's accounts
#
add_user 'alan' 'https://dl.dropbox.com/s/qfo16yktbn23q9j/id_rsa.pub?dl=1'
add_user 'andrew' 'https://dl.dropbox.com/s/2sld4rsbhl0o093/authorized_keys?dl=1'
#
# set the hostname
#
if [ "$1" != "" ];then
hostName=$1
echo -e "\nSetting host name to \"$hostName\"\n"
echo "$hostName" > /etc/hostname
(echo "127.0.0.1 $hostName $hostName"; cat /etc/hosts) > ~/hosts
chmod 644 ~/hosts
mv -f ~/hosts /etc/hosts
hostname -F /etc/hostname
fi
#
# set timezone to Universal Coordinated Time
#
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
#
# disable root login and password authentication over ssh
#
(cat /etc/ssh/sshd_config;echo "PermitRootLogin no") | sed 's/#PasswordAuthentication yes/PasswordAuthentication no/g' > ~/sshd_config
chmod 0644 ~/sshd_config
mv -f ~/sshd_config /etc/ssh/sshd_config
#
# ** REBOOT ** to apply settings and start firewall
#
echo -e "**********\n* REBOOT * the system to finish applying settings, including the firewall.\n**********"
Raw
install_rvm.sh
#!/usr/bin/env bash
if [[ ! "root" = "$(whoami)" ]] ; then
echo -e "This script must be run as root." && exit 1
fi
#
# Ensure that /usr/local/bin is in the path
#
PATH=$(echo "/usr/local/bin:$PATH" | tr -s ':' '\n' | awk '!($0 in a){a[$0];print}' | tr -s '\n' ':' | sed 's#:$##')
#
# Install rvm dependencies
#
aptitude install -y build-essential libreadline6-dev libssl-dev bison libz-dev zlib1g zlib1g-dev libxml2 libxml2-dev libxslt-dev libssl-dev openssl git-core autoconf libc6-dev ncurses-dev libtool
#
# Configure system level gem settings.
#
echo -e "Disabling ri & rdoc system wide for gem installations and upgrades."
echo "install: --no-rdoc --no-ri" >> /etc/gemrc
echo "update: --no-rdoc --no-ri" >> /etc/gemrc
#
# Install rvm at the system level.
#
bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer)
#
# rvm system level configuration.
#
rm -f /etc/rvmrc
echo "rvm_path=/usr/local/rvm" > /etc/rvmrc
echo "export rvm_gemset_create_on_use_flag=1" >> /etc/rvmrc
#
# rvm profile.d entry
#
mkdir -p /etc/profile.d
rm -f /etc/profile.d/rvm.sh
cat <<-File > /etc/profile.d/rvm.sh
# Load RVM if it is installed,
# first try to load user install
# then try to load root install, if user install is not there.
if [ -s "$HOME/.rvm/scripts/rvm" ] ; then
source "$HOME/.rvm/scripts/rvm"
elif [ -s "/usr/local/rvm/scripts/rvm" ] ; then
source "/usr/local/rvm/scripts/rvm"
fi
File
#
# make sure root can use rvm
#
echo 'source /usr/local/rvm/scripts/rvm' >> /root/.bashrc
#
# source rvm in the current shell session
#
source /etc/profile.d/rvm.sh
#
# Install Ruby and set system defaults
#
rvm install 1.9.3-p194
rvm use 1.9.3-p194 --default
gem update --system
rvm use 1.9.3-p194@global
Raw
install_webserver.sh
#!/usr/bin/env bash
if [[ ! "root" = "$(whoami)" ]] ; then
echo -e "****\nThis script must be run as root.\n****" && exit 1
fi
#
# Create /var/www & give permissions to the web group:
#
mkdir /var/www
chgrp -R www-data /var/www
chmod -R 775 /var/www # group write permission
#
# Grab the create_site script and skeleton files
#
aptitude install ack-grep -y # create_site script dependency
git clone git://github.com/NerdHiveIndustries/create-site.git /var/www
rm -rf /var/www/.git
rm -f /var/www/.gitignore
rm -f /var/www/README
#
# source rvm in the current shell session
#
source /etc/profile.d/rvm.sh
#
# Install bluepill
#
rvm use 1.9.3-p194@global
gem install bluepill --no-rdoc --no-ri
rvm wrapper ruby-1.9.3-p194@global global bluepill
mkdir -p /var/run/bluepill
mkdir -p /etc/bluepill
touch /etc/bluepill/all_sites.pill
#
# Configure upstart to run bluepill
#
(
cat <<File
description "bluepill process monitoring tool"
start on runlevel [2345]
stop on runlevel [!2345]
expect daemon
respawn
exec /usr/local/rvm/bin/global_bluepill load /etc/bluepill/all_sites.pill
File
)| tee /etc/init/bluepill.conf
#
# Configure rsyslog to log bluepill
#
(
cat<<File
## Bluepill log
local6.* /var/log/bluepill.log
File
) | tee -a /etc/rsyslog.conf
#
# Configure logrotate to rotate bluepill logs
#
(
cat<<File
/var/log/bluepill.log {
rotate 3
create 0664 root utmp
size=5M
}
File
)| tee -a /etc/logrotate.conf
service rsyslog restart
#
# Install nginx
#
aptitude install -y python-software-properties
add-apt-repository ppa:nginx/stable # use development for latest development version
aptitude update
aptitude install -y nginx
#
# Use nginx config recommendations from:
# http://unicorn.bogomips.org/examples/nginx.conf
#
rm -f /etc/nginx/nginx.conf
(
cat <<-File
## drop privileges, root is needed on most systems for binding to port 80
## (or anything < 1024). Capability-based security may be available for
## your system and worth checking out so you won't need to be root to
## start nginx to bind on 80
user www-data www-data;
## you generally only need one nginx worker unless you're serving
## large amounts of static files which require blocking disk reads
worker_processes 1;
## Feel free to change all paths to suit your needs
pid /var/run/nginx.pid;
error_log /var/log/nginx/error.log;
events {
worker_connections 1024; # increase if you have lots of clients
accept_mutex off; # "on" if nginx worker_processes > 1
use epoll; # enable for Linux 2.6+
# use kqueue; # enable for FreeBSD, OSX
}
http {
include /etc/nginx/mime.types;
## fallback in case we can't determine a type
default_type application/octet-stream;
## click tracking!
access_log /var/log/nginx/access.log combined;
## you generally want to serve static files with nginx
sendfile on;
tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
tcp_nodelay off; # on may be better for some Comet/long-poll stuff
keepalive_timeout 4;
## configure gzip in one place here for static files and also
## disable gzip for clients who don't get gzip/deflate right.
## There are other gzip settings that may be needed to deal with
## bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule
gzip on;
gzip_comp_level 2;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain
text/html
text/xml
text/css
text/comma-separated-values
text/javascript
application/x-javascript
application/atom+xml
application/xml
application/xml+rss;
## Include the config files for all vhosts
include /var/www/*/config/nginx.conf;
}
File
) | tee /etc/nginx/nginx.conf
#
# Start bluepill
#
start bluepill
#
# Start nginx
#
/etc/init.d/nginx start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment