Created
September 1, 2009 19:02
-
-
Save albertoperdomo/179306 to your computer and use it in GitHub Desktop.
Install a fresh rails server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Login and change root password | |
# create the user account you are going to use to connect | |
adduser myuser | |
# add the user to sudoers | |
visudo | |
#add a line like this at the end | |
myuser ALL=(ALL) ALL | |
#try logging in through ssh with that user | |
#and then sudoing to root | |
su - myuser | |
mkdir .ssh | |
vim .ssh/authorized_keys | |
#paste inside your public key | |
#set appropiate permissions | |
chmod 700 .ssh | |
chmod 600 .ssh/authorized_keys | |
# log out and try to login via SSH and public key | |
# it should work by now | |
# edit the SSH configuration | |
# in AllowUsers put all the users that should have ssh access, if root should too then put him as well | |
PasswordAuthentication no | |
X11Forwarding no | |
UsePAM no | |
UseDNS no | |
AllowUsers myuser | |
#restart SSH and verify it works correctly | |
# Now time to install the firewall | |
aptitude install -y shorewall | |
#if you are going to have just one eth interface | |
# you can copy all the files (besides the readme file) from the example directory | |
cp /usr/share/doc/shorewall-common/examples/one-interface/* /etc/shorewall/ | |
rm /etc/shorewall/README.txt | |
# edit the rules file to your needs | |
vim /etc/shorewall/rules | |
#some useful examples | |
HTTPS/ACCEPT net $FW | |
HTTP/ACCEPT net $FW | |
SSH/ACCEPT net $FW | |
SMTP/ACCEPT net $FW | |
# after editing to try your new rules | |
shorewall safe-start | |
# Once you have accepted your new config set it start on boot | |
# set startup=1 in /etc/default/shorewall | |
# set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf | |
######## RVM | |
apt-get install curl git-core -y | |
aptitude install build-essential bison openssl libreadline5 libreadline-dev \ | |
curl git-core zlib1g zlib1g-dev libssl-dev vim libsqlite3-0 libsqlite3-dev \ | |
sqlite3 libreadline-dev libxml2-dev git-core subversion autoconf | |
# Instalar RVM system wide | |
bash < <(curl -L http://bit.ly/rvm-install-system-wide) | |
# En los ficheros /root/.bashrc y /etc/skel/.bashrc | |
# Cambiar la línea [ -z "$PS1" ] && return por | |
# if [[ -n "$PS1" ]]; then | |
# y al final de los ficheros añadir: | |
fi | |
if groups | grep -q rvm ; then | |
source "/usr/local/lib/rvm" | |
fi | |
# Añadir el usuario al grupo RVM para que cargue RVM | |
adduser deploy rvm | |
# Dependencias | |
aptitude install build-essential bison openssl libreadline5 libreadline-dev \ | |
curl git-core zlib1g zlib1g-dev libssl-dev vim libsqlite3-0 libsqlite3-dev \ | |
sqlite3 libreadline-dev libxml2-dev git-core subversion autoconf | |
rvm install 1.9.2 | |
rvm --default 1.9.2 | |
# Cambiar a usuario y comprobar que se carga el 1.9.2 | |
# Instalar apache: | |
sudo aptitude install apache2 libapr1-dev apache2-prefork-dev libcurl4-openssl-dev | |
# Como deploy o root: | |
gem install passenger | |
rvmsudo passenger-install-apache2-module | |
# Copiar el output para la config en /etc/apache2/httpd.conf. Ejemplo: | |
LoadModule passenger_module /usr/local/rvm/gems/ruby-1.9.2-p0/gems/passenger-3.0.0/ext/apache2/mod_passenger.so | |
PassengerRoot /usr/local/rvm/gems/ruby-1.9.2-p0/gems/passenger-3.0.0 | |
PassengerRuby /usr/local/rvm/wrappers/ruby-1.9.2-p0/ruby | |
#if you are going to use mysql | |
aptitude install mysql-server mysql-client libmysqlclient15-dev libmysqlclient15off zlib1g-dev libmysql-ruby1.8 -y | |
#if you are going to use postgresql | |
aptitude install postgresql libpq-dev -y | |
# update the locales | |
sudo locale-gen en_GB.UTF-8 | |
... | |
sudo /usr/sbin/update-locale LANG=en_GB.UTF-8 | |
# generate SSH public key | |
ssh-keygen -t dsa | |
## SETUP EMAIL | |
# Setup hostname and DNS | |
# In /etc/hostname put your FQDN e.g. mail.aentos.net | |
# In /etc/hosts add a line like this | |
127.0.0.1 mail.aentos.net | |
Your file should look like this: | |
127.0.0.1 localhost localhost.localdomain | |
127.0.0.1 mail.aentos.net | |
#reboot and check that hostname -f returns the correct FQDN | |
~$ hostname -f | |
mail.aentos.net | |
# Setup the reverse DNS to point to your FQDN | |
This is done in Slicehost Manage | |
# install postfix and other helpful packages | |
aptitude install postfix telnet mailutils -y | |
# If you want to have local email delivered to your own email account add some aliases to /etc/aliases | |
postmaster: root | |
root: alberto | |
alberto: [email protected] | |
#reload aliases | |
newaliases | |
#Edit the postfix settings file | |
vim /etc/postfix/main.cf | |
#Change the settings to something like this: | |
myhostname = mail.aentos.net | |
alias_maps = hash:/etc/aliases | |
alias_database = hash:/etc/aliases | |
myorigin = $mydomain | |
mydestination = $mydomain, localhost.$mydomain, localhost | |
relayhost = | |
mynetworks = 127.0.0.0/8 | |
mailbox_size_limit = 0 | |
recipient_delimiter = + | |
inet_interfaces = all | |
#if you are using rails, TLS might bug you with an error, maybe turn it off | |
smtpd_use_tls=no | |
#restart postfix | |
/etc/init.d/postfix restart | |
#test sending an email | |
mail [email protected] | |
Subject: test | |
test | |
. | |
Cc: | |
#If you want to prevent services like gmail etc. considering your email as spam set some SPF records for the domain | |
http://articles.slicehost.com/2008/8/8/email-setting-a-sender-policy-framework-spf-record | |
#This wizard might be of help: http://old.openspf.org/wizard.html | |
#Apache settings | |
#We don't want curious people to see which version of apache/modules we are running etc. | |
#In /etc/apache2/conf.d/security make this changes in settings | |
ServerTokens Prod (this will return only Apache as String) | |
ServerSignature Off (turn off signature in server headers) | |
#Put a default server name in /etc/apache2/httpd.conf | |
ServerName myserver.com | |
#If you are going to use virtual hosts in your apache config be sure to setup a default virtual host for requests with an un expected (not configured) domain name. The easiest way is to use the default site created by the apache installation because it's enabled as 000-default and apache will take the first virtualhost as default | |
#Sample /etc/apache2/sites-available/default | |
NameVirtualHost * | |
<VirtualHost *> | |
ServerAdmin webmaster@localhost | |
ServerName foo.triphq.net | |
ErrorLog /var/log/apache2/error.log | |
# Possible values include: debug, info, notice, warn, error, crit, | |
# alert, emerg. | |
LogLevel warn | |
CustomLog /var/log/apache2/access.log combined | |
DocumentRoot /var/www/ | |
<Directory /> | |
Options FollowSymLinks | |
AllowOverride None | |
</Directory> | |
<Directory /var/www/> | |
Options Indexes FollowSymLinks MultiViews | |
AllowOverride None | |
Order allow,deny | |
allow from all | |
</Directory> | |
</VirtualHost> | |
# We also customize the index.html because we don't like the standard "It works!" message. This is the one we are going to use (/var/www/index.html): | |
<html><body><h1>The server encountered an error. Please send flowers.</h1></body></html> | |
# Then you'll need to create a new site for your rails app | |
<VirtualHost *> | |
ServerAdmin [email protected] | |
ServerName myapp.com | |
ErrorLog /var/log/apache2/myapp.com_error.log | |
CustomLog /var/log/apache2/myapp.com_access.log combined | |
# Possible values include: debug, info, notice, warn, error, crit, | |
# alert, emerg. | |
LogLevel warn | |
# set to lower timeout value | |
Timeout 45 | |
DocumentRoot /var/www/myapp/current/public/ | |
RailsEnv production | |
<Directory "/var/www/myapp/current/public/"> | |
Options FollowSymLinks | |
AllowOverride None | |
Order allow,deny | |
Allow from all | |
</Directory> | |
# gzip html, css and js | |
AddOutputFilterByType DEFLATE text/html text/css application/x-javascript application/javascript | |
# far future expires headers | |
ExpiresActive on | |
ExpiresByType image/png "now plus 365 days" | |
ExpiresByType image/jpeg "now plus 365 days" | |
ExpiresByType image/gif "now plus 365 days" | |
</VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment