Skip to content

Instantly share code, notes, and snippets.

@albertoperdomo
Created September 1, 2009 19:02
Show Gist options
  • Save albertoperdomo/179306 to your computer and use it in GitHub Desktop.
Save albertoperdomo/179306 to your computer and use it in GitHub Desktop.
Install a fresh rails server
# Login and change root password
# create the user account you are going to use to connect
adduser myuser
# add the user to sudoers
visudo
#add a line like this at the end
myuser ALL=(ALL) ALL
#try logging in through ssh with that user
#and then sudoing to root
su - myuser
mkdir .ssh
vim .ssh/authorized_keys
#paste inside your public key
#set appropiate permissions
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
# log out and try to login via SSH and public key
# it should work by now
# edit the SSH configuration
# in AllowUsers put all the users that should have ssh access, if root should too then put him as well
PasswordAuthentication no
X11Forwarding no
UsePAM no
UseDNS no
AllowUsers myuser
#restart SSH and verify it works correctly
# Now time to install the firewall
aptitude install -y shorewall
#if you are going to have just one eth interface
# you can copy all the files (besides the readme file) from the example directory
cp /usr/share/doc/shorewall-common/examples/one-interface/* /etc/shorewall/
rm /etc/shorewall/README.txt
# edit the rules file to your needs
vim /etc/shorewall/rules
#some useful examples
HTTPS/ACCEPT net $FW
HTTP/ACCEPT net $FW
SSH/ACCEPT net $FW
SMTP/ACCEPT net $FW
# after editing to try your new rules
shorewall safe-start
# Once you have accepted your new config set it start on boot
# set startup=1 in /etc/default/shorewall
# set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf
######## RVM
apt-get install curl git-core -y
aptitude install build-essential bison openssl libreadline5 libreadline-dev \
curl git-core zlib1g zlib1g-dev libssl-dev vim libsqlite3-0 libsqlite3-dev \
sqlite3 libreadline-dev libxml2-dev git-core subversion autoconf
# Instalar RVM system wide
bash < <(curl -L http://bit.ly/rvm-install-system-wide)
# En los ficheros /root/.bashrc y /etc/skel/.bashrc
# Cambiar la línea [ -z "$PS1" ] && return por
# if [[ -n "$PS1" ]]; then
# y al final de los ficheros añadir:
fi
if groups | grep -q rvm ; then
source "/usr/local/lib/rvm"
fi
# Añadir el usuario al grupo RVM para que cargue RVM
adduser deploy rvm
# Dependencias
aptitude install build-essential bison openssl libreadline5 libreadline-dev \
curl git-core zlib1g zlib1g-dev libssl-dev vim libsqlite3-0 libsqlite3-dev \
sqlite3 libreadline-dev libxml2-dev git-core subversion autoconf
rvm install 1.9.2
rvm --default 1.9.2
# Cambiar a usuario y comprobar que se carga el 1.9.2
# Instalar apache:
sudo aptitude install apache2 libapr1-dev apache2-prefork-dev libcurl4-openssl-dev
# Como deploy o root:
gem install passenger
rvmsudo passenger-install-apache2-module
# Copiar el output para la config en /etc/apache2/httpd.conf. Ejemplo:
LoadModule passenger_module /usr/local/rvm/gems/ruby-1.9.2-p0/gems/passenger-3.0.0/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/rvm/gems/ruby-1.9.2-p0/gems/passenger-3.0.0
PassengerRuby /usr/local/rvm/wrappers/ruby-1.9.2-p0/ruby
#if you are going to use mysql
aptitude install mysql-server mysql-client libmysqlclient15-dev libmysqlclient15off zlib1g-dev libmysql-ruby1.8 -y
#if you are going to use postgresql
aptitude install postgresql libpq-dev -y
# update the locales
sudo locale-gen en_GB.UTF-8
...
sudo /usr/sbin/update-locale LANG=en_GB.UTF-8
# generate SSH public key
ssh-keygen -t dsa
## SETUP EMAIL
# Setup hostname and DNS
# In /etc/hostname put your FQDN e.g. mail.aentos.net
# In /etc/hosts add a line like this
127.0.0.1 mail.aentos.net
Your file should look like this:
127.0.0.1 localhost localhost.localdomain
127.0.0.1 mail.aentos.net
#reboot and check that hostname -f returns the correct FQDN
~$ hostname -f
mail.aentos.net
# Setup the reverse DNS to point to your FQDN
This is done in Slicehost Manage
# install postfix and other helpful packages
aptitude install postfix telnet mailutils -y
# If you want to have local email delivered to your own email account add some aliases to /etc/aliases
postmaster: root
root: alberto
alberto: [email protected]
#reload aliases
newaliases
#Edit the postfix settings file
vim /etc/postfix/main.cf
#Change the settings to something like this:
myhostname = mail.aentos.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = $mydomain
mydestination = $mydomain, localhost.$mydomain, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#if you are using rails, TLS might bug you with an error, maybe turn it off
smtpd_use_tls=no
#restart postfix
/etc/init.d/postfix restart
#test sending an email
mail [email protected]
Subject: test
test
.
Cc:
#If you want to prevent services like gmail etc. considering your email as spam set some SPF records for the domain
http://articles.slicehost.com/2008/8/8/email-setting-a-sender-policy-framework-spf-record
#This wizard might be of help: http://old.openspf.org/wizard.html
#Apache settings
#We don't want curious people to see which version of apache/modules we are running etc.
#In /etc/apache2/conf.d/security make this changes in settings
ServerTokens Prod (this will return only Apache as String)
ServerSignature Off (turn off signature in server headers)
#Put a default server name in /etc/apache2/httpd.conf
ServerName myserver.com
#If you are going to use virtual hosts in your apache config be sure to setup a default virtual host for requests with an un expected (not configured) domain name. The easiest way is to use the default site created by the apache installation because it's enabled as 000-default and apache will take the first virtualhost as default
#Sample /etc/apache2/sites-available/default
NameVirtualHost *
<VirtualHost *>
ServerAdmin webmaster@localhost
ServerName foo.triphq.net
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>
# We also customize the index.html because we don't like the standard "It works!" message. This is the one we are going to use (/var/www/index.html):
<html><body><h1>The server encountered an error. Please send flowers.</h1></body></html>
# Then you'll need to create a new site for your rails app
<VirtualHost *>
ServerAdmin [email protected]
ServerName myapp.com
ErrorLog /var/log/apache2/myapp.com_error.log
CustomLog /var/log/apache2/myapp.com_access.log combined
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
# set to lower timeout value
Timeout 45
DocumentRoot /var/www/myapp/current/public/
RailsEnv production
<Directory "/var/www/myapp/current/public/">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
# gzip html, css and js
AddOutputFilterByType DEFLATE text/html text/css application/x-javascript application/javascript
# far future expires headers
ExpiresActive on
ExpiresByType image/png "now plus 365 days"
ExpiresByType image/jpeg "now plus 365 days"
ExpiresByType image/gif "now plus 365 days"
</VirtualHost>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment