aujkis · August 29, 2015 14:20
diff --git a/DropletSetup b/DropletSetup
 Initialize Digital Ocean Droplet, add SSH key(s)
 ssh root@<IP>

 # Fix locales
  sudo nano /etc/environment
    LANGUAGE=en_US.UTF-8
    LC_ALL=en_US.UTF-8
  sudo locale-gen en_US.UTF-8
  sudo dpkg-reconfigure locales
  sudo reboot
  
 # Set timezone
 sudo dpkg-reconfigure tzdata (un seko norādījumiem)
 # pārbauda ar `date`

 #add repos
 add-apt-repository ppa:nginx/stable
 add-apt-repository ppa:chris-lea/node.js
 sudo sh -c "echo 'deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main' > /etc/apt/sources.list.d/pgdg.list"
 wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | sudo apt-key add -

 # Add deployer user
 adduser deployer --ingroup sudo
 su deployer; cd

 # Add swap
 sudo dd if=/dev/zero of=/swapfile bs=1024 count=1024k
 sudo mkswap /swapfile
 sudo swapon /swapfile
 sudo nano /etc/fstab
 # Paste in the following line:
 /swapfile       none    swap    sw      0       0 

 echo 5 | sudo tee /proc/sys/vm/swappiness
 echo vm.swappiness = 5 | sudo tee -a /etc/sysctl.conf
 sudo chown root:root /swapfile 
 sudo chmod 0600 /swapfile

 # Install block
 apt-get -y update
 apt-get -y install python-software-properties software-properties-common curl git-core nginx postgresql-common postgresql postgresql-contrib libpq-dev telnet postfix nodejs fish
 # nginx installed
 # Postfix installed
 # Node.js installed

 # postgresql
 # Latest version at http://www.postgresql.org/download/linux/ubuntu/
 sudo chown deployer:sudo /home/deployer -R
 sudo -u postgres createuser creative
 # If you would like to set a password for the user, you can do the following
 sudo -u postgres psql
 \password creative
 create database <appname> owner creative;
 ( if need drop use `DROP DATABASE "<appname>";`)
 # Give create priviledges to creative
 ALTER USER creative CREATEDB;
 ALTER USER creative WITH SUPERUSER;

 # Install rvm + ruby + bundler (for rails apps)
 sudo apt-get -y install libgdbm-dev libncurses5-dev automake libtool bison libffi-dev
 curl -L https://get.rvm.io | bash -s stable
 source ~/.rvm/scripts/rvm
 rvm install 2.1.2
 rvm use 2.1.2@<PROJECT_NAME> --create
 rvm use 2.1.2@<PROJECT_NAME> --default
 ruby -v
 echo "gem: --no-ri --no-rdoc" > ~/.gemrc
 gem install bundler

 # Configure GIT
 git config --global color.ui true
 git config --global user.name "<YourGitName>"
 git config --global user.email "<YourEmail>"
 eval "$(ssh-agent -s)"
 ssh-keygen -t rsa -C "[email protected]"
 sudo chmod 400 ~/.ssh/id_rsa
 ssh-add ~/.ssh/id_rsa
 ssh-add -l # See if is there
 sudo cat ~/.ssh/id_rsa.pub >> Add to git keys
 ssh -T [email protected]

 // From local terminal `ssh-copy-id -i ~/.ssh/id_rsa.pub deployer@<DROPLET_IP>`
 ssh -T [email protected] # rsa keys pass is a.*123b.*

 # Add dev keys
 sudo nano ~/.ssh/authorized_keys

 # Secure the server
 sudo chmod 400 ~/.ssh/authorized_keys
 # Port 57321
 # PermitRootLogin yes -> no
 # Grace 25s
 # AllowUsers deployer root dokku
 # PasswordAuthentication no
 sudo nano /etc/ssh/sshd_config
 sudo service ssh restart

 # Allow deployer to tinker with nginx without sudo
 $ sudo visudo -f /etc/sudoers.d/deployer
  # add the lines
  deployer ALL = (root) NOPASSWD: /usr/sbin/nginx -s reload

 # Setup oh-my-fish
 git clone git://github.com/bpinto/oh-my-fish.git ~/.oh-my-fish
 cp ~/.oh-my-fish/templates/config.fish ~/.config/fish/config.fish
 nano  ~/.config/fish/config.fish << Put server defaults in

 # Configure Nginx
 sudo ln -s /opt/nginx/ /etc/nginx # links the nginx executable into etc
 cd /etc/init.d; sudo touch nginx_start.sh
 echo "#!/bin/bash\nsudo /etc/init.d/nginx start" >> /etc/init.d/nginx_start.sh
 sudo chmod +x /etc/init.d/nginx_start.sh
 sudo update-rc.d nginx_start.sh defaults

 # SSL
 cd /etc/ssl/
 openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
 openssl rsa -passin pass:x -in server.pass.key -out server.key
 rm server.pass.key
 openssl req -new -key server.key -out server.csr

 ## Self signed
 openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

 # after deploy:cold
 rm /etc/nginx/sites-enabled/default
 service nginx restart
 update-rc.d -f unicorn_nordenhealth defaults

 # For a rails 4+ app set the secret token
 rake secret #copy the string
 sudo nano /etc/environment 
  # export SECRET_KEY_BASE=<rake secret>
  # ruby -e 'p ENV["SECRET_KEY_BASE"]'
  
 # Configure production server for git usability
 nano ~/.ssh/config
  # Host <Server_IP>
  # ForwardAgent yes

 # COMMON ERRORS:
 + See if environment gets secret keybase in secrets.yml and has it in env
 + See if all shared folders exist (log, system, pids)
 + See if environment file is copied from production but considers all requests local
 + For staging, add to environment: staing.rb 
 #   config.serve_static_assets = false
 #   config.assets.compile = false
 #   config.assets.digest = true
	Initialize Digital Ocean Droplet, add SSH key(s)
	ssh root@<IP>

	# Fix locales
	sudo nano /etc/environment
	LANGUAGE=en_US.UTF-8
	LC_ALL=en_US.UTF-8
	sudo locale-gen en_US.UTF-8
	sudo dpkg-reconfigure locales
	sudo reboot

	# Set timezone
	sudo dpkg-reconfigure tzdata (un seko norādījumiem)
	# pārbauda ar `date`

	#add repos
	add-apt-repository ppa:nginx/stable
	add-apt-repository ppa:chris-lea/node.js
	sudo sh -c "echo 'deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main' > /etc/apt/sources.list.d/pgdg.list"
	wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc \| sudo apt-key add -

	# Add deployer user
	adduser deployer --ingroup sudo
	su deployer; cd

	# Add swap
	sudo dd if=/dev/zero of=/swapfile bs=1024 count=1024k
	sudo mkswap /swapfile
	sudo swapon /swapfile
	sudo nano /etc/fstab
	# Paste in the following line:
	/swapfile none swap sw 0 0

	echo 5 \| sudo tee /proc/sys/vm/swappiness
	echo vm.swappiness = 5 \| sudo tee -a /etc/sysctl.conf
	sudo chown root:root /swapfile
	sudo chmod 0600 /swapfile

	# Install block
	apt-get -y update
	apt-get -y install python-software-properties software-properties-common curl git-core nginx postgresql-common postgresql postgresql-contrib libpq-dev telnet postfix nodejs fish
	# nginx installed
	# Postfix installed
	# Node.js installed

	# postgresql
	# Latest version at http://www.postgresql.org/download/linux/ubuntu/
	sudo chown deployer:sudo /home/deployer -R
	sudo -u postgres createuser creative
	# If you would like to set a password for the user, you can do the following
	sudo -u postgres psql
	\password creative
	create database <appname> owner creative;
	( if need drop use `DROP DATABASE "<appname>";`)
	# Give create priviledges to creative
	ALTER USER creative CREATEDB;
	ALTER USER creative WITH SUPERUSER;

	# Install rvm + ruby + bundler (for rails apps)
	sudo apt-get -y install libgdbm-dev libncurses5-dev automake libtool bison libffi-dev
	curl -L https://get.rvm.io \| bash -s stable
	source ~/.rvm/scripts/rvm
	rvm install 2.1.2
	rvm use 2.1.2@<PROJECT_NAME> --create
	rvm use 2.1.2@<PROJECT_NAME> --default
	ruby -v
	echo "gem: --no-ri --no-rdoc" > ~/.gemrc
	gem install bundler

	# Configure GIT
	git config --global color.ui true
	git config --global user.name "<YourGitName>"
	git config --global user.email "<YourEmail>"
	eval "$(ssh-agent -s)"
	ssh-keygen -t rsa -C "[email protected]"
	sudo chmod 400 ~/.ssh/id_rsa
	ssh-add ~/.ssh/id_rsa
	ssh-add -l # See if is there
	sudo cat ~/.ssh/id_rsa.pub >> Add to git keys
	ssh -T [email protected]

	// From local terminal `ssh-copy-id -i ~/.ssh/id_rsa.pub deployer@<DROPLET_IP>`
	ssh -T [email protected] # rsa keys pass is a.123b.

	# Add dev keys
	sudo nano ~/.ssh/authorized_keys

	# Secure the server
	sudo chmod 400 ~/.ssh/authorized_keys
	# Port 57321
	# PermitRootLogin yes -> no
	# Grace 25s
	# AllowUsers deployer root dokku
	# PasswordAuthentication no
	sudo nano /etc/ssh/sshd_config
	sudo service ssh restart

	# Allow deployer to tinker with nginx without sudo
	$ sudo visudo -f /etc/sudoers.d/deployer
	# add the lines
	deployer ALL = (root) NOPASSWD: /usr/sbin/nginx -s reload

	# Setup oh-my-fish
	git clone git://github.com/bpinto/oh-my-fish.git ~/.oh-my-fish
	cp ~/.oh-my-fish/templates/config.fish ~/.config/fish/config.fish
	nano ~/.config/fish/config.fish << Put server defaults in

	# Configure Nginx
	sudo ln -s /opt/nginx/ /etc/nginx # links the nginx executable into etc
	cd /etc/init.d; sudo touch nginx_start.sh
	echo "#!/bin/bash\nsudo /etc/init.d/nginx start" >> /etc/init.d/nginx_start.sh
	sudo chmod +x /etc/init.d/nginx_start.sh
	sudo update-rc.d nginx_start.sh defaults

	# SSL
	cd /etc/ssl/
	openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
	openssl rsa -passin pass:x -in server.pass.key -out server.key
	rm server.pass.key
	openssl req -new -key server.key -out server.csr

	## Self signed
	openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

	# after deploy:cold
	rm /etc/nginx/sites-enabled/default
	service nginx restart
	update-rc.d -f unicorn_nordenhealth defaults

	# For a rails 4+ app set the secret token
	rake secret #copy the string
	sudo nano /etc/environment
	# export SECRET_KEY_BASE=<rake secret>
	# ruby -e 'p ENV["SECRET_KEY_BASE"]'

	# Configure production server for git usability
	nano ~/.ssh/config
	# Host <Server_IP>
	# ForwardAgent yes

	# COMMON ERRORS:
	+ See if environment gets secret keybase in secrets.yml and has it in env
	+ See if all shared folders exist (log, system, pids)
	+ See if environment file is copied from production but considers all requests local
	+ For staging, add to environment: staing.rb
	# config.serve_static_assets = false
	# config.assets.compile = false
	# config.assets.digest = true