Created
September 17, 2012 04:35
-
-
Save girasquid/3735571 to your computer and use it in GitHub Desktop.
How I deploy my side projects
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -L http://path-to-setup.sh | bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Dependencies | |
| apt-get update | |
| apt-get install redis-server memcached git-core build-essential postgresql ruby1.9.3 -y | |
| # Ruby 1.9.3 comes with a pretty new gem, so we I didn't bother doing a system update. | |
| gem install bundler | |
| apt-get install libpq-dev -y # for ruby postgresql bindings | |
| apt-get install libxslt-dev libxml2-dev -y # for nokogiri | |
| # database | |
| sudo -u postgres psql template1 -c "CREATE USER myapp WITH PASSWORD 'myapp';" | |
| sudo -u postgres psql template1 -c "CREATE DATABASE myapp;" | |
| sudo -u postgres psql template1 -c "GRANT ALL PRIVILEGES ON DATABASE myapp TO myapp;" | |
| # Deployment account | |
| useradd app -m -s /bin/bash | |
| mkdir /home/app/.ssh | |
| cat > /home/app/.ssh/authorized_keys <<EOF | |
| # keys go here; make sure you fill this in or you'll lock yourself out of your server | |
| EOF | |
| cat >> /etc/sudoers <<EOF | |
| app ALL=NOPASSWD: ALL | |
| EOF | |
| # Codebase | |
| cd /home/app | |
| git clone [email protected]:girasquid/app.git | |
| cd app | |
| bundle install --deployment --without development test | |
| cat > .env <<EOF | |
| DATABASE_URL=postgres://myapp:[email protected]/myapp | |
| EOF | |
| bundle exec foreman export upstart /etc/init -a app -c web=1,worker=3,scheduler=1 -u app -f Procfile.production | |
| bundle exec foreman start -f Procfile.production | |
| # does your db migrations | |
| start app # Now upstart service will be up and running for nginx to talk to | |
| ## Nginx | |
| apt-get install nginx -y | |
| cat > /etc/nginx/sites-enabled/default <<EOF | |
| upstream unicorns { | |
| server 127.0.0.1:5000; | |
| } | |
| server { | |
| server_name _; | |
| client_max_body_size 30m; | |
| location / { | |
| root /home/app/app/public; | |
| try_files \$uri @fallback; | |
| } | |
| location @fallback { | |
| proxy_pass http://unicorns; | |
| } | |
| } | |
| EOF | |
| /etc/init.d/nginx start | |
| chown -R app:app /home/app | |
| # Lock down SSH, by turning off root login and password authentication (you *did* make sure to set | |
| # up your public keys, right?) | |
| cat > /etc/ssh/sshd_config <<EOF | |
| Port 22 | |
| Protocol 2 | |
| HostKey /etc/ssh/ssh_host_rsa_key | |
| HostKey /etc/ssh/ssh_host_dsa_key | |
| HostKey /etc/ssh/ssh_host_ecdsa_key | |
| UsePrivilegeSeparation yes | |
| KeyRegenerationInterval 3600 | |
| ServerKeyBits 768 | |
| SyslogFacility AUTH | |
| LogLevel INFO | |
| LoginGraceTime 120 | |
| PermitRootLogin no | |
| StrictModes yes | |
| RSAAuthentication yes | |
| PubkeyAuthentication yes | |
| IgnoreRhosts yes | |
| RhostsRSAAuthentication no | |
| HostbasedAuthentication no | |
| PermitEmptyPasswords no | |
| ChallengeResponseAuthentication no | |
| PasswordAuthentication no | |
| X11Forwarding yes | |
| X11DisplayOffset 10 | |
| PrintMotd no | |
| PrintLastLog yes | |
| TCPKeepAlive yes | |
| AcceptEnv LANG LC_* | |
| Subsystem sftp /usr/lib/openssh/sftp-server | |
| UsePAM yes | |
| EOF | |
| restart ssh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment