https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04
UPDATED: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
NOTE: The default firewall setup uses ufw, so we'll need OpenSSH, HTTP, HTTPS, 6379 (redis), and possibly something for our MySQL connection): https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands
NOTE: There's a bug with bundler 1.12.0 Downgrading to 1.11.2[https://rubygems.org/gems/bundler/versions/1.11.2] solved this for us. It's already been updated, so the issue may have been resolved.
It's also helpful to do gem install unicorn since we're setting the box up to use it, we're creating an init file.
https://gist.github.com/ideaoforder/411c1a359dd9dcdbbdf9831a26cd955b
sudo update-rc.d unicorn defaults
Rackspace's default iptables setup is overly aggressive, so we'll tune it by installing iptables-persistent
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
sudo apt-get install iptables-persistent
sudo invoke-rc.d iptables-persistent save
This will create two files /etc/iptables/rules.ipv4 and /etc/iptables/rules.ipv6.
These can both be replaced with this: https://gist.github.com/ideaoforder/6b802483873b4f12827ea378aca67551
We also want to be sure to copy whiplashmerch.com.crt, whiplashmerch.com.key, and whiplashmerch.com.pem to the server.
Set the PEM file's permissions:
chown root:root /etc/ssl/certs/whiplashmerch.com.pem
chmod 700 /etc/ssl/certs/whiplashmerch.com.pem