Skip to content

Instantly share code, notes, and snippets.

@janetruluck

janetruluck/app_and_db_server.sh

Last active May 26, 2020 13:49
Show Gist options
  • Save janetruluck/6088896 to your computer and use it in GitHub Desktop.
Save janetruluck/6088896 to your computer and use it in GitHub Desktop.
Download ZIP
Sets up a SINGLE linode with application and database configuration.
Raw
app_and_db_server.sh
#!/bin/bash
## Please modify and use at your leisure!
## This script installs:
##
## -RVM
## -Ruby 1.9.3
## -Postgresql 9.2
## -Nginx
## -Postfix
## -Redis 2.4.16
##
## This will also setup basic security for the system including:
## -add deploy user
## -setup SSH key pair
## -disable ssh password auth and root login
## -create firewall settings
## -install fail2ban
##
## Due to the nature of the script and some of the commands it is minimally
## interactive, although some commands (i.e. adding users) require user
## user interaction.
##
## Since it is assumed that git will not be available before this script
## is used you need to copy the script using your favorite text editor
## then mark it executable and run it I.E:
## vim setup.sh
## paste script
## chmod +x setup.sh && ./setup.sh
## Enjoy!
# DEFAULTS
LOGFILE="/var/log/server-install.log"
PUBLIC_IP=`curl ifconfig.me 2>/dev/null | egrep -o "[0-9\.]*"`
FIREWALL_RULES_GIST="https://gist.github.com/jasontruluck/02eb2fcd40a088bf8cce/download"
REDIS_URL="http://redis.googlecode.com/files/redis-2.4.16.tar.gz"
declare -a rubyVersions=('1.9.3')
RUBY_DEFAULT="1.9.3"
# Colors
ESC_SEQ="\x1b["
RESET=$ESC_SEQ"39;49;00m"
RED=$ESC_SEQ"31;01m"
GREEN=$ESC_SEQ"32;01m"
YELLOW=$ESC_SEQ"33;01m"
BLUE=$ESC_SEQ"34;01m"
MAGENTA=$ESC_SEQ"35;01m"
CYAN=$ESC_SEQ"36;01m"
# Create Log
echo -en "$YELLOW Creating Log: $LOGFILE$RESET"
touch $LOGFILE
echo -e "\r$GREEN Creating Log: $LOGFILE$RESET"
# Update apt-get
echo -en "$YELLOW Updating apt-get$RESET"
sudo apt-get update -y >> $LOGFILE
echo -e "\r$GREEN Updating apt-get$RESET"
# Install dependencies
echo -en "$YELLOW Install dependencies$RESET"
sudo apt-get install curl -y >> $LOGFILE
sudo apt-get install build-essential -y >> $LOGFILE
sudo apt-get install openssl -y >> $LOGFILE
sudo apt-get install libreadline6 -y >> $LOGFILE
sudo apt-get install libreadline6-dev -y >> $LOGFILE
sudo apt-get install git-core -y >> $LOGFILE
sudo apt-get install zlib1g -y >> $LOGFILE
sudo apt-get install zlib1g-dev -y >> $LOGFILE
sudo apt-get install libssl-dev -y >> $LOGFILE
sudo apt-get install libyaml-dev -y >> $LOGFILE
sudo apt-get install libsqlite3-dev -y >> $LOGFILE
sudo apt-get install libxml2-dev -y >> $LOGFILE
sudo apt-get install libxslt-dev -y >> $LOGFILE
sudo apt-get install autoconf -y >> $LOGFILE
sudo apt-get install libc6-dev -y >> $LOGFILE
sudo apt-get install ncurses-dev -y >> $LOGFILE
sudo apt-get install automake -y >> $LOGFILE
sudo apt-get install libtool -y >> $LOGFILE
sudo apt-get install bison -y >> $LOGFILE
sudo apt-get install pkg-config -y >> $LOGFILE
sudo apt-get install python-software-properties -y >> $LOGFILE
sudo apt-get install tcl8.5 -y >> $LOGFILE
echo -e "\r$GREEN Install dependencies$RESET"
echo -en "$YELLOW Add PPAs: $LOGFILE$RESET"
sudo add-apt-repository ppa:nginx/stable
sudo add-apt-repository ppa:pitti/postgresql
sudo add-apt-repository ppa:chris-lea/node.js
echo -e "\r$GREEN Add PPas: $LOGFILE$RESET"
# Update apt-get
echo -en "$YELLOW Updating apt-get$RESET"
sudo apt-get update -y >> $LOGFILE
echo -e "\r$GREEN Updating apt-get$RESET"
echo -en "$YELLOW Install Node$RESET"
sudo apt-get install nodejs -y >> $LOGFILE
echo -e "\r$GREEN Install Node$RESET"
echo -e "$YELLOW Setting up deploy user$RESET"
adduser deploy
usermod -a -G sudo deploy
echo -e "\r$GREEN Setting up deploy user$RESET"
# Get RVM
echo -en "$YELLOW Installing RVM$RESET"
curl --silent -L get.rvm.io | bash -s stable --auto >> $LOGFILE
echo -e "\r$GREEN Installing RVM$RESET"
# Source Bash
echo -en "$YELLOW Sourcing Bash$RESET"
# Load RVM into a shell session *as a function*
if [[ -s "$HOME/.rvm/scripts/rvm" ]] ; then
# First try to load from a user install
. "$HOME/.rvm/scripts/rvm"
elif [[ -s "/usr/local/rvm/scripts/rvm" ]] ; then
# Then try to load from a root install
. "/usr/local/rvm/scripts/rvm"
else
printf "ERROR: An RVM installation was not found.\n"
fi
echo -e "\r$GREEN Sourcing Bash$RESET"
# install Ruby
for item in ${rubyVersions[@]}
do
echo -en "$YELLOW Installing Ruby $item $RESET"
rvm install $item >> $LOGFILE
echo -e "\r$GREEN Installing Ruby $item $RESET"
done
# Set default ruby
echo -en "$YELLOW Using Default Ruby: $RUBY_DEFAULT$RESET"
rvm --default use $RUBY_DEFAULT >> $LOGFILE
echo -e "\r$GREEN Using Default Ruby: $RUBY_DEFAULT$RESET"
# Install Nginx
echo -en "$YELLOW Installing Nginx$RESET"
sudo apt-get install nginx -y >> $LOGFILE
sudo service nginx start
echo -e "\r$GREEN Installing Nginx$RESET"
# Install Postgresql
echo -en "$YELLOW Installing Postgres$RESET"
sudo apt-get install postgresql-9.2 -y >> $LOGFILE
sudo apt-get install postgresql-client-9.2 -y >> $LOGFILE
sudo apt-get install postgresql-contrib-9.2 -y >> $LOGFILE
sudo apt-get install postgresql-server-dev-9.2 -y >> $LOGFILE
sudo apt-get install libpq-dev -y >> $LOGFILE
echo -e "\r$GREEN Installing Postgres$RESET"
# Setting Up Postgres
echo -e "$YELLOW Setting Up Postgres$RESET"
# Add a user named "deploy" with super user priveleges
echo "Enter Password to use for deploy User [This should be very strong AND you will use this in your database.yml]"
read deployPass
sudo -u postgres psql -d template1 -U postgres -c "CREATE USER deploy;" >> $LOGFILE
sudo -u postgres psql -d template1 -U postgres -c "ALTER USER deploy WITH SUPERUSER;" >> $LOGFILE
sudo -u postgres psql -d template1 -U postgres -c "ALTER USER deploy with password '$deployPass';" >> $LOGFILE
# Change Postgres User Password
echo "Enter Password to use for Postgres User [This should be very strong]"
read pgPass
sudo -u postgres psql -d template1 -U postgres -c "ALTER USER postgres with password '$pgPass'"
echo -e "\r$GREEN Setting Up Postgres$RESET"
# Setting Up Postfix
echo -en "$YELLOW Installing Postfix$RESET"
sudo apt-get install telnet -y >> $LOGFILE
sudo apt-get install postfix -y >> $LOGFILE
echo -e "\r$GREEN Installing Postfix$RESET"
# Setting Up Redis
echo -en "$YELLOW Installing Redis (this may take a minute)$RESET"
wget -q $REDIS_URL >> $LOGFILE
tar xzf redis-2.4.16.tar.gz >> $LOGFILE
cd redis-2.4.16
make >> $LOGFILE
make test >> $LOGFILE
sudo make install >> $LOGFILE
cd utils && sudo ./install_server.sh && sudo update-rc.d redis_6379 defaults
echo -e "\r$GREEN Installing Redis (this may take a minute)$RESET"
#Configure Git
echo -e "$CYAN Enter a email address to associate with git$RESET"
read gitEmail
echo -e "$CYAN Enter a name to associate with git$RESET"
read gitName
git config --global user.email $gitEmail
git config --global user.name $gitName
echo -e "$GREEN Git Configured$RESET"
# Setup Bash
echo -e "$YELLOW Setup bash for deploy user$RESET"
cp /root/.bashrc /home/deploy/
chown deploy:deploy /home/deploy/.bashrc
echo -e "\r$GREEN Setup bash for deploy user$RESET"
# Setup SSH Keys
echo -e "$GREEN Setting up SSH keys$RESET"
mkdir /home/deploy/.ssh
chown -R deploy:deploy /home/deploy/.ssh
echo -e "$CYAN Please transfer your local SSH key from your computer using the following command:$RESET"
echo -e "$CYAN scp ~/.ssh/id_rsa.pub deploy@$PUBLIC_IP:/home/deploy/.ssh/authorized_keys$RESET"
echo -e "$CYAN Press [Enter] when complete$RESET"
read
chown -R deploy:deploy /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
chmod 600 /home/deploy/.ssh/authorized_keys
# Update SSH Config
echo -en "$YELLOW Updating SSH config$RESET"
sudo sed -i -e 's/.*PasswordAuthentication.*/PasswordAuthentication no/g' /etc/ssh/sshd_config
sudo sed -i -e 's/.*PermitRootLogin.*/PermitRootLogin no/g' /etc/ssh/sshd_config
sudo service ssh restart >> $LOGFILE
echo -e "\r$GREEN Updating SSH config$RESET"
# Add github to knownhosts
echo -en "$YELLOW Add Github to knownhosts$RESET"
su deploy -c "ssh -T -oStrictHostKeyChecking=no [email protected]" >> $LOGFILE
echo -e "\r$GREEN Add Github to knownhosts$RESET"
# Setup Firewall
echo -en "$YELLOW Settiing up Iptables Firewall$RESET"
wget -q -O firewall $FIREWALL_RULES_GIST >> $LOGFILE
tar --strip-components=1 -xvzf firewall >> $LOGFILE
mv iptables.firewall.rules /etc/
mv firewall /etc/network/if-pre-up.d/
sudo iptables-restore < /etc/iptables.firewall.rules
sudo chmod +x /etc/network/if-pre-up.d/firewall
echo -e "\r$GREEN Settiing up Iptables Firewall$RESET"
# Setup fail2ban
echo -en "$YELLOW Installing fail2ban$RESET"
sudo apt-get install fail2ban -y >> $LOGFILE
echo -e "\r$GREEN Installing fail2ban$RESET"
echo -e "$CYAN ---Result--------------------------------$RESET"
echo -e "$CYAN --Rvm$RESET"
rvm -v
echo -e "$CYAN --Ruby$RESET"
ruby -v
echo -e "$CYAN --Nginx$RESET"
nginx -v
echo -e "$CYAN --Postgresql$RESET"
psql -V
echo -e "$CYAN --Postfix$RESET"
postfix -v
echo -e "$CYAN --Redis Server$RESET"
redis-server -v
echo -e "$CYAN --Users$RESET"
awk -F":" '{ print "username: " $1 "\t\tuid:" $3 }' /etc/passwd
echo -e "$CYAN --Firewall Settings$RESET"
sudo iptables -L
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment