Last active
September 13, 2016 23:27
-
-
Save murparreira/3f7026e0f2e33f4c24504f30037d41dc to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| =========== Login como usuário root =========== | |
| # Gerar locale pt_BR.UTF-8 se não existir | |
| sudo locale-gen pt_BR.UTF-8 | |
| # Exportar as variáveis de locale | |
| export LANGUAGE=pt_BR.UTF-8 | |
| export LANG=pt_BR.UTF-8 | |
| export LC_ALL=pt_BR.UTF-8 | |
| # Configurar timezone | |
| sudo dpkg-reconfigure tzdata | |
| # Atualizar droplet | |
| sudo apt-get update && sudo apt-get upgrade -y | |
| # Instalar dependências | |
| sudo apt-get install curl build-essential openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev libgmp-dev autoconf libc6-dev ncurses-dev automake libtool bison | |
| sudo apt-get install libgdbm-dev libncurses5-dev automake libtool bison libffi-dev | |
| # Aqui se aplica a VPS que não é a AMAZON, pois se usa o usuário normal ubuntu | |
| # Gerar usuário deploy | |
| adduser deploy | |
| gpasswd -a deploy sudo | |
| # Retirar permissão de login root por ssh | |
| nano /etc/ssh/sshd_config | |
| - Mudar PermitRootLogin yes para no | |
| - Mudar porta ssh de 22 para outra | |
| # Reiniciar serviço SSH | |
| service ssh restart | |
| =========== Executar na Máquina Local =========== | |
| ssh-copy-id deploy@SERVER_IP_ADDRESS | |
| =========== =========== =========== =========== | |
| =========== Login como usuário deploy/ubuntu =========== | |
| # Instalar RVM | |
| gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 | |
| curl -L https://get.rvm.io | bash -s stable | |
| source ~/.rvm/scripts/rvm | |
| # Instalar Ruby | |
| rvm install 2.3.1 | |
| # Instalar Bundler | |
| gem install bundler --no-ri --no-rdoc | |
| # Instalar Postgresql | |
| sudo apt-get install postgresql postgresql-contrib libpq-dev | |
| sudo -u postgres createuser -s pguser | |
| sudo -u postgres psql | |
| \password pguser | |
| \q | |
| # Gerar chaves ssh publicas para adicionar ao repositório | |
| ssh-keygen | |
| # Copiar a chave publica para o deployment keys do seu repositorio | |
| # Clonar seu repositório para a home do usuário deploy/ubuntu | |
| git clone url_do_repositorio | |
| # Rodar o bundle install dentro do projeto | |
| cd projeto | |
| bundle install | |
| # Gerar o secret e substituir | |
| rake secret | |
| nano config/secrets.yml | |
| # Mudar os dados do banco | |
| nano config/database.yml | |
| # Clonar repositório do certificado SSL | |
| sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt | |
| # Instalar o nginx | |
| sudo apt-get install nginx | |
| sudo nano /etc/nginx/sites-available/default | |
| - Mudar o conteúdo para | |
| upstream app { | |
| # Path to Puma SOCK file, as defined previously | |
| server unix:/home/deploy/ingrediente/shared/sockets/puma.sock fail_timeout=0; | |
| } | |
| server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server ipv6only=on; | |
| server_name ingredientesn.com.br; | |
| return 301 https://$host$request_uri; | |
| } | |
| server { | |
| listen 443 ssl; | |
| ssl_certificate /etc/letsencrypt/live/ingredientesn.com.br/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/ingredientesn.com.br/privkey.pem; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_prefer_server_ciphers on; | |
| ssl_dhparam /etc/ssl/certs/dhparam.pem; | |
| ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; | |
| ssl_session_timeout 1d; | |
| ssl_session_cache shared:SSL:50m; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| add_header Strict-Transport-Security max-age=15768000; | |
| root /home/deploy/ingrediente/public; | |
| try_files $uri/index.html $uri @app; | |
| location @app { | |
| proxy_pass http://app; | |
| proxy_set_header X_FORWARDED_PROTO https; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $http_host; | |
| proxy_redirect off; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| } | |
| location ~ /.well-known { | |
| allow all; | |
| } | |
| error_page 500 502 503 504 /500.html; | |
| client_max_body_size 4G; | |
| keepalive_timeout 10; | |
| } | |
| # Gerar os certificados | |
| cd /opt/letsencrypt | |
| ./letsencrypt-auto certonly -a webroot --webroot-path=/home/deploy/ingrediente/public -d ingredientesn.com.br | |
| sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 | |
| # Auto renovar os certificados | |
| sudo crontab -e | |
| 30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log | |
| 35 2 * * 1 /etc/init.d/nginx reload | |
| # Reiniciar o nginx | |
| sudo service nginx restart | |
| # Configurar o puma | |
| nano config/puma.rb | |
| - Modificar para: | |
| # Change to match your CPU core count | |
| workers 2 | |
| # Min and Max threads per worker | |
| threads 1, 6 | |
| app_dir = File.expand_path("../..", __FILE__) | |
| shared_dir = "#{app_dir}/shared" | |
| # Default to production | |
| rails_env = ENV['RAILS_ENV'] || "production" | |
| environment rails_env | |
| # Set up socket location | |
| bind "unix://#{shared_dir}/sockets/puma.sock" | |
| # Logging | |
| stdout_redirect "#{shared_dir}/log/puma.stdout.log", "#{shared_dir}/log/puma.stderr.log", true | |
| # Set master PID and state locations | |
| pidfile "#{shared_dir}/pids/puma.pid" | |
| state_path "#{shared_dir}/pids/puma.state" | |
| activate_control_app | |
| on_worker_boot do | |
| require "active_record" | |
| ActiveRecord::Base.connection.disconnect! rescue ActiveRecord::ConnectionNotEstablished | |
| ActiveRecord::Base.establish_connection(YAML.load_file("#{app_dir}/config/database.yml")[rails_env]) | |
| end | |
| mkdir -p shared/pids shared/sockets shared/log | |
| cd ~ | |
| wget https://raw.githubusercontent.com/puma/puma/master/tools/jungle/upstart/puma-manager.conf | |
| wget https://raw.githubusercontent.com/puma/puma/master/tools/jungle/upstart/puma.conf | |
| nano puma.conf | |
| - Mudar setuid deploy | |
| - Mudar setgid deploy | |
| sudo cp puma.conf puma-manager.conf /etc/init | |
| sudo nano /etc/puma.conf | |
| - Adicionar /home/deploy/ingrediente | |
| # Commandos para o puma | |
| sudo start puma-manager | |
| sudo stop puma-manager | |
| sudo restart puma-manager |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment