Skip to content

Instantly share code, notes, and snippets.

@ruanltbg

ruanltbg/LAMP.md

Last active August 1, 2016 13:59
Show Gist options
  • Save ruanltbg/4060965 to your computer and use it in GitHub Desktop.
Save ruanltbg/4060965 to your computer and use it in GitHub Desktop.
Download ZIP
Set up of a Rails + Nginx + Unicorn OR LAMP in Ubuntu
Raw
LAMP.md

Apache

$ sudo apt-get update
$ sudo apt-get install apache2
# activate mod_rewrite
$ sudo a2enmod rewrite
#restart
$ sudo service apache2 restart

Mysql

$ sudo apt-get install mysql-server libapache2-mod-auth-mysql php5-mysql
# it will ask for password
$ sudo mysql_install_db
$ sudo /usr/bin/mysql_secure_installation

PHP

$ sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt
$ sudo vim /etc/apache2/mods-enabled/dir.conf
# add index.php in first
  # DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
$ sudo service apache2 restart

PHP modules

$ sudo apt-get install php5-suhosin php5-common php5-curl php5-gd

Virtual Host

# if has no symlink between /var/www and /srv/www
$ sudo ln -s /var/www/ /srv/www
$ chmod -R 755 /srv/www

$ cd /srv/www
$ sudo mkdir site.com.br
$ sudo chown -R www-data:www-data site.com.br
$ sudo chmod -R 775 site.com.br

$ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/site.com.br
$ sudo vim /etc/apache2/sites-available/site.com.br

<VirtualHost *:80>
ServerAdmin [email protected]
ServerName site.com.br
ServerAlias www.site.com.br
DocumentRoot /var/www/site.com.br
[...]

$ sudo a2ensite site.com.br
$ sudo service apache2 reload

Setting the default unmask

$ sudo vim /etc/apache2/envvars 

# umask 002 to create files with 0664 and folders with 0775
umask 002

Mysql

$ mysql -u root - p
mysql> create database [database_name];
mysql> CREATE USER 'user_name'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON database_name.* TO 'user_name'@'localhost' WITH GRANT OPTION;
mysql> flush privileges;
Raw
new_service.md

Add DNS domain

$ cd /srv/www/
$ sudo mkdir site.com.br
$ sudo chown -R www-data:www-data site.com.br
$ sudo chmod -R 775 site.com.br
$ sudo vim /etc/apache2/sites-available/site.com.br

<VirtualHost *:80>
    ServerAdmin [email protected]
    #
    ServerName site.com.br
    ServerAlias site.com
    ServerAlias www.site.com.br
    ServerAlias www.site.com
    #
    DocumentRoot /srv/www/site.com.br/
    #
    <Directory />
        Options FollowSymLinks
        AllowOverride All
    </Directory>
    #
    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    #
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>
    #
    ErrorLog /srv/www/site.com.br/error.log
    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
    CustomLog /srv/www/site.com.br/access.log combined
</VirtualHost>

$ sudo a2ensite site.com.br
$ sudo service apache2 reload
$ sudo ln -s /srv/www/site.com.br/ /home/barp/site.com.br
$ mysql -u root -p

mysql> create database [database_name];
mysql> CREATE USER 'user_name'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON database_name.* TO 'user_name'@'localhost' WITH GRANT OPTION;
mysql> flush privileges;
mysql> exit;
Raw
rails_install.md

Add necessary libs

$ sudo apt-get install autoconf automake autotools-dev build-essential bison bzip2 curl git libreadline5 libsqlite3-0 sqlite3 libsqlite3-dev libxml2-dev libmysqlclient-dev libreadline-gplv2-dev libruby openssl libssl-dev zlib1g zlib1g-dev zlibc vim libv8-dev nodejs libmysqlclient-dev libcurl3 libcurl3-gnutls libcurl4-openssl-dev
# Add rvm
$ \curl -sSL https://get.rvm.io | bash
# Add rvm initializer in .bashrc
$ echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && . "$HOME/.rvm/scripts/rvm" # Load RVM function' >> ~/.bashrc || source ~/.bashrc
# initializing rvm
$ source ~/.rvm/scripts/rvm
# installing requirements
$ rvm requirements

In case of error of ssh on cloning gems

$ rvm remove 1.9.3 (or whatever version of ruby you are using)
$ rvm pkg install openssl
$ rvm install 1.9.3 --with-openssl-dir=$rvm_path/usr

In case of error of the ruby racer / Google V8 / Nodejs

$ apt-get install python g++ make
$ mkdir ~/nodejs && cd $_
$ wget -N http://nodejs.org/dist/node-latest.tar.gz
$ tar xzvf node-latest.tar.gz && cd `ls -rd node-v*`
$ ./configure
$ make install
Raw
server.md

Content

  • Initial Server Setup
  • Install Fail2ban
  • Setup firewall
  • Install mysql

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-12-04

Initial Server Setup

1 - login in the server

$ ssh root@ip

2 - change root password

$ passwd

3 - create new user

$ /usr/sbin/adduser user_name

4 - install gvim

$ apt-get install vim-gnome

5 - give the user root privileges

$ visudo

#set the new user

user_name ALL=(ALL:ALL) ALL

6 - configure ssh

$ vim /etc/ssh/sshd_config

Port xxxx

Protocol 2

PermitRootLogin no

#add it at the bottom

UseDNS no

AllowUsers user_name #replace user_name with your username

Now reload the ssh

$ reload ssh

Install Fail2Ban

https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-12-04

$ sudo apt-get install fail2ban
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
$ sudo vi /etc/fail2ban/jail.local

[ssh]

enabled = true

port = xxxx # port setted in sshd_config

filter = sshd

logpath = /var/log/auth.log

maxretry = 6

restart fail2ban

$ sudo service fail2ban restart

Setup firewall

https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-ip-tables-on-ubuntu-12-04

# Prevent killing ourself
$ sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# open ssh and web trafic port - xxxx is the port setted in sshd_config
$ sudo iptables -A INPUT -p tcp --dport xxxx -j ACCEPT
$ sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# block all remaning trafic
$ sudo iptables -A INPUT -j DROP
# add loopback inteface (in first position)
$ sudo iptables -I INPUT 1 -i lo -j ACCEPT

Saving and restoring IP tables.

$ sudo apt-get install iptables-persistent
# yes for ipv4 and ipv6
# start iptables persistent
$ sudo service iptables-persistent start

nginx

https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-12-04-lts-precise-pangolin

$ sudo apt-get install nginx
$ sudo service nginx start
# start nginx after reboot
$ update-rc.d nginx defaults

unicorn

extra

Htop

Htop is a process viewer

$ sudo apt-get install htop
Raw
server_commands.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment