Last active
February 19, 2018 22:17
-
-
Save sdrew/2ed58ed5606c5c76f3de to your computer and use it in GitHub Desktop.
DigitalOcean Setup - Basic server with swap, fail2ban, ufw and ntp. Install git, rbenv / ruby, postgresql, nginx.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt-get update | |
| apt-get upgrade | |
| apt-get dist-upgrade | |
| # /var/run/reboot-required ? | |
| adduser $USER | |
| # usermod -a -G www-data $USER | |
| # Setup ~/.ssh/authorized_keys | |
| # /usr/sbin/visudo | |
| # $USER ALL=(ALL:ALL) ALL | |
| swapon -s | |
| dd if=/dev/zero of=/swapfile bs=1024 count=512k | |
| chown root:root /swapfile | |
| chmod 0600 /swapfile | |
| mkswap /swapfile | |
| swapon /swapfile | |
| echo 0 > /proc/sys/vm/swappiness | |
| vi /etc/fstab | |
| # /swapfile none swap sw 0 0 | |
| apt-get install fail2ban | |
| cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
| # vi /etc/fail2ban/jail.local | |
| apt-get install ufw | |
| uwf status | |
| ufw default deny incoming | |
| ufw default allow outgoing | |
| ufw allow ssh | |
| # ufw allow http | |
| # ufw allow https | |
| ufw enable | |
| # vi /etc/ssh/sshd_config | |
| # PasswordAuthentication no | |
| apt-get install ntp | |
| # cp /usr/share/zoneinfo/America/Los_Angeles /etc/localtime | |
| dpkg-reconfigure tzdata | |
| # vi /etc/ntp.conf | |
| # service ntp restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apt-get install git-core | |
| apt-get install build-essential autoconf libssl-dev libyaml-dev libreadline6 libreadline6-dev zlib1g zlib1g-dev | |
| git clone git://github.com/sstephenson/rbenv.git /usr/local/rbenv | |
| echo '# rbenv setup' > /etc/profile.d/rbenv.sh | |
| echo 'export RBENV_ROOT=/usr/local/rbenv' >> /etc/profile.d/rbenv.sh | |
| echo 'export PATH="$RBENV_ROOT/bin:$PATH"' >> /etc/profile.d/rbenv.sh | |
| echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh | |
| chmod +x /etc/profile.d/rbenv.sh | |
| source /etc/profile.d/rbenv.sh | |
| mkdir /usr/local/rbenv/plugins/ | |
| git clone git://github.com/sstephenson/ruby-build.git /usr/local/rbenv/plugins/ruby-build | |
| rbenv install 2.0.0-p247 | |
| rbenv global 2.0.0-p247 | |
| rbenv rehash | |
| apt-get install postgresql postgresql-contrib libpq-dev | |
| # su - postgres | |
| # createuser --pwprompt $USER | |
| # createdb --owner $USER $DB | |
| apt-get install mysql-server | |
| # mysql_secure_installation | |
| apt-get install nginx | |
| # openssl req -nodes -newkey rsa:2048 -keyout $SERVER.key -out $SERVER.csr | |
| # Ubuntu 14 | |
| apt-get install apache2-mpm-event apache2-utils libapache2-mod-fastcgi | |
| # Ubuntu 16 | |
| apt-get install apache2 | |
| # chown -R www-data:www-data /var/www | |
| # chmod -R 660 /var/www | |
| # find '/var/www' -type d -exec chmod 2770 {} + | |
| # Ubuntu 14 | |
| apt-get install php5-fpm php5-mbstring php5-mcrypt php5-intl php5-xml php5-mysqlnd php5-gd php5-curl php-pear mcrypt | |
| # Ubuntu 16 | |
| apt-get install php-fpm php-mbstring php-mcrypt php-intl php-xml php-mysqlnd php-gd php-curl php-pear mcrypt | |
| # Ubuntu 16 - PHP 5.6 | |
| add-apt-repository ppa:ondrej/php | |
| apt-get update | |
| apt-get install php5.6-fpm php5.6-mbstring php5.6-mcrypt php5.6-intl php5.6-xml php5.6-mysqlnd php5.6-gd php5.6-curl php-pear mcrypt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget https://dl.eff.org/certbot-auto | |
| chmod 770 certbot-auto | |
| ./certbot-auto certonly --non-interactive --webroot --agree-tos --email [email protected] --webroot-path /var/www/html/public --domains example.com,www.example.com | |
| # crontab -e | |
| # 5 3 * * * /root/certbot/certbot-auto renew --quiet >> /var/log/certbot-renew.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [client] | |
| default-character-set = utf8mb4 | |
| [mysql] | |
| default-character-set = utf8mb4 | |
| [mysqld] | |
| character-set-client-handshake = FALSE | |
| character-set-server = utf8mb4 | |
| collation-server = utf8mb4_unicode_ci | |
| init-connect='SET NAMES utf8mb4' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment