-
-
Save sivicencio/53d78b63df2bee321a55152c5aa8f73e to your computer and use it in GitHub Desktop.
Server configuration for a rails application (Ubuntu 14.04)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # User: ubuntu | |
| sudo apt-get update | |
| sudo apt-get upgrade | |
| # Access keys | |
| vim .ssh/authorized_keys | |
| # Hostname | |
| sudo vim /etc/hostname | |
| sudo vim /etc/hosts | |
| sudo service hostname restart | |
| # SSH Hardening | |
| sudo vim /etc/ssh/sshd_config | |
| PermitRootLogin no | |
| AllowAgentForwarding yes | |
| sudo service ssh restart | |
| # Add deploy user as sudoer with access keys | |
| sudo adduser deploy --gecos "" --disabled-password | |
| sudo cp -R .ssh/ /home/deploy/ | |
| sudo chown -R deploy:deploy /home/deploy/ | |
| sudo visudo | |
| deploy ALL=(ALL) NOPASSWD:ALL | |
| # Set Timezone | |
| sudo apt-get install tzdata | |
| sudo dpkg-reconfigure tzdata | |
| America/santiago | |
| sudo reboot | |
| # User deploy | |
| # Install Postgresql 9.4 | |
| sudo vim /etc/apt/sources.list.d/pgdg.list | |
| deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main | |
| wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - | |
| sudo apt-get update | |
| sudo apt-get install postgresql-9.4 postgresql-contrib-9.4 | |
| sudo pg_createcluster 9.4 main --start | |
| sudo -u postgres psql | |
| CREATE USER deploy SUPERUSER ENCRYPTED PASSWORD '<deploy_user_password>'; | |
| \q | |
| sudo vim /etc/postgresql/9.4/main/postgresql.conf | |
| shared_buffers = 128MB # 1/4 of total memory | |
| shared_preload_libraries = 'pg_stat_statements' | |
| sudo service postgresql restart | |
| # Install latest Nginx stable version | |
| sudo add-apt-repository ppa:nginx/stable | |
| sudo apt-get update | |
| sudo apt-get install nginx nginx-extras | |
| # Install RVM with latest Ruby stable version | |
| gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 | |
| \curl -sSL https://get.rvm.io | bash -s stable --ruby | |
| source /home/deploy/.rvm/scripts/rvm | |
| rvm gemset create <project-gemset> | |
| gem install bundler --no-ri --no-rdoc | |
| # Install latest Redis server | |
| wget http://download.redis.io/releases/redis-3.0.1.tar.gz | |
| tar xzf redis-3.0.1.tar.gz | |
| cd redis-3.0.1 | |
| make | |
| sudo make install | |
| sudo utils/install_server.sh | |
| cd .. | |
| rm -rf redis-3.0.1* | |
| # Install Passenger | |
| sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 561F9B9CAC40B2F7 | |
| sudo apt-get install apt-transport-https ca-certificates | |
| sudo vim /etc/apt/sources.list.d/passenger.list | |
| deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main | |
| sudo apt-get update | |
| sudo apt-get install passenger | |
| # Install Memcached | |
| sudo apt-get install memcached | |
| # Install common Rails dependencies | |
| sudo apt-get install git libpq-dev nodejs-dev imagemagick | |
| # Add Github.com to .known_hosts for capistrano | |
| ssh github.com | |
| # Add common environment variables | |
| sudo vim /etc/environment | |
| REDIS_HOST | |
| REDIS_PORT | |
| REDIS_DB | |
| DB_HOSTNAME | |
| DB_PORT | |
| DB_DBNAME | |
| DB_USERNAME | |
| DB_PASSWORD | |
| SECRET_KEY_BASE | |
| # Fail2ban | |
| sudo apt-get install fail2ban -y | |
| sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local | |
| sudo service fail2ban stop && sudo service fail2ban start | |
| sudo iptables -S |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment