$ sudo add-apt-repository ppa:webupd8team/java
$ sudo apt-get update
$ sudo apt-get install oracle-java8-installer
Check if Java is running:
$ java -version
You should see something like this:
java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)
TeamCity supports Postgres, MySQL, MS SQL, Oracle and the Default internal DB. Lets use Postgres in production, as it is super stable that is the one I have more experience with.
$ sudo apt-get -y install postgresql postgresql-contrib
After installing PostgreSQL database server, by default it creates a user postgres with role postgres. It also creates a system account with same name postgres. So to connect to postgres server, login to your system as user postgres and connect database.
To start off, we need to set the password of the PostgreSQL user (role) called “postgres�; we will not be able to access the server externally otherwise. As the local “postgres� Linux user, we are allowed to connect and manipulate the server using the psql command.
$ sudo -u postgres psql postgres
Now change the postgres user password:
$ \password postgres
Login on postgres console using postgres account:
$ sudo -u postgres psql
Create database and user for TeamCity
CREATE DATABASE teamcity;
CREATE USER teamcity WITH ENCRYPTED PASSWORD 'teamcity';
GRANT ALL PRIVILEGES ON DATABASE teamcity TO teamcity;
Download TeamCity 2018
$ wget https://download.jetbrains.com/teamcity/TeamCity-2018.1.tar.gz
After downloading the compressed file, unzip it:
$ tar -xzf TeamCity-2018.1.tar.gz
Lets install TeamCity on the opt
folder. We have to move it and set permissions to the user running the TeamCity Application:
$ sudo mkdir /opt/JetBrains
$ sudo mv TeamCity /opt/JetBrains/TeamCity
$ cd /opt/JetBrains/TeamCity
$ sudo chown -R <USER_RUNNING_TEAM_CITY> /opt/JetBrains/TeamCity
Now configure TeamCity to run automatically. create a new cript:
$ sudo nano /etc/init.d/teamcity
Now add this content:
#!/bin/sh
### BEGIN INIT INFO
# Provides: TeamCity autostart
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start teamcity daemon at boot time
# Description: Enable service provided by daemon.
# /etc/init.d/teamcity - startup script for teamcity
### END INIT INFO
# Ensure you enter the right user name that TeamCity will run under
USER="agentuser"
export TEAMCITY_DATA_PATH="/opt/JetBrains/TeamCity/.BuildServer"
case $1 in
start)
start-stop-daemon --start -c $USER --exec /opt/JetBrains/TeamCity/bin/runAll.sh start
;;
stop)
start-stop-daemon --start -c $USER --exec /opt/JetBrains/TeamCity/bin/runAll.sh stop
;;
esac
exit 0
Change the permissions on the script and add it to startup whenever the server start/stop
$ sudo chmod +x /etc/init.d/teamcity
$ sudo update-rc.d teamcity defaults
Download the Postgres Driver
$ cd /opt/JetBrains/TeamCity/.BuildServer/lib/jdbc # create the folder path if does't exist
$ wget https://jdbc.postgresql.org/download/postgresql-9.4.1212.jar
Now start TeamCity:
sudo /etc/init.d/teamcity start
Now go to http://<DOMAIN_OR_IP_ADDRESS>:8111
and setup the first TeamCity Connection
Add a A Record
in your DNS settings pointing your custom domain or subdomain to your VPS IP Address.
install nginx
$ sudo apt-get install nginx
Now create the configuration file for TeamCity be reachable via nginx
$ sudo vim /etc/nginx/sites-available/teamcity
Past the following content:
map $http_upgrade $connection_upgrade {
default upgrade;
'' '';
}
server {
listen 80;
server_name <DOMAIN.COM> www.<DOMAIN.COM>;
proxy_read_timeout 1200;
proxy_connect_timeout 240;
client_max_body_size 0;
location / {
proxy_pass http://localhost:8111/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $server_name:$server_port;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
Create a symlink for the new site (TeamCity) and restart nginx.
$ sudo ln -s /etc/nginx/sites-available/teamcity /etc/nginx/sites-enabled/teamcity
$ sudo service nginx restart
Go to your domain or IP Address. you should see TeamCity running on port 80 (default).
First, install Certbot:
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt update
$ sudo apt install python-certbot-nginx
generate the certificate (wildcard in my case as I am using a subdomain):
$ certbot certonly --manual -d *.<DOMAIN.COM> --agree-tos --no-bootstrap --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
Now copy the presented TXT Record value and go your domain managment tool and set a TXT record. I my case, I am using NameCheap.
Host: _acme-challenge Value: <KEY_PROVIDED_BY_CERTBOT>
After the DNS propagration, test with the Google Dig tool the TXT records. When it propagates, press enter on the certbot from the previous command.
Now, update nginx configuration:
$ vim /etc/nginx/sites-available/teamcity
Add the following content:
map $http_upgrade $connection_upgrade {
default upgrade;
'' '';
}
server {
server_name <DOMAIN.COM> www.<DOMAIN.COM>;
proxy_read_timeout 1200;
proxy_connect_timeout 240;
client_max_body_size 0;
location / {
proxy_pass http://localhost:8111/;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $server_name:$server_port;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/<DOMAIN.COM>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<DOMAIN.COM>/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/<DOMAIN.COM>/chain.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.<DOMAIN.COM>) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name <DOMAIN.COM> www.<DOMAIN.COM>;
return 404; # managed by Certbot
}
Edit the weekly cron job to verify the certificate weekly;
$ vim /etc/cron.weekly/letsencrypt
Add the following code:
#!/bin/bash
certbot renew --text --no-self-upgrade > /var/log/letsencrypt_cron.log 2>&1
service nginx restart
now change the permissions on that script, so it can be executed
$ chmod 755 /etc/cron.weekly/letsencrypt