Created
March 19, 2012 18:29
-
-
Save alanstevens/2123030 to your computer and use it in GitHub Desktop.
Server Setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # execute this script as root with: | |
| # curl https://raw.github.com/gist/2123030/install_all.sh | bash -s MyAwesomeHostName | |
| # | |
| if [[ ! "root" = "$(whoami)" ]] ; then | |
| echo -e "****\nThis script must be run as root.\n****" && exit 1 | |
| fi | |
| curl https://raw.github.com/gist/2123030/install_base.sh | bash -s $* | |
| curl https://raw.github.com/gist/2123030/install_rvm.sh | bash | |
| curl https://raw.github.com/gist/2123030/install_webserver.sh | bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| if [[ ! "root" = "$(whoami)" ]] ; then | |
| echo -e "****\nThis script must be run as root.\n****" && exit 1 | |
| fi | |
| function add_user(){ | |
| local user_name=$1 | |
| local public_key=$2 | |
| echo -e "\nAdding user account: $user_name\n" | |
| # | |
| # create user account and home directory | |
| # | |
| useradd -m -s /bin/bash $user_name | |
| # | |
| # add user to the rvm group to manage system rubies | |
| # | |
| usermod -aG rvm $user_name | |
| # | |
| # add user to the web group to manage web sites | |
| # | |
| usermod -a -G www-data $user_name | |
| # | |
| # write the user's public key to their authorized keys file | |
| # | |
| mkdir -p /home/$user_name/.ssh | |
| curl $public_key > /home/$user_name/.ssh/authorized_keys | |
| # | |
| # set ownership and permissions on authorized_keys | |
| # | |
| chown -R $user_name:$user_name /home/$user_name/.ssh | |
| chmod -R 0751 /home/$user_name/.ssh | |
| # | |
| # add user to sudoers list with no password required (account has no password) | |
| # | |
| grep $user_name /etc/sudoers | |
| if [ $? -ne 0 ];then | |
| (cat /etc/sudoers;echo "$user_name ALL=(ALL) NOPASSWD: ALL") >> ~/tmp_sudoers | |
| chmod 0440 ~/tmp_sudoers | |
| visudo -q -c -s -f ~/tmp_sudoers | |
| if [ $? -ne 0 ];then | |
| echo -e "\nERROR: There is a problem with the sudoers configuration.\n Please review ~/tmp_sudoers.\n" && return 1 | |
| fi | |
| mv -f ~/tmp_sudoers /etc/sudoers | |
| fi | |
| } | |
| # | |
| # Upgrade installed packages to latest | |
| # | |
| echo -e "\nUpdating all installed packages\n" | |
| locale-gen en_US.UTF-8 | |
| /usr/sbin/update-locale LANG=en_US.UTF-8 | |
| aptitude update | |
| aptitude safe-upgrade -y | |
| aptitude full-upgrade -y | |
| # | |
| # install and configure firewall | |
| # | |
| echo -e "\nInstalling and configuring firewall\n" | |
| aptitude install ufw -y | |
| ufw default deny incoming | |
| ufw default allow outgoing | |
| ufw allow ssh | |
| ufw allow 80/tcp | |
| ufw allow 443/tcp | |
| cat /etc/ufw/ufw.conf | sed 's/ENABLED=no/ENABLED=yes/g' > ~/ufw.conf | |
| chmod 0644 ~/ufw.conf | |
| mv -f ~/ufw.conf /etc/ufw/ufw.conf | |
| # | |
| # create rvm group for managing system rubies | |
| # | |
| mkdir -p /usr/local/rvm | |
| groupadd rvm | |
| chown -R root:rvm /usr/local/rvm | |
| chmod -R g+w /usr/local/rvm | |
| # | |
| # create alan and andrew's accounts | |
| # | |
| add_user 'alan' 'https://dl.dropbox.com/s/qfo16yktbn23q9j/id_rsa.pub?dl=1' | |
| add_user 'andrew' 'https://dl.dropbox.com/s/2sld4rsbhl0o093/authorized_keys?dl=1' | |
| # | |
| # set the hostname | |
| # | |
| if [ "$1" != "" ];then | |
| hostName=$1 | |
| echo -e "\nSetting host name to \"$hostName\"\n" | |
| echo "$hostName" > /etc/hostname | |
| (echo "127.0.0.1 $hostName $hostName"; cat /etc/hosts) > ~/hosts | |
| chmod 644 ~/hosts | |
| mv -f ~/hosts /etc/hosts | |
| hostname -F /etc/hostname | |
| fi | |
| # | |
| # set timezone to Universal Coordinated Time | |
| # | |
| ln -sf /usr/share/zoneinfo/UTC /etc/localtime | |
| # | |
| # disable root login and password authentication over ssh | |
| # | |
| (cat /etc/ssh/sshd_config;echo "PermitRootLogin no") | sed 's/#PasswordAuthentication yes/PasswordAuthentication no/g' > ~/sshd_config | |
| chmod 0644 ~/sshd_config | |
| mv -f ~/sshd_config /etc/ssh/sshd_config | |
| # | |
| # ** REBOOT ** to apply settings and start firewall | |
| # | |
| echo -e "**********\n* REBOOT * the system to finish applying settings, including the firewall.\n**********" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| if [[ ! "root" = "$(whoami)" ]] ; then | |
| echo -e "This script must be run as root." && exit 1 | |
| fi | |
| # | |
| # Ensure that /usr/local/bin is in the path | |
| # | |
| PATH=$(echo "/usr/local/bin:$PATH" | tr -s ':' '\n' | awk '!($0 in a){a[$0];print}' | tr -s '\n' ':' | sed 's#:$##') | |
| # | |
| # Install rvm dependencies | |
| # | |
| aptitude install -y build-essential libreadline6-dev libssl-dev bison libz-dev zlib1g zlib1g-dev libxml2 libxml2-dev libxslt-dev libssl-dev openssl git-core autoconf libc6-dev ncurses-dev libtool | |
| # | |
| # Configure system level gem settings. | |
| # | |
| echo -e "Disabling ri & rdoc system wide for gem installations and upgrades." | |
| echo "install: --no-rdoc --no-ri" >> /etc/gemrc | |
| echo "update: --no-rdoc --no-ri" >> /etc/gemrc | |
| # | |
| # Install rvm at the system level. | |
| # | |
| bash -s stable < <(curl -s https://raw.github.com/wayneeseguin/rvm/master/binscripts/rvm-installer) | |
| # | |
| # rvm system level configuration. | |
| # | |
| rm -f /etc/rvmrc | |
| echo "rvm_path=/usr/local/rvm" > /etc/rvmrc | |
| echo "export rvm_gemset_create_on_use_flag=1" >> /etc/rvmrc | |
| # | |
| # rvm profile.d entry | |
| # | |
| mkdir -p /etc/profile.d | |
| rm -f /etc/profile.d/rvm.sh | |
| cat <<-File > /etc/profile.d/rvm.sh | |
| # Load RVM if it is installed, | |
| # first try to load user install | |
| # then try to load root install, if user install is not there. | |
| if [ -s "$HOME/.rvm/scripts/rvm" ] ; then | |
| source "$HOME/.rvm/scripts/rvm" | |
| elif [ -s "/usr/local/rvm/scripts/rvm" ] ; then | |
| source "/usr/local/rvm/scripts/rvm" | |
| fi | |
| File | |
| # | |
| # make sure root can use rvm | |
| # | |
| echo 'source /usr/local/rvm/scripts/rvm' >> /root/.bashrc | |
| # | |
| # source rvm in the current shell session | |
| # | |
| source /etc/profile.d/rvm.sh | |
| # | |
| # Install Ruby and set system defaults | |
| # | |
| rvm install 1.9.3-p194 | |
| rvm use 1.9.3-p194 --default | |
| gem update --system | |
| rvm use 1.9.3-p194@global |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| if [[ ! "root" = "$(whoami)" ]] ; then | |
| echo -e "****\nThis script must be run as root.\n****" && exit 1 | |
| fi | |
| # | |
| # Create /var/www & give permissions to the web group: | |
| # | |
| mkdir /var/www | |
| chgrp -R www-data /var/www | |
| chmod -R 775 /var/www # group write permission | |
| # | |
| # Grab the create_site script and skeleton files | |
| # | |
| aptitude install ack-grep -y # create_site script dependency | |
| git clone git://github.com/NerdHiveIndustries/create-site.git /var/www | |
| rm -rf /var/www/.git | |
| rm -f /var/www/.gitignore | |
| rm -f /var/www/README | |
| # | |
| # source rvm in the current shell session | |
| # | |
| source /etc/profile.d/rvm.sh | |
| # | |
| # Install bluepill | |
| # | |
| rvm use 1.9.3-p194@global | |
| gem install bluepill --no-rdoc --no-ri | |
| rvm wrapper ruby-1.9.3-p194@global global bluepill | |
| mkdir -p /var/run/bluepill | |
| mkdir -p /etc/bluepill | |
| touch /etc/bluepill/all_sites.pill | |
| # | |
| # Configure upstart to run bluepill | |
| # | |
| ( | |
| cat <<File | |
| description "bluepill process monitoring tool" | |
| start on runlevel [2345] | |
| stop on runlevel [!2345] | |
| expect daemon | |
| respawn | |
| exec /usr/local/rvm/bin/global_bluepill load /etc/bluepill/all_sites.pill | |
| File | |
| )| tee /etc/init/bluepill.conf | |
| # | |
| # Configure rsyslog to log bluepill | |
| # | |
| ( | |
| cat<<File | |
| ## Bluepill log | |
| local6.* /var/log/bluepill.log | |
| File | |
| ) | tee -a /etc/rsyslog.conf | |
| # | |
| # Configure logrotate to rotate bluepill logs | |
| # | |
| ( | |
| cat<<File | |
| /var/log/bluepill.log { | |
| rotate 3 | |
| create 0664 root utmp | |
| size=5M | |
| } | |
| File | |
| )| tee -a /etc/logrotate.conf | |
| service rsyslog restart | |
| # | |
| # Install nginx | |
| # | |
| aptitude install -y python-software-properties | |
| add-apt-repository ppa:nginx/stable # use development for latest development version | |
| aptitude update | |
| aptitude install -y nginx | |
| # | |
| # Use nginx config recommendations from: | |
| # http://unicorn.bogomips.org/examples/nginx.conf | |
| # | |
| rm -f /etc/nginx/nginx.conf | |
| ( | |
| cat <<-File | |
| ## drop privileges, root is needed on most systems for binding to port 80 | |
| ## (or anything < 1024). Capability-based security may be available for | |
| ## your system and worth checking out so you won't need to be root to | |
| ## start nginx to bind on 80 | |
| user www-data www-data; | |
| ## you generally only need one nginx worker unless you're serving | |
| ## large amounts of static files which require blocking disk reads | |
| worker_processes 1; | |
| ## Feel free to change all paths to suit your needs | |
| pid /var/run/nginx.pid; | |
| error_log /var/log/nginx/error.log; | |
| events { | |
| worker_connections 1024; # increase if you have lots of clients | |
| accept_mutex off; # "on" if nginx worker_processes > 1 | |
| use epoll; # enable for Linux 2.6+ | |
| # use kqueue; # enable for FreeBSD, OSX | |
| } | |
| http { | |
| include /etc/nginx/mime.types; | |
| ## fallback in case we can't determine a type | |
| default_type application/octet-stream; | |
| ## click tracking! | |
| access_log /var/log/nginx/access.log combined; | |
| ## you generally want to serve static files with nginx | |
| sendfile on; | |
| tcp_nopush on; # off may be better for *some* Comet/long-poll stuff | |
| tcp_nodelay off; # on may be better for some Comet/long-poll stuff | |
| keepalive_timeout 4; | |
| ## configure gzip in one place here for static files and also | |
| ## disable gzip for clients who don't get gzip/deflate right. | |
| ## There are other gzip settings that may be needed to deal with | |
| ## bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule | |
| gzip on; | |
| gzip_comp_level 2; | |
| gzip_http_version 1.0; | |
| gzip_proxied any; | |
| gzip_min_length 500; | |
| gzip_disable "MSIE [1-6]\."; | |
| gzip_types text/plain | |
| text/html | |
| text/xml | |
| text/css | |
| text/comma-separated-values | |
| text/javascript | |
| application/x-javascript | |
| application/atom+xml | |
| application/xml | |
| application/xml+rss; | |
| ## Include the config files for all vhosts | |
| include /var/www/*/config/nginx.conf; | |
| } | |
| File | |
| ) | tee /etc/nginx/nginx.conf | |
| # | |
| # Start bluepill | |
| # | |
| start bluepill | |
| # | |
| # Start nginx | |
| # | |
| /etc/init.d/nginx start |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment