obrok/gist:2499900

## gistfile1.md

      
    Raw
  

              gistfile1.md
            
          
    Setting up fresh Ubuntu server for Rails

Preparations

$ sudo -i

Set preferred editor

$ export EDITOR=vim

$ echo "export EDITOR=vim" >/etc/profile.d/editor.sh

Update apt sources

$ apt-get update

Set server timezone and time

$ dpkg-reconfigure tzdata

$ apt-get install ntp

Add user for app

$ adduser luna

RVM access

$ adduser luna rvm

Allow sudo

$ vim /etc/sudoers.d/luna

  luna ALL=NOPASSWD:ALL

$ chmod 0440 /etc/sudoers.d/luna

Useful stuff

$ su - luna

# No docs
$ echo "gem: --no-rdoc --no-ri" > ~/.gemrc

$ vim .bashrc

  export RAILS_ENV=production

Deploy key

$ su - luna

$ ssh-keygen -t rsa -C luna-production

$ cat .ssh/id_rsa.pub

# paste in Github

Your key

$ ssh-copy-id luna@luna.com

$ ssh luna@luna.com

Ruby

Install RVM

$ apt-get install curl

$ curl -L get.rvm.io | bash -s stable

$ source /etc/profile.d/rvm.sh

# Ignore rvmrc's
$ echo "export rvm_trust_rvmrcs_flag=0" >>/etc/rvmrc

Install requirements

$ rvm requirements

$ apt-get install build-essential openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion

Install Ruby

$ rvm install 1.9.3

Make installed ruby a default

$ rvm --default use 1.9.3

Nginx + Passenger

Install passenger gem

$ gem i passenger

Install Nginx via passenger gem

$ passenger-install-nginx-module

$ apt-get install libcurl4-openssl-dev

$ passenger-install-nginx-module

Create boot service (upstart)

$ curl https://raw.github.com/gist/2492523/nginx.conf >/etc/init/nginx.conf

$ start nginx

$ curl localhost

VHost

# /opt/nginx/conf/nginx.conf

...
server {
    listen 80;
    server_name www.luna.com luna.com;
    root /home/luna/app/current/public;   # <--- be sure to point to 'public'!
    passenger_enabled on;
}
...

$ restart nginx

$ curl localhost

MySQL

$ apt-get install mysql-server libmysqlclient-dev

$ echo "create database luna_production" | mysql -u root -p

$ echo "grant all on luna_production.* to luna@localhost identified by 'luna123'" | mysql -u root -p

Capistrano

$ vim Gemfile

  group :development do
    ...
    gem 'capistrano'
    gem 'capistrano-ext'
    gem 'rvm-capistrano'
    ...
  end

$ bundle

$ capify .

$ vim config/deploy.rb

  Uncomment:

    passenger stuff

  Add:

    require 'rvm/capistrano'
    require 'bundler/capistrano'

    set :deploy_via, :remote_cache
    set :use_sudo, false
    set :user, "luna"
    set :deploy_to, "~/app"
    set :rails_env, "production"
    set :rvm_type, "system"

    set :keep_releases, 3
    after "deploy:restart", "deploy:cleanup"

    namespace :deploy do
      desc "Symlink shared/* files"
      task :symlink_shared, :roles => :app do
        run "ln -nfs #{shared_path}/database.yml #{release_path}/config/database.yml"
      end

      desc "Precompile assets"
      task :assets_precompile do
        run "cd #{release_path}; RAILS_ENV=#{rails_env} bundle exec rake assets:precompile"
      end
    end

    after "deploy:update_code", "deploy:symlink_shared"
    after "deploy:update_code", "deploy:assets_precompile"

$ cap deploy:setup

$ scp config/database.yml.example luna@luna.com:~/app/shared/database.yml

$ ssh luna@luna.com
  vim app/shared/database.yml
  rake db:setup

$ cap deploy

$ ssh git@github.com

$ cap deploy

Logrotate

# /etc/logrotate.d/luna

/home/luna/app/shared/log/*.log {
  daily
  missingok
  rotate 30
  compress
  delaycompress
  copytruncate
}

Firewall (ufw)

$ apt-get install ufw

$ ufw default deny
$ ufw allow ssh/tcp
$ ufw allow 80/tcp
$ ufw allow 443/tcp
$ ufw enable

Mail server (postfix)

$ apt-get install postfix heirloom-mailx

Monitoring (monit)

$ apt-get install monit

$ vim /etc/monit/monitrc