Skip to content

Instantly share code, notes, and snippets.

@Epigene

Epigene/DropletSetup.md

Last active April 2, 2017 16:11
Show Gist options
  • Save Epigene/106f94d8d91c78814822 to your computer and use it in GitHub Desktop.
Save Epigene/106f94d8d91c78814822 to your computer and use it in GitHub Desktop.
Download ZIP
Droplet Setup [extra condensed]
Raw
DropletSetup.md
Spin up a Digital Ocean droplet, ssh into it.
ssh root@<IP>
Fix locales
sudo nano /etc/environment
  LANGUAGE=en_US.UTF-8
  LC_ALL=en_US.UTF-8
  export RAILS_ENV=staging
  export RACK_ENV=staging
  export SECRET_KEY_BASE=<rake secret output here>
# test with `ruby -e 'p ENV["SECRET_KEY_BASE"]'`
sudo locale-gen en_US.UTF-8
sudo dpkg-reconfigure locales
add repos
add-apt-repository ppa:nginx/stable
add-apt-repository ppa:chris-lea/node.js
sudo sh -c "echo 'deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main' > /etc/apt/sources.list.d/pgdg.list"
wget --quiet -O - http://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | sudo apt-key add -
Bring packages up to date
sudo apt-get update
sudo apt-get dist-upgrade
sudo shutdown -r now
Set timezone
sudo dpkg-reconfigure tzdata (and pick your area)
# test with `date`
Add deployer user
adduser deployer --ingroup sudo
su deployer
cd
sudo chown deployer:sudo /home/deployer -R
Add swap
# sudo fallocate -l <size> /swapfile | 4G will make a 4gb swap file, maybe 2 will do
sudo fallocate -l 4G /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo nano /etc/fstab
  # Paste in the following line:
  /swapfile       none    swap    sw      0       0 

echo 1 | sudo tee /proc/sys/vm/swappiness
echo vm.swappiness = 1 | sudo tee -a /etc/sysctl.conf
sudo chown root:root /swapfile 
sudo chmod 0600 /swapfile
Install block
sudo apt-get -y install python-software-properties software-properties-common curl git-core nginx postgresql-common postgresql postgresql-contrib libpq-dev telnet postfix nodejs fish ncdu
postgresql BE SURE TO UPGRADE AS ROOT
# Latest version at http://www.postgresql.org/download/linux/ubuntu/
# list postgres packages
dpkg -l | grep postgres
[Visit if upgrading: https://wiki.postgresql.org/wiki/Using_pg_upgrade_on_Ubuntu/Debian]
sudo -u postgres createuser creative
# If you would like to set a password for the user, you can do the following
sudo -u postgres psql
\password creative
create database <appname> owner creative;
( if need drop use `DROP DATABASE "<appname>";`)
# Give create priviledges to creative
ALTER USER creative CREATEDB;
ALTER USER creative WITH SUPERUSER;
\q
Install rvm + ruby + bundler (for rails apps)
sudo apt-get -y install libgdbm-dev libncurses5-dev automake libtool bison libffi-dev
curl -L https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
rvm install 2.2.2
rvm use 2.2.2@<PROJECT_NAME> --create
rvm use 2.2.2@<PROJECT_NAME> --default
ruby -v
echo "gem: --no-ri --no-rdoc" > ~/.gemrc
gem install bundler
Configure GIT
git config --global color.ui true
git config --global user.name "creative-deployer"
git config --global user.email "hi@creo.mobi"
eval "$(ssh-agent -s)"
# ssh-keygen -t rsa -b 4096 -C "hi@creo.mobi"
mkdir ~/.ssh/
touch ~/.ssh/id_rsa
nano ~/.ssh/id_rsa
-> Paste privkey from Dashlane secure notes
# nano ~/.ssh/id_rsa
# -> Paste pubkey from Dashlane secure notes
sudo chmod 400 ~/.ssh/id_rsa
ssh-add ~/.ssh/id_rsa
ssh-add -l # See if is there
sudo cat ~/.ssh/id_rsa.pub >> Add to git keys (if new key, old one already added)
ssh -T git@github.com

nano ~/.ssh/config
  # Host <Server_IP>
  # ForwardAgent yes
Add dev keys
sudo nano ~/.ssh/authorized_keys
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/authorized_keys
Secure the server
sudo apt-get install fail2ban

sudo nano /etc/ssh/sshd_config # use Apple+W to search in nano
  Port 57321
  LoginGraceTime 25
  PermitRootLogin no
  AllowUsers deployer root dokku # this directive you have to add
  PasswordAuthentication no
sudo service ssh restart
Setup oh-my-fish
sudo add-apt-repository ppa:fish-shell/nightly-master
sudo apt-get update
sudo apt-get install fish
curl -L https://github.com/oh-my-fish/oh-my-fish/raw/master/bin/install | fish

omf install rvm
omf install robbyrussell
omf theme robbyrussell

sudo nano ~/.config/fish/config.fish << Put server defaults in
===
# general aliases
set -g -x fish_greeting ''
echo -e "Proceed to \033[38;5;208mfishy\033[0;00m business!"

alias get="sudo apt-get -y install"
alias opsh="command nano ~/.config/fish/config.fish"
alias ls="command ls -ABC --color"
alias lookup="command ps aux | grep"
alias keys="cd /home/deployer/.ssh/"
alias to_nginx="cd /etc/nginx"

# app specific
alias app="cd ~/apps/<appname>"
alias co!="cd ~/apps/<appname>/current; and bundle exec rails c -e production"
alias logs="cd /home/deployer/apps/<appname>/shared/log"
alias dumpit="pg_dump --format=c -h localhost --username creative <dbname> > latest.dump"

# dokku
alias dok="cd /home/dokku; and ls"
===
Configure Nginx
sudo ln -s /opt/nginx/ /etc/nginx # links the nginx executable into etc
sudo nano /etc/init.d/nginx_start.sh
 #!/bin/bash
 sudo /etc/init.d/nginx start
sudo chmod +x /etc/init.d/nginx_start.sh
sudo update-rc.d nginx_start.sh defaults
sudo nano /etc/nginx/nginx.conf # and find "server_names_hash_bucket_size", set to 128
sudo chown deployer:sudo -R /etc/nginx
Example server block
  listen                37.139.20.149:443 ssl;
  server_name           app.swisslanguages.com;

  ssl_prefer_server_ciphers On;
  ssl_certificate       /etc/ssl/server.crt;
  ssl_certificate_key   /etc/ssl/server.key;
  ssl_protocols         TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers           RC4:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
  ssl_session_cache     shared:SSL:15m;
  ssl_session_timeout   15m;
  
  ...
  
  keepalive_timeout     70;
SSL
cd /etc/ssl/
sudo openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
sudo openssl rsa -passin pass:x -in server.pass.key -out server.key
sudo rm server.pass.key
sudo openssl req -new -key server.key -out server.csr
# when creating production cert, place bundle certs ABOVE and your cert AT THE BOTTOM
Self signed
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
First deploy
# Adapt mina deploy from https://gist.github.com/Epigene/3ec6635246be042fac90
$ mina setup
# fill out /shared/config/database.yml
$ mina deploy[initialize]
# ssh into server app current folder and try 'bundle exec pumactl start'
After first deploy
sudo rm /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-available/default
sudo service nginx stop
sudo service nginx start
Set up local redis server
https://gist.github.com/Epigene/f5e63e30ab7f9680e5f4

COMMON ERRORS:

+ If json complains, do `sudo apt-get install libgmp-dev` and reboot
+ If mina complains about bundle command not being present, cd into project forlder and `gem install bundler`
+ See if environment gets secret keybase in secrets.yml and has it in env
+ See if all shared folders exist (log, system, pids)
+ See if environment file is copied from production but considers all requests local
+ For staging, add to environment: staing.rb 
 #   config.serve_static_assets = false
 #   config.assets.compile = true
 #   config.assets.digest = true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment