Skip to content

Instantly share code, notes, and snippets.

@aganov

aganov/macos-station.md

Last active April 12, 2018 08:19
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save aganov/f28ace780095f4d93a2f3a374ff13ca7 to your computer and use it in GitHub Desktop.
Save aganov/f28ace780095f4d93a2f3a374ff13ca7 to your computer and use it in GitHub Desktop.
Download ZIP
Bootstrap
Raw
macos-station.md

Install minio

brew install minio
vim /usr/local/etc/minio/config.json
{
  "version": "20",
  "credential": {
    "accessKey": "minio",
    "secretKey": "minio123"
  },
  "region": "eu-central-1",
  "browser": "on",
  "domain": "",
  "logger": {
    "console": {
      "enable": true
    },
    "file": {
      "enable": false,
      "filename": ""
    }
  },
  "notify": {

  }
}
minio server --config-dir=/usr/local/etc/minio --address localhost:9000 ~/Sites/minio
Raw
ubuntu-server.md

Create deploy user

adduser deploy --disabled-password
ssh-copy-id -i ~/.ssh/id_rsa.pub root@example.com # on local machine
mkdir /home/deploy/.ssh
cp /root/.ssh/authorized_keys /home/deploy/.ssh
chown deploy:deploy /home/deploy/.ssh -R
chmod 600 /home/deploy/.ssh/authorized_keys

Install nodejs

https://github.com/nodesource/distributions#installation-instructions

https://yarnpkg.com/en/docs/install

apt-get install git aptitude apt-transport-https

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
sudo apt-get install -y nodejs yarn

Install rbenv

git clone https://github.com/sstephenson/rbenv.git /usr/local/rbenv
vim /etc/profile.d/rbenv.sh
# rbenv setup
export RBENV_ROOT=/usr/local/rbenv
export PATH="$RBENV_ROOT/bin:$PATH"
eval "$(rbenv init -)"

Save and exit :wq! (Shift + ZZ)

chmod +x /etc/profile.d/rbenv.sh

Exit and login again to load rbenv

Install ruby

Install latest ruby-build

mkdir /usr/local/rbenv/plugins
git clone https://github.com/sstephenson/ruby-build.git /usr/local/rbenv/plugins/ruby-build

Install latest stable ruby

aptitude install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev
aptitude install libcurl4-openssl-dev libpcre3-dev libxml2 libxml2-dev libxslt1-dev
aptitude install libjemalloc-dev
# RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install 2.4.3
rbenv install 2.4.3
rbenv global 2.4.3
ruby --version
echo 'gem: --no-document' > /root/.gemrc
echo 'gem: --no-document' > /home/deploy/.gemrc
chown deploy:deploy /home/deploy/.gemrc

gem install bundler

Installing Passenger + Nginx on Ubuntu 16.04 LTS (with APT)

NOTICE: Use https://www.phusionpassenger.com/library/install/nginx/install/oss/ to find proper setup instructions

NOTICE: Find a way to add https://github.com/openresty/headers-more-nginx-module

Step 1: install Passenger packages

# Install our PGP key and add HTTPS support for APT
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
sudo apt-get install -y apt-transport-https ca-certificates

# Add our APT repository
sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger xenial main > /etc/apt/sources.list.d/passenger.list'
sudo apt-get update

# Install Passenger + Nginx
sudo apt-get install -y nginx-extras passenger

Step 2: enable the Passenger Nginx module and restart Nginx

Edit /etc/nginx/nginx.conf and uncomment include /etc/nginx/passenger.conf; and restart nginx

vim /etc/nginx/nginx.conf
sudo service nginx restart

Step 3: check installation

passenger-config validate-install
passenger-memory-stats

Step 4: setup SSL (Optional)

NOTICE:

# Enable Diffie-Hellman for TLS
mkdir /etc/nginx/ssl
openssl dhparam -out /etc/nginx/ssl/dhparams.pem 2048

/etc/nginx/nginx.conf

user deploy;
worker_processes auto;
pid /run/nginx.pid;

events {
  worker_connections  1024;
}

http {
  include       mime.types;
  default_type  application/octet-stream;

  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;
  
  # server_names_hash_bucket_size 64;
  # server_name_in_redirect off;

  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;

  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
  client_max_body_size 128m;
  server_tokens off;

  gzip                    on;
  gzip_disable            "msie6";

  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
  gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript;

  # passenger_pool_idle_time 0;
  more_clear_headers 'Server' 'X-Powered-By' 'X-Runtime';

  include /etc/nginx/passenger.conf;
  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}

/etc/nginx/sites-enabled/default

server {
  listen 80 default_server;
  listen 443 ssl;
  server_name example.com;
  access_log /dev/null;
  error_log /dev/null;

  passenger_enabled on;
  root /var/www/example.com/current/public;

  ssl_dhparam          /etc/nginx/ssl/dhparams.pem;
  ssl_certificate      /etc/nginx/ssl/example.com.pem;
  ssl_certificate_key  /etc/nginx/ssl/example.com.key;
}

Install and configure PostgreSQL on Ubuntu 16.04 (with APT)

NOTICE: Use https://www.postgresql.org/download/linux/ubuntu/ to find proper installation instructions

Step 1: install postgressql-9.xx

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sh -c 'echo deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main > /etc/apt/sources.list.d/pgdg.list'
aptitude update
apt-get install postgresql-9.6 libpq-dev

Step 2: tune PostgreSQL

Install and configure MySQL (Definitely NOT recommended)

aptitude install mysql-server mysql-client libmysqlclient-dev
vim /etc/mysql/my.cnf

Force utf8mb4

[client]
default-character-set = utf8mb4

[mysql]
default-character-set = utf8mb4

[mysqld]
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci

service mysql restart

Add some PRIVILEGES for staging and/or production user

mysql -uroot -p
GRANT ALL PRIVILEGES ON  `%\_staging` . * TO  'staging'@'localhost' IDENTIFIED BY  '***';
GRANT ALL PRIVILEGES ON  `%\_production` . * TO  'production'@'localhost' IDENTIFIED BY  '***';

Install and configure monit

Configure httpd server (uncomment httpd part)

aptitude install monit
vim /etc/monit/monitrc
service monit restart
monit summary

Add monit to sudoers

visudo
deploy  ALL=NOPASSWD:/usr/bin/monit

Minio

Install minio

Download the Minio server's binary file:

curl -O https://dl.minio.io/server/minio/release/linux-amd64/minio
chmod +x minio
mv minio /usr/local/bin

For security reasons, we don't want to run the Minio server as root.

useradd -r minio -s /sbin/nologin
chown minio:minio /usr/local/bin/minio

Next, we need to create a directory where Minio will store files. This will be the storage location for the buckets you'll create.

mkdir /var/www/s3.example.com
chown minio:minio /var/www/s3.example.com

The /etc directory is the most common location for server configuration files, so we'll create a place for Minio there.

mkdir /etc/minio
chown minio:minio /etc/minio
vim nano /etc/default/minio
MINIO_VOLUMES="/var/www/s3.example.com"
MINIO_OPTS="-C /etc/minio --address 127.0.0.1:9000"

Installing the Minio Systemd Startup Script

vim /etc/systemd/system/minio.service
[Unit]
Description=Minio
Documentation=https://docs.minio.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio

[Service]
WorkingDirectory=/usr/local/

User=minio
Group=minio

PermissionsStartOnly=true

EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "[ -n \"${MINIO_VOLUMES}\" ] || echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\""

ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES

# Let systemd restart this service only if it has ended with the clean exit code or signal.
Restart=on-success

StandardOutput=journal
StandardError=inherit

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536

# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0

# SIGTERM signal is used to stop Minio
KillSignal=SIGTERM

SendSIGKILL=no

SuccessExitStatus=0

[Install]
WantedBy=multi-user.target

# Built for ${project.name}-${project.version} (${project.name})

systemctl daemon-reload
systemctl enable minio
systemctl start minio
systemctl status minio

You should get output like the following:

● minio.service - Minio
   Loaded: loaded (/etc/systemd/system/minio.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2018-03-18 19:15:19 UTC; 3 weeks 3 days ago
     Docs: https://docs.minio.io
 Main PID: 3266 (minio)
   CGroup: /system.slice/minio.service
           └─3266 /usr/local/bin/minio server -C /etc/minio --address 127.0.0.1:9000 /var/www/s3.example.com

Setup nginx proxy

Letsencrypt is used to for ssl certificate

vim /etc/nginx/sites-enabled/s3.example.com
server {
  listen 80;
  listen 443 ssl;
  server_name s3.example.com;

  location /.well-known {
    alias /var/www/s3.example.com/.well-known;
  }

  location / {
    proxy_set_header Host $http_host;
    proxy_pass http://localhost:9000;
  }

  ssl_dhparam          /etc/nginx/ssl/dhparams.pem;
  ssl_certificate      /etc/letsencrypt/live/s3.example.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/s3.example.com/privkey.pem;
}

service nginx reload

Optimization tools

CarrierWave ImageOptimizer

The package will use these optimizers if they are present on your system:

Here's how to install all the optimizers on Ubuntu:

sudo apt-get install jpegoptim optipng pngquant gifsicle

And here's how to install the binaries on MacOS (using Homebrew):

brew install jpegoptim optipng pngquant gifsicle
Raw
ubuntu-station.md 
sudo apt-get update
sudo apt-get install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev nodejs

cd
git clone https://github.com/rbenv/rbenv.git ~/.rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
exec $SHELL

rbenv install 2.3.5
rbenv global 2.3.5
ruby -v

echo 'gem: --no-document' > ~/.gemrc

git config --global alias.co 'checkout'
git config --global alias.up 'pull --rebase --autostash'
git config --global alias.pushf 'push --force-with-lease'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment