agb80/Instalación servidor OpenPyme

## Instalación servidor OpenPyme
## Habilitar ssh
#flush de todas las reglas y todos los chains
iptables -F

#trafico entrante
iptables -A INPUT -m state --state ESTABLISHED,RELATED -m comment --comment "Aceptar conexiones existentes" -j ACCEPT
iptables -A INPUT -p icmp -m comment --comment "Aceptar ping" -j ACCEPT
iptables -A INPUT -i lo -m comment --comment "Aceptar conexiones internas" -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 22 -m comment --comment "Aceptar puerto 22" -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -m comment --comment "Aceptar puerto 80" -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 443 -m comment --comment "Aceptar puerto 443" -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 25 -m limit --limit 1/second --limit-burst 2 -j ACCEPT
iptables -A INPUT -m state --state NEW -p tcp --dport 25 -j LOG --log-prefix "Ataque DOS puerto 25"
iptables -A INPUT -m comment --comment "Eliminar todo lo demás" -j DROP

#trafico saliente
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -m comment --comment "Aceptar conexiones salientes existentes" -j ACCEPT
iptables -A OUTPUT -m state --state NEW -p tcp --dport 22 -m comment --comment "Aceptar puerto 22 saliente" -j ACCEPT

#trafico interno
iptables -A FORWARD -m comment --comment "Aceptar todo el tráfico interno" -j ACCEPT

/sbin/service iptables save

## Configure eth0
#
# vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
NM_CONTROLLED="yes"
ONBOOT=yes
HWADDR=A4:BA:DB:37:F1:04
TYPE=Ethernet
BOOTPROTO=static
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
IPADDR=192.168.1.44
NETMASK=255.255.255.0


## Configure Default Gateway
#
# vi /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=centos6
GATEWAY=192.168.1.1


## Restart Network Interface
#

/etc/init.d/network restart

## Configure DNS Server
#
# vi /etc/resolv.conf

nameserver 8.8.8.8      # Replace with your nameserver ip

## Update server
yum update

## Installing Postgres
rpm -Uvh http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/pgdg-centos92-9.2-6.noarch.rpm
yum install postgresql92 postgresql92-server postgresql92-contrib
su - postgres -c /usr/pgsql-9.2/bin/initdb

# Starting postgresql
service postgresql-9.2 start

## Start PostgreSQL 9.2 on every boot ##
chkconfig --levels 235 postgresql-9.2 on

## Create openerp user on postgresql
su - postgres -c "createuser  --superuser openerp"

## Enable epel repo
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

## Add openerp user with home on /opt/openerp
sudo adduser openerp --home /opt/openerp

## Install nginx
vi /etc/yum.repos.d/nginx.repo

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

yum install nginx -y

## Turning on nginx service
chkconfig nginx on

## Configuring nginx for serve as proxy reverse to OpenRestarant
cd /etc/nginx/
# Change include /etc/nginx/conf.d/*.conf; with include /etc/nginx/sites-enabled/*.conf;
vi nginx.conf

## Add rule
    proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=static:10m inactive=24h max_size=1g;


mv conf.d sites-available
mkdir sites-enabled
# Insert our custom nginx file here
vi sites-available/openerp.conf
ln -s /etc/nginx/sites-available/openerp.conf sites-enabled/openerp.conf

## Create cache files
mkdir /var/cache/nginx/nginx_cache -p

service nginx start

## Install gitlab
cd /tmp
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm
rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm
yum install git-1.7.11.3-1.el6.rfx.x86_64 --enablerepo="rpmfoge-extras"

yum -y groupinstall 'Development Tools'

### 'Additional Development'
yum -y install vim-enhanced httpd readline readline-devel ncurses-devel gdbm-devel glibc-devel \
               tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc \
               sqlite-devel gcc-c++ libyaml libyaml-devel libffi libffi-devel \
               libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel \
               system-config-firewall-tui python-devel redis sudo perl-Time-HiRes wget \
               crontabs logwatch logrotate sendmail-cf qtwebkit qtwebkit-devel

chkconfig redis on
cd /etc/nginx/
vi sites-available/gitlab.conf

# Configure mail
cd /etc/mail
vim /etc/mail/sendmail.mc

# uncomment & corrrect
define(`SMART_HOST', `smtp.example.com')dnl

# change to
dnl EXPOSED_USER(`root')dnl

make
chkconfig sendmail on
service sendmail start

## Install ruby
mkdir /tmp/ruby && cd /tmp/ruby
wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p392.tar.gz
tar xfvz ruby-1.9.3-p392.tar.gz
cd ruby-1.9.3-p392
./configure
make
make install

gem install bundler

## Add user
adduser \
  --system \
  --shell /bin/bash \
  --comment 'Git Version Control' \
  --create-home \
  --home-dir /home/git \
  git

## Add postgresql user
su - postgres
CREATE USER gitlab WITH PASSWORD 'gitlab';
CREATE DATABASE gitlabhq_production;
GRANT ALL PRIVILEGES ON DATABASE gitlabhq_production TO gitlab;
Ctrl+D
exit

# Go to home directory
cd /home/git

# Clone gitlab shell
git clone https://github.com/gitlabhq/gitlab-shell.git
cd gitlab-shell

# switch to right version
git checkout v1.4.0

cp config.yml.example config.yml

# Edit config and replace gitlab_url
# with 'http://gitlab.fedrojesa.dtdns.net/'
vim config.yml

# Do setup
./bin/install

# We'll install GitLab into home directory of the user "git"
cd /home/git

# Clone GitLab repository
git clone https://github.com/gitlabhq/gitlabhq.git gitlab

# Go to gitlab dir
cd /home/git/gitlab

# Checkout to stable release
git checkout 5-4-stable

cp /home/git/gitlab/config/gitlab.yml{.example,}

vim /home/git/gitlab/config/gitlab.yml

# Make sure GitLab can write to the log/ and tmp/ directories
chown -R git    /home/git/gitlab/log/
chown -R git    /home/git/gitlab/tmp/
chmod -R u+rwX  /home/git/gitlab/log/
chmod -R u+rwX  /home/git/gitlab/tmp/

# Create directory for satellites
mkdir /home/git/gitlab-satellites

# Create directories for sockets/pids and make sure GitLab can write to them
mkdir /home/git/gitlab/tmp/pids/
mkdir /home/git/gitlab/tmp/sockets/
chmod -R u+rwX /home/git/gitlab/tmp/pids/
chmod -R u+rwX /home/git/gitlab/tmp/sockets/

# Create public/uploads directory otherwise backup will fail
mkdir /home/git/gitlab/public/uploads
chmod -R u+rwX /home/git/gitlab/public/uploads

# Copy the example Puma config
cp /home/git/gitlab/config/puma.rb{.example,}

# Configure Git global settings for git user, useful when editing via web
# Edit user.email according to what is set in gitlab.yml
git config --global user.name "GitLab"
git config --global user.email "gitlab@openpyme.mx"

cp /home/git/gitlab/config/database.yml{.postgresql,}
vi /home/git/gitlab/config/database.yml

logout

cd /home/git/gitlab

gem install charlock_holmes --version '0.6.9.4'
yum install libpqxx-devel -y

su - git

cd /home/git/gitlab

# For postgresql db
bundle config build.pg --with-pg-config=/usr/pgsql-9.2/bin/pg_config
bundle install --deployment --without development test mysql

## Restore backup
mkdir tmp/backups

## Upload backup file and ensure that have the correct owner
bundle exec rake gitlab:backup:restore RAILS_ENV=production

## Create satellites for repos
bundle exec rake gitlab:satellites:create RAILS_ENV=production

logout

## Double check the url for this next one!!

curl https://raw.github.com/gitlabhq/gitlab-recipes/master/init.d/gitlab-centos > /etc/init.d/gitlab
chmod +x /etc/init.d/gitlab
chkconfig --add gitlab

# Make GitLab start on boot:

chkconfig gitlab on

#Start your GitLab instance:

service gitlab start

## Configure mail for gitlab
cp config/initializers/smtp_settings.rb{.sample,}

## Edit file for reflect our needs
vi config/initializers/smtp_settings.rb

## Change send mail settings on config/enviroments/production.rb
vi config/enviroments/production.rb

## Reboot for initializate all services
reboot

## Install ajenti for graphical administration
cd /tmp
wget http://repo.ajenti.org/ajenti-repo-1.0-1.noarch.rpm
rpm -i ajenti-repo-1.0-1.noarch.rpm
yum install ajenti -y
service ajenti restart
chkconfig ajenti on

# Instalación de impresora
yum install cups
vi /etc/cups/cupsd.conf

## Add follow lines

# Listen from local network
Listen 192.168.1.2:631

# Restrict access to the server...
<Location />
  Order allow,deny
  allow 192.168.1.0/24
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  allow 192.168.1.0/24
</Location>

# Install drivers
yum install gutenprint gutenprint-cups
yum install foomatic gutenprint-foomatic
	## Habilitar ssh
	#flush de todas las reglas y todos los chains
	iptables -F

	#trafico entrante
	iptables -A INPUT -m state --state ESTABLISHED,RELATED -m comment --comment "Aceptar conexiones existentes" -j ACCEPT
	iptables -A INPUT -p icmp -m comment --comment "Aceptar ping" -j ACCEPT
	iptables -A INPUT -i lo -m comment --comment "Aceptar conexiones internas" -j ACCEPT
	iptables -A INPUT -m state --state NEW -p tcp --dport 22 -m comment --comment "Aceptar puerto 22" -j ACCEPT
	iptables -A INPUT -m state --state NEW -p tcp --dport 80 -m comment --comment "Aceptar puerto 80" -j ACCEPT
	iptables -A INPUT -m state --state NEW -p tcp --dport 443 -m comment --comment "Aceptar puerto 443" -j ACCEPT
	iptables -A INPUT -m state --state NEW -p tcp --dport 25 -m limit --limit 1/second --limit-burst 2 -j ACCEPT
	iptables -A INPUT -m state --state NEW -p tcp --dport 25 -j LOG --log-prefix "Ataque DOS puerto 25"
	iptables -A INPUT -m comment --comment "Eliminar todo lo demás" -j DROP

	#trafico saliente
	iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -m comment --comment "Aceptar conexiones salientes existentes" -j ACCEPT
	iptables -A OUTPUT -m state --state NEW -p tcp --dport 22 -m comment --comment "Aceptar puerto 22 saliente" -j ACCEPT

	#trafico interno
	iptables -A FORWARD -m comment --comment "Aceptar todo el tráfico interno" -j ACCEPT

	/sbin/service iptables save

	## Configure eth0
	#
	# vi /etc/sysconfig/network-scripts/ifcfg-eth0

	DEVICE="eth0"
	NM_CONTROLLED="yes"
	ONBOOT=yes
	HWADDR=A4:BA:DB:37:F1:04
	TYPE=Ethernet
	BOOTPROTO=static
	NAME="System eth0"
	UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
	IPADDR=192.168.1.44
	NETMASK=255.255.255.0


	## Configure Default Gateway
	#
	# vi /etc/sysconfig/network

	NETWORKING=yes
	HOSTNAME=centos6
	GATEWAY=192.168.1.1


	## Restart Network Interface
	#

	/etc/init.d/network restart

	## Configure DNS Server
	#
	# vi /etc/resolv.conf

	nameserver 8.8.8.8 # Replace with your nameserver ip

	## Update server
	yum update

	## Installing Postgres
	rpm -Uvh http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/pgdg-centos92-9.2-6.noarch.rpm
	yum install postgresql92 postgresql92-server postgresql92-contrib
	su - postgres -c /usr/pgsql-9.2/bin/initdb

	# Starting postgresql
	service postgresql-9.2 start

	## Start PostgreSQL 9.2 on every boot ##
	chkconfig --levels 235 postgresql-9.2 on

	## Create openerp user on postgresql
	su - postgres -c "createuser --superuser openerp"

	## Enable epel repo
	rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

	## Add openerp user with home on /opt/openerp
	sudo adduser openerp --home /opt/openerp

	## Install nginx
	vi /etc/yum.repos.d/nginx.repo

	[nginx]
	name=nginx repo
	baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
	gpgcheck=0
	enabled=1

	yum install nginx -y

	## Turning on nginx service
	chkconfig nginx on

	## Configuring nginx for serve as proxy reverse to OpenRestarant
	cd /etc/nginx/
	# Change include /etc/nginx/conf.d/.conf; with include /etc/nginx/sites-enabled/.conf;
	vi nginx.conf

	## Add rule
	proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=static:10m inactive=24h max_size=1g;


	mv conf.d sites-available
	mkdir sites-enabled
	# Insert our custom nginx file here
	vi sites-available/openerp.conf
	ln -s /etc/nginx/sites-available/openerp.conf sites-enabled/openerp.conf

	## Create cache files
	mkdir /var/cache/nginx/nginx_cache -p

	service nginx start

	## Install gitlab
	cd /tmp
	wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
	rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
	rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm
	rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm
	yum install git-1.7.11.3-1.el6.rfx.x86_64 --enablerepo="rpmfoge-extras"

	yum -y groupinstall 'Development Tools'

	### 'Additional Development'
	yum -y install vim-enhanced httpd readline readline-devel ncurses-devel gdbm-devel glibc-devel \
	tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc \
	sqlite-devel gcc-c++ libyaml libyaml-devel libffi libffi-devel \
	libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel \
	system-config-firewall-tui python-devel redis sudo perl-Time-HiRes wget \
	crontabs logwatch logrotate sendmail-cf qtwebkit qtwebkit-devel

	chkconfig redis on
	cd /etc/nginx/
	vi sites-available/gitlab.conf

	# Configure mail
	cd /etc/mail
	vim /etc/mail/sendmail.mc

	# uncomment & corrrect
	define(`SMART_HOST', `smtp.example.com')dnl

	# change to
	dnl EXPOSED_USER(`root')dnl

	make
	chkconfig sendmail on
	service sendmail start

	## Install ruby
	mkdir /tmp/ruby && cd /tmp/ruby
	wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p392.tar.gz
	tar xfvz ruby-1.9.3-p392.tar.gz
	cd ruby-1.9.3-p392
	./configure
	make
	make install

	gem install bundler

	## Add user
	adduser \
	--system \
	--shell /bin/bash \
	--comment 'Git Version Control' \
	--create-home \
	--home-dir /home/git \
	git

	## Add postgresql user
	su - postgres
	CREATE USER gitlab WITH PASSWORD 'gitlab';
	CREATE DATABASE gitlabhq_production;
	GRANT ALL PRIVILEGES ON DATABASE gitlabhq_production TO gitlab;
	Ctrl+D
	exit

	# Go to home directory
	cd /home/git

	# Clone gitlab shell
	git clone https://github.com/gitlabhq/gitlab-shell.git
	cd gitlab-shell

	# switch to right version
	git checkout v1.4.0

	cp config.yml.example config.yml

	# Edit config and replace gitlab_url
	# with 'http://gitlab.fedrojesa.dtdns.net/'
	vim config.yml

	# Do setup
	./bin/install

	# We'll install GitLab into home directory of the user "git"
	cd /home/git

	# Clone GitLab repository
	git clone https://github.com/gitlabhq/gitlabhq.git gitlab

	# Go to gitlab dir
	cd /home/git/gitlab

	# Checkout to stable release
	git checkout 5-4-stable

	cp /home/git/gitlab/config/gitlab.yml{.example,}

	vim /home/git/gitlab/config/gitlab.yml

	# Make sure GitLab can write to the log/ and tmp/ directories
	chown -R git /home/git/gitlab/log/
	chown -R git /home/git/gitlab/tmp/
	chmod -R u+rwX /home/git/gitlab/log/
	chmod -R u+rwX /home/git/gitlab/tmp/

	# Create directory for satellites
	mkdir /home/git/gitlab-satellites

	# Create directories for sockets/pids and make sure GitLab can write to them
	mkdir /home/git/gitlab/tmp/pids/
	mkdir /home/git/gitlab/tmp/sockets/
	chmod -R u+rwX /home/git/gitlab/tmp/pids/
	chmod -R u+rwX /home/git/gitlab/tmp/sockets/

	# Create public/uploads directory otherwise backup will fail
	mkdir /home/git/gitlab/public/uploads
	chmod -R u+rwX /home/git/gitlab/public/uploads

	# Copy the example Puma config
	cp /home/git/gitlab/config/puma.rb{.example,}

	# Configure Git global settings for git user, useful when editing via web
	# Edit user.email according to what is set in gitlab.yml
	git config --global user.name "GitLab"
	git config --global user.email "gitlab@openpyme.mx"

	cp /home/git/gitlab/config/database.yml{.postgresql,}
	vi /home/git/gitlab/config/database.yml

	logout

	cd /home/git/gitlab

	gem install charlock_holmes --version '0.6.9.4'
	yum install libpqxx-devel -y

	su - git

	cd /home/git/gitlab

	# For postgresql db
	bundle config build.pg --with-pg-config=/usr/pgsql-9.2/bin/pg_config
	bundle install --deployment --without development test mysql

	## Restore backup
	mkdir tmp/backups

	## Upload backup file and ensure that have the correct owner
	bundle exec rake gitlab:backup:restore RAILS_ENV=production

	## Create satellites for repos
	bundle exec rake gitlab:satellites:create RAILS_ENV=production

	logout

	## Double check the url for this next one!!

	curl https://raw.github.com/gitlabhq/gitlab-recipes/master/init.d/gitlab-centos > /etc/init.d/gitlab
	chmod +x /etc/init.d/gitlab
	chkconfig --add gitlab

	# Make GitLab start on boot:

	chkconfig gitlab on

	#Start your GitLab instance:

	service gitlab start

	## Configure mail for gitlab
	cp config/initializers/smtp_settings.rb{.sample,}

	## Edit file for reflect our needs
	vi config/initializers/smtp_settings.rb

	## Change send mail settings on config/enviroments/production.rb
	vi config/enviroments/production.rb

	## Reboot for initializate all services
	reboot

	## Install ajenti for graphical administration
	cd /tmp
	wget http://repo.ajenti.org/ajenti-repo-1.0-1.noarch.rpm
	rpm -i ajenti-repo-1.0-1.noarch.rpm
	yum install ajenti -y
	service ajenti restart
	chkconfig ajenti on

	# Instalación de impresora
	yum install cups
	vi /etc/cups/cupsd.conf

	## Add follow lines

	# Listen from local network
	Listen 192.168.1.2:631

	# Restrict access to the server...
	<Location />
	Order allow,deny
	allow 192.168.1.0/24
	</Location>

	# Restrict access to the admin pages...
	<Location /admin>
	Order allow,deny
	allow 192.168.1.0/24
	</Location>

	# Install drivers
	yum install gutenprint gutenprint-cups
	yum install foomatic gutenprint-foomatic