Last active
September 22, 2017 18:08
-
-
Save agb80/89cb701479b2f35d83dd66785ff9d76d to your computer and use it in GitHub Desktop.
Como configuré e instalé el servidor Centos 6.6 que tenemos en la oficina
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Habilitar ssh | |
#flush de todas las reglas y todos los chains | |
iptables -F | |
#trafico entrante | |
iptables -A INPUT -m state --state ESTABLISHED,RELATED -m comment --comment "Aceptar conexiones existentes" -j ACCEPT | |
iptables -A INPUT -p icmp -m comment --comment "Aceptar ping" -j ACCEPT | |
iptables -A INPUT -i lo -m comment --comment "Aceptar conexiones internas" -j ACCEPT | |
iptables -A INPUT -m state --state NEW -p tcp --dport 22 -m comment --comment "Aceptar puerto 22" -j ACCEPT | |
iptables -A INPUT -m state --state NEW -p tcp --dport 80 -m comment --comment "Aceptar puerto 80" -j ACCEPT | |
iptables -A INPUT -m state --state NEW -p tcp --dport 443 -m comment --comment "Aceptar puerto 443" -j ACCEPT | |
iptables -A INPUT -m state --state NEW -p tcp --dport 25 -m limit --limit 1/second --limit-burst 2 -j ACCEPT | |
iptables -A INPUT -m state --state NEW -p tcp --dport 25 -j LOG --log-prefix "Ataque DOS puerto 25" | |
iptables -A INPUT -m comment --comment "Eliminar todo lo demás" -j DROP | |
#trafico saliente | |
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -m comment --comment "Aceptar conexiones salientes existentes" -j ACCEPT | |
iptables -A OUTPUT -m state --state NEW -p tcp --dport 22 -m comment --comment "Aceptar puerto 22 saliente" -j ACCEPT | |
#trafico interno | |
iptables -A FORWARD -m comment --comment "Aceptar todo el tráfico interno" -j ACCEPT | |
/sbin/service iptables save | |
## Configure eth0 | |
# | |
# vi /etc/sysconfig/network-scripts/ifcfg-eth0 | |
DEVICE="eth0" | |
NM_CONTROLLED="yes" | |
ONBOOT=yes | |
HWADDR=A4:BA:DB:37:F1:04 | |
TYPE=Ethernet | |
BOOTPROTO=static | |
NAME="System eth0" | |
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 | |
IPADDR=192.168.1.44 | |
NETMASK=255.255.255.0 | |
## Configure Default Gateway | |
# | |
# vi /etc/sysconfig/network | |
NETWORKING=yes | |
HOSTNAME=centos6 | |
GATEWAY=192.168.1.1 | |
## Restart Network Interface | |
# | |
/etc/init.d/network restart | |
## Configure DNS Server | |
# | |
# vi /etc/resolv.conf | |
nameserver 8.8.8.8 # Replace with your nameserver ip | |
## Update server | |
yum update | |
## Installing Postgres | |
rpm -Uvh http://yum.postgresql.org/9.2/redhat/rhel-6-x86_64/pgdg-centos92-9.2-6.noarch.rpm | |
yum install postgresql92 postgresql92-server postgresql92-contrib | |
su - postgres -c /usr/pgsql-9.2/bin/initdb | |
# Starting postgresql | |
service postgresql-9.2 start | |
## Start PostgreSQL 9.2 on every boot ## | |
chkconfig --levels 235 postgresql-9.2 on | |
## Create openerp user on postgresql | |
su - postgres -c "createuser --superuser openerp" | |
## Enable epel repo | |
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm | |
## Add openerp user with home on /opt/openerp | |
sudo adduser openerp --home /opt/openerp | |
## Install nginx | |
vi /etc/yum.repos.d/nginx.repo | |
[nginx] | |
name=nginx repo | |
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ | |
gpgcheck=0 | |
enabled=1 | |
yum install nginx -y | |
## Turning on nginx service | |
chkconfig nginx on | |
## Configuring nginx for serve as proxy reverse to OpenRestarant | |
cd /etc/nginx/ | |
# Change include /etc/nginx/conf.d/*.conf; with include /etc/nginx/sites-enabled/*.conf; | |
vi nginx.conf | |
## Add rule | |
proxy_cache_path /var/cache/nginx/nginx_cache levels=1:2 keys_zone=static:10m inactive=24h max_size=1g; | |
mv conf.d sites-available | |
mkdir sites-enabled | |
# Insert our custom nginx file here | |
vi sites-available/openerp.conf | |
ln -s /etc/nginx/sites-available/openerp.conf sites-enabled/openerp.conf | |
## Create cache files | |
mkdir /var/cache/nginx/nginx_cache -p | |
service nginx start | |
## Install gitlab | |
cd /tmp | |
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm | |
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt | |
rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm | |
rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm | |
yum install git-1.7.11.3-1.el6.rfx.x86_64 --enablerepo="rpmfoge-extras" | |
yum -y groupinstall 'Development Tools' | |
### 'Additional Development' | |
yum -y install vim-enhanced httpd readline readline-devel ncurses-devel gdbm-devel glibc-devel \ | |
tcl-devel openssl-devel curl-devel expat-devel db4-devel byacc \ | |
sqlite-devel gcc-c++ libyaml libyaml-devel libffi libffi-devel \ | |
libxml2 libxml2-devel libxslt libxslt-devel libicu libicu-devel \ | |
system-config-firewall-tui python-devel redis sudo perl-Time-HiRes wget \ | |
crontabs logwatch logrotate sendmail-cf qtwebkit qtwebkit-devel | |
chkconfig redis on | |
cd /etc/nginx/ | |
vi sites-available/gitlab.conf | |
# Configure mail | |
cd /etc/mail | |
vim /etc/mail/sendmail.mc | |
# uncomment & corrrect | |
define(`SMART_HOST', `smtp.example.com')dnl | |
# change to | |
dnl EXPOSED_USER(`root')dnl | |
make | |
chkconfig sendmail on | |
service sendmail start | |
## Install ruby | |
mkdir /tmp/ruby && cd /tmp/ruby | |
wget http://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p392.tar.gz | |
tar xfvz ruby-1.9.3-p392.tar.gz | |
cd ruby-1.9.3-p392 | |
./configure | |
make | |
make install | |
gem install bundler | |
## Add user | |
adduser \ | |
--system \ | |
--shell /bin/bash \ | |
--comment 'Git Version Control' \ | |
--create-home \ | |
--home-dir /home/git \ | |
git | |
## Add postgresql user | |
su - postgres | |
CREATE USER gitlab WITH PASSWORD 'gitlab'; | |
CREATE DATABASE gitlabhq_production; | |
GRANT ALL PRIVILEGES ON DATABASE gitlabhq_production TO gitlab; | |
Ctrl+D | |
exit | |
# Go to home directory | |
cd /home/git | |
# Clone gitlab shell | |
git clone https://github.com/gitlabhq/gitlab-shell.git | |
cd gitlab-shell | |
# switch to right version | |
git checkout v1.4.0 | |
cp config.yml.example config.yml | |
# Edit config and replace gitlab_url | |
# with 'http://gitlab.fedrojesa.dtdns.net/' | |
vim config.yml | |
# Do setup | |
./bin/install | |
# We'll install GitLab into home directory of the user "git" | |
cd /home/git | |
# Clone GitLab repository | |
git clone https://github.com/gitlabhq/gitlabhq.git gitlab | |
# Go to gitlab dir | |
cd /home/git/gitlab | |
# Checkout to stable release | |
git checkout 5-4-stable | |
cp /home/git/gitlab/config/gitlab.yml{.example,} | |
vim /home/git/gitlab/config/gitlab.yml | |
# Make sure GitLab can write to the log/ and tmp/ directories | |
chown -R git /home/git/gitlab/log/ | |
chown -R git /home/git/gitlab/tmp/ | |
chmod -R u+rwX /home/git/gitlab/log/ | |
chmod -R u+rwX /home/git/gitlab/tmp/ | |
# Create directory for satellites | |
mkdir /home/git/gitlab-satellites | |
# Create directories for sockets/pids and make sure GitLab can write to them | |
mkdir /home/git/gitlab/tmp/pids/ | |
mkdir /home/git/gitlab/tmp/sockets/ | |
chmod -R u+rwX /home/git/gitlab/tmp/pids/ | |
chmod -R u+rwX /home/git/gitlab/tmp/sockets/ | |
# Create public/uploads directory otherwise backup will fail | |
mkdir /home/git/gitlab/public/uploads | |
chmod -R u+rwX /home/git/gitlab/public/uploads | |
# Copy the example Puma config | |
cp /home/git/gitlab/config/puma.rb{.example,} | |
# Configure Git global settings for git user, useful when editing via web | |
# Edit user.email according to what is set in gitlab.yml | |
git config --global user.name "GitLab" | |
git config --global user.email "gitlab@openpyme.mx" | |
cp /home/git/gitlab/config/database.yml{.postgresql,} | |
vi /home/git/gitlab/config/database.yml | |
logout | |
cd /home/git/gitlab | |
gem install charlock_holmes --version '0.6.9.4' | |
yum install libpqxx-devel -y | |
su - git | |
cd /home/git/gitlab | |
# For postgresql db | |
bundle config build.pg --with-pg-config=/usr/pgsql-9.2/bin/pg_config | |
bundle install --deployment --without development test mysql | |
## Restore backup | |
mkdir tmp/backups | |
## Upload backup file and ensure that have the correct owner | |
bundle exec rake gitlab:backup:restore RAILS_ENV=production | |
## Create satellites for repos | |
bundle exec rake gitlab:satellites:create RAILS_ENV=production | |
logout | |
## Double check the url for this next one!! | |
curl https://raw.github.com/gitlabhq/gitlab-recipes/master/init.d/gitlab-centos > /etc/init.d/gitlab | |
chmod +x /etc/init.d/gitlab | |
chkconfig --add gitlab | |
# Make GitLab start on boot: | |
chkconfig gitlab on | |
#Start your GitLab instance: | |
service gitlab start | |
## Configure mail for gitlab | |
cp config/initializers/smtp_settings.rb{.sample,} | |
## Edit file for reflect our needs | |
vi config/initializers/smtp_settings.rb | |
## Change send mail settings on config/enviroments/production.rb | |
vi config/enviroments/production.rb | |
## Reboot for initializate all services | |
reboot | |
## Install ajenti for graphical administration | |
cd /tmp | |
wget http://repo.ajenti.org/ajenti-repo-1.0-1.noarch.rpm | |
rpm -i ajenti-repo-1.0-1.noarch.rpm | |
yum install ajenti -y | |
service ajenti restart | |
chkconfig ajenti on | |
# Instalación de impresora | |
yum install cups | |
vi /etc/cups/cupsd.conf | |
## Add follow lines | |
# Listen from local network | |
Listen 192.168.1.2:631 | |
# Restrict access to the server... | |
<Location /> | |
Order allow,deny | |
allow 192.168.1.0/24 | |
</Location> | |
# Restrict access to the admin pages... | |
<Location /admin> | |
Order allow,deny | |
allow 192.168.1.0/24 | |
</Location> | |
# Install drivers | |
yum install gutenprint gutenprint-cups | |
yum install foomatic gutenprint-foomatic |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment