-
-
Save ancorcruz/481697 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Login and change root password | |
| # create the user account you are going to use to connect | |
| adduser myuser | |
| # add the user to sudoers | |
| visudo | |
| #add a line like this at the end | |
| myuser ALL=(ALL) ALL | |
| #try logging in through ssh with that user | |
| #and then sudoing to root | |
| su - myuser | |
| mkdir .ssh | |
| vim .ssh/authorized_keys | |
| #paste inside your public key | |
| #set appropiate permissions | |
| chmod 700 .ssh | |
| chmod 600 .ssh/authorized_keys | |
| # log out and try to login via SSH and public key | |
| # it should work by now | |
| # edit the SSH configuration | |
| # in AllowUsers put all the users that should have ssh access, if root should too then put him as well | |
| PasswordAuthentication no | |
| X11Forwarding no | |
| UsePAM no | |
| UseDNS no | |
| AllowUsers myuser | |
| #restart SSH and verify it works correctly | |
| # Now time to install the firewall | |
| aptitude install -y shorewall | |
| #if you are going to have just one eth interface | |
| # you can copy all the files (besides the readme file) from the example directory | |
| cp /usr/share/doc/shorewall-common/examples/one-interface/* /etc/shorewall/ | |
| rm /etc/shorewall/README.txt | |
| # edit the rules file to your needs | |
| vim /etc/shorewall/rules | |
| #some useful examples | |
| HTTPS/ACCEPT net $FW | |
| HTTP/ACCEPT net $FW | |
| SSH/ACCEPT net $FW | |
| SMTP/ACCEPT net $FW | |
| # after editing to try your new rules | |
| shorewall safe-start | |
| # Once you have accepted your new config set it start on boot | |
| # set startup=1 in /etc/default/shorewall | |
| # set STARTUP_ENABLED=Yes in /etc/shorewall/shorewall.conf | |
| # Install build-essentials, ruby, etc. | |
| # instala y configura ruby, rubygems, rails y apache | |
| aptitude install build-essential -y | |
| aptitude install ruby1.8-dev libzlib-ruby zlib1g -y | |
| aptitude install libpcre3-dev libpcre3 openssl libssl-dev libopenssl-ruby -y | |
| aptitude install sqlite3 libsqlite3-dev libsqlite3-ruby -y | |
| #if you are going to use mysql | |
| aptitude install mysql-server mysql-client libmysqlclient15-dev libmysqlclient15off zlib1g-dev libmysql-ruby1.8 -y | |
| #if you are going to use postgresql | |
| aptitude install postgresql libpq-dev -y | |
| aptitude install apache2 apache2-prefork-dev -y | |
| # extra package | |
| aptitude install shared-mime-info -y | |
| # update the locales | |
| sudo locale-gen en_GB.UTF-8 | |
| ... | |
| sudo /usr/sbin/update-locale LANG=en_GB.UTF-8 | |
| #wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p173.tar.gz | |
| #tar xvfz ruby-1.8.7-p173.tar.gz | |
| #cd ruby-1.8.7-p173 | |
| #./configure | |
| #make | |
| #sudo make install | |
| # Install rvm and ruby 1.8.7 (http://rvm.beginrescueend.com/rvm/install/) | |
| bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head ) | |
| echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm"' >> ~/.profile | |
| source ~/.profile | |
| source ~/.rvm/scripts/rvm | |
| rvm install 1.8.7 | |
| rvm use 1.8.7 --default | |
| #Install readline for ruby | |
| #aptitude install libncurses-dev libreadline-dev | |
| #cd ruby-1.8.7-p173/ext/readline | |
| #ruby extconf.rb | |
| #make | |
| #sudo make install | |
| # install rubygems | |
| #wget http://rubyforge.org/frs/download.php/60718/rubygems-1.3.5.tgz | |
| #tar zxvf rubygems-1.3.5.tgz | |
| #cd rubygems-1.3.4/ | |
| #ruby setup.rb | |
| #cd .. | |
| #rm -rf rubygems-1.3.5 | |
| # install and configure passenger | |
| rvm 1.8.7 --passenger | |
| rvm 1.8.7 | |
| gem install passenger | |
| rvmsudo passenger-install-apache2-module | |
| # paste the config output into /etc/apache2/httpd.conf | |
| #Sample: use your home path instead /home/deployer/ | |
| sudo echo "LoadModule passenger_module /home/deployer/.rvm/gems/ruby-1.8.7-p299/gems/passenger-2.2.15/ext/apache2/mod_passenger.so' > /etc/apache2/httpd.conf | |
| sudo echo 'PassengerRoot /home/deployer/.rvm/gems/ruby-1.8.7-p299/gems/passenger-2.2.15' >> /etc/apache2/httpd.conf | |
| sudo echo 'PassengerRuby /home/deployer/.rvm/bin/passenger_ruby' >> /etc/apache2/httpd.conf | |
| # install rails e.g. | |
| gem install rails --version=2.3.5 --no-rdoc --no-ri | |
| # install the gems to access the db e.g. | |
| gem install sqlite3-ruby mysql --no-rdoc --no-ri | |
| # you might want to install git | |
| aptitude install git-core | |
| # generate SSH public key | |
| ssh-keygen -t dsa | |
| ## SETUP EMAIL | |
| # Setup hostname and DNS | |
| # In /etc/hostname put your FQDN e.g. mail.aentos.net | |
| # In /etc/hosts add a line like this | |
| 127.0.0.1 mail.aentos.net | |
| Your file should look like this: | |
| 127.0.0.1 localhost localhost.localdomain | |
| 127.0.0.1 mail.aentos.net | |
| #reboot and check that hostname -f returns the correct FQDN | |
| ~$ hostname -f | |
| mail.aentos.net | |
| # Setup the reverse DNS to point to your FQDN | |
| This is done in Slicehost Manage | |
| # install postfix and other helpful packages | |
| aptitude install postfix telnet mailx -y | |
| # If you want to have local email delivered to your own email account add some aliases to /etc/aliases | |
| postmaster: root | |
| root: alberto | |
| alberto: alberto.perdomo@aentos.es | |
| #reload aliases | |
| newaliases | |
| #Edit the postfix settings file | |
| vim /etc/postfix/main.cf | |
| #Change the settings to something like this: | |
| myhostname = mail.aentos.net | |
| alias_maps = hash:/etc/aliases | |
| alias_database = hash:/etc/aliases | |
| myorigin = $mydomain | |
| mydestination = $mydomain, localhost.$mydomain, localhost | |
| relayhost = | |
| mynetworks = 127.0.0.0/8 | |
| mailbox_size_limit = 0 | |
| recipient_delimiter = + | |
| inet_interfaces = all | |
| #if you are using rails, TLS might bug you with an error, maybe turn it off | |
| smtpd_use_tls=no | |
| #restart postfix | |
| /etc/init.d/postfix restart | |
| #test sending an email | |
| mail user@example.com | |
| Subject: test | |
| test | |
| . | |
| Cc: | |
| #If you want to prevent services like gmail etc. considering your email as spam set some SPF records for the domain | |
| http://articles.slicehost.com/2008/8/8/email-setting-a-sender-policy-framework-spf-record | |
| #This wizard might be of help: http://old.openspf.org/wizard.html | |
| #Apache settings | |
| #We don't want curious people to see which version of apache/modules we are running etc. | |
| #In /etc/apache2/apache.conf make this changes in settings | |
| ServerTokens Prod (this will return only Apache as String) | |
| ServerSignature Off (turn off signature in server headers) | |
| #Put a default server name in /etc/apache2/httpd.conf | |
| ServerName myserver.com | |
| #If you are going to use virtual hosts in your apache config be sure to setup a default virtual host for requests with an un expected (not configured) domain name. The easiest way is to use the default site created by the apache installation because it's enabled as 000-default and apache will take the first virtualhost as default | |
| #Sample /etc/apache2/sites-available/default | |
| NameVirtualHost * | |
| <VirtualHost *> | |
| ServerAdmin webmaster@localhost | |
| ServerName foo.triphq.net | |
| ErrorLog /var/log/apache2/error.log | |
| # Possible values include: debug, info, notice, warn, error, crit, | |
| # alert, emerg. | |
| LogLevel warn | |
| CustomLog /var/log/apache2/access.log combined | |
| DocumentRoot /var/www/ | |
| <Directory /> | |
| Options FollowSymLinks | |
| AllowOverride None | |
| </Directory> | |
| <Directory /var/www/> | |
| Options Indexes FollowSymLinks MultiViews | |
| AllowOverride None | |
| Order allow,deny | |
| allow from all | |
| </Directory> | |
| </VirtualHost> | |
| # We also customize the index.html because we don't like the standard "It works!" message. This is the one we are going to use (/var/www/index.html): | |
| <html><body><h1>The server encountered an error. Please send flowers.</h1></body></html> | |
| # Then you'll need to create a new site for your rails app | |
| <VirtualHost *> | |
| ServerAdmin info@myapp.com | |
| ServerName myapp.com | |
| ErrorLog /var/log/apache2/myapp.com_error.log | |
| CustomLog /var/log/apache2/myapp.com_access.log combined | |
| # Possible values include: debug, info, notice, warn, error, crit, | |
| # alert, emerg. | |
| LogLevel warn | |
| # set to lower timeout value | |
| Timeout 45 | |
| DocumentRoot /var/www/myapp/current/public/ | |
| RailsEnv production | |
| <Directory "/var/www/myapp/current/public/"> | |
| Options FollowSymLinks | |
| AllowOverride None | |
| Order allow,deny | |
| Allow from all | |
| </Directory> | |
| # gzip html, css and js | |
| AddOutputFilterByType DEFLATE text/html text/css application/x-javascript application/javascript | |
| # far future expires headers | |
| ExpiresActive on | |
| ExpiresByType image/png "now plus 365 days" | |
| ExpiresByType image/jpeg "now plus 365 days" | |
| ExpiresByType image/gif "now plus 365 days" | |
| </VirtualHost> | |
| #Sample: create mysql user | |
| mysql -u root -p | |
| CREATE USER 'sample_user'@'localhost' IDENTIFIED BY 'sample_password'; | |
| GRANT ALL PRIVILEGES ON `sample_user\_%` .* TO 'sample_user'@'localhost'; | |
| RAILS_ENV=sample_env rake db:create |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment