benbonnet/gist:87ead45d11f2ba9c076531391930cc41

## gistfile1.txt
upstream railsapp {
  server unix:///path/to/app/shared/tmp/sockets/puma.sock;
}

location / {
  proxy_pass http://railsapp;
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto https;
  proxy_set_header X-Forwarded-Ssl on;
}

-- /usr/local/openresty/nginx/conf/nginx.conf
-- # Debugging -> tail -F /usr/local/openresty/nginx/logs/error.log
user www-data;
events {
  worker_connections 1024;
}

http {
  lua_shared_dict auto_ssl 1m;
  lua_shared_dict auto_ssl_settings 64k;
  resolver 8.8.8.8 ipv6=off;

  init_by_lua_block {
    auto_ssl = (require "resty.auto-ssl").new()
    auto_ssl:set("allow_domain", function(domain)
      return ngx.re.match(domain, "^(deemx.net|dmx.sh|ngx.host)$", "ijo")
    end)
    auto_ssl:init()
  }

  init_worker_by_lua_block {
    auto_ssl:init_worker()
  }

  server {
    listen 443 ssl;
    ssl_certificate_by_lua_block {
      auto_ssl:ssl_certificate()
    }
    ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
    ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
  }

  server {
    listen 80;
    location /.well-known/acme-challenge/ {
      content_by_lua_block {
        auto_ssl:challenge_server()
      }
    }
    location / {
      return 301 https://$server_name$request_uri;
    }
  }

  server {
    listen 127.0.0.1:8999;
    client_body_buffer_size 128k;
    client_max_body_size 128k;

    location / {
      content_by_lua_block {
        auto_ssl:hook_server()
      }
    }
  }
}

## Basics
- sudo apt-get -qq update && \
  sudo apt-get -qq upgrade && \
  sudo apt-get -y install software-properties-common gcc g++ make \
                          git-core curl zlib1g-dev build-essential libssl1.0-dev libreadline-dev libyaml-dev \
                          libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev \
                          libcurl4-openssl-dev software-properties-common libffi-dev \
                          build-essential libpq-dev libmysqlclient-dev curl \
                          dirmngr gnupg zlibc vim

## Open resty

- wget -qO - https://openresty.org/package/pubkey.gpg | sudo apt-key add -
- sudo add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"
- sudo apt-get update
- sudo apt-get -y install openresty
- sudo apt update
- sudo apt install -y luarocks
- sudo luarocks install lua-resty-auto-ssl
- sudo mkdir /etc/resty-auto-ssl
- sudo chown www-data /etc/resty-auto-ssl
- sudo openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509   -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt
- sudo mv /usr/local/openresty/nginx/conf/nginx.conf /usr/local/openresty/nginx/conf/nginx.backup.conf
- sudo vim /usr/local/openresty/nginx/conf/nginx.conf # Adds
- sudo service openresty stop && sudo service openresty start

## NODEJS / YARN
- curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
- curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
- echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
- sudo apt-get update
- sudo apt-get install -y nodejs yarn

## RUBY
- wget https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.3.tar.gz
- tar -xzvf ruby-2.6.3.tar.gz
- cd ruby-2.6.3/
- ./configure
- make
- sudo make install
- ruby -v
- cd && rm -rf ruby-2.6.1*

## GEMS
- cd
- git clone https://github.com/rbenv/rbenv.git ~/.rbenv
- echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
- echo 'eval "$(rbenv init -)"' >> ~/.bashrc
- exec $SHELL
-
- git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
- echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
- exec $SHELL
-
- rbenv install 2.6.1
- rbenv global 2.6.1
- ruby -v

## GIT
- git config --global color.ui true
- git config --global user.name "ben"
- git config --global user.email "ben@dee.mx"
- ssh-keygen -t rsa -b 4096 -C "ben@dee.mx"
- cat ~/.ssh/id_rsa.pub
- ** ADDS TO GITHUB **
- ssh -T git@github.com

## DEPLOYMENT AUTHORIZATION
- mkdir -p /var/www
- sudo chown -R dmx:dmx /var/www
	upstream railsapp {
	server unix:///path/to/app/shared/tmp/sockets/puma.sock;
	}

	location / {
	proxy_pass http://railsapp;
	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header X-Forwarded-Ssl on;
	}

	-- /usr/local/openresty/nginx/conf/nginx.conf
	-- # Debugging -> tail -F /usr/local/openresty/nginx/logs/error.log
	user www-data;
	events {
	worker_connections 1024;
	}

	http {
	lua_shared_dict auto_ssl 1m;
	lua_shared_dict auto_ssl_settings 64k;
	resolver 8.8.8.8 ipv6=off;

	init_by_lua_block {
	auto_ssl = (require "resty.auto-ssl").new()
	auto_ssl:set("allow_domain", function(domain)
	return ngx.re.match(domain, "^(deemx.net\|dmx.sh\|ngx.host)$", "ijo")
	end)
	auto_ssl:init()
	}

	init_worker_by_lua_block {
	auto_ssl:init_worker()
	}

	server {
	listen 443 ssl;
	ssl_certificate_by_lua_block {
	auto_ssl:ssl_certificate()
	}
	ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
	ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
	}

	server {
	listen 80;
	location /.well-known/acme-challenge/ {
	content_by_lua_block {
	auto_ssl:challenge_server()
	}
	}
	location / {
	return 301 https://$server_name$request_uri;
	}
	}

	server {
	listen 127.0.0.1:8999;
	client_body_buffer_size 128k;
	client_max_body_size 128k;

	location / {
	content_by_lua_block {
	auto_ssl:hook_server()
	}
	}
	}
	}

	## Basics
	- sudo apt-get -qq update && \
	sudo apt-get -qq upgrade && \
	sudo apt-get -y install software-properties-common gcc g++ make \
	git-core curl zlib1g-dev build-essential libssl1.0-dev libreadline-dev libyaml-dev \
	libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev \
	libcurl4-openssl-dev software-properties-common libffi-dev \
	build-essential libpq-dev libmysqlclient-dev curl \
	dirmngr gnupg zlibc vim

	## Open resty

	- wget -qO - https://openresty.org/package/pubkey.gpg \| sudo apt-key add -
	- sudo add-apt-repository -y "deb http://openresty.org/package/ubuntu $(lsb_release -sc) main"
	- sudo apt-get update
	- sudo apt-get -y install openresty
	- sudo apt update
	- sudo apt install -y luarocks
	- sudo luarocks install lua-resty-auto-ssl
	- sudo mkdir /etc/resty-auto-ssl
	- sudo chown www-data /etc/resty-auto-ssl
	- sudo openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj '/CN=sni-support-required-for-valid-ssl' -keyout /etc/ssl/resty-auto-ssl-fallback.key -out /etc/ssl/resty-auto-ssl-fallback.crt
	- sudo mv /usr/local/openresty/nginx/conf/nginx.conf /usr/local/openresty/nginx/conf/nginx.backup.conf
	- sudo vim /usr/local/openresty/nginx/conf/nginx.conf # Adds
	- sudo service openresty stop && sudo service openresty start

	## NODEJS / YARN
	- curl -sL https://deb.nodesource.com/setup_8.x \| sudo -E bash -
	- curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg \| sudo apt-key add -
	- echo "deb https://dl.yarnpkg.com/debian/ stable main" \| sudo tee /etc/apt/sources.list.d/yarn.list
	- sudo apt-get update
	- sudo apt-get install -y nodejs yarn

	## RUBY
	- wget https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.3.tar.gz
	- tar -xzvf ruby-2.6.3.tar.gz
	- cd ruby-2.6.3/
	- ./configure
	- make
	- sudo make install
	- ruby -v
	- cd && rm -rf ruby-2.6.1*

	## GEMS
	- cd
	- git clone https://github.com/rbenv/rbenv.git ~/.rbenv
	- echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
	- echo 'eval "$(rbenv init -)"' >> ~/.bashrc
	- exec $SHELL
	-
	- git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
	- echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
	- exec $SHELL
	-
	- rbenv install 2.6.1
	- rbenv global 2.6.1
	- ruby -v

	## GIT
	- git config --global color.ui true
	- git config --global user.name "ben"
	- git config --global user.email "ben@dee.mx"
	- ssh-keygen -t rsa -b 4096 -C "ben@dee.mx"
	- cat ~/.ssh/id_rsa.pub
	- ADDS TO GITHUB
	- ssh -T git@github.com

	## DEPLOYMENT AUTHORIZATION
	- mkdir -p /var/www
	- sudo chown -R dmx:dmx /var/www