Skip to content

Instantly share code, notes, and snippets.

@brunojppb

brunojppb/teamcity_2018_ubuntu_setup.md

Last active September 10, 2021 07:49
Show Gist options
  • Save brunojppb/1c5a95f941f7306a4865766a3316da3e to your computer and use it in GitHub Desktop.
Save brunojppb/1c5a95f941f7306a4865766a3316da3e to your computer and use it in GitHub Desktop.
Download ZIP
Setup TeamCity 2018 on Ubuntu
Raw
teamcity_2018_ubuntu_setup.md

Setting up TeamCity 2018 on Ubuntu

Install Java 8

$ sudo add-apt-repository ppa:webupd8team/java
$ sudo apt-get update
$ sudo apt-get install oracle-java8-installer

Check if Java is running:

$ java -version

You should see something like this:

java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)

Install Postgres

TeamCity supports Postgres, MySQL, MS SQL, Oracle and the Default internal DB. Lets use Postgres in production, as it is super stable that is the one I have more experience with.

$ sudo apt-get -y install postgresql postgresql-contrib

After installing PostgreSQL database server, by default it creates a user postgres with role postgres. It also creates a system account with same name postgres. So to connect to postgres server, login to your system as user postgres and connect database.

To start off, we need to set the password of the PostgreSQL user (role) called postgres we will not be able to access the server externally otherwise. As the local postgres Linux user, we are allowed to connect and manipulate the server using the psql command.

$ sudo -u postgres psql postgres

Now change the postgres user password:

$ \password postgres

Create an user and database for TeamCity 2018

Login on postgres console using postgres account:

$ sudo -u postgres psql

Create database and user for TeamCity

CREATE DATABASE teamcity;
CREATE USER teamcity WITH ENCRYPTED PASSWORD 'teamcity';
GRANT ALL PRIVILEGES ON DATABASE teamcity TO teamcity;

Download TeamCity 2018

$ wget https://download.jetbrains.com/teamcity/TeamCity-2018.1.tar.gz

After downloading the compressed file, unzip it:

$ tar -xzf TeamCity-2018.1.tar.gz

Lets install TeamCity on the opt folder. We have to move it and set permissions to the user running the TeamCity Application:

$ sudo mkdir /opt/JetBrains
$ sudo mv TeamCity /opt/JetBrains/TeamCity
$ cd /opt/JetBrains/TeamCity
$ sudo chown -R <USER_RUNNING_TEAM_CITY> /opt/JetBrains/TeamCity

Now configure TeamCity to run automatically. create a new cript:

$ sudo nano /etc/init.d/teamcity

Now add this content:

#!/bin/sh
### BEGIN INIT INFO
# Provides:          TeamCity autostart
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start teamcity daemon at boot time
# Description:       Enable service provided by daemon.
# /etc/init.d/teamcity -  startup script for teamcity
### END INIT INFO
 
 
#  Ensure you enter the  right  user name that  TeamCity will run  under
USER="agentuser"
 
 
export TEAMCITY_DATA_PATH="/opt/JetBrains/TeamCity/.BuildServer"
 
case $1 in
 
start)
  start-stop-daemon --start  -c $USER --exec /opt/JetBrains/TeamCity/bin/runAll.sh start
 ;;
stop)
  start-stop-daemon --start -c $USER  --exec  /opt/JetBrains/TeamCity/bin/runAll.sh stop
 ;;
 esac
 
exit 0

Change the permissions on the script and add it to startup whenever the server start/stop

$ sudo chmod +x /etc/init.d/teamcity
$ sudo update-rc.d teamcity defaults

Download the Postgres Driver

$ cd /opt/JetBrains/TeamCity/.BuildServer/lib/jdbc # create the folder path if does't exist
$ wget https://jdbc.postgresql.org/download/postgresql-9.4.1212.jar

Now start TeamCity:

sudo /etc/init.d/teamcity start

Now go to http://<DOMAIN_OR_IP_ADDRESS>:8111 and setup the first TeamCity Connection

Add a A Record to your Domain

Add a A Record in your DNS settings pointing your custom domain or subdomain to your VPS IP Address.

Enable NGINX to listen to port 80

install nginx

$ sudo apt-get install nginx

Now create the configuration file for TeamCity be reachable via nginx

$ sudo vim /etc/nginx/sites-available/teamcity

Past the following content:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''   '';
}

server {

    listen       80;
    server_name  <DOMAIN.COM> www.<DOMAIN.COM>;

    proxy_read_timeout     1200;
    proxy_connect_timeout  240;
    client_max_body_size   0;

    location / {

        proxy_pass          http://localhost:8111/;
        proxy_http_version  1.1;
        proxy_set_header    X-Forwarded-For $remote_addr;
        proxy_set_header    Host $server_name:$server_port;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    Connection $connection_upgrade;
    }
}

Create a symlink for the new site (TeamCity) and restart nginx.

$ sudo ln -s /etc/nginx/sites-available/teamcity /etc/nginx/sites-enabled/teamcity
$ sudo service nginx restart

Go to your domain or IP Address. you should see TeamCity running on port 80 (default).

Activating SSL and using LetsEncrypt

First, install Certbot:

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt update
$ sudo apt install python-certbot-nginx

generate the certificate (wildcard in my case as I am using a subdomain):

$ certbot certonly --manual -d *.<DOMAIN.COM> --agree-tos --no-bootstrap --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory

Now copy the presented TXT Record value and go your domain managment tool and set a TXT record. I my case, I am using NameCheap.

Host: _acme-challenge       Value: <KEY_PROVIDED_BY_CERTBOT>

After the DNS propagration, test with the Google Dig tool the TXT records. When it propagates, press enter on the certbot from the previous command.

Now, update nginx configuration:

$ vim /etc/nginx/sites-available/teamcity

Add the following content:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''   '';
}

server {

    server_name  <DOMAIN.COM> www.<DOMAIN.COM>;

    proxy_read_timeout     1200;
    proxy_connect_timeout  240;
    client_max_body_size   0;

    location / {

        proxy_pass          http://localhost:8111/;
        proxy_http_version  1.1;
        proxy_set_header    X-Forwarded-For $remote_addr;
        proxy_set_header    Host $server_name:$server_port;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    Connection $connection_upgrade;
    }

    listen [::]:443 ssl ipv6only=on;
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/<DOMAIN.COM>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<DOMAIN.COM>/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/<DOMAIN.COM>/chain.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
        if ($host = www.<DOMAIN.COM>) {
                return 301 https://$host$request_uri;
        } # managed by Certbot

        listen 80 default_server;
        listen [::]:80 default_server;

        server_name <DOMAIN.COM> www.<DOMAIN.COM>;
        return 404; # managed by Certbot
}

Setting up LetsEncrypt to auto renew the certificate

Edit the weekly cron job to verify the certificate weekly;

$ vim /etc/cron.weekly/letsencrypt

Add the following code:

#!/bin/bash
certbot renew  --text --no-self-upgrade > /var/log/letsencrypt_cron.log 2>&1
service nginx restart

now change the permissions on that script, so it can be executed

$ chmod 755 /etc/cron.weekly/letsencrypt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment