-
-
Save pjammer/ed8fd66f1547d94b6be2 to your computer and use it in GitHub Desktop.
Gentoo server install.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Follow the usual getting started ssh setup plus syncing up emerge, other starters. | |
http://articles.slicehost.com/2010/11/19/gentoo-10-1-setup-part-1 | |
http://articles.slicehost.com/2010/11/19/gentoo-10-1-setup-part-2 | |
For user adding: | |
useradd -m -G wheel -g deployer deployer | |
We had the fortune of updating to openrc; This called for us to do an | |
sudo dispath-conf | |
sudo etc-update | |
I'm pretty sure you do these after all updates, but this one had a scary message that we wouldn't be able to re-log in after. | |
iptables use: | |
https://wiki.archlinux.org/index.php/Simple_Stateful_Firewall file with the line about ssh port appended. | |
Install Git (gets curl needed for rvm) | |
Install Postgresql | |
sudo emerge postgresql-server | |
follow the message below: | |
* Before initializing the database, you may want to edit PG_INITDB_OPTS so that it | |
* contains your preferred locale and character encoding in: | |
* | |
* /etc/conf.d/postgresql-9.0 | |
* Add | |
* PG_INITDB_OPTS="--locale=en_US.UTF-8" | |
* Then, execute the following command to setup the initial database environment: | |
* | |
* emerge --config =dev-db/postgresql-server-9.0.3 | |
ran command and got: | |
* You can change the directory where the database cluster is being created by | |
* setting the PGDATA variable. | |
* | |
* PG_INITDB_OPTS is currently set to: | |
* "--locale=en_US.UTF-8" | |
* and the database cluster will be created in: | |
* "/var/lib/postgresql/9.0/data" | |
Said Y | |
WARNING: enabling "trust" authentication for local connections | |
You can change this by editing pg_hba.conf or using the -A option the | |
next time you run initdb. | |
Success. You can now start the database server using: | |
/usr/lib64/postgresql-9.0/bin/postgres -D /var/lib/postgresql/9.0/data | |
or | |
/usr/lib64/postgresql-9.0/bin/pg_ctl -D /var/lib/postgresql/9.0/data -l logfile start | |
* | |
* You can use the '/etc/init.d/postgresql-9.0' script to run PostgreSQL | |
* instead of 'pg_ctl'. | |
* | |
sudo usermod -a -G postgres deployer | |
/etc/init.d/postgresql-9.0 start | |
sudo rc-update add postgresql-9.0 default | |
Adding above will add postgres run at reboot. | |
** Watch that group, wheels got disenfucked and i couldn't sudo. you'll also need to re log in as deployer for it to stick for some reason... need to find out why ** | |
adding deployer as postgresql user | |
--- | |
createuser --interactive deployer | |
Migrate Database: psql -d db_name -U db_owner_username -W < backup.sql | |
Make sure to use mysql2pgsql gem... worked like a charm in way less time... 10s of minutes less. | |
Install RVM | |
basics. however installing the deps for ruby made me install emerge gentoolkit and used revdep-rebuild. | |
Install ruby-1.9.2p180 | |
rvm install 1.9.2 | |
Install nginx | |
http://sirupsen.com/setting-up-unicorn-with-nginx/ | |
These two configs work. added deployer to nginx group. | |
Install Unicorn | |
gem install unicorn | |
We'll use the default gentoo one with a change to the servername. | |
emerge logrotate and add to /etc/logrotate.conf (sp?) | |
/home/deployer/projectname/log/*.log { | |
daily | |
missingok | |
rotate 14 | |
compress | |
delaycompress | |
notifempty | |
copytruncate | |
create 0666 deployer deployer} | |
emerge monit and edit config at : | |
check process nginx | |
with pidfile /tmp/nginx.pid | |
start program = "/etc/init.d/nginx start " | |
stop program = "/etc/init.d/nginx stop " | |
if failed host IP_ADDRESS port 80 protocol HTTP then restart #set your server IP that runs nginx | |
if 5 restarts with 5 cycles then timeout | |
if cpu is greater than 30% for 2 cycles then alert | |
if cpu is greater than 50% for 5 cycles then restart | |
if totalmem is greater than 50.0 MB for 5 cycles then restart | |
if children is greater than 10 then restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# vars | |
IPT=/sbin/iptables | |
# Flush old rules, old custom tables | |
echo " * flushing old rules" | |
$IPT --flush | |
$IPT --delete-chain | |
# Set default policies for all three default chains | |
echo " * setting default policies" | |
$IPT -P INPUT DROP | |
$IPT -P FORWARD DROP | |
$IPT -P OUTPUT ACCEPT | |
# Enable free use of loopback interfaces | |
echo " * allowing loopback devices" | |
$IPT -A INPUT -i lo -j ACCEPT | |
$IPT -A OUTPUT -o lo -j ACCEPT | |
# All TCP sessions should begin with SYN | |
$IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP | |
# Allow established and related packets | |
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
# Open the following ports | |
echo " * allowing ssh on port 22" | |
$IPT -A INPUT -p tcp --dport 22200 -m state --state NEW -j ACCEPT | |
echo " * allowing dns on port 53" | |
$IPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT | |
echo " * allowing http on port 80" | |
$IPT -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT | |
echo " * allowing https on port 443" | |
$IPT -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT | |
echo " * allowing ping responses" | |
$IPT -A INPUT -p ICMP --icmp-type 8 -j ACCEPT | |
# DROP everything else and Log it | |
$IPT -A INPUT -j LOG | |
$IPT -A INPUT -j DROP | |
# | |
# Save settings | |
# | |
echo " * saving settings" | |
/etc/init.d/iptables save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment