Skip to content

Instantly share code, notes, and snippets.

@foopod
Last active Feb 25, 2017
Embed
What would you like to do?

NOTE: the below was done on Ubuntu 16.04

Set up hostname - Google how to do this

add to /etc/hosts/

45.79.77.214 bessie

Making SSH directory? I think

mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/

Copy ssh pubkey to this directory

Edit SSHD config

sudo nano /etc/ssh/sshd_config

and disable root login and comment out password login

PermitRootLogin no #PasswordAuthentication yes

and add a line to only allow access on ipv4

'AddressFamily inet' | sudo tee -a /etc/ssh/sshd_config

restart sshd

sudo systemctl restart sshd

check what else is running on ports (might want to disable anything unnecessary)

sudo netstat -tulpn

update system

sudo apt-get update && sudo apt-get upgrade

install apache

sudo apt-get install apache2

enable headers and expires

sudo a2enmod headers

sudo a2enmod expires

turn off Keep alive to save on ram in apache2.conf

KeepAlive Off

set up cache control headers

<IfModule mod_expires.c>
        ExpiresActive On
        ExpiresDefault "access plus 1 seconds"
        ExpiresByType text/html "access plus 1 hour"
        ExpiresByType image/gif "access plus 1 year"
        ExpiresByType image/jpeg "access plus 1 year"
        ExpiresByType image/png "access plus 1 year"
        ExpiresByType text/css "access plus 1 week"
        ExpiresByType text/javascript "access plus 1 week"
        ExpiresByType application/x-javascript "access plus 1 week"
        ExpiresByType text/xml "access plus 1 week" 
</IfModule>

Copy the default config and make one for each site

/etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/jonoshields.com.conf

sudo nano /etc/apache2/sites-available/jonoshields.com.conf

something like this...

<Directory /var/www/html/jonoshields.com/public_html>
        Require all granted
</Directory>

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName jonoshields.com
        ServerAlias www.jonoshields.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/jonoshields.com/public_html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog /var/www/html/jonoshields.com/logs/error.log
        CustomLog /var/www/html/jonoshields.com/logs/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

make the directorys mentioned above...

sudo mkdir -p /var/www/html/jonoshields.com/{public_html,logs}

enable config on apache site

sudo a2ensite jonoshields.com.conf

disable default config

sudo a2dissite 000-default.conf

restart apache

sudo systemctl reload apache2

install ruby via rvm

curl -L https://get.rvm.io | bash -s stable --ruby=2.0.0

make ruby global

rvm gemset use global

install bundler

gem install bundler

install git

sudo apt install git

install letsencrypt

sudo apt-get install python-letsencrypt-apache

setup ssl for domain

sudo letsencrypt --apache -d hashbrown.club

to renew certs run

sudo letsencrypt renew

add this to crontab

sudo crontab -e

30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log

Done.... for now

Added http2 support https://www.digitalocean.com/community/questions/enable-http2-in-apache-on-ubuntu-16-04 & https://launchpad.net/~ondrej/+archive/ubuntu/apache2

Issues:

  • Trying to restart apache2 - Failed to restart apache2.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files. See system logs and 'systemctl status apache2.service' for details.

  • Trying check for apache errors and get fullchain.pem missing

The aboves issues were fixed by using sudo.

Bot jobs:

  • Create new virtual host
    • Create directory for files
    • Create configuration for host
  • Set up ssl
  • Clone and build

Future steps:

  • Set up Hubot with either twitter or fb integration for automated deployments
  • Add hubot webhooks to autodeploy github projects - https://www.npmjs.com/package/hubot-github-webhook-listener
  • Scripts to add apache configs for new projects
  • autodeploy scripts from github repo updates
  • auto ssl scripts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment