NOTE: the below was done on Ubuntu 16.04
Set up hostname - Google how to do this
add to /etc/hosts/
45.79.77.214 bessie
Making SSH directory? I think
mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/
Copy ssh pubkey to this directory
Edit SSHD config
sudo nano /etc/ssh/sshd_config
and disable root login and comment out password login
PermitRootLogin no
#PasswordAuthentication yes
and add a line to only allow access on ipv4
'AddressFamily inet' | sudo tee -a /etc/ssh/sshd_config
restart sshd
sudo systemctl restart sshd
check what else is running on ports (might want to disable anything unnecessary)
sudo netstat -tulpn
update system
sudo apt-get update && sudo apt-get upgrade
install apache
sudo apt-get install apache2
enable headers and expires
sudo a2enmod headers
sudo a2enmod expires
turn off Keep alive to save on ram in apache2.conf
KeepAlive Off
set up cache control headers
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 1 hour"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 week"
ExpiresByType text/javascript "access plus 1 week"
ExpiresByType application/x-javascript "access plus 1 week"
ExpiresByType text/xml "access plus 1 week"
</IfModule>
Copy the default config and make one for each site
/etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/jonoshields.com.conf
sudo nano /etc/apache2/sites-available/jonoshields.com.conf
something like this...
<Directory /var/www/html/jonoshields.com/public_html>
Require all granted
</Directory>
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName jonoshields.com
ServerAlias www.jonoshields.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/jonoshields.com/public_html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog /var/www/html/jonoshields.com/logs/error.log
CustomLog /var/www/html/jonoshields.com/logs/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
make the directorys mentioned above...
sudo mkdir -p /var/www/html/jonoshields.com/{public_html,logs}
enable config on apache site
sudo a2ensite jonoshields.com.conf
disable default config
sudo a2dissite 000-default.conf
restart apache
sudo systemctl reload apache2
install ruby via rvm
curl -L https://get.rvm.io | bash -s stable --ruby=2.0.0
make ruby global
rvm gemset use global
install bundler
gem install bundler
install git
sudo apt install git
install letsencrypt
sudo apt-get install python-letsencrypt-apache
setup ssl for domain
sudo letsencrypt --apache -d hashbrown.club
to renew certs run
sudo letsencrypt renew
add this to crontab
sudo crontab -e
30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log
Done.... for now
Added http2 support https://www.digitalocean.com/community/questions/enable-http2-in-apache-on-ubuntu-16-04 & https://launchpad.net/~ondrej/+archive/ubuntu/apache2
Issues:
-
Trying to restart apache2 -
Failed to restart apache2.service: The name org.freedesktop.PolicyKit1 was not provided by any .service files. See system logs and 'systemctl status apache2.service' for details.
-
Trying check for apache errors and get fullchain.pem missing
The aboves issues were fixed by using sudo.
Bot jobs:
- Create new virtual host
- Create directory for files
- Create configuration for host
- Set up ssl
- Clone and build
Future steps:
- Set up Hubot with either twitter or fb integration for automated deployments
- Add hubot webhooks to autodeploy github projects - https://www.npmjs.com/package/hubot-github-webhook-listener
- Scripts to add apache configs for new projects
- autodeploy scripts from github repo updates
- auto ssl scripts