Overall Installation of Easy Engine on Linode
- Choose overall linode plan
- Configure Linode server based on EE Guidelines Ubuntu 64bit 14.04 LTS distro. Note: Make sure to configure swap based on guidlines link
- Login to Linode via
SSH
withroot
user. - Setup
www-data
as day to day user.(document password and pass along to project lead)
- www-data user already exists in the system. So we just need to enable its ssh login & set its password.
vim /etc/passwd
- Find out this line :
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
- And replace it with this line :
www-data:x:33:33:www-data:/var/www:/bin/bash
- This will enable ssh login for
www-data
- Then set password for
www-data
. Run this commandpasswd www-data
and document the password.
- Setup
SSH
Keys forroot
account
- On local machine(osx):
scp ~/.ssh/id_rsa.pub root@XX.XXX.XX.X<replace with linode ip>
: - On linode server:
mkdir .ssh
thenmv id_rsa.pub .ssh/authorized_keys
- On linode modify permissions:
chown -R root:root .ssh
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
- logout of linode server and test without password:
ssh root@XX.XXX.XX.X
(if succees all is well!)
- Setup
SSH
keys forwww-data
account
- On local machine(osx):
scp ~/.ssh/id_rsa.pub root@XX.XXX.XX.X<replace with linode ip>
: - On linode server:
mkdir /var/www/.ssh
thenmv id_rsa.pub /var/www/.ssh/authorized_keys
- On linode modify permissions:
chown -R www-data:www-data /var/www/.ssh
chmod 700 /var/www/.ssh
chmod 600 /var/www/.ssh/authorized_keys
- logout of linode server and test without password:
ssh www-data@XX.XXX.XX.X
(if succees all is well!)
Disable password authentication and root login for security
Edit the sshd_config:sudo vi /etc/ssh/sshd_config
ChangePermitRootLogin
fromyes
tono
Restart ssh:sudo service ssh restart
- Set hostname more info. Switch to root user first:
su root
echo "<hostname_here>" > /etc/hostname
hostname -F /etc/hostname
- Also add hostname entry in /etc/hosts in front of 127.0.0.1
- Logout and check to make sure hostname was set, you should see username@hostname
- Update time zone on server (must be root)
su root
dpkg-reconfigure tzdata
- Login to server if not logged in and run package updates (Use root):
sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
- Install WGET
sudo apt-get install wget
- Install Easy Engine
wget -qO ee rt.cx/ee && sudo bash ee
- Enter Details:
Enter your name [root]: MoxieDeveloper
Enter your email address [root@]: developer@getmoxied.net
- Add A Site via site create command:
ee site create example.com --w3tc
(uses w3 total cache)
- If at all, above command gives you following error,
then run following command and try again with the command in Step-5.
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4F4EA0AAE5267A6C
This should fix the issue for you. Ref : EasyEngine/easyengine#507
##Miscellaneous Configurations Below are some miscellaneous task for configuring Linode servers for common tasks.
You need to give permission to www-data
for executing ee
commands. ee
script is at /usr/local/sbin/ee
location on server. So we need to allow this path for www-data
user via visudo
utility.
- Login with
root
user:ssh root@xx.xx.xx.xx
- Get the path of
ee
script.:which ee
. In some cases, it will show up/usr/local/sbin/ee
or in some cases it will show up/usr/local/bin/ee
- Edit the
sudoers
file:vi /etc/sudoers
orvisudo
- Append this line at the end of the file:
www-data ALL=NOPASSWD: /ee/path/from/step-2
- Save the file and you're done.
####Configure Http Authorization for NGINX
NOTE : This part is not required since it is already handled by EasyEngine. Don't forget to document AUTH password when you setup EasyEngine for first time. To be precise, when you create the first site with EasyEngine.
- Install Apache Utils:
apt-get install apache2-utils
- Add htpasswd:
htpasswd -c /etc/nginx/conf.d/.htpasswd username
- Add the code to enable the http auth in your nginx .conf file
/etc/nginx/sites-available/sitename/
under server block:
auth_basic "Restricted"
auth_basic_user_file /etc/nginx/conf.d/.htpasswd
- Restart nginx:
sudo service nginx restart
- Login to server via ssh.
ssh root@XX.XXX.XX.XXX
ee secure --auth
- It will ask for new username & new password.
- Set your new username & password. And you're done !
Ref : http://docs.rtcamp.com/easyengine/commands/secure/
Let's say you want to hide a site, staging.example.com from public access. You can put it under HTTP Auth Check with EasyEngine. EasyEngine already supports HTTP Auth in-built.
You just need to update following changes in the nginx config file of the site.
- Login to server via ssh.
ssh root@XX.XXX.XX.XXX
ee site edit staging.example.com
- Add following line at the end inside
server
block. include common/acl.conf;
- Save the file. And you're done !
Test the staging.example.com site. When you try to access the site, it will ask you for HTTP Auth username & password.
####Beanstalk Configuration for deployment
NOTE : This part is not required, since we will be using
root
user only to perform system tasks. For general purpose tasks such as site management etc., we will usewww-data
user.
You may need to remove the requirement for sudo to allow for chown and chmod to work without asking for sudo password. The following steps take you thorough this process.
- Login and edit the
sudoers
file:vi /etc/sudoers
- Preferable way :
visudo
- Add the following rules after all others in the file: @TODO - Need to check for
www-data
#Allow moxiedeveloper to use nopass for deployment
moxiedeveloper ALL = NOPASSWD: ALL
moxiedeveloper ALL = NOPASSWD: ALL
Restart SSH: service ssh restart
- Login with
www-data
user - Generate SSH key with RSA.
ssh-keygen -t rsa
- Copy content of
.ssh/id_rsa.pub
- Add the copied key into beanstalk admin for access via beanstalk app.
####Finding Root MySQL Credentials
These are located in the root directory of the user who created the site.
bash cd ~/
base vi .my.cnf