Skip to content

Instantly share code, notes, and snippets.

@jinto

jinto/etc_iptable.up.rules

Created August 9, 2014 14:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jinto/9f1a3afa1c7e22837e88 to your computer and use it in GitHub Desktop.
Save jinto/9f1a3afa1c7e22837e88 to your computer and use it in GitHub Desktop.
Download ZIP
우분투 12.04 생성하고, rails + postgresql + postgis 설정. 어쨌든 최신버전.
Raw
etc_iptable.up.rules
*filter
# 이렇게 다 열려있는 iptable이 무슨 소용이 있으리오만.
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 20 -j ACCEPT
-A INPUT -p tcp --dport 21 -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 1099 -j ACCEPT
-A INPUT -p tcp --dport 3000 -j ACCEPT
-A INPUT -p tcp --dport 8090 -j ACCEPT
-A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p udp -m udp --dport 25 -j ACCEPT
# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
Raw
etc_network_if-pre-up.d_iptables
#!/bin/sh
/sbin/iptables-restore < /etc/iptables.up.rules
# 이건 생성한 다음에 chmod a+x 해줘야한다.
Raw
etc_nginx_site-enabled_project
upstream project {
server 127.0.0.1:3650;
server 127.0.0.1:3651;
server 127.0.0.1:3652;
server 127.0.0.1:3653;
server 127.0.0.1:3654;
server 127.0.0.1:3655;
server 127.0.0.1:3656;
}
server {
listen 80;
server_name www.project.com;
rewrite ^/(.*) http://project.com$request_uri;
}
server {
listen 80;
server_name project.com;
client_max_body_size 2G;
access_log /opt/atiru/shared/log/access.log;
error_log /opt/atiru/shared/log/error.log;
root /opt/atiru/current/public/;
index index.html;
location ~ ^/(assets)/ {
root /opt/atiru/shared/public/;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
location ~ ^/(system)/ {
root /opt/atiru/shared/public/;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_read_timeout 600;
proxy_redirect off;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass http://project;
break;
}
}
}
Raw
gistfile1.txt
export LANG=C
sudo vi /etc/environment # COLLATE="C"
sudo apt-get update
sudo apt-get -y upgrade
sudo apt-get -y install linux-generic-lts-trusty linux-image-generic-lts-trusty
sudo shutdown -r now
sudo apt-get -y install apache2-mpm-prefork exim4 bzip2 gcc g++ git-core libapache2-mod-php5
sudo apt-get -y install make memcached nginx openssh-server php5-xmlrpc
sudo apt-get -y install qt4-qmake vim vsftpd postgresql-9.1
sudo apt-get -y install autoconf bison build-essential libssl-dev
sudo apt-get -y install libyaml-dev libreadline6 libreadline6-dev zlib1g zlib1g-dev
sudo apt-get -y install libpq-dev postgresql-contrib
sudo locale-gen ko_KR.UTF-8
sudo dpkg-reconfigure locales
sudo pg_dropcluster --stop 9.1 main
sudo pg_createcluster --start -e UTF8 9.1 main
sudo apt-get install python-software-properties
sudo apt-add-repository ppa:sharpie/for-science # 요건 빼도 될지도 모름
sudo apt-add-repository ppa:sharpie/postgis-nightly
sudo apt-get update
sudo apt-get install postgresql-9.1-postgis
sudo su postgres
createdb -E UTF8 template_postgis2
createlang -d template_postgis2 plpgsql
psql -d postgres -c "UPDATE pg_database SET datistemplate='true' WHERE datname='template_postgis2'"
psql -d template_postgis2 -f /usr/share/postgresql/9.1/contrib/postgis-2.1/postgis.sql
psql -d template_postgis2 -f /usr/share/postgresql/9.1/contrib/postgis-2.1/spatial_ref_sys.sql
psql -d template_postgis2 -f /usr/share/postgresql/9.1/contrib/postgis-2.1/rtpostgis.sql
psql -d template_postgis2 -c "GRANT ALL ON geometry_columns TO PUBLIC;"
psql -d template_postgis2 -c "GRANT ALL ON geography_columns TO PUBLIC;"
psql -d template_postgis2 -c "GRANT ALL ON spatial_ref_sys TO PUBLIC;"
exit
git clone https://github.com/sstephenson/ruby-build.git
cd ruby-build
sudo ./install.sh
sudo ruby-build 2.0.0-p247 /usr/local
sudo chmod -R a+w /usr/local/lib/ruby/gems/2.0.0/
ssh-keygen -t rsa -C "your_email@example.com" # github 에서 사용하실 이메일과 동일.
# 이제 엔터키몇번 치면, ~/.ssh 에 id_rsa.pub 파일 생성됨.
# 아까 생성한 작업자 계정에서 https://github.com/settings/ssh 에 접속
# Add sshkey 버튼을 누른후 id_rsa.pub 의 내용을 복사해넣음
# 참고 : https://help.github.com/articles/generating-ssh-keys
sudo mkdir /opt/project
sudo chown jinto.jinto /opt/project # jinto 는 생성하신 사용자계정으로 대치
cd /opt
git clone git@github.com:jinto/project
sudo gem install thin
sudo thin install
sudo /usr/sbin/update-rc.d -f thin defaults
sudo vi /etc/thin/project.yml
sudo gem install bundle
cd /opt/project
bundle install
# 로컬 서버 스타트
bundle exec thin start -C /etc/thin/project.yml
http://x.x.x.x:3000
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment