kusakusakusa/logrotate

## logrotate
# /etc/logrotate.d/<logrotate_file>
/home/ubuntu/<folder>/shared/log/*.log {
  daily
  missingok
  rotate 1
  compress
  notifempty
  copytruncate
  su ubuntu ubuntu
}

run `logrotate /etc/logrotate.d/<logrotate_file>`

## nginx
upstream staging_backend {
        server 127.0.0.1:4000;
}

server {
        listen 80;
        server_name domain.com;
        return 301 https://domain.com$request_uri;
}

server {
        listen 443 ssl;
        server_name something.com;

        ssl_certificate /etc/ssl/certs/something.crt;
        ssl_certificate_key /etc/ssl/certs/something.key;

        ssl on;
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparams.pem;

        client_max_body_size 10m;

        location / {
                proxy_pass http://staging_backend;
                proxy_redirect off;
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
                proxy_pass_request_headers      on;
        }

        location ~ ^/assets/ {
                root /home/ubuntu/something/current/public;
                expires max;
                add_header Cache-Control public;
                gzip_static on;
                #add_header ETag "";
                break;
        }

        location ~ ^/robots.txt$ {
                alias /home/ubuntu/something/current/public/robots.txt;
        }

        location ~ ^/sitemap.xml.gz$ {
                alias /home/ubuntu/something/current/public/sitemap.xml.gz;
        }

        location ~ ^/apple-app-site-association {
                alias /home/ubuntu/apple-app-site-association;
        }
}

## setup
# basics setup for rails
# https://www.nginx.com/resources/wiki/start/topics/tutorials/install/
sudo apt-get update -y && sudo apt-get upgrade -y && sudo apt-get install nginx gnupg2 nodejs imagemagick build-essential -y

## install mysql for nokogiri
sudo apt-get install mysql-server libmysqlclient-dev -y
sudo mysql_secure_installation

# rvm
gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
\curl -sSL https://get.rvm.io | bash
source /home/ubuntu/.rvm/scripts/rvm
rvm install <ruby-version>
rvm gemset create <ruby-gemset>
echo gem: --no-document >> ~/.gemrc
gem install bundler
gem install mysql2 -v '<some version>'

## precompile assets and run server
RAIL_ENV=production rake assets:precompile && rails s -e production

# ssh and keygen
ssh-keygen -t rsa -b 4096 -C <label>
sudo service ssh restart OR sudo /etc/init.d/ssh restart

# nginx
cd /etc/nginx/sites-enabled && sudo ln -s /etc/nginx/sites-available/<conf_file_name> .

# redis
sudo apt-get install tcl8.5
cd ~ && wget http://download.redis.io/releases/redis-stable.tar.gz
tar xzf redis-stable.tar.gz
cd redis-stable
make
make test
sudo make install
cd utils
sudo ./install_server.sh

## thin yml file
---
chdir: "/home/ubuntu/somewhere/current"
environment: production
address: 0.0.0.0
port: 3000
timeout: 30
log: "/home/ubuntu/somewhere/shared/log/thin.log"
pid: tmp/pids/thin.pid
max_conns: 1024
max_persistent_conns: 100
require: []
wait: 30
threadpool_size: 20
servers: 4
daemonize: true
	# /etc/logrotate.d/<logrotate_file>
	/home/ubuntu/<folder>/shared/log/*.log {
	daily
	missingok
	rotate 1
	compress
	notifempty
	copytruncate
	su ubuntu ubuntu
	}

	run `logrotate /etc/logrotate.d/<logrotate_file>`
	upstream staging_backend {
	server 127.0.0.1:4000;
	}

	server {
	listen 80;
	server_name domain.com;
	return 301 https://domain.com$request_uri;
	}

	server {
	listen 443 ssl;
	server_name something.com;

	ssl_certificate /etc/ssl/certs/something.crt;
	ssl_certificate_key /etc/ssl/certs/something.key;

	ssl on;
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
	ssl_prefer_server_ciphers on;
	ssl_dhparam /etc/ssl/certs/dhparams.pem;

	client_max_body_size 10m;

	location / {
	proxy_pass http://staging_backend;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass_request_headers on;
	}

	location ~ ^/assets/ {
	root /home/ubuntu/something/current/public;
	expires max;
	add_header Cache-Control public;
	gzip_static on;
	#add_header ETag "";
	break;
	}

	location ~ ^/robots.txt$ {
	alias /home/ubuntu/something/current/public/robots.txt;
	}

	location ~ ^/sitemap.xml.gz$ {
	alias /home/ubuntu/something/current/public/sitemap.xml.gz;
	}

	location ~ ^/apple-app-site-association {
	alias /home/ubuntu/apple-app-site-association;
	}
	}
	# basics setup for rails
	# https://www.nginx.com/resources/wiki/start/topics/tutorials/install/
	sudo apt-get update -y && sudo apt-get upgrade -y && sudo apt-get install nginx gnupg2 nodejs imagemagick build-essential -y

	## install mysql for nokogiri
	sudo apt-get install mysql-server libmysqlclient-dev -y
	sudo mysql_secure_installation

	# rvm
	gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
	\curl -sSL https://get.rvm.io \| bash
	source /home/ubuntu/.rvm/scripts/rvm
	rvm install <ruby-version>
	rvm gemset create <ruby-gemset>
	echo gem: --no-document >> ~/.gemrc
	gem install bundler
	gem install mysql2 -v '<some version>'

	## precompile assets and run server
	RAIL_ENV=production rake assets:precompile && rails s -e production

	# ssh and keygen
	ssh-keygen -t rsa -b 4096 -C <label>
	sudo service ssh restart OR sudo /etc/init.d/ssh restart

	# nginx
	cd /etc/nginx/sites-enabled && sudo ln -s /etc/nginx/sites-available/<conf_file_name> .

	# redis
	sudo apt-get install tcl8.5
	cd ~ && wget http://download.redis.io/releases/redis-stable.tar.gz
	tar xzf redis-stable.tar.gz
	cd redis-stable
	make
	make test
	sudo make install
	cd utils
	sudo ./install_server.sh
	---
	chdir: "/home/ubuntu/somewhere/current"
	environment: production
	address: 0.0.0.0
	port: 3000
	timeout: 30
	log: "/home/ubuntu/somewhere/shared/log/thin.log"
	pid: tmp/pids/thin.pid
	max_conns: 1024
	max_persistent_conns: 100
	require: []
	wait: 30
	threadpool_size: 20
	servers: 4
	daemonize: true