Created
May 23, 2015 06:56
-
-
Save lynaghk/4677d528fb209a4b4d8e to your computer and use it in GitHub Desktop.
Sketch of setting up a server for Clojure apps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -e | |
lein uberjar | |
rsync target/weathertron.jar weathertron@weathertron:. | |
ssh root@weathertron svc -t /etc/service/weathertron |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(defproject com.keminglabs/weathertron-backend "0.1.0-SNAPSHOT" | |
:dependencies [[org.clojure/clojure "1.6.0"] | |
[org.clojure/tools.cli "0.3.1"] | |
[org.clojure/core.memoize "0.5.6"] | |
[ring/ring-jetty-adapter "1.3.1"] | |
[compojure "1.1.9" | |
:exclusions [ring.core]] | |
[cheshire "5.3.1"] | |
[com.cognitect/transit-clj "0.8.259"] | |
[clj-http "0.9.2"] | |
[clj-time "0.8.0" :exclusions [joda-time]] | |
[joda-time "2.5"] | |
[lonocloud/synthread "1.0.4"]] | |
:min-lein-version "2.0.0" | |
:global-vars {*warn-on-reflection* true} | |
:profiles {:dev {:dependencies [;;Testing deps | |
[midje "1.6.3"] | |
[ring-mock "0.1.3"]] | |
:source-paths ["dev" "test"] | |
:repl-options {:init-ns user}} | |
:production {:jvm-opts ["-javaagent:newrelic/newrelic.jar" | |
"-Xmx1g" "-server"]} | |
:uberjar {:omit-source true | |
:uberjar-name "weathertron.jar" | |
:aot :all}} | |
:source-paths ["src/clj"] | |
:main com.keminglabs.weathertron.main | |
:aot [com.keminglabs.weathertron.main]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Run as root on an Ubuntu 14.04 LTS Digital Ocean machine | |
set -e | |
SSH_PUBKEY="ssh-dss AAAAB3NzaC1kc3MAAACBALWqLjkY1vJCyv3/ELqZXmTyPO1DvOs70Q0pv3bPyfRxiHV4fSMejEcZQS1z548apSsN2QT9gmHKJMK3M/l2GHPf9W+g//zZzMALxWf73sz5w6jdOMevy81xeSmlR+SrkwFL4pMszlxckv/KfiWcU0dYZ7jVx3hlGbwEZQ1LrYinAAAAFQDJcMSc8jcqqHuBJpy2enqxuo0lUwAAAIEAinQKpEBvecpawWLM/W1vA6UJaJOYHF7tcWe4ZK6/qaSqZ9eTctvgY6G5XkBEq8i9iE5b2eaFuihERQm/P0nSHLcYqy9JMJpC+ELIdQ4aD0jEMiA6uJQn0OSBcxSRHDYExJZBOOPo62L1SINSqJWuR8e4MLZIOm8Z9GgHJberOJEAAACAT1kAiMWHPg33e4JAroK/56xxON5Q/W6+V5VdGdeVPt3iVULivBdxHaTrE3llH8aBeTjd7i8tlMdvWgQhoex7VWz0DC4pKPnWZlnuZOMHFUbNeDRhOIaALSbWiubBF6BGjWzWWX6vI18QjR8dCQdDnKa46EFpjEGL9zpif4C8txA= weathertron@keminglabs.com" | |
mkdir -p .ssh/ | |
echo "$SSH_PUBKEY" > .ssh/authorized_keys | |
apt-get update | |
apt-get upgrade -y | |
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections | |
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections | |
apt-get install -y --no-install-recommends openjdk-7-jdk htop screen fail2ban daemontools-run zile iptables-persistent | |
# Allow SSH, HTTP, and HTTPS traffic only | |
iptables -F | |
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP | |
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP | |
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP | |
iptables -A INPUT -i lo -j ACCEPT | |
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 | |
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT | |
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT | |
iptables -P OUTPUT ACCEPT | |
/etc/init.d/iptables-persistent save | |
################### | |
# Weathertron server | |
mkdir -p /etc/service/weathertron/log | |
cat <<- "EOF" > /etc/service/weathertron/run | |
#!/bin/bash | |
set -e | |
exec 2>&1 | |
cd /home/weathertron/ | |
swapoff -a | |
export LANG=en_US.UTF-8 | |
# Go fast JVM settings from Tom Crayford | |
exec setuidgid weathertron java -jar -server -d64 \ | |
-XX:MaxPermSize=96m -XX:+UseParNewGC \ | |
-XX:+UseConcMarkSweepGC -XX:+AggressiveOpts -XX:+UseFastAccessorMethods \ | |
weathertron.jar | |
EOF | |
chmod +x /etc/service/weathertron/run | |
cat <<- "EOF" > /etc/service/weathertron/log/run | |
#!/bin/bash | |
set -e | |
PATH=/usr/local/bin:/usr/bin:/bin | |
mkdir -p /var/log/weathertron | |
chown -R weathertron:weathertron /var/log/weathertron | |
exec 2>&1 | |
exec setuidgid weathertron multilog t s10485760 n5 '!tai64nlocal' /var/log/weathertron | |
EOF | |
chmod +x /etc/service/weathertron/log/run | |
##################### | |
# Weathertron user | |
id -u weathertron &>/dev/null || adduser --disabled-password --gecos "" weathertron | |
mkdir -p /home/weathertron/.ssh/ | |
echo "$SSH_PUBKEY" > /home/weathertron/.ssh/authorized_keys | |
chown weathertron /home/weathertron/.ssh/authorized_keys |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment