Wall of text (to use in bash) to install Nginx (with Passenger), Ruby (with rb-env), Postgres, Postfix

deploy.sh

VPS_DOMAIN="$(hostname --fqdn)" # changme: use your domain name

# Install DO agent
curl -sSL https://agent.digitalocean.com/install.sh | sh

# Update dist packages
apt-get update
apt-get dist-upgrade -y

# Install packages neccessary to compile stuff
apt-get install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev -y

# Git
apt-get install git -y

# Create 'deployer' user
adduser --disabled-password --gecos "" deployer
mkdir /home/deployer/.ssh
cp ~/.ssh/authorized_keys /home/deployer/.ssh/authorized_keys
chown -R deployer:deployer /home/deployer/.ssh
chmod 700 /home/deployer/.ssh
chmod 600 /home/deployer/.ssh/authorized_keys

# Install rbenv + ruby for deployer user
# 1. Log into deployer
su deployer
# 2. Install rbenv
git clone https://github.com/rbenv/rbenv.git ~/.rbenv
cd ~/.rbenv
git checkout v1.1.1 # CHANGEME: rbenv version
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
source ~/.bashrc
# 3. Install ruby-build
mkdir -p "$(rbenv root)"/plugins
git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build
cd "$(rbenv root)"/plugins/ruby-build
git checkout v20181106 # CHANGEME: ruby-build version
# 4. Install ruby
cd
rbenv install 2.5.3 # CHANGEME: ruby version
rbenv global 2.5.3 # CHANGEME: ruby version
# 5. Setup bundler
gem install bundler
echo "gem: --no-document" > ~/.gemrc
# 6. Logout
exit

# Install passenger
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
apt-get install -y apt-transport-https ca-certificates
sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger bionic main > /etc/apt/sources.list.d/passenger.list'
apt-get update
apt-get install -y nginx-extras passenger
echo "passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;" > /etc/nginx/conf.d/mod-http-passenger.conf
echo "passenger_ruby /home/deployer/.rbenv/shims/ruby;" >> /etc/nginx/conf.d/mod-http-passenger.conf
service nginx start

# Install and configure Postgresql
# 1. Install
apt-get install postgresql postgresql-contrib
# 2. Add superuser 'deployer'
su - postgres
createuser --superuser deployer
exit

# Install and configure postfix
# 1. Install
debconf-set-selections <<< "postfix postfix/mailname string $(echo $VPS_DOMAIN)"
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
apt-get install -y postfix
# 2. Install OpenDKIM (https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy)
apt-get install opendkim opendkim-tools
# 3. Edit /etc/opendkim.conf
sed -i 's/UserID/#UserID/' /etc/opendkim.conf
sed -i 's/UMask/#UMask/' /etc/opendkim.conf
sed -i 's/Socket/#Socket/' /etc/opendkim.conf
echo "AutoRestart             Yes" >> /etc/opendkim.conf
echo "AutoRestartRate         10/1h" >> /etc/opendkim.conf
echo "UMask                   002" >> /etc/opendkim.conf
echo "Syslog                  yes" >> /etc/opendkim.conf
echo "SyslogSuccess           Yes" >> /etc/opendkim.conf
echo "LogWhy                  Yes" >> /etc/opendkim.conf
echo "Canonicalization        relaxed/simple" >> /etc/opendkim.conf
echo "ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
echo "InternalHosts           refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
echo "KeyTable                refile:/etc/opendkim/KeyTable" >> /etc/opendkim.conf
echo "SigningTable            refile:/etc/opendkim/SigningTable" >> /etc/opendkim.conf
echo "Mode                    sv" >> /etc/opendkim.conf
echo "PidFile                 /var/run/opendkim/opendkim.pid" >> /etc/opendkim.conf
echo "SignatureAlgorithm      rsa-sha256" >> /etc/opendkim.conf
echo "UserID                  opendkim:opendkim" >> /etc/opendkim.conf
echo "Socket                  inet:12301@localhost" >> /etc/opendkim.conf
# 4. Edit /etc/defaul/openkim
sed -i 's/SOCKET=/#SOCKET=/' /etc/default/opendkim
echo 'SOCKET="inet:12301@localhost"' >> /etc/default/opendkim
# 5. Edit /etc/postfix/main.cf
echo "milter_protocol = 2" >> /etc/postfix/main.cf
echo "milter_default_action = accept" >> /etc/postfix/main.cf
echo "smtpd_milters = inet:localhost:12301" >> /etc/postfix/main.cf
echo "non_smtpd_milters = inet:localhost:12301" >> /etc/postfix/main.cf
# 6. Edit /etc/opendkim/TrustedHosts
mkdir -p /etc/opendkim/keys/$(echo $VPS_DOMAIN)
echo "127.0.0.1" > /etc/opendkim/TrustedHosts
echo "localhost" >> /etc/opendkim/TrustedHosts
echo "192.168.0.1/24" >> /etc/opendkim/TrustedHosts
# 7. Edit /etc/opendkim/KeyTable
echo "postfixmail._domainkey.$(echo $VPS_DOMAIN) $(echo $VPS_DOMAIN):postfixmail:/etc/opendkim/keys/$(echo $VPS_DOMAIN)/postfixmail.private" > /etc/opendkim/KeyTable
# 8. Edit /etc/opendkim/SigningTable
echo "*@$(echo $VPS_DOMAIN) postfixmail._domainkey.$(echo $VPS_DOMAIN)" > /etc/opendkim/SigningTable
# 9. Generate keys
cd /etc/opendkim/keys/$(echo $VPS_DOMAIN)
# Use the next line instead to generate short key (useful for bad DNS managers which crop TXT, such as Yandex DNS):
# opendkim-genkey -s postfixmail -d $(echo $VPS_DOMAIN) -b 1024
opendkim-genkey -s postfixmail -d $(echo $VPS_DOMAIN)
chown opendkim:opendkim postfixmail.private
# Add this entry to your DNS:
cat postfixmail.txt
# 10. Restart services and cleanup
service postfix restart
service opendkim restart
apt autoremove

# To test mail:
# 1. Set SPF: https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability
# 2. apt install mailutils -y
# 3. echo "This is the body of the email" | mail -s "This is the subject line" -r admin@$(echo $VPS_DOMAIN) check-auth@verifier.port25.com
# 4. tail -f /var/log/mail.log # to debug