Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Django Setup: Ubuntu 14.04, postgres, postgis, nginx, gunicorn, postfix, monit, redis, rabbitmq, celery, npm, gulp, pip wheel
passwd

apt-get update
apt-get upgrade

apt-get install fail2ban

useradd deploy

mkdir /home/deploy
mkdir /home/deploy/.ssh
chmod 700 /home/deploy/.ssh

vim /home/deploy/.ssh/authorized_keys
chmod 400 /home/deploy/.ssh/authorized_keys
chown deploy:deploy /home/deploy -R

passwd deploy

visudo
root    ALL=(ALL) ALL
deploy  ALL=(ALL) ALL

vim /etc/ssh/sshd_config

PermitRootLogin no
PasswordAuthentication no

service ssh restart

#ufw allow from {your-ip} to any port 22
ufw allow 22
ufw allow 80
ufw allow 443
ufw enable

vi /etc/passwd
# add /bin/bash to deploy
cp /root/.bashrc /home/deploy/ && cp /root/.profile /home/deploy/
chown deploy:deploy /home/deploy -R

http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers

sudo apt-get install postgresql postgresql-contrib postgis postgresql-9.3-postgis-2.1

By default, users are only allowed to login locally if the system username matches the PostgreSQL username.

sudo su - postgres
createuser --interactive -P
Enter name of role to add: deploy
Shall the new role be a superuser? (y/n) y
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) y
createdb --owner deploy deploy

vi ~/.profile

export PGUSER=deploy
export PGPASSWORD=1234

sudo apt-get install git libpq-dev python-dev python-virtualenv npm nodejs-legacy redis-server rabbitmq-server libjpeg-turbo-progs

mkdir ~/.config && mkdir ~/.config/pip

vi ~/.config/pip/pip.config

[global]
use-wheel = True
download-cache = /home/deploy/.config/pip/cache

[install]
find-links = /home/deploy/.config/pip/wheels

[wheel]
wheel-dir = /home/deploy/.config/pip/wheels
mkdir ~/logs
mkdir ~/projects
cd ~/projects
fab production bootstrap setup_celery

and don't forget to create the rabbitmq user

cd ~/projects/project_x/ && ./startstop.sh start gunicorn
ln -s ~/projects/project_x/ ~/example.ch
sudo apt-get install nginx
sudo service nginx start

sudo vi /etc/nginx/sites-available/example.ch.conf

server {
  listen    *:80;
  server_name example.ch www.example.ch;
  root /home/deploy/example.ch/htdocs;
  error_log /home/deploy/logs/example.ch.error.log;
  access_log /home/deploy/logs/example.ch.access.log combined;
  client_max_body_size       100m;
  client_body_buffer_size    128k;
  location  /media/ {
    alias /home/deploy/example.ch/media/;
    expires 7d;
  }
  location  /public/ {
    alias /home/deploy/example.ch/dist/public/;
    expires 7d;
  }
  location / {
    try_files $uri @upstream;
  }
  location @upstream {
    proxy_pass http://unix:/home/deploy/example.ch/tmp/gunicorn.sock;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Protocol $scheme;
    client_body_buffer_size 128k;
    proxy_connect_timeout 120;
    proxy_send_timeout 120;
    proxy_read_timeout 120;
    proxy_buffer_size 4k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
  }
  error_page 500 502 503 504 /media/50x.html;
}

sudo ln -s /etc/nginx/sites-available/example.ch.conf /etc/nginx/sites-enabled/example.ch.conf

sudo service nginx restart

sudo apt-get install monit

sudo vi /etc/monit/monitrc uncomment set httpd port 2812 section

sudo service monit restart

sudo monit status

vi /etc/monit/conf.d/project_x_production

set daemon 60
set pidfile /home/deploy/tmp/monit.pid
set logfile /home/deploy/logs/monit.log
set statefile /home/deploy/tmp/monit.state
set mailserver localhost

set eventqueue
  basedir /home/deploy/tmp/monit.events
  slots 100
  
check process project_x_production_celery with pidfile /home/deploy/projects/project_x/tmp/celery.pid
  start program = "/home/deploy/projects/project_x/startstop.sh start celery" as uid "deploy" and gid "deploy"
  stop program = "/home/deploy/projects/project_x/startstop.sh stop celery" as uid "deploy" and gid "deploy"
  if 5 restarts within 5 cycles then timeout
  if totalmemory > 1000.0 MB for 5 cycles then alert
  if totalcpu > 50% for 5 cycles then alert
  alert mail@you.com
  
check process project_x_production_gunicorn with pidfile /home/deploy/projects/project_x/tmp/gunicorn.pid
  start program = "/home/deploy/projects/project_x/startstop.sh start gunicorn" as uid "deploy" and gid "deploy"
  stop program = "/homedeploy/projects/project_x/startstop.sh stop gunicorn" as uid "deploy" and gid "deploy"
  if failed unixsocket /home/deploy/projects/project_x/tmp/gunicorn.sock then restart
  if 5 restarts within 5 cycles then timeout
  if totalmemory > 1500.0 MB for 5 cycles then alert
  if totalcpu > 50% for 5 cycles then alert
  alert mail@you.com

sudo monit reload

sudo monit status

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.