Skip to content

Instantly share code, notes, and snippets.

@sspross

sspross/01_ubuntu.md

Last active December 14, 2015 16:20
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save sspross/330b5b1f08ada7b70c24 to your computer and use it in GitHub Desktop.
Save sspross/330b5b1f08ada7b70c24 to your computer and use it in GitHub Desktop.
Download ZIP
Django Setup: Ubuntu 14.04, postgres, postgis, nginx, gunicorn, postfix, monit, redis, rabbitmq, celery, npm, gulp, pip wheel
Raw
01_ubuntu.md 
passwd

apt-get update
apt-get upgrade

apt-get install fail2ban

useradd deploy

mkdir /home/deploy
mkdir /home/deploy/.ssh
chmod 700 /home/deploy/.ssh

vim /home/deploy/.ssh/authorized_keys
chmod 400 /home/deploy/.ssh/authorized_keys
chown deploy:deploy /home/deploy -R

passwd deploy

visudo
root    ALL=(ALL) ALL
deploy  ALL=(ALL) ALL

vim /etc/ssh/sshd_config

PermitRootLogin no
PasswordAuthentication no

service ssh restart

#ufw allow from {your-ip} to any port 22
ufw allow 22
ufw allow 80
ufw allow 443
ufw enable

vi /etc/passwd
# add /bin/bash to deploy
cp /root/.bashrc /home/deploy/ && cp /root/.profile /home/deploy/
chown deploy:deploy /home/deploy -R

http://plusbryan.com/my-first-5-minutes-on-a-server-or-essential-security-for-linux-servers

Raw
02_postgres.md

sudo apt-get install postgresql postgresql-contrib postgis postgresql-9.3-postgis-2.1

By default, users are only allowed to login locally if the system username matches the PostgreSQL username.

sudo su - postgres
createuser --interactive -P
Enter name of role to add: deploy
Shall the new role be a superuser? (y/n) y
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) y
createdb --owner deploy deploy

vi ~/.profile

export PGUSER=deploy
export PGPASSWORD=1234
Raw
03_django.md

sudo apt-get install git libpq-dev python-dev python-virtualenv npm nodejs-legacy redis-server rabbitmq-server libjpeg-turbo-progs

mkdir ~/.config && mkdir ~/.config/pip

vi ~/.config/pip/pip.config

[global]
use-wheel = True
download-cache = /home/deploy/.config/pip/cache

[install]
find-links = /home/deploy/.config/pip/wheels

[wheel]
wheel-dir = /home/deploy/.config/pip/wheels

mkdir ~/logs
mkdir ~/projects
cd ~/projects

fab production bootstrap setup_celery

and don't forget to create the rabbitmq user

cd ~/projects/project_x/ && ./startstop.sh start gunicorn
ln -s ~/projects/project_x/ ~/example.ch
Raw
04_nginx.md 
sudo apt-get install nginx
sudo service nginx start

sudo vi /etc/nginx/sites-available/example.ch.conf

server {
  listen    *:80;
  server_name example.ch www.example.ch;
  root /home/deploy/example.ch/htdocs;
  error_log /home/deploy/logs/example.ch.error.log;
  access_log /home/deploy/logs/example.ch.access.log combined;
  client_max_body_size       100m;
  client_body_buffer_size    128k;
  location  /media/ {
    alias /home/deploy/example.ch/media/;
    expires 7d;
  }
  location  /public/ {
    alias /home/deploy/example.ch/dist/public/;
    expires 7d;
  }
  location / {
    try_files $uri @upstream;
  }
  location @upstream {
    proxy_pass http://unix:/home/deploy/example.ch/tmp/gunicorn.sock;
    proxy_redirect off;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Protocol $scheme;
    client_body_buffer_size 128k;
    proxy_connect_timeout 120;
    proxy_send_timeout 120;
    proxy_read_timeout 120;
    proxy_buffer_size 4k;
    proxy_buffers 4 32k;
    proxy_busy_buffers_size 64k;
    proxy_temp_file_write_size 64k;
  }
  error_page 500 502 503 504 /media/50x.html;
}

sudo ln -s /etc/nginx/sites-available/example.ch.conf /etc/nginx/sites-enabled/example.ch.conf

sudo service nginx restart

Raw
06_monit.md

sudo apt-get install monit

sudo vi /etc/monit/monitrc uncomment set httpd port 2812 section

sudo service monit restart

sudo monit status

vi /etc/monit/conf.d/project_x_production

set daemon 60
set pidfile /home/deploy/tmp/monit.pid
set logfile /home/deploy/logs/monit.log
set statefile /home/deploy/tmp/monit.state
set mailserver localhost

set eventqueue
  basedir /home/deploy/tmp/monit.events
  slots 100
  
check process project_x_production_celery with pidfile /home/deploy/projects/project_x/tmp/celery.pid
  start program = "/home/deploy/projects/project_x/startstop.sh start celery" as uid "deploy" and gid "deploy"
  stop program = "/home/deploy/projects/project_x/startstop.sh stop celery" as uid "deploy" and gid "deploy"
  if 5 restarts within 5 cycles then timeout
  if totalmemory > 1000.0 MB for 5 cycles then alert
  if totalcpu > 50% for 5 cycles then alert
  alert mail@you.com
  
check process project_x_production_gunicorn with pidfile /home/deploy/projects/project_x/tmp/gunicorn.pid
  start program = "/home/deploy/projects/project_x/startstop.sh start gunicorn" as uid "deploy" and gid "deploy"
  stop program = "/homedeploy/projects/project_x/startstop.sh stop gunicorn" as uid "deploy" and gid "deploy"
  if failed unixsocket /home/deploy/projects/project_x/tmp/gunicorn.sock then restart
  if 5 restarts within 5 cycles then timeout
  if totalmemory > 1500.0 MB for 5 cycles then alert
  if totalcpu > 50% for 5 cycles then alert
  alert mail@you.com

sudo monit reload

sudo monit status

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment