Ubuntu Server Provisioning
As Root:
Add swap
https://www.digitalocean.com/community/tutorials/how-to-add-swap-on-ubuntu-12-04
Set hostname
echo "plato" > /etc/hostname
hostname -F /etc/hostname
If /etc/default/dhcpcd
exists, disable "#SET_HOSTNAME"
Update /etc/hosts
For example:
127.0.0.1 localhost.localdomain localhost
127.0.1.1 ubuntu
85.159.211.7 li717-7.members.linode.com jira
Set timezone
For example, UTC:
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
Update and Add Users
apt-get update
apt-get upgrade --show-upgraded
# Preliminary software
apt-get install vim git ranger multitail tmux colordiff wget rsync curl htop tree caca-utils mlocate highlight
# Clone etc_skel.git or prepare your own /etc/skel or skip
# Setup users/groups/ssh
groupadd owners
groupadd developers
useradd -m -G owners,developers bobby -s /bin/bash
useradd -m -G owners,developers dylan -s /bin/bash
useradd -m -G developers johnny -s /bin/bash
SSH Keys
cd ~
mkdir .ssh
chmod 700 .ssh
cd .ssh
touch authorized_keys
chmod 600 authorized_keys
vim authorized_keys
# add your pubkey
SSHD
vim /etc/ssh/sshd_config
# Change settings for security
Port 22
Protocol 2
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
service ssh restart
Sudoers
# Edit sudoers configuration
vim /etc/sudoers
# Add this line
# This is "the easy way", will add group "owners" to list of users who can use the
# sudo command without a password! If you want more security, read more carefully
# the configuration file and manual.
%owners ALL=(ALL) NOPASSWD: ALL
Software
# Install Web stack
apt-get install apache2 php5 libapache2-mod-php5 php5-curl php5-gd php5-mcrypt php5-memcache php5-sqlite php5-tidy php5-xmlrpc php5-json sqlite3
# Install PostgreSQL
echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add -
apt-get update
apt-get install postgresql-9.3 postgresql-contrib-9.3 php5-pgsql
# Install client-side stack
add-apt-repository ppa:chris-lea/node.js
apt-get update
apt-get install nodejs
npm install -g bower grunt-cli requirejs
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
apt-get install ruby2.0 ruby2.0-dev
ruby -S gem install bundler
# Dev tools required for gem installations
apt-get install libsqlite3-dev make
SMTP
apt-get install msmtp ca-certificates
vim /etc/msmtprc
# Set defaults.
defaults
# Enable or disable TLS/SSL encryption.
tls on
tls_starttls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
# Set up a default account's settings.
account default
host smtp.sendgrid.net
port 587
auth on
user <username>
password <password>
from bounces@your-doman-here
logfile /var/log/msmtp/msmtp.log
vim /etc/php5/apache2/php.ini
sendmail_path = /usr/bin/msmtp -t
mkdir /var/log/msmtp
chown www-data:adm /var/log/msmtp
vim /etc/logrotate.d/msmtp
/var/log/msmtp/*.log {
rotate 12
monthly
compress
missingok
notifempty
}
PostgreSQL
su - postgres createuser -s your-user-name
su - postgres createuser -D -P app-name-user
su - postgres createdb -O app-name-user app-db-name
# Examples from CLI with psql:
CREATE ROLE user WITH NOCREATEDB NOCREATEROLE NOCREATEUSER PASSWORD 'your-password';
ALTER ROLE user WITH NOLOGIN;
SELECT rolname FROM pg_roles;
GRANT ALL PRIVILEGES ON DATABASE app to user;
Apache
a2enmod rewrite
a2enmod expires
usermod -a -G www-data bobby
mkdir /srv/http
chown -R www-data:developers /srv/http
chmod -R 775 /srv/http
service apache2 restart
Git User
Create a user for git repositories:
useradd -r --shell /usr/bin/git-shell -c 'git version control' -m --home-dir /home/git git
usermod -a -G developers git
usermod -a -G www-data git
# Copy git-shell commands
cp -r /usr/share/doc/git/contrib/git-shell-commands /home/git/
chmod u+x /home/git/git-shell-commands/{list,help} -R
chown -R git:git git-shell-commands
Follow SSH Keys and add public keys for users with access to git repositories
Setup
Update software related commands
updatedb
User configuration
Login as your regular user and configure software:
# Create a ranger filescope config for your user
ranger --copy-config=scope
Project Setup
Git Repository
Create a new detached git repo to push deploys:
sudo mkdir /srv/http/app
sudo chown git:developers /srv/http/app
sudo chmod g+w /srv/http/app
cd /home/git
sudo mkdir app.git
sudo chown git:developers app.git
sudo chmod g+w app.git
cd app.git
git init --bare
git config core.bare false
git config core.worktree /srv/http/app ; NO TRAILING SLASH!!!
git config receive.denycurrentbranch ignore
# create a hook
cat > hooks/post-receive
#!/bin/sh
git checkout -f
# make it executable
chmod +x hooks/post-receive
sudo chown -R git:developers app.git
Apache vhost
Create a new host for your domain app:
vim /etc/apache2/sites-available/app.conf
cd /etc/apache2/sites-enabled
sudo ln -s ../sites-available/app.conf app.conf
Post-push setup
After pushing the first time:
cd /srv/http/app
sudo chgrp -R developers .
sudo su git
npm install
bundle install --path vendor/bundle
# Edit hooks/post-receve and add post-build actions
# Push again