Callum Kerr

“There is no place I know,
like the world of pure imagination.”

Email me  About me  

< All Posts

First 15 minutes on Ubuntu Server

Initialising a Linux box

Let's get modern.

apt-get update
    apt-get upgrade -y

System essentials

apt-get install build-essential curl git-core



# File: 10periodic.example
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Download-Upgradeable-Packages "1";
    APT::Periodic::AutocleanInterval "7";
    APT::Periodic::Unattended-Upgrade "1";
# File: 50unattended-upgrades.example
    Unattended-Upgrade::Allowed-Origins {
        "Ubuntu lucid-security";
    //  "Ubuntu lucid-updates";
apt-get install fail2ban unattended-upgrades 
    cp ~/.config-files/10periodic.example /etc/apt/apt.conf.d/10periodic
    cp ~/.config-files/50unattended-upgrades.example /etc/apt/apt.conf.d/50unattended-upgrades


ufw allow 80
    ufw allow 443
    ufw allow 8433  #ssh
    ufw allow 60001 #mosh
    ufw enable


apt-get install logwatch
    echo "/usr/sbin/logwatch --output mail --mailto --detail high" >> /etc/cron.daily/00logwatch

Mobile Connectivity is nice

I use mosh when I'm running on satellite internet. More info.

apt-get install mosh 

Add swap space


sudo fallocate -l 4G /swapfile
    sudo chmod 600 /swapfile
    sudo mkswap /swapfile
    sudo swapon /swapfile
    # persist over restarts
    sudo cp /etc/fstab /etc/fstab.bak; 
    echo "/swapfile   none    swap    sw    0   0" >> /etc/fstab
    # Tune system swappiness
    sudo sysctl vm.swappiness=10
    sudo sysctl vm.vfs_cache_pressure=50
    # Persist over restarts
    sudo cp /etc/sysctl.conf /etc/sysctl.bak; 
    echo "vm.swappiness=10" >> sudo /etc/sysctl.conf
    echo "vm.vfs_cache_pressure=50" >> sudo /etc/sysctl.conf



apt-get install postgresql postgresql-contrib libpq-dev
    sudo -u postgres createuser -s rails
    sudo -u postgres psql
\password rails
    # enter password

Use Rbenv to install ruby

git clone     /usr/local/rbenv
    echo           'export RBENV_ROOT=/usr/local/rbenv'     >> ~/.zshrc
    echo           'export PATH="$RBENV_ROOT/bin:$PATH"'     >> ~/.zshrc
    echo           'eval "$(rbenv init -)"'                >> ~/.zshrc
    git clone /usr/local/rbenv/plugins/ruby-build
    git clone /usr/local/rbenv/plugins/rbenv-default-gems
    echo            "bundler"           >> /usr/local/rbenv/default-gems
    rbenv install   2.2.0
    rbenv global    2.2.0
    # Add the ruby users group
    groupadd ruby
    chown -R        :ruby       /usr/local/rbenv

Add the deployment user

useradd deploy
    passwd deploy
    mkdir -p /home/deploy/.ssh
    cp /root/.ssh/authorized_keys ~deploy/.ssh/authorized_keys
    chown -R deploy ~deploy

Add the rails user

useradd rails
    passwd rails
    usermod -a -G adm,www-data,ruby rails
    mkdir -p /home/rails/
    chown -R rails ~rails

Tweak SSHD settings (set up SFTP)


cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak;
    cp ~/.config-files/sshd_config.example /etc/ssh/sshd_config
    # tweak to your preferences and needs:
    vim /etc/ssh/sshd_config
    service sshd restart

Set up Nginx and Puma


cp rails-puma.nginx.conf /etc/nginx/sites-available/rails-puma
    rm /etc/nginx/sites-enabled/default
    ln -s /etc/nginx/sites-available/rails-puma /etc/sites-enabled/rails-puma
    service nginx restart
    curl -o /etc/init/puma-manager.conf
    cp ~/.config-files/puma.conf /etc/init/puma.conf
    echo "/srv/api/current" >> /etc/puma.conf

Set up environment variables with rbenv-vars

echo "RAILS_ENV=production" > /usr/local/rbenv/vars
    echo "RAILS_DB_PWD=<Password>" > /usr/local/rbenv/vars
    echo "SECRET_KEY_BASE=`rake secret`" > /usr/local/rbenv/vars

Personalize the shell.

This section is optional, but I much prefer having an optimized environment when I inevitably have to ssh in.

apt-get install zsh python-software-properties
    curl | sudo python
    pip install Pygments
    # pipe files to pygments for syntax highlighting in the shell
    # oh-my-zsh
    git clone ~/.oh-my-zsh
    cd ~/.oh-my-zsh/custom/plugins
    git clone git://
    chsh -s /bin/zsh
    # rcup will synchronize .dotfiles
    dpkg -i rcm_1.2.3-1_all.deb; rm rcm_1.2.3-1_all.deb
    # Set up dotfiles    
    git clone ~/.dotfiles
    cd ~/.dotfiles && git submodule init && git submodule update
    cd ~/.dotfiles/vim && git submodule init && git submodule update
    rcup -v -x
    source ~/.zshrc
    # Set up SSH keys
    cd ~/.dotfiles 
    git remote set-url origin
    git pull
    cp -r ~/.dotfiles/ssh/* ~/.ssh
    chmod 600 ~/.ssh/git_rsa