Callum Kerr

“There is no place I know,
like the world of pure imagination.”



Email me  About me  


< All Posts

First 15 minutes on Ubuntu Server

Initialising a Linux box

Let's get modern.

apt-get update
    apt-get upgrade -y
    

System essentials

apt-get install build-essential curl git-core
    

Security

Reference:

# File: 10periodic.example
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Download-Upgradeable-Packages "1";
    APT::Periodic::AutocleanInterval "7";
    APT::Periodic::Unattended-Upgrade "1";
    
# File: 50unattended-upgrades.example
    Unattended-Upgrade::Allowed-Origins {
        "Ubuntu lucid-security";
    //  "Ubuntu lucid-updates";
    };
    
apt-get install fail2ban unattended-upgrades 
    cp ~/.config-files/10periodic.example /etc/apt/apt.conf.d/10periodic
    cp ~/.config-files/50unattended-upgrades.example /etc/apt/apt.conf.d/50unattended-upgrades
    

Firewall

ufw allow 80
    ufw allow 443
    ufw allow 8433  #ssh
    ufw allow 60001 #mosh
    ufw enable
    

LogWatch

apt-get install logwatch
    echo "/usr/sbin/logwatch --output mail --mailto callum@clov3r.io --detail high" >> /etc/cron.daily/00logwatch
    

Mobile Connectivity is nice

I use mosh when I'm running on satellite internet. More info.

apt-get install mosh 
    

Add swap space

Reference:

sudo fallocate -l 4G /swapfile
    sudo chmod 600 /swapfile
    sudo mkswap /swapfile
    sudo swapon /swapfile
    
    # persist over restarts
    sudo cp /etc/fstab /etc/fstab.bak; 
    echo "/swapfile   none    swap    sw    0   0" >> /etc/fstab
    
    # Tune system swappiness
    sudo sysctl vm.swappiness=10
    sudo sysctl vm.vfs_cache_pressure=50
    
    # Persist over restarts
    sudo cp /etc/sysctl.conf /etc/sysctl.bak; 
    echo "vm.swappiness=10" >> sudo /etc/sysctl.conf
    echo "vm.vfs_cache_pressure=50" >> sudo /etc/sysctl.conf
    

PostgreSQL

Reference:

apt-get install postgresql postgresql-contrib libpq-dev
    sudo -u postgres createuser -s rails
    sudo -u postgres psql
    
\password rails
    # enter password
    \q
    

Use Rbenv to install ruby

git clone       https://github.com/sstephenson/rbenv.git     /usr/local/rbenv
    echo           'export RBENV_ROOT=/usr/local/rbenv'     >> ~/.zshrc
    echo           'export PATH="$RBENV_ROOT/bin:$PATH"'     >> ~/.zshrc
    echo           'eval "$(rbenv init -)"'                >> ~/.zshrc
    
    git clone       https://github.com/sstephenson/ruby-build.git /usr/local/rbenv/plugins/ruby-build
    git clone https://github.com/sstephenson/rbenv-default-gems.git /usr/local/rbenv/plugins/rbenv-default-gems
    echo            "bundler"           >> /usr/local/rbenv/default-gems
    rbenv install   2.2.0
    rbenv global    2.2.0
    # Add the ruby users group
    groupadd ruby
    chown -R        :ruby       /usr/local/rbenv
    

Add the deployment user

useradd deploy
    passwd deploy
    
    mkdir -p /home/deploy/.ssh
    cp /root/.ssh/authorized_keys ~deploy/.ssh/authorized_keys
    chown -R deploy ~deploy
    

Add the rails user

useradd rails
    passwd rails
    
    usermod -a -G adm,www-data,ruby rails
    mkdir -p /home/rails/
    chown -R rails ~rails
    

Tweak SSHD settings (set up SFTP)

sshd_config.example

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak;
    cp ~/.config-files/sshd_config.example /etc/ssh/sshd_config
    # tweak to your preferences and needs:
    vim /etc/ssh/sshd_config
    service sshd restart
    

Set up Nginx and Puma

rails-puma.nginx.conf

cp rails-puma.nginx.conf /etc/nginx/sites-available/rails-puma
    rm /etc/nginx/sites-enabled/default
    ln -s /etc/nginx/sites-available/rails-puma /etc/sites-enabled/rails-puma
    service nginx restart
    
    curl https://raw.githubusercontent.com/puma/puma/master/tools/jungle/upstart/puma-manager.conf -o /etc/init/puma-manager.conf
    cp ~/.config-files/puma.conf /etc/init/puma.conf
    echo "/srv/api/current" >> /etc/puma.conf
    

Set up environment variables with rbenv-vars

echo "RAILS_ENV=production" > /usr/local/rbenv/vars
    echo "RAILS_DB_PWD=<Password>" > /usr/local/rbenv/vars
    echo "SECRET_KEY_BASE=`rake secret`" > /usr/local/rbenv/vars
    

Personalize the shell.

This section is optional, but I much prefer having an optimized environment when I inevitably have to ssh in.

apt-get install zsh python-software-properties
    curl https://bootstrap.pypa.io/get-pip.py | sudo python
    pip install Pygments
    # pipe files to pygments for syntax highlighting in the shell
    
    # oh-my-zsh
    git clone https://github.com/robbyrussell/oh-my-zsh.git ~/.oh-my-zsh
    cd ~/.oh-my-zsh/custom/plugins
    git clone git://github.com/zsh-users/zsh-syntax-highlighting.git
    chsh -s /bin/zsh
    
    # rcup will synchronize .dotfiles
    wget https://thoughtbot.github.io/rcm/debs/rcm_1.2.3-1_all.deb
    dpkg -i rcm_1.2.3-1_all.deb; rm rcm_1.2.3-1_all.deb
    
    # Set up dotfiles    
    git clone https://clov3r@github.com/clov3r/dotfiles.git ~/.dotfiles
    cd ~/.dotfiles && git submodule init && git submodule update
    cd ~/.dotfiles/vim && git submodule init && git submodule update
    rcup -v -x README.md
    source ~/.zshrc
    
    # Set up SSH keys
    cd ~/.dotfiles 
    git remote set-url origin git@bitbucket.org:clov3r/dotfiles.git
    git pull
    cp -r ~/.dotfiles/ssh/* ~/.ssh
    chmod 600 ~/.ssh/git_rsa