## links


#### visudo

[configuring visudo](http://askubuntu.com/questions/539243/how-to-change-visudo-editor-from-nano-to-vim)

#### users

[tecmint.com complete guide to users](http://www.tecmint.com/add-users-in-linux/)

[How To Configure SSH Key-Based Authentication on a Linux Server](https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server)

#### postgres

[ubuntu community postgres docs](https://help.ubuntu.com/community/PostgreSQL)

#### certbot

[certbot webpage to install ssl certificates](https://certbot.eff.org)

#### docker
[ubuntu docker ce install](https://docs.docker.com/install/linux/docker-ce/ubuntu/)

[ubuntu docker compose install](https://docs.docker.com/compose/install/)


## adding/deleting users

#### adding a user:

*("www-data" is the group name for website stuff on gandi)*

> *sudo useradd -G* ***www-data*** *-d /home/****username*** *-m -s /bin/bash* ***username***

***-G group*** adds the groups in a comma separated

***-d /home/username*** specifies the home directory to be created (necessary on ubuntu)

***-m*** flag to create scripts (necessary)

***-s /bin/bash*** what shell is to be used (default is none)

#### deleting a user

	userdel -r {username}
	
## IMPORTANT
### set users primary group

**this is critical**

	sudo usermod <username> -g www-data


### setting up ssh authentication

cat ~/.ssh/id\_rsa.pub | ssh **username@remote\_host**  "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized\_keys"

## apt-get commands

**to see the package version:**

	dpkg -s postgresql | grep Version	

# setting up aws server

## creating the server instance

[aws instance](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html)

1. Open the [amazon EC2 console](https://console.aws.amazon.com/ec2/)
2. Choose **Launch Instance**
3. The *Choose an Amazon Machine Image (AMI)* page has basic configuration, so pick the first *ubuntu* configuration
4. This will take you to the *Choose an Instance Type* page, this chooses the hardware configuration, you want to pick **t2.micro**
5. Hit **Review and Launch**
6. This will take you to *Review Instance Launch* page, and that has an option for **Security Groups**, hit **Edit security groups**, on the page that pops up, pick the options you want to allow for your instance
7. When finished, hit "done" or whatever and you'll be taken back to the *Review Instance Launch* page, from here hit the **Launch** key
8. this will prompt you for a key pair.  There are a few options.  Create a new Pair and choose an existing key pair

####key pair info:
[aws info on key pairs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html)

[importing id_rsa](http://www.admin-magazine.com/CloudAge/Blogs/Dan-Frost-s-Blog/Importing-SSH-keys-on-AWS)

[add_ssh](http://stackoverflow.com/questions/8193768/trying-to-ssh-into-an-amazon-ec2-instance-permission-error)

1. mv /path/to/myname.pem ~/.ssh
2. ssh-add ~/.ssh/myname.pem
3. ssh ubuntu@INSTANCE_IP_ADDRESS

Remember that the IP ADDRESS changes whenever you restart the instance

on your computer

1. vim /etc/hosts
2. add a line with the server name and IP ADDRESS for that insntace
3. ssh ubuntu@SERVERNAME

## updating the hostname

[aws ubuntu hostname](https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname/)

[scroll down to find the "echo" comment](https://forums.aws.amazon.com/message.jspa?messageID=495274)

there is an issue with ubuntu instances on AWS, the name given in /etc/hostname doesn't match what exist in /etc/hosts.  So if you try using sudo you'll get an error.

To fix this, you need to change those files, to get into sudo type in:

	sudo su -
	echo "127.0.0.1 $(hostname)" >> /etc/hosts
	
This will update /etc/hosts with the default hostname generated by amazon.  Alternatively you can do what it says in the first link [aws ubuntu hostname](https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname/)

	
### setup visudo

	sudo update-alternatives --config editor

	su -c 'visudo'

find this line:
	
	USERNAME ALL=(ALL) NOPASSWD: ALL
	
replace it with:

	admin ALL=(ALL) ALL
	

## add new user

[adding a user on linux AWS](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html)

[how to get an add the public key to the new user](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#retrieving-the-public-key)

1. *sudo useradd -G* ***www-data*** *-d /home/****username*** *-m -s /bin/bash* ***username***
2. *mkdir projectdir*

### set users primary group

**this is critical**
- The primary group is the group applied to you when you log in using the usual methods (TTYs, GUI, SSH, etc.).

	sudo usermod <username> -g www-data
	
### set password

	sudo passwd <username>

### setting up ssh authentication 

1. get the public key:

		ssh-keygen -y -f /path/to/myinstance.pem

2. copy the above results

3. log in to the ubuntu instance using default ubuntu user

4. change users to the custom username

		sudo su - username

5. create the ssh directory and auth file

		cd /home/username
		mkdir .ssh
		touch .ssh/authorized_keys
		vim ~/.ssh/authorized_keys
		
6. change the permissions

		chown -R username:username_gropus .ssh
		chmod 700 .ssh
		chmod 600 .ssh/authorized_keys

7. now paste in the public_key you got in step 1
8. log out and test with the username

		ssh username@instance.domain

### add username to the sudo group
AWS has a sudo group that allows a user sudo priveleges

	usermod -a -G sudo username

### apt-get setup

	sudo apt-get update
	sudo apt-get install aptitude


## postgres

### note:
if you are using docker for postgres, skip this and go to the docker section.  It is completely unnecessary and you don't even need to install postgres


#### links fix locale error with postgres

[could not connect to server solution](http://askubuntu.com/questions/50621/cannot-connect-to-postgresql-on-port-5432)

[locale solution](http://ubuntuforums.org/showthread.php?t=1346581)

[remote connecting](http://www.railszilla.com/postgresql-tcpip-connections-port-5432/coffee-break)

	sudo apt-get install postgresql
	sudo apt-get install postgresql-contrib
	sudo locale-gen en_US en_US.UTF-8 hu_HU hu_HU.UTF-8
	sudo dpkg-reconfigure locales
	sudo service postgresql restart
	sudo -u postgres psql postgres
	sudo -u postgres createdb **website_dbname**

	sudo apt-get install postgresql-server-dev-X.Y
	sudo apt-get install postgresql-server-dev-9.3
	
#### change password for db user "postgres"
	sudo -u postgres psql postgres
	
	ALTER USER Postgres WITH PASSWORD '<newpassword>';
		
#### set up postgresql to remote access

######(see "remote connecting" link above)

#####Note: be careful with this, because **anyone** will be able to mess around with it

1. sudo vim /etc/postgresql/9.3/main/postgresql.conf
2. find **listen\_addresses** and change it to **listen\_addresses = '\*'**
3. sudo vim /etc/postgresql/9.3/main/pg_hba.conf
4. find **host    all             all             127.0.0.1/32            trust** and change **127.0.0.1/32** to **0.0.0.0/0**
5. sudo service postgresql restart
6. test it by running: *psql -h* ***ip\_address*** *-U* ***username*** *-d* ***database***
7. e.g. psql -h 173.246.107.96 -U postgres postgres



## setup the /var/www directory

	cd /var
	sudo mkdir www
	sudo chgrp www-data www -R
	sudo chmod g+w www -R
	
## install python packages

	sudo apt-get install python-dev
	sudo apt-get install python3-dev
	sudo apt-get install libjpeg-dev
	
	
## install and set up supervisor

	sudo apt-get install supervisor

make sure www-data is a group for the main user

	vim /etc/supervisor/supervisord.conf

add the following:

	[unix_http_server]
	file=/var/run/supervisor.sock
	chmod=0770
	chown=nobody:www-data

	[supervisorctl]
	serverurl=unix:///var/run//supervisor.sock
	chmod=0770
	chown=nobody:www-data
	
#### run the following commands:

	sudo service supervisor stop
	sudo service supervisor start
	
### install pip and virtualenv

[virtualenv install](http://roundhere.net/journal/virtualenv-ubuntu-12-10/)

	sudo apt-get install python-pip
	sudo pip install virtualenv
	sudo pip install virtualenvwrapper
	
	echo "WORKON_HOME=~/.virtualenvs" >> .bashrc
	echo ". /usr/local/bin/virtualenvwrapper.sh" >> .bashrc
	
## Docker

### docker

##### uninstall old (if necessary)
	sudo apt-get remove docker docker-engine docker.io containerd runc
	
##### set up apt-get
	
	sudo apt-get update
	sudo apt-get install \
	    apt-transport-https \
	    ca-certificates \
	    curl \
	    gnupg-agent \
	    software-properties-common
	    
##### verify install

check that fingerprint key "9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88" is the same

	curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
	    
	sudo apt-key fingerprint 0EBFCD88

##### install repository
	sudo add-apt-repository \
	   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
	   $(lsb_release -cs) \
	   stable"
	
##### install docker

	sudo apt-get update 
	sudo apt-get install docker-ce docker-ce-cli containerd.io

### docker-compose
	sudo curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
	
	sudo chmod +x /usr/local/bin/docker-compose


## nginx

	sudo apt-get install nginx
	
	
## certbot

In order to use ssl/https it is necessary to install a certificate.  This is especially true if the nginx config file has *already* been set up to use ssl.  (for example, you are reinstalling an environment, or creating production based on staging, etc)

[certbot.eff.org](certbot.eff.org) allows you to install a free certificate

#### add certbot ppa
 
	sudo apt-get update
	sudo apt-get install software-properties-common
	sudo add-apt-repository universe
	sudo add-apt-repository ppa:certbot/certbot
	sudo apt-get update

#### install certbot

	sudo apt-get install certbot python-certbot-nginx
	
#### Choose how you'd like to run certbot
##### OPTION1: get and install your certificates
	sudo apt-get install certbot python-certbot-nginx
##### OPTION2: just get the certificate (already configured)
	sudo certbot --nginx

Use Option1 when you are just starting a project, but you know you are going to be using SSL

Use Option2 when you have already set up nginx to work with https, for example, you are reinstalling an existing project, etc.

## set up vim remote editing
this just means adding the server pem file location to .ssh/config

in ~/.ssh/config add the following info
 	
 	Host minionfinder.com
        HostName minionfinder.com
        IdentityFile /Users/ronny/projects/django/minyanfinder.prj/share/ssh/minionfinder.pem
        
where *minionfinder.com* refers to the host name
and the **IdentityFile** section is the fully qualified pathname of the pem file

# bootstrap server

	fab (prod|rel) deploy.bootstrap