386 lines
11 KiB
Markdown
386 lines
11 KiB
Markdown
|
|
|
|
## links
|
|
|
|
|
|
#### visudo
|
|
|
|
[configuring visudo](http://askubuntu.com/questions/539243/how-to-change-visudo-editor-from-nano-to-vim)
|
|
|
|
#### users
|
|
|
|
[tecmint.com complete guide to users](http://www.tecmint.com/add-users-in-linux/)
|
|
|
|
[How To Configure SSH Key-Based Authentication on a Linux Server](https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server)
|
|
|
|
#### postgres
|
|
|
|
[ubuntu community postgres docs](https://help.ubuntu.com/community/PostgreSQL)
|
|
|
|
#### certbot
|
|
|
|
[certbot webpage to install ssl certificates](https://certbot.eff.org)
|
|
|
|
#### docker
|
|
[ubuntu docker ce install](https://docs.docker.com/install/linux/docker-ce/ubuntu/)
|
|
|
|
[ubuntu docker compose install](https://docs.docker.com/compose/install/)
|
|
|
|
|
|
## adding/deleting users
|
|
|
|
#### adding a user:
|
|
|
|
*("www-data" is the group name for website stuff on gandi)*
|
|
|
|
> *sudo useradd -G* ***www-data*** *-d /home/****username*** *-m -s /bin/bash* ***username***
|
|
|
|
***-G group*** adds the groups in a comma separated
|
|
|
|
***-d /home/username*** specifies the home directory to be created (necessary on ubuntu)
|
|
|
|
***-m*** flag to create scripts (necessary)
|
|
|
|
***-s /bin/bash*** what shell is to be used (default is none)
|
|
|
|
#### deleting a user
|
|
|
|
userdel -r {username}
|
|
|
|
## IMPORTANT
|
|
### set users primary group
|
|
|
|
**this is critical**
|
|
|
|
sudo usermod <username> -g www-data
|
|
|
|
|
|
### setting up ssh authentication
|
|
|
|
cat ~/.ssh/id\_rsa.pub | ssh **username@remote\_host** "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized\_keys"
|
|
|
|
## apt-get commands
|
|
|
|
**to see the package version:**
|
|
|
|
dpkg -s postgresql | grep Version
|
|
|
|
# setting up aws server
|
|
|
|
## creating the server instance
|
|
|
|
[aws instance](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html)
|
|
|
|
1. Open the [amazon EC2 console](https://console.aws.amazon.com/ec2/)
|
|
2. Choose **Launch Instance**
|
|
3. The *Choose an Amazon Machine Image (AMI)* page has basic configuration, so pick the first *ubuntu* configuration
|
|
4. This will take you to the *Choose an Instance Type* page, this chooses the hardware configuration, you want to pick **t2.micro**
|
|
5. Hit **Review and Launch**
|
|
6. This will take you to *Review Instance Launch* page, and that has an option for **Security Groups**, hit **Edit security groups**, on the page that pops up, pick the options you want to allow for your instance
|
|
7. When finished, hit "done" or whatever and you'll be taken back to the *Review Instance Launch* page, from here hit the **Launch** key
|
|
8. this will prompt you for a key pair. There are a few options. Create a new Pair and choose an existing key pair
|
|
|
|
####key pair info:
|
|
[aws info on key pairs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html)
|
|
|
|
[importing id_rsa](http://www.admin-magazine.com/CloudAge/Blogs/Dan-Frost-s-Blog/Importing-SSH-keys-on-AWS)
|
|
|
|
[add_ssh](http://stackoverflow.com/questions/8193768/trying-to-ssh-into-an-amazon-ec2-instance-permission-error)
|
|
|
|
1. mv /path/to/myname.pem ~/.ssh
|
|
2. ssh-add ~/.ssh/myname.pem
|
|
3. ssh ubuntu@INSTANCE_IP_ADDRESS
|
|
|
|
Remember that the IP ADDRESS changes whenever you restart the instance
|
|
|
|
on your computer
|
|
|
|
1. vim /etc/hosts
|
|
2. add a line with the server name and IP ADDRESS for that insntace
|
|
3. ssh ubuntu@SERVERNAME
|
|
|
|
## updating the hostname
|
|
|
|
[aws ubuntu hostname](https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname/)
|
|
|
|
[scroll down to find the "echo" comment](https://forums.aws.amazon.com/message.jspa?messageID=495274)
|
|
|
|
there is an issue with ubuntu instances on AWS, the name given in /etc/hostname doesn't match what exist in /etc/hosts. So if you try using sudo you'll get an error.
|
|
|
|
To fix this, you need to change those files, to get into sudo type in:
|
|
|
|
sudo su -
|
|
echo "127.0.0.1 $(hostname)" >> /etc/hosts
|
|
|
|
This will update /etc/hosts with the default hostname generated by amazon. Alternatively you can do what it says in the first link [aws ubuntu hostname](https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname/)
|
|
|
|
|
|
### setup visudo
|
|
|
|
sudo update-alternatives --config editor
|
|
|
|
su -c 'visudo'
|
|
|
|
find this line:
|
|
|
|
USERNAME ALL=(ALL) NOPASSWD: ALL
|
|
|
|
replace it with:
|
|
|
|
admin ALL=(ALL) ALL
|
|
|
|
|
|
## add new user
|
|
|
|
[adding a user on linux AWS](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html)
|
|
|
|
[how to get an add the public key to the new user](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#retrieving-the-public-key)
|
|
|
|
1. *sudo useradd -G* ***www-data*** *-d /home/****username*** *-m -s /bin/bash* ***username***
|
|
2. *mkdir projectdir*
|
|
|
|
### set users primary group
|
|
|
|
**this is critical**
|
|
- The primary group is the group applied to you when you log in using the usual methods (TTYs, GUI, SSH, etc.).
|
|
|
|
sudo usermod <username> -g www-data
|
|
|
|
### set password
|
|
|
|
sudo passwd <username>
|
|
|
|
### setting up ssh authentication
|
|
|
|
1. get the public key:
|
|
|
|
ssh-keygen -y -f /path/to/myinstance.pem
|
|
|
|
2. copy the above results
|
|
|
|
3. log in to the ubuntu instance using default ubuntu user
|
|
|
|
4. change users to the custom username
|
|
|
|
sudo su - username
|
|
|
|
5. create the ssh directory and auth file
|
|
|
|
cd /home/username
|
|
mkdir .ssh
|
|
touch .ssh/authorized_keys
|
|
vim ~/.ssh/authorized_keys
|
|
|
|
6. change the permissions
|
|
|
|
chown -R username:username_gropus .ssh
|
|
chmod 700 .ssh
|
|
chmod 600 .ssh/authorized_keys
|
|
|
|
7. now paste in the public_key you got in step 1
|
|
8. log out and test with the username
|
|
|
|
ssh username@instance.domain
|
|
|
|
### add username to the sudo group
|
|
AWS has a sudo group that allows a user sudo priveleges
|
|
|
|
usermod -a -G sudo username
|
|
|
|
### apt-get setup
|
|
|
|
sudo apt-get update
|
|
sudo apt-get install aptitude
|
|
|
|
|
|
## postgres
|
|
|
|
### note:
|
|
if you are using docker for postgres, skip this and go to the docker section. It is completely unnecessary and you don't even need to install postgres
|
|
|
|
|
|
#### links fix locale error with postgres
|
|
|
|
[could not connect to server solution](http://askubuntu.com/questions/50621/cannot-connect-to-postgresql-on-port-5432)
|
|
|
|
[locale solution](http://ubuntuforums.org/showthread.php?t=1346581)
|
|
|
|
[remote connecting](http://www.railszilla.com/postgresql-tcpip-connections-port-5432/coffee-break)
|
|
|
|
sudo apt-get install postgresql
|
|
sudo apt-get install postgresql-contrib
|
|
sudo locale-gen en_US en_US.UTF-8 hu_HU hu_HU.UTF-8
|
|
sudo dpkg-reconfigure locales
|
|
sudo service postgresql restart
|
|
sudo -u postgres psql postgres
|
|
sudo -u postgres createdb **website_dbname**
|
|
|
|
sudo apt-get install postgresql-server-dev-X.Y
|
|
sudo apt-get install postgresql-server-dev-9.3
|
|
|
|
#### change password for db user "postgres"
|
|
sudo -u postgres psql postgres
|
|
|
|
ALTER USER Postgres WITH PASSWORD '<newpassword>';
|
|
|
|
#### set up postgresql to remote access
|
|
|
|
######(see "remote connecting" link above)
|
|
|
|
#####Note: be careful with this, because **anyone** will be able to mess around with it
|
|
|
|
1. sudo vim /etc/postgresql/9.3/main/postgresql.conf
|
|
2. find **listen\_addresses** and change it to **listen\_addresses = '\*'**
|
|
3. sudo vim /etc/postgresql/9.3/main/pg_hba.conf
|
|
4. find **host all all 127.0.0.1/32 trust** and change **127.0.0.1/32** to **0.0.0.0/0**
|
|
5. sudo service postgresql restart
|
|
6. test it by running: *psql -h* ***ip\_address*** *-U* ***username*** *-d* ***database***
|
|
7. e.g. psql -h 173.246.107.96 -U postgres postgres
|
|
|
|
|
|
|
|
## setup the /var/www directory
|
|
|
|
cd /var
|
|
sudo mkdir www
|
|
sudo chgrp www-data www -R
|
|
sudo chmod g+w www -R
|
|
|
|
## install python packages
|
|
|
|
sudo apt-get install python-dev
|
|
sudo apt-get install python3-dev
|
|
sudo apt-get install libjpeg-dev
|
|
|
|
|
|
## install and set up supervisor
|
|
|
|
sudo apt-get install supervisor
|
|
|
|
make sure www-data is a group for the main user
|
|
|
|
vim /etc/supervisor/supervisord.conf
|
|
|
|
add the following:
|
|
|
|
[unix_http_server]
|
|
file=/var/run/supervisor.sock
|
|
chmod=0770
|
|
chown=nobody:www-data
|
|
|
|
[supervisorctl]
|
|
serverurl=unix:///var/run//supervisor.sock
|
|
chmod=0770
|
|
chown=nobody:www-data
|
|
|
|
#### run the following commands:
|
|
|
|
sudo service supervisor stop
|
|
sudo service supervisor start
|
|
|
|
### install pip and virtualenv
|
|
|
|
[virtualenv install](http://roundhere.net/journal/virtualenv-ubuntu-12-10/)
|
|
|
|
sudo apt-get install python-pip
|
|
sudo pip install virtualenv
|
|
sudo pip install virtualenvwrapper
|
|
|
|
echo "WORKON_HOME=~/.virtualenvs" >> .bashrc
|
|
echo ". /usr/local/bin/virtualenvwrapper.sh" >> .bashrc
|
|
|
|
## Docker
|
|
|
|
### docker
|
|
|
|
##### uninstall old (if necessary)
|
|
sudo apt-get remove docker docker-engine docker.io containerd runc
|
|
|
|
##### set up apt-get
|
|
|
|
sudo apt-get update
|
|
sudo apt-get install \
|
|
apt-transport-https \
|
|
ca-certificates \
|
|
curl \
|
|
gnupg-agent \
|
|
software-properties-common
|
|
|
|
##### verify install
|
|
|
|
check that fingerprint key "9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88" is the same
|
|
|
|
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
|
|
|
sudo apt-key fingerprint 0EBFCD88
|
|
|
|
##### install repository
|
|
sudo add-apt-repository \
|
|
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
|
|
$(lsb_release -cs) \
|
|
stable"
|
|
|
|
##### install docker
|
|
|
|
sudo apt-get update
|
|
sudo apt-get install docker-ce docker-ce-cli containerd.io
|
|
|
|
### docker-compose
|
|
sudo curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
|
|
|
|
sudo chmod +x /usr/local/bin/docker-compose
|
|
|
|
|
|
## nginx
|
|
|
|
sudo apt-get install nginx
|
|
|
|
|
|
## certbot
|
|
|
|
In order to use ssl/https it is necessary to install a certificate. This is especially true if the nginx config file has *already* been set up to use ssl. (for example, you are reinstalling an environment, or creating production based on staging, etc)
|
|
|
|
[certbot.eff.org](certbot.eff.org) allows you to install a free certificate
|
|
|
|
#### add certbot ppa
|
|
|
|
sudo apt-get update
|
|
sudo apt-get install software-properties-common
|
|
sudo add-apt-repository universe
|
|
sudo add-apt-repository ppa:certbot/certbot
|
|
sudo apt-get update
|
|
|
|
#### install certbot
|
|
|
|
sudo apt-get install certbot python-certbot-nginx
|
|
|
|
#### Choose how you'd like to run certbot
|
|
##### OPTION1: get and install your certificates
|
|
sudo apt-get install certbot python-certbot-nginx
|
|
##### OPTION2: just get the certificate (already configured)
|
|
sudo certbot --nginx
|
|
|
|
Use Option1 when you are just starting a project, but you know you are going to be using SSL
|
|
|
|
Use Option2 when you have already set up nginx to work with https, for example, you are reinstalling an existing project, etc.
|
|
|
|
## set up vim remote editing
|
|
this just means adding the server pem file location to .ssh/config
|
|
|
|
in ~/.ssh/config add the following info
|
|
|
|
Host minionfinder.com
|
|
HostName minionfinder.com
|
|
IdentityFile /Users/ronny/projects/django/minyanfinder.prj/share/ssh/minionfinder.pem
|
|
|
|
where *minionfinder.com* refers to the host name
|
|
and the **IdentityFile** section is the fully qualified pathname of the pem file
|
|
|
|
# bootstrap server
|
|
|
|
fab (prod|rel) deploy.bootstrap
|
|
|
|
|
|
|
|
|
|
|