Edit /etc/ssh/sshd_config dans set:
PasswordAuthentication noMake sure your public key has already been added by your provider:
cat .ssh/authorized_keysThen restart SSH:
systemctl restart sshCreate the user :
adduser deployUse a generated password and store it somewhere.
Then, create SSH keys for the created user (no passphrase):
su deploy
cd ~
ssh-keygen -t rsaUpload the public key to Github/BitBucket/GitLab:
cat .ssh/id_rsa.pub
exitAs root:
cd ~
cp /root/.ssh/authorized_keys /home/deploy/.ssh/authorized_keys
chown deploy:deploy /home/deploy/.ssh/authorized_keysYou should be able the SSH without password for root and deploy now.
As root:
apt-get update
apt-get upgrade
apt install zlib1g zlib1g-dev build-essential git-core curl emacs imagemagick nginx ntp
apt install libssl-dev libreadline-dev
apt install unattended-upgrades logrotate memcached nodejs
apt install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev ruby-dev libpq-dev
apt install libmagickcore-dev libmagickwand-devAs root:
unattended-upgradesAs root:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -L -n -vMake rules persistent:
apt install iptables-persistent
iptables-save > /etc/iptables/rules.v4Create a file and swap on it:
fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfileAnd check if its OK:
swapon -s
freeMake it persistent on /etc/fstab:
/swapfile none swap sw 0 0
rbenv and ruby (as deploy)export RUBY_VERSION=2.4.3
git clone https://github.com/rbenv/rbenv.git ~/.rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
echo 'eval "$(rbenv init - bash)"' >> ~/.bash_profile
git clone https://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
exec $SHELL -l
rbenv install $RUBY_VERSION
rbenv global $RUBY_VERSION
gem install bundler
rbenv rehash
wget https://raw.github.com/ryanb/dotfiles/master/gemrc -O .gemrc
echo 'export RAILS_ENV="production"' >> ~/.bash_profileapt install postgresql postgresql-clientpsql -U postgres -d postgresCREATE USER deploy WITH PASSWORD 'TRUNCATED';
createdb -O deploy exampleInstall Phusion Passenger.
Create a file in /etc/nginx/sites-available/example :
server {
listen 80;
server_name example.com;
access_log /var/log/nginx/example.access.log;
sendfile on;
root /home/deploy/apps/example/current/public;
gzip on;
gzip_disable "msie6";
passenger_enabled on;
passenger_ruby /home/deploy/.rbenv/shims/ruby;
passenger_app_env production;
passenger_friendly_error_pages off;
client_max_body_size 300M;
}Enable the server block:
ln -s /etc/nginx/sites-available/example /etc/nginx/sites-enabled/exampleThen restart nginx:
systemctl restart nginxInstall Certbot (as root) :
In /etc/logrotate.d/example:
/home/deploy/apps/example/shared/log/*.log {
daily
missingok
rotate 15
compress
delaycompress
notifempty
copytruncate
}
Vous voulez travailler avec moi ?
Je suis développeur et consultant sur des projets informatiques dans ma société, Phonoid. Avec mes amis, nous y développons des solutions sur mesure pour nos super clients. Nous travaillons également sur nos futurs produits.