This repository has been archived by the owner on Dec 12, 2021. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 25
Production Server Configuration
Matthew Zagaja edited this page Jul 20, 2016
·
2 revisions
Ubuntu 14.04 setup
Secure using http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/
accountsservice install
acpid install
adduser install
apparmor install
apport install
apport-symptoms install
apt install
apt-transport-https install
apt-utils install
apt-xapian-index install
aptitude install
aptitude-common install
arping install
at install
augeas-lenses install
autoconf install
automake install
autotools-dev install
base-files install
base-passwd install
bash install
bash-completion install
bc install
bind9-host install
binutils install
biosdevname install
bison install
bsdmainutils install
bsdutils install
busybox-initramfs install
busybox-static install
byobu install
bzip2 install
ca-certificates install
cloud-guest-utils install
cloud-init install
comerr-dev install
command-not-found install
command-not-found-data install
console-setup install
coreutils install
cpio install
cpp install
cpp-4.8 install
crda install
cron install
curl install
dash install
dbus install
debconf install
debconf-i18n install
debianutils install
dh-python install
dialog install
diffutils install
dmidecode install
dmsetup install
dnsutils install
dosfstools install
dpkg install
e2fslibs:amd64 install
e2fsprogs install
eatmydata install
ed install
eject install
ethtool install
fail2ban install
file install
findutils install
fontconfig-config install
fonts-dejavu-core install
fonts-ubuntu-font-family-console install
friendly-recovery install
ftp install
fuse install
g++ install
g++-4.8 install
gawk install
gcc install
gcc-4.8 install
gcc-4.8-base:amd64 install
gcc-4.9-base:amd64 install
gdisk install
geoip-database install
gettext-base install
gir1.2-glib-2.0 install
git install
git-man install
gnupg install
gpgv install
grep install
groff-base install
grub-common install
grub-gfxpayload-lists install
grub-pc install
grub-pc-bin install
grub2-common install
gzip install
hdparm install
hostname install
ifupdown install
info install
init-system-helpers install
initramfs-tools install
initramfs-tools-bin install
initscripts install
insserv install
install-info install
installation-report install
iproute2 install
iptables install
iputils-ping install
iputils-tracepath install
irqbalance install
isc-dhcp-client install
isc-dhcp-common install
iso-codes install
kbd install
keyboard-configuration install
klibc-utils install
kmod install
krb5-locales install
krb5-multidev install
landscape-common install
language-pack-en install
language-pack-en-base install
language-selector-common install
laptop-detect install
less install
libaccountsservice0:amd64 install
libacl1:amd64 install
libapparmor-perl install
libapparmor1:amd64 install
libapt-inst1.5:amd64 install
libapt-pkg4.12:amd64 install
libarchive-extract-perl install
libasan0:amd64 install
libasn1-8-heimdal:amd64 install
libasprintf0c2:amd64 install
libatomic1:amd64 install
libattr1:amd64 install
libaudit-common install
libaudit1:amd64 install
libaugeas0 install
libbind9-90 install
libbison-dev:amd64 install
libblas3 install
libblkid1:amd64 install
libboost-iostreams1.54.0:amd64 install
libbsd0:amd64 install
libbz2-1.0:amd64 install
libc-ares2:amd64 install
libc-bin install
libc-dev-bin install
libc6:amd64 install
libc6-dev:amd64 install
libcap-ng0 install
libcap2:amd64 install
libcap2-bin install
libcgmanager0:amd64 install
libck-connector0:amd64 install
libclass-accessor-perl install
libcloog-isl4:amd64 install
libcomerr2:amd64 install
libcurl3:amd64 install
libcurl3-gnutls:amd64 install
libcwidget3 install
libdate-manip-perl install
libdb5.3:amd64 install
libdbus-1-3:amd64 install
libdbus-glib-1-2:amd64 install
libdebconfclient0:amd64 install
libdevmapper1.02.1:amd64 install
libdns100 install
libdrm2:amd64 install
libedit2:amd64 install
libelf1:amd64 install
libept1.4.12:amd64 install
liberror-perl install
libestr0 install
libevent-2.0-5:amd64 install
libexpat1:amd64 install
libexpat1-dev:amd64 install
libffi-dev:amd64 install
libffi6:amd64 install
libfontconfig1:amd64 install
libfreetype6:amd64 install
libfribidi0:amd64 install
libfuse2:amd64 install
libgc1c2:amd64 install
libgcc-4.8-dev:amd64 install
libgcc1:amd64 install
libgck-1-0:amd64 install
libgcr-3-common install
libgcr-base-3-1:amd64 install
libgcrypt11:amd64 install
libgd3:amd64 install
libgdbm-dev install
libgdbm3:amd64 install
libgeoip1:amd64 install
libgirepository-1.0-1 install
libglib2.0-0:amd64 install
libglib2.0-data install
libgmp-dev:amd64 install
libgmp10:amd64 install
libgmpxx4ldbl:amd64 install
libgnutls-openssl27:amd64 install
libgnutls26:amd64 install
libgomp1:amd64 install
libgpg-error0:amd64 install
libgpm2:amd64 install
libgssapi-krb5-2:amd64 install
libgssapi3-heimdal:amd64 install
libgssrpc4:amd64 install
libhcrypto4-heimdal:amd64 install
libheimbase1-heimdal:amd64 install
libheimntlm0-heimdal:amd64 install
libhx509-5-heimdal:amd64 install
libicu52:amd64 install
libidn11:amd64 install
libio-string-perl install
libisc95 install
libisccc90 install
libisccfg90 install
libisl10:amd64 install
libitm1:amd64 install
libiw30:amd64 install
libjbig0:amd64 install
libjpeg-turbo8:amd64 install
libjpeg8:amd64 install
libjs-jquery install
libjson-c2:amd64 install
libjson0:amd64 install
libk5crypto3:amd64 install
libkadm5clnt-mit9:amd64 install
libkadm5srv-mit9:amd64 install
libkdb5-7:amd64 install
libkeyutils1:amd64 install
libklibc install
libkmod2:amd64 install
libkrb5-26-heimdal:amd64 install
libkrb5-3:amd64 install
libkrb5support0:amd64 install
libldap-2.4-2:amd64 install
liblinear-tools install
liblinear1 install
liblocale-gettext-perl install
liblockfile-bin install
liblockfile1:amd64 install
liblog-message-simple-perl install
liblua5.1-0:amd64 install
liblua5.2-0:amd64 install
liblwres90 install
liblzma5:amd64 install
libmagic1:amd64 install
libmodule-pluggable-perl install
libmount1:amd64 install
libmpc3:amd64 install
libmpdec2:amd64 install
libmpfr4:amd64 install
libncurses5:amd64 install
libncurses5-dev:amd64 install
libncursesw5:amd64 install
libnet1:amd64 install
libnewt0.52:amd64 install
libnfnetlink0:amd64 install
libnih-dbus1:amd64 install
libnih1:amd64 install
libnl-3-200:amd64 install
libnl-genl-3-200:amd64 install
libnuma1:amd64 install
libp11-kit0:amd64 install
libpam-cap:amd64 install
libpam-google-authenticator install
libpam-modules:amd64 install
libpam-modules-bin install
libpam-runtime install
libpam-systemd:amd64 install
libpam0g:amd64 install
libparse-debianchangelog-perl install
libparted0debian1:amd64 install
libpcap0.8:amd64 install
libpci3:amd64 install
libpcre3:amd64 install
libpcsclite1:amd64 install
libperl5.18 install
libpipeline1:amd64 install
libplymouth2:amd64 install
libpng12-0:amd64 install
libpod-latex-perl install
libpolkit-agent-1-0:amd64 install
libpolkit-backend-1-0:amd64 install
libpolkit-gobject-1-0:amd64 install
libpopt0:amd64 install
libpq-dev install
libpq5:amd64 install
libprocps3:amd64 install
libpython-dev:amd64 install
libpython-stdlib:amd64 install
libpython2.7:amd64 install
libpython2.7-dev:amd64 install
libpython2.7-minimal:amd64 install
libpython2.7-stdlib:amd64 install
libpython3-stdlib:amd64 install
libpython3.4-minimal:amd64 install
libpython3.4-stdlib:amd64 install
libqrencode3:amd64 install
libquadmath0:amd64 install
libreadline5:amd64 install
libreadline6:amd64 install
libreadline6-dev:amd64 install
libroken18-heimdal:amd64 install
librtmp0:amd64 install
libruby1.9.1 install
libruby2.0:amd64 install
libsasl2-2:amd64 install
libsasl2-modules:amd64 install
libsasl2-modules-db:amd64 install
libselinux1:amd64 install
libsemanage-common install
libsemanage1:amd64 install
libsensors4:amd64 install
libsepol1:amd64 install
libsigc++-2.0-0c2a:amd64 install
libsigsegv2:amd64 install
libslang2:amd64 install
libsqlite3-0:amd64 install
libsqlite3-dev:amd64 install
libss2:amd64 install
libssl-dev:amd64 install
libssl1.0.0:amd64 install
libstdc++-4.8-dev:amd64 install
libstdc++6:amd64 install
libsub-name-perl install
libsystemd-daemon0:amd64 install
libsystemd-login0:amd64 install
libtasn1-6:amd64 install
libterm-ui-perl install
libtext-charwidth-perl install
libtext-iconv-perl install
libtext-soundex-perl install
libtext-wrapi18n-perl install
libtiff5:amd64 install
libtimedate-perl install
libtinfo-dev:amd64 install
libtinfo5:amd64 install
libtool install
libtsan0:amd64 install
libudev1:amd64 install
libusb-0.1-4:amd64 install
libusb-1.0-0:amd64 install
libustr-1.0-1:amd64 install
libuuid1:amd64 install
libv8-3.14.5 install
libvpx1:amd64 install
libwind0-heimdal:amd64 install
libwrap0:amd64 install
libx11-6:amd64 install
libx11-data install
libxapian22 install
libxau6:amd64 install
libxcb1:amd64 install
libxdmcp6:amd64 install
libxext6:amd64 install
libxml2:amd64 install
libxmuu1:amd64 install
libxpm4:amd64 install
libxslt1.1:amd64 install
libxtables10 install
libyaml-0-2:amd64 install
libyaml-dev:amd64 install
linux-firmware install
linux-generic install
linux-headers-3.13.0-85 install
linux-headers-3.13.0-85-generic install
linux-headers-3.13.0-88 install
linux-headers-3.13.0-88-generic install
linux-headers-3.13.0-91 install
linux-headers-3.13.0-91-generic install
linux-headers-3.13.0-92 install
linux-headers-3.13.0-92-generic install
linux-headers-generic install
linux-image-3.13.0-85-generic install
linux-image-3.13.0-88-generic install
linux-image-3.13.0-91-generic install
linux-image-3.13.0-92-generic install
linux-image-extra-3.13.0-85-generic install
linux-image-extra-3.13.0-88-generic install
linux-image-extra-3.13.0-91-generic install
linux-image-extra-3.13.0-92-generic install
linux-image-generic install
linux-libc-dev:amd64 install
locales install
lockfile-progs install
login install
logrotate install
logwatch install
lsb-base install
lsb-release install
lshw install
lsof install
ltrace install
m4 install
make install
makedev install
man-db install
manpages install
mawk install
memtest86+ install
mime-support install
mlocate install
module-init-tools install
mount install
mountall install
mtr-tiny install
multiarch-support install
nano install
ncurses-base install
ncurses-bin install
ncurses-term install
net-tools install
netbase install
netcat-openbsd install
nginx-common install
nginx-extras install
nmap install
nodejs install
ntfs-3g install
ntpdate install
openssh-client install
openssh-server install
openssh-sftp-server install
openssl install
os-prober install
parted install
passenger install
passenger-dev install
passenger-doc install
passwd install
patch install
pciutils install
perl install
perl-base install
perl-modules install
pgdg-keyring install
pkg-config install
plymouth install
plymouth-theme-ubuntu-text install
policykit-1 install
popularity-contest install
postfix install
postgresql install
postgresql-9.5 install
postgresql-client-9.5 install
postgresql-client-common install
postgresql-common install
postgresql-contrib install
postgresql-contrib-9.5 install
postgresql-server-dev-9.5 install
powermgmt-base install
ppp install
pppconfig install
pppoeconf install
procps install
psmisc install
python install
python-apt install
python-apt-common install
python-chardet install
python-cheetah install
python-configobj install
python-debian install
python-dev install
python-gdbm install
python-json-pointer install
python-jsonpatch install
python-minimal install
python-oauth install
python-openssl install
python-pam install
python-pkg-resources install
python-prettytable install
python-pyinotify install
python-requests install
python-serial install
python-setuptools install
python-six install
python-twisted-bin install
python-twisted-core install
python-urllib3 install
python-virtualenv install
python-xapian install
python-yaml install
python-zope.interface install
python2.7 install
python2.7-dev install
python2.7-minimal install
python3 install
python3-apport install
python3-apt install
python3-commandnotfound install
python3-dbus install
python3-distupgrade install
python3-gdbm:amd64 install
python3-gi install
python3-minimal install
python3-newt install
python3-problem-report install
python3-pycurl install
python3-software-properties install
python3-update-manager install
python3.4 install
python3.4-minimal install
readline-common install
resolvconf install
rsync install
rsyslog install
ruby install
ruby-rack install
ruby1.9.1 install
ruby2.0 install
rubygems-integration install
run-one install
s3cmd install
screen install
sed install
sensible-utils install
sgml-base install
shared-mime-info install
software-properties-common install
sqlite3 install
ssh-import-id install
ssl-cert install
strace install
sudo install
sysstat install
systemd-services install
systemd-shim install
sysv-rc install
sysvinit-utils install
tar install
tasksel install
tasksel-data install
tcpd install
tcpdump install
telnet install
time install
tmux install
traceroute install
tzdata install
ubuntu-keyring install
ubuntu-minimal install
ubuntu-release-upgrader-core install
ubuntu-standard install
ucf install
udev install
ufw install
unattended-upgrades install
update-manager-core install
update-notifier-common install
upstart install
ureadahead install
usbutils install
util-linux install
uuid-runtime install
vim install
vim-common install
vim-runtime install
vim-tiny install
w3m install
wget install
whiptail install
whois install
wireless-regdb install
wireless-tools install
wpasupplicant install
xauth install
xkb-data install
xml-core install
xz-utils install
zlib1g:amd64 install
zlib1g-dev:amd64 install
Setup Phusion Passenger using instructions at https://www.phusionpassenger.com/library/walkthroughs/deploy/ruby/digital_ocean/nginx/oss/install_passenger_main.html
Setup a user with the name rails for deployment.
Setup nginx. The configuration file sample is:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name enersaveapp.org www.enersaveapp.org;
root /var/www/enersave/current/public;
passenger_enabled on;
rails_env production;
passenger_env_var CAMBRIDGE_ENERGY_APP_DATABASE_PASSWORD "";
passenger_env_var SECRET_KEY_BASE "";
passenger_env_var GOOGLE_CLIENT_ID "";
passenger_env_var GOOGLE_CLIENT_SECRET "";
passenger_env_var SENDGRID_PASSWORD "";
passenger_env_var SENDGRID_USERNAME "";
ssl_certificate /etc/letsencrypt/live/enersaveapp.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/enersaveapp.org/privkey.pem;
include snippets/ssl-params.conf;
}
Setup postgres with a "rails" user and a cambridge_energy_app user that have permissions for the database. The rails user needs access for rake tasks, and the cambridge_energy_app user needs permissions for the app as configured in database.yml right now, but could probably consolidate this into a single user (rails).
Setup rvm for rails user.
Setup Let's Encrypt using instructions at https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04.
Setup LogWatch using instructions at https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps. Configure it to use SendGrid instead of default mailer.