For Debian 9 (buster).
adduser deploy
Then, create SSH keys (no passphrase):
su deploy
cd ~
ssh-keygen -t rsa
Upload the public key to BitBucket/Github:
cat .ssh/id_rsa.pub
exit
As root:
apt update
apt upgrade
apt install zlib1g zlib1g-dev build-essential git-core curl emacs imagemagick nginx screen
apt install libmariadb-dev-compat libmariadb-dev libssl-dev libreadline-dev
apt install mariadb-server monit unattended-upgrades logrotate memcached redis-server
apt install libcurl4-gnutls-dev libxml2 libxml2-dev libxslt1-dev ruby-dev
apt install libmagickcore-dev libmagickwand-dev
Set a generated password for mysql root and save it somewhere.
As root:
unattended-upgrades
fallocate -l 8G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
swapon -s
free
Make it persistent on /etc/fstab
:
/swapfile none swap sw 0 0
https://github.com/nodesource/distributions/blob/master/README.md
curl -sL https://deb.nodesource.com/setup_13.x | bash -
apt install -y nodejs
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add
echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
apt update
apt install yarn
su deploy
cd ~
git clone git://github.com/sstephenson/rbenv.git ~/.rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
echo 'eval "$(rbenv init -)"' >> ~/.bash_profile
git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
exec $SHELL -l
export RUBY_VERSION=2.6.5
rbenv install $RUBY_VERSION
rbenv global $RUBY_VERSION
gem install bundler
rbenv rehash
wget https://raw.github.com/ryanb/dotfiles/master/gemrc -O .gemrc
echo 'export RAILS_ENV="production"' >> ~/.bash_profile
Launch the MySQL CLI client:
mysql
mysql> create database `sitcom` character set 'utf8mb4' collate 'utf8mb4_unicode_ci';
mysql> create user deploy;
mysql> grant all on `sitcom`.* to 'deploy'@'localhost' identified by 'SuperGeneratedPassword';
mysql> flush privileges;
apt install -y dirmngr gnupg
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
apt install -y apt-transport-https ca-certificates
sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger buster main > /etc/apt/ sources.list.d/passenger.list'
apt update
apt install -y passenger libnginx-mod-http-passenger
/usr/bin/passenger-config validate-install
Copy config/server/nginx/sites-available/sitcom
to /etc/nginx/sites-available/sitcom
.
Enable the server block:
unlink /etc/nginx/sites-enabled/default
ln -s /etc/nginx/sites-available/sitcom /etc/nginx/sites-enabled/sitcom
Then restart nginx:
systemctl restart nginx
apt install default-jdk
apt install apt-transport-https
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
add-apt-repository "deb https://artifacts.elastic.co/packages/7.x/apt stable main"
apt update
apt install elasticsearch
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
bundle exec cap production deploy:check
Create the env file in /home/deploy/apps/sitcom/shared/.env
. Then:
bundle exec cap production deploy
In /etc/logrotate.d/sitcom:
/home/deploy/apps/sitcom/shared/log/*.log {
daily
missingok
rotate 15
compress
delaycompress
notifempty
copytruncate
}
Test it:
logrotate /etc/logrotate.conf
As root :
loginctl enable-linger deploy
Set the Storage directive of the [Journal] section of
/etc/systemd/journald.conf
to persistent (instead of auto or volatile).
Reboot after editing the configuration.
As deploy, install systemd services :
- Copy
config/server/systemd/sidekiq-default.service
to/home/deploy/.config/systemd/user/sidekiq-default.service
. - Copy
config/server/systemd/sidekiq-websockets.service
to/home/deploy/.config/systemd/user/sidekiq-websockets.service
.
Then :
systemctl --user enable sidekiq-default
systemctl --user enable sidekiq-websockets
systemctl --user start sidekiq-default
systemctl --user start sidekiq-websockets
Useful commands :
systemctl --user status sidekiq-default
journalctl --user -fu sidekiq-default
If change was made on file, execute:
systemctl --user daemon-reload
- Copy config files from
config/server/monit/conf.d
to/etc/monit/conf.d
.
Activate web UI in /etc/monit/monitrc
:
set httpd port 2812 and allow monit:PasswordToChange
apt install python-certbot-nginx certbot
certbot --nginx -d sitcom.cetic.be