Here are all the things I like to do when I am setting up a new Ubuntu box (works on Ubuntu 14.04 x64, YMMV).
This first set of steps is best executed as the root user on the system.
-
- Update your Debian repositories:
apt-get update
- Install Emacs (this is my personal favorite editor) –
apt-get install emacs25
- Set up Apache2 with
apt-get install apache2 a2enmod userdir
This also installs
ufw
. - Secure Apache – make sure to add the
UserDir
directive. The above module will allow it. Restart Apache.
- Update your Debian repositories:
- Create a
www-data
user, and a home folder (/var/www
). Give ownership of the home folder to this user, use bash as the login shell, and set up a password. Set up SSH for this user, enable them to login to the home directory, give them sudo privileges.usermod -s /bin/bash -d /var/www www-data usermod -G sudo www-data
- Enable
ufw
to only allow ports 22, 80, 443 – additionally, enable 220 and change the SSHD configuration to listen at port 220 instead of 22 by editing (more security tips at the OpenSSH configuration page):apt-get install vim vim /etc/ssh/sshd_config service ssh restart
- Apache will need the following modules enabled:
a2enmod ssl
a2enmod rewrite
- You need to be able to compile new packages – you need
apt-get install build-essential
- Some useful packages don’t come pre-installed:
apt-get install zip sendmail
- Sendmail: Configuring this is weird. You need to do a bunch of stuff to enable TLS and SASL, and then configure /etc/hosts to have an FQDN.
- Install some goodies for Rails – namely, Ruby, Ruby Gems, QT, Phusion Passenger and Postgres. See more details below.
Goodies for Rails
Ruby
Make sure you do this after you have installed the following packages via apt-get
:
-
-
build-essential
libreadline-dev
libyaml-dev
redis-server
sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config libffi-dev
zlibc zlib1g zlib1g-dev
-
Install Ruby using RVM.
\curl -sSL https://get.rvm.io | bash -s stable
RVM now requires sudo permissions by default – run this sequence to avoid that.
rvm autolibs disable rvm requirements
Now you are good to install Ruby – with something like rvm install 2.2.2
. Voila!
Ruby Gems
Ruby Gem installations (like those of nokogiri
and json
) will require some additional packages. Run these and make sure you have these packages first.
sudo apt-get install libpq-dev
# A JavaScript runtime might be necessary
sudo apt-get install nodejs
Note to Fedora users: You need to configure the repository location first - curl --silent --location https://rpm.nodesource.com/setup_6.x | bash -,
for Node v6. As of Mar 2019, v10 is considered stable - v11 is bleeding-edge.
If you are thinking of using your deployment in test or development mode, you might want to equip yourself to use SQLite3 and Capybara. These gems require some Ubuntu libraries:
# For Capybara sudo apt-get install qt4-dev-tools libqt4-dev libqt4-core libqt4-gui # For SQLite3 sudo apt-get install libsqlite3-dev
Postgres
Installation
The Digital Ocean guide to installing Postgres on Ubuntu is pretty good. Note that Postgres 9.6 is only officially supported in Ubuntu 17+
You have to install this library on Ubuntu: apt-get install libpq-dev
Enabling Peer Access
Once you’ve done that, you might find that you intend to connect as a specific user on the command line (that is, by using psql
) – that means you have to use password authentication over Unix sockets instead of the peer method, so you have to change the default lines in the pg_hba.conf
file, which is usually in a folder like the one below
/etc/postgresql/9.4/main
Note for Redhat/Fedora users: It’s a bit harder to find your configuration folder on Redhat, especially if you have multiple Postgres installs. I finally figured out the path to it via this AskUbuntu.com question, which is to first find the parameters used to start the PG server, via ps
, and then to look for the pg_hba.conf
folder in that folder.
The required change is from this line (and NOT the one for the administrative postgres
user):
# TYPE DATABASE USER ADDRESS METHOD
local all all peer
to
# TYPE DATABASE USER ADDRESS METHOD
local all all md5
Git
You want to set up Git to be able to download your repositories – that’s a good way to manage code.
# as root, ie with sudo apt-get install git # Remember to set up a public key in .ssh that will communicate with # git so that your deploy scripts can work cp your_favorite_keys .ssh/ cp a_good_config_pointing_to_above_keys .ssh/config
QT
This is necessary if you are using graphics-based drivers, that need to run on your “dumb terminal” machine. In Rails, this usually happens when you use Capybara for testing. Run the following command (as root):
apt-get install qt5-default libqt5webkit5-dev
Phusion Passenger
You have to prepare Ruby to use Passenger:
<br />$ gem install passenger # Change to the gem installation directory - you will have to change # this depending on where you have installed Ruby $ cd /var/www/.rvm/gems/ruby-2.2.2/gems/passenger-5.0.6/ $ rake apache2 # or rake nginx
Passenger needs you to install some packages in order to integrate with Apache:
- Run
apt-get install libcurl4-openssl-dev
, or libcurl4-gnutls-dev, whichever you prefer - To install Apache 2 development headers: Please install it with
apt-get install apache2-threaded-dev
- To install Apache Portable Runtime (APR) development headers: Please install it with
apt-get install libapr1-dev
- To install Apache Portable Runtime Utility (APU) development headers: Please install it with
apt-get install libaprutil1-dev
Security
Other than the firewall (ufw
) cofiguration specified above, also remember to turn off indexing to your Apache2 server (HTTPD) user’s home directory. That directory is usually where most default Apache server configurations will point and you might accidentally put sensitive information in there.
&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;Directory /var/www/ /&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; Options -Indexes +FollowSymLinks AllowOverride None Require all granted &amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;lt;/Directory&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt;Other Goodies
MySQL
apt-get install mysql-server mysql_secure_installationPHP
Sometimes, you will need PHP because a lot of websites still run PHP (and/or you want WordPress.) And you’ll need this MySQL extension, because why else would you want PHP?
sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql sudo apt-get install libapache2-mod-php sudo a2enmod php7.0You might want to configure PHP to send email – find the right php.ini file (FPM — /etc/php/7.0/fpm — for Nginx configurations) and add SMTP related lines in there.
Now go run your PHP apps. MySQL FTW!
Emacs
Emacs now comes with a package management system called (GNU) Elpa. I like adding this to my
.emacs
to enableweb-mode
(require 'package) (add-to-list 'package-archives '("melpa" . "http://melpa.org/packages/"))