Setting Up A New Ubuntu Box: My Personal Recipe
Here are all the things I like to do when I am setting up a new Ubuntu box (works on Ubuntu 14.04 x64, YMMV).
This first set of steps is best executed as the root user on the system.
- Update your Debian repositories:
- Install Emacs (this is my personal favorite editor) –
apt-get install emacs24
- Set up Apache2 with
apt-get install apache2 a2enmod userdir
This also installs
- Secure Apache – make sure to add the
UserDirdirective. The above module will allow it. Restart Apache.
- Create a
www-datauser, and a home folder (
/var/www). Give ownership of the home folder to this user, use bash as the login shell, and set up a password. Set up SSH for this user, enable them to login to the home directory, give them sudo privileges.
usermod -s /bin/bash -d /var/www www-data usermod -G sudo www-data
ufwto only allow ports 22, 80, 443 – additionally, enable 220 and change the SSHD configuration to listen at port 220 instead of 22 by editing (more security tips at the OpenSSH configuration page):
apt-get install vim vim /etc/ssh/sshd_config service ssh restart
- Apache will need the following modules enabled:
- You need to be able to compile new packages – you need
apt-get install build-essential
- Some useful packages don’t come pre-installed:
apt-get install zip sendmail
- Sendmail: Configuring this is weird. You need to do a bunch of stuff to enable TLS and SASL, and then configure /etc/hosts to have an FQDN.
- Install some goodies for Rails – namely, Ruby, Ruby Gems, QT, Phusion Passenger and Postgres. See more details below.
Goodies for Rails
Make sure you do this after you have installed the following packages via
sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config libffi-dev
zlibc zlib1g zlib1g-dev
Install Ruby using RVM.
\curl -sSL https://get.rvm.io | bash -s stable
RVM now requires sudo permissions by default – run this sequence to avoid that.
rvm autolibs disable rvm requirements
Now you are good to install Ruby – with something like
rvm install 2.2.2. Voila!
Ruby Gem installations (like those of
json) will require some additional packages. Run these and make sure you have these packages first.
Note to Fedora users: You need to configure the repository location first –
curl --silent --location https://rpm.nodesource.com/setup_6.x | bash -, for Node v6. As of Feb 2017, v6 is considered stable – v7 is bleeding-edge.
If you are thinking of using your deployment in test or development mode, you might want to equip yourself to use SQLite3 and Capybara. These gems require some Ubuntu libraries:
# For Capybara sudo apt-get install qt4-dev-tools libqt4-dev libqt4-core libqt4-gui # For SQLite3 sudo apt-get install libsqlite3-dev
The Digital Ocean guide to installing Postgres on Ubuntu is pretty good.
Once you’ve done that, you might find that you intend to connect as a specific user on the command line (that is, by using
psql) – that means you have to use password authentication over Unix sockets instead of the peer method, so you have to change the default lines in the
pg_hba.conf file, which is usually in a folder like the one below
Note for Redhat/Fedora users: It’s a bit harder to find your configuration folder on Redhat, especially if you have multiple Postgres installs. I finally figured out the path to it via this AskUbuntu.com question, which is to first find the parameters used to start the PG server, via
ps, and then to look for the
pg_hba.conf folder in that folder.
The required change is from this line (and NOT the one for the administrative
# TYPE DATABASE USER ADDRESS METHOD local all all peer
# TYPE DATABASE USER ADDRESS METHOD local all all md5
You want to set up Git to be able to download your repositories – that’s a good way to manage code.
# as root, ie with sudo apt-get install git # Remember to set up a public key in .ssh that will communicate with # git so that your deploy scripts can work cp your_favorite_keys .ssh/ cp a_good_config_pointing_to_above_keys .ssh/config
This is necessary if you are using graphics-based drivers, that need to run on your “dumb terminal” machine. In Rails, this usually happens when you use Capybara for testing. Run the following command (as root):
apt-get install qt5-default libqt5webkit5-dev
You have to prepare Ruby to use Passenger:
$ gem install passenger # Change to the gem installation directory - you will have to change # this depending on where you have installed Ruby $ cd /var/www/.rvm/gems/ruby-2.2.2/gems/passenger-5.0.6/ $ rake apache2 # or rake nginx
Passenger needs you to install some packages in order to integrate with Apache:
- Please run
apt-get install libcurl4-openssl-dev, or libcurl4-gnutls-dev, whichever you prefer.
- To install Apache 2 development headers: Please install it with
apt-get install apache2-threaded-dev
- To install Apache Portable Runtime (APR) development headers: Please install it with
apt-get install libapr1-dev
- To install Apache Portable Runtime Utility (APU) development headers: Please install it with
apt-get install libaprutil1-dev
Other than the firewall (
ufw) cofiguration specified above, also remember to turn off indexing to your Apache2 server (HTTPD) user’s home directory. That directory is usually where most default Apache server configurations will point and you might accidentally put sensitive information in there.
<Directory /var/www/ /> Options -Indexes +FollowSymLinks AllowOverride None Require all granted </Directory>
apt-get install mysql-server mysql_secure_installation
Sometimes, you will need PHP because a lot of websites still run PHP (and/or you want WordPress.) And you’ll need this MySQL extension, because why else would you want PHP?
sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql sudo apt-get install libapache2-mod-php sudo a2enmod php7.0
You might want to configure PHP to send email – find the right php.ini file (FPM — /etc/php/7.0/fpm — for Nginx configurations) and add SMTP related lines in there.
Now go run your PHP apps. MySQL FTW!
Emacs now comes with a package management system called (GNU) Elpa. I like adding this to my
.emacs to enable
(require 'package) (add-to-list 'package-archives '("melpa" . "http://melpa.org/packages/"))