Sameer Siruguri

My Blog

Setting Up A New Ubuntu Box: My Personal Recipe

Here are all the things I like to do when I am setting up a new Ubuntu box (works on Ubuntu 14.04 x64, YMMV).

This first set of steps is best executed as the root user on the system.

    1. Update your Debian repositories: apt-get update
    2. Install Emacs (this is my personal favorite editor) – apt-get install emacs24
    3. Set up Apache2 with
      apt-get install apache2
      a2enmod userdir

      This also installs ufw.

    4. Secure Apache – make sure to add the UserDir directive. The above module will allow it. Restart Apache.
  1. Create a www-data user, and a home folder (/var/www). Give ownership of the home folder to this user, use bash as the login shell, and set up a password. Set up SSH for this user, enable them to login to the home directory, give them sudo privileges.
    usermod -s /bin/bash -d /var/www www-data
    usermod -G sudo www-data
    
  2. Enable ufw to only allow ports 22, 80, 443 – additionally, enable 220 and change the SSHD configuration to listen at port 220 instead of 22 by editing (more security tips at the OpenSSH configuration page):
    apt-get install vim
    vim /etc/ssh/sshd_config
    service ssh restart
    
  3. Apache will need the following modules enabled:
    1. a2enmod ssl
    2. a2enmod rewrite
  4. You need to be able to compile new packages – you need apt-get install build-essential
  5. Some useful packages don’t come pre-installed:
    apt-get install zip sendmail
  6. Sendmail: Configuring this is weird. You need to do a bunch of stuff to enable TLS and SASL, and then configure /etc/hosts to have an FQDN.
  7. Install some goodies for Rails – namely, Ruby, Ruby Gems, QT, Phusion Passenger and Postgres. See more details below.

Goodies for Rails

Ruby

Make sure you do this after you have installed the following packages via apt-get:

      • build-essential
      • libreadline-dev
      • libyaml-dev
      • redis-server
      • sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config libffi-dev
      • zlibc zlib1g zlib1g-dev

Install Ruby using RVM.

\curl -sSL https://get.rvm.io | bash -s stable

RVM now requires sudo permissions by default – run this sequence to avoid that.

rvm autolibs disable
rvm requirements

Now you are good to install Ruby – with something like rvm install 2.2.2. Voila!

Ruby Gems

Ruby Gem installations (like those of nokogiri and json) will require some additional packages. Run these and make sure you have these packages first.

sudo apt-get install libpq-dev
# A JavaScript runtime might be necessary
sudo apt-get install nodejs

Note to Fedora users: You need to configure the repository location first –  curl --silent --location https://rpm.nodesource.com/setup_6.x | bash -, for Node v6. As of Feb 2017, v6 is considered stable – v7 is bleeding-edge.

If you are thinking of using your deployment in test or development mode, you might want to equip yourself to use SQLite3 and Capybara. These gems require some Ubuntu libraries:

# For Capybara
sudo apt-get install qt4-dev-tools libqt4-dev libqt4-core libqt4-gui

# For SQLite3
sudo apt-get install libsqlite3-dev

Postgres

The Digital Ocean guide to installing Postgres on Ubuntu is pretty good (that is the link to the Ubuntu 16.04 version; here is the link to 14.04.)

Once you’ve done that, you might find that you intend to connect as a specific user on the command line (that is, by using psql) – that means you have to use password authentication over Unix sockets instead of the peer method, so you have to change the default lines in the pg_hba.conf file, which is usually in a folder like the one below

/etc/postgresql/9.4/main

Note for Redhat/Fedora users: It’s a bit harder to find your configuration folder on Redhat, especially if you have multiple Postgres installs. I finally figured out the path to it via this AskUbuntu.com question, which is to first find the parameters used to start the PG server, via ps, and then to look for the pg_hba.conf folder in that folder.

The required change is from this line (and NOT the one for the administrative postgres user):

# TYPE DATABASE USER ADDRESS METHOD
local  all      all          peer

to

# TYPE DATABASE USER ADDRESS METHOD
local  all      all          md5

Git

You want to set up Git to be able to download your repositories – that’s a good way to manage code.


# as root, ie with sudo
apt-get install git
# Remember to set up a public key in .ssh that will communicate with
# git so that your deploy scripts can work
cp your_favorite_keys .ssh/
cp a_good_config_pointing_to_above_keys .ssh/config

QT

This is necessary if you are using graphics-based drivers, that need to run on your “dumb terminal” machine. In Rails, this usually happens when you use Capybara for testing. Run the following command (as root):

apt-get install qt5-default libqt5webkit5-dev

Phusion Passenger

You have to prepare Ruby to use Passenger:


$ gem install passenger

# Change to the gem installation directory - you will have to change
# this depending on where you have installed Ruby

$ cd /var/www/.rvm/gems/ruby-2.2.2/gems/passenger-5.0.6/
$ rake apache2 # or rake nginx

Passenger needs you to install some packages in order to integrate with Apache:

      • Please run apt-get install libcurl4-openssl-dev, or libcurl4-gnutls-dev, whichever you prefer.
      • To install Apache 2 development headers: Please install it with apt-get install apache2-threaded-dev
      • To install Apache Portable Runtime (APR) development headers: Please install it with apt-get install libapr1-dev
      • To install Apache Portable Runtime Utility (APU) development headers: Please install it with apt-get install libaprutil1-dev

Security

Other than the firewall (ufw) cofiguration specified above, also remember to turn off indexing to your Apache2 server (HTTPD) user’s home directory. That directory is usually where most default Apache server configurations will point and you might accidentally put sensitive information in there.

<Directory /var/www/ />
  Options -Indexes +FollowSymLinks
  AllowOverride None
  Require all granted
</Directory>

Other Goodies

MySQL

apt-get install mysql-server
mysql_secure_installation

PHP

Sometimes, you will need PHP because a lot of websites still run PHP (and/or you want WordPress.) And you’ll need this MySQL extension, because why else would you want PHP?


sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql
sudo apt-get install libapache2-mod-php
sudo a2enmod php7.0

You might want to configure PHP to send email – find the right php.ini file (FPM — /etc/php/7.0/fpm — for Nginx configurations) and add SMTP related lines in there.

Now go run your PHP apps. MySQL FTW!

Emacs

Emacs now comes with a package management system called (GNU) Elpa. I like adding this to my .emacs to enable web-mode


(require 'package)
(add-to-list 'package-archives '("melpa" . "http://melpa.org/packages/"))

 

 

Single Post Navigation

Leave a Reply

Your email address will not be published. Required fields are marked *