# Fiona## Nginx + Passenger (w/ REE) on Ubuntu 9.10 ssh root@fionaGet r

1. # Fiona
2.  
3. ## Nginx + Passenger (w/ REE) on Ubuntu 9.10
4.  
5. ssh root@fiona
6.  
7. Get rid of that obnoxious motd.
8.  
9. echo '' > /etc/motd
10.  
11. Set the hostname
12.  
13. echo 'fiona' > /etc/hostname
14. /etc/init.d/hostname.sh start
15.  
16. Update and install some essentials.
17.  
18. aptitude update
19. aptitude upgrade
20. aptitude install build-essential zlib1g-dev libssl-dev git-core curl
21.  
22. ## Ruby Enterprise Edition
23.  
24. mkdir /usr/local/src && cd /usr/local/src
25.  
26. curl -LO http://rubyforge.org/frs/download.php/64479/ruby-enterprise_1.8.7-20090928_i386.deb
27. dpkg -i ruby-enterprise_1.8.7-20090928_i386.deb
28.  
29. ## Nginx + Passenger
30.  
31. curl http://sysoev.ru/nginx/nginx-0.7.62.tar.gz | tar xvz
32. gem install passenger
33.  
34. passenger-install-nginx-module
35.  
36. Prompts:
37.  
38. > "Automatically download and install Nginx?": 2
39. > "Where is your Nginx source code located?": /root/src/nginx-0.7.62
40. > "Where do you want to install Nginx to?": /usr/local/nginx
41. > "Extra Nginx configure options": --sbin-path=/usr/local/sbin --with-http_ssl_module
42.  
43. curl http://gist.github.com/raw/213678/789a5a71bbddf065e68aabc4c7d13c80059994f2/nginx > /etc/init.d/nginx
44. chmod +x /etc/init.d/nginx
45. update-rc.d -f nginx defaults
46.  
47. curl http://gist.github.com/raw/213678/19c4dc655ac196222652bebd6be6b017f29dcc6a/nginx.conf > /usr/local/nginx/conf/nginx.conf
48.  
49. /etc/init.d/nginx start
50.  
51. ## Integrity
52.  
53. adduser ci
54. adduser ci admin
55. exit
56.  
57. ssh ci@fiona
58.  
59. curl http://gist.github.com/raw/97747/2378011069e8655dd71187f1c94c32bdb3151569/gistfile1.txt > .gemrc
60.  
61. echo 'set nocompatible' > .vimrc
62.  
63. sudo vi /etc/nginx/integrity.conf
64.  
65. > server {
66. > listen 80;
67. > server_name ci.grays.im;
68. > root /home/ci/integrity/public;
69. > passenger_enabled on;
70. > }
71.  
72. sudo aptitude install sqlite3 libsqlite3-dev
73. gem install integrity
74. sudo gem install do_sqlite3 --version=0.9.11
75. sudo gem uninstall data_objects --version=0.9.12
76. integrity install ~/integrity
77. cd integrity
78.  
79. vi config.yml
80.  
81. > :base_uri: http://ci.grays.im
82. > :database_uri: sqlite3:///home/ci/integrity/integrity.db
83. > :export_directory: /home/ci/integrity/builds
84. > :log: /home/ci/integrity/log/integrity.log
85. > :build_all_commits: true
86. > :use_basic_auth: true
87. > :admin_username: ''
88. > :admin_password: f7d225c0fd69b47618aa410226f8c22a091cbc78
89. > :hash_admin_password: true
90.  
91. integrity migrate_db config.yml
92. mkdir public
93.  
94. sudo /etc/init.d/nginx reload
95.  
96. ## Rip
97.  
98. cd /usr/local/src
99. sudo git clone git://github.com/defunkt/rip.git
100. cd rip
101. sudo ruby setup.rb
102. sudo chown -R ci:ci ~/.rip
103.  
104. ## Git
105.  
106. sudo -i
107. cd /usr/local/src
108. aptitude install tcl8.4 tk8.4
109. curl http://kernel.org/pub/software/scm/git/git-1.6.5.1.tar.gz | tar zxv
110. cd git-1.6.5.1/
111. ./configure
112. make
113. make install
114.  
115. ## Misc:
116.  
117. (for mysql gem)
118.  
119. sudo aptitude install libmysqlclient-dev mysql-client mysql-server
120.  
121. (for image_science)
122.  
123. sudo aptitude install libfreeimage-dev
124.  
125. (for nokogiri)
126.  
127. sudo aptitude install libxml2-dev libxslt1-dev
128.  
129. ## Firewall
130.  
131. sudo apt-get install ufw
132.  
133. sudo ufw default deny
134. sudo ufw allow http/tcp
135. sudo ufw allow https/tcp
136. sudo ufw allow from 10.42.0.0/24
137.  
138. sudo ufw enable
139. sudo ufw status verbose
140.  
141.  
142. ## Aloha Auth
143.  
144. Unfortunately, this negates the client certificate authentication. So we're not going with it.
145.  
146. cd /usr/local/sbin
147. sudo curl -O http://gist.github.com/raw/255249/52d2756f767006e52409d2bf4583c0ab9fb2adc7/auth-aloha.rb
148. sudo chmod +x auth-aloha.rb
149.  
150. sudo vi /etc/openvpn/server.conf
151.  
152. Add:
153.  
154. > auth-user-pass-verify /usr/local/sbin/auth-aloha.rb via-file
155. > client-cert-not-required
156. > tmp-dir /dev/shm
157.  
158. sudo /etc/init.d/openvpn restart
159.  
160. # DNS
161.  
162. ## THIS NEVER WORKED... ##
163.  
164. sudo apt-get install bind9 dnsutils
165. sudo vi /etc/bind/named.conf.local
166.  
167. > zone "grays.local" {
168. > type master;
169. > file "/etc/bind/db.grays.local";
170. > };
171. >
172. > zone "0.42.10.in-addr.arpa" {
173. > type master;
174. > file "/etc/bind/rev.0.42.10.in-addr.arpa";
175. > };
176.  
177. sudo vi /etc/bind/db.grays.local
178.  
179. > $TTL 604800
180. > @ IN SOA ns.grays.local. admin.grays.local. (
181. > 1 ; Serial
182. > 604800 ; Refresh
183. > 86400 ; Retry
184. > 2419200 ; Expire
185. > 604800 ) ; Negative Cache TTL
186. > ;
187. > @ IN NS ns.grays.local.
188. > @ IN A 10.42.0.1
189. > fiona IN A 10.42.0.1
190.  
191. sudo vi /etc/bind/rev.0.42.10.in-addr.arpa
192.  
193. > $TTL 604800
194. > @ IN SOA ns.grays.local. admin.grays.local. (
195. > 1 ; Serial
196. > 604800 ; Refresh
197. > 86400 ; Retry
198. > 2419200 ; Expire
199. > 604800 ) ; Negative Cache TTL
200. > ;
201. > @ IN NS ns.
202. > 1 IN PTR ns.grays.local.
203.  
204. sudo /etc/init.d/bind9 restart
205.  
206. vi /etc/resolv.conf
207.  
208. > search grays.local members.linode.com
209. > nameserver 10.42.0.1
210. > nameserver 75.127.97.6
211. > nameserver 75.127.97.7
212.  
213. ### Push DNS from OpenVPN
214.  
215. We're not actually doing this. I couldn't get it work without jumping through
216. hoops on the clients. Intead, just manually configure 10.42.0.1 as a nameserver on the clients
217.  
218. sudo vi /etc/openvpn/server.conf
219.  
220. > push "dhcp-option DNS 10.42.0.1"
221. > push "dhcp-option DNS 208.67.222.222"
222. > push "dhcp-option DNS 208.67.220.220"
223.  
224. sudo /etc/init.d/openvpn restart
225.  
226. ### Webmin
227.  
228. sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl
229.  
230. cd /usr/local/src
231. sudo curl -OL http://www.webmin.com/download/deb/webmin-current.deb
232. sudo dpkg -i webmin-current.deb
233.  
234. ## syslog-ng
235.  
236. On fiona (server):
237.  
238. sudo apt-get install syslog-ng
239. sudo vi /etc/syslog-ng/syslog-ng.conf
240.  
241. > source s_remote { tcp(); };
242. > destination d_clients { file("/var/log/$HOST/$PROGRAM"); };
243. > log { source(s_remote); destination(d_clients); };
244.  
245. sudo /etc/init.d/syslog-ng restart
246.  
247. On hettie (client):
248.  
249. > source s_local {
250. > internal();
251. > unix-stream("/dev/log");
252. > file("/proc/kmsg" log_prefix("kernel: "));
253. > };
254. >
255. > destination d_log_host {
256. > tcp("10.42.0.1" port(514));
257. > };
258. >
259. > log {
260. > source(s_local);
261. > destination(d_log_host);
262. > };
263.  
264. ## Redis / Resque
265.  
266. sudo -i
267.  
268. cd /usr/local/src
269. curl http://redis.googlecode.com/files/redis-1.2.5.tar.gz | tar zxv
270. cd redis-1.2.5
271.  
272. make
273. cp redis-server /usr/local/bin/
274. cp redis-cli /usr/local/bin/
275.  
276. Install `redis.conf` to `/etc/redis.conf`
277.  
278. sudo cp utils/redis_init_script /etc/init.d/redis-server
279.  
280. vi /etc/init.d/redis-server
281.  
282. Change the conf file path to `/etc/redis.conf`
283.  
284.  
285. chmod +x /etc/init.d/redis-server
286. update-rc.d -f redis-server defaults
287.  
288. gem install redis redis-namespace yajl-ruby
289.  
290. exit
291.  
292. cd /home/ci
293.  
294. git clone git://github.com/defunkt/resque.git
295.  
296. mkdir resque/public
297. mkdir resque/tmp
298.  
299. sudo vi /etc/nginx/resque.conf
300.  
301. > server {
302. > listen 80;
303. > server_name resque.grays.im;
304. > root /home/ci/resque/public;
305. > passenger_enabled on;
306. > auth_basic "Restricted";
307. > auth_basic_user_file /etc/nginx/_htpasswd;
308. > }
309.  
310. sudo /etc/init.d/nginx reload
311. sudo /etc/init.d/redis-server start