This article describes how I setup Ubuntu server for Ruby on Rails application deployment. I am on MacBook as workstation and running Ubuntu on VPS server. At the end of this article, you should get Access Right, SSH and Git ready.
Login your Ubuntu
Login via SSH:
ssh root@123.456.789.123
Change your root password immediately:
passwd
You should not log in as root apart from the initial setup. Use sudo to run root-level command instead and related log is written to ‘/var/log/messages’.
Add a group ‘pilots’ to contain users with sudo privileges:
groupadd pilots
Install nano as default editor
Install aptitude to replace apt-get for better package management:
sudo apt-get update sudo apt-get install aptitude
Install nano:
sudo aptitude install nano
Change default editor from ‘vi’ to ‘nano’:
export EDITOR=/usr/bin/nano visudo
Add these lines to the end of the file:
# Allows user in group pilots to run all commands %pilots ALL=(ALL) ALL
Add a new user and configure it for SSH
Add user to ‘pilots’ group:
adduser lorenz usermod -a -G pilots lorenz
On local workstation, generate SSH keys and SCP to Ubuntu server:
mkdir ~/.ssh ssh-keygen -t rsa scp ~/.ssh/id_rsa.pub lorenz@202.181.234.41:
Move the public key file to ‘.ssh’ directory:
mkdir ~lorenz/.ssh mv ~lorenz/id_rsa.pub ~lorenz/.ssh/authorized_keys
Set permission on the keys:
chown -R lorenz:lorenz ~lorenz/.ssh chmod 700 ~lorenz/.ssh chmod 600 ~lorenz/.ssh/authorized_keys
Edit SSH configuration at ‘/etc/ssh/sshd_config’:
Port 12345 <-- Change from default port 22 to other ports Protocol 2 PermitRootLogin no PasswordAuthentication yes <-- Enable user to login on other workstation without the private key UseDNS no AllowUsers lorenz
Setting Up iptables
View the default iptables rules:
sudo iptables -L
Create a iptables rules file and replace with Slicehost default iptables rules:
sudo nano /etc/iptables.up.rules
Add a script to run implement the rules when the network interfaces are started:
sudo nano /etc/network/if-pre-up.d/iptables
#!/bin/sh /sbin/iptables-restore < /etc/iptables.up.rules
Make the new script executable:
chmod +x /etc/network/if-pre-up.d/iptables
Test the setup
Reload sshd:
/etc/init.d/ssh reload
Try to SSH login on local workstation:
ssh -p 12345 lorenz@123.456.789.123
Customize your shell
Edit shell’s settings:
nano ~/.bashrc
Add alias to the end of .bashrc file:
alias free="free=m"
Activate the change by this command:
source ~/.bashrc
Customize your shell
Edit shell’s settings, then log out and log in again:
sudo locale sudo locale-gen zh_HK.UTF-8 sudo update-locale LANG=zh_HK.UTF-8
Install Development Tools through aptitude
Edit enabled repositories list:
sudo nano /etc/apt/sources.list
Install ‘build-essential’ package which include gcc, make, patch and so on:
sudo aptitude install build-essential
Install Git
Add Git User:
sudo adduser git
Create ‘.ssh’ directory:
sudo su git cd /home/git mkdir .ssh chmod 700 .ssh sudo su lorenz
As lorenz & git share the same public key, we copy authorized_keys to git user account:
sudo cp /home/lorenz/.ssh/authorized_keys /home/git/.ssh/ sudo chown git:git /home/git/.ssh/authorized_keys
Edit SSH configuration ‘/etc/ssh/sshd_config’ and reload SSH config:
AllowUsers lorenz git
Restrict shell access for the git user
Edit ‘/etc/passwd’ file and change the shell for git user
git:x:1001:1001:Git,,,:/home/git:/usr/bin/git-shell <-- Changed from '/bin/bash' to '/usr/bin/git-shell'
Git User is secured and not able to SSH to server:
fatal: What do you think I am? A shell? connection to 123.456.789.123 closed.
That’s it, we make a Ubuntu server ready for Rails application. Let’s follow the next article to deploy the Rails application to Ubuntu server via Git and Capistrano.
Reference
You might be interested in this Slicehost article which details how to set up a slice to run Ruby on Rails as well.
Related Posts
- Deploy Rails application via Git and Capistrano
- Setting Up your own DNS server with bind9
- Setting Up PHP FastCGI and phpMyAdmin with nginx
{ 2 trackbacks }
{ 0 comments… add one now }