Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Debian

marcello_dl's Journal: Linode config

Journal by marcello_dl

First of all, aptitude-upgrading, the debian image still has the random number gen. vulnerability. I went for lenny so i have a recent git and postgresql 8.3

Did tzsetup, and aptitude installed locales
added a normal user

Linode configures with DHCP his servers. Might have advantages but i prefer a static one

iface eth0old inet dhcp

iface eth0 inet static
        address (...)
        netmask 255.255.255.0
        gateway (...)
        dns-nameservers 207.192.69.4 207.192.69.5

and put a name in /etc/hostname

Then installed arno-iptables-firewall.
Opened ports 80 443 (it's gonna be a server)
FULL_ACCESS_HOSTS="(my machine domain name)"
FIREWALL_LOG=/var/log/firewall
LOGLEVEL=debug

then
touch /var/log/firewall

in /etc/syslog.conf kern.* must be changed to kern.!=debug
and the following added:
      # Logging for iptables
      kern.=debug -/var/log/firewall

then /etc/init.d/sysklogd restart

and restart arno firewall

To prevent firewall messages on lish console out add to /etc/init.d/klogd:

KLOGD="-c 4"

And restart that one too.

Better use logrotate too, see
http://linuxgazette.net/114/keeling.html

in /etc/logrotate/logrotate.d /var/log/firewall {
                      rotate 7
                      daily
                      compress
                      notifempty
                      create 0640 root adm
                      delaycompress
                      create
}

and start logrotate to see if it kinda works /usr/sbin/logrotate /etc/logrotate.conf

Rails server:
installed exim4-daemon-light postgresql lighttpd ruby ruby1.8-dev irb liberb-ruby libpgsql-ruby1.8 libredcloth-ruby1.8 rdoc1.8 libfcgi-ruby1.8 rubygems rake

then:
gem install rails
(wait)

make sure the correct version for your app is present, too
gem install -v=2.0.2 rails

Postgres users need postgres gem
aptitude install postgresql-server-dev-(version) make

gem install postgres

lighty-enable-module to add fastcgi and ssl
but then removed the entries in conf-enabled dir


# Debian lighttpd configuration file
#

############ Options you really have to take care of ####################

## modules to load
# mod_access, mod_accesslog and mod_alias are loaded by default
# all other module should only be loaded if neccesary
# - saves some time
# - saves memory

server.modules = (
        "mod_fastcgi",
                        "mod_access",
                        "mod_alias",
                        "mod_accesslog",
                        "mod_compress",
                      "mod_rewrite",
# "mod_redirect",
# "mod_evhost",
# "mod_usertrack",
# "mod_rrdtool",
# "mod_webdav",
                      "mod_expire",
# "mod_flv_streaming",
# "mod_evasive"
)

## a static document-root, for virtual-hosting take look at the
## server.virtual-* options
server.document-root = "/var/www/"

## where to upload files to, purged daily.
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )

## where to send error-messages to
server.errorlog = "/var/log/lighttpd/error.log"

## files to check for if .../ is requested
index-file.names = ( "index.php", "index.html",
                                                              "index.htm", "default.htm",
                                                              "index.lighttpd.html" )

## Use the "Content-Type" extended attribute to obtain mime type if possible
# mimetype.use-xattr = "enable"

#### accesslog module
accesslog.filename = "/var/log/lighttpd/access.log"

## deny access the file-extensions
#
# ~ is for backupfiles from vi, emacs, joe, ...
# .inc is often used for code includes which should in general not be part
# of the document-root
url.access-deny = ( "~", ".inc" )

##
# which extensions should not be handle via static-file transfer
#
# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

######### Options that are good to be but not neccesary to be changed #######

## Use ipv6 only if available.
#include_shell "/usr/share/lighttpd/use-ipv6.pl"

## bind to port (default: 80)
# server.port = 81

## bind to localhost only (default: all interfaces)
server.bind = "(server's IP)"

## error-handler for status 404
#server.error-handler-404 = "/error-handler.html"
#server.error-handler-404 = "/error-handler.php"

## to help the rc.scripts
server.pid-file = "/var/run/lighttpd.pid"

##
## Format: .html
## -> ..../status-404.html for 'File not found'
#server.errorfile-prefix = "/var/www/"

## virtual directory listings
dir-listing.encoding = "utf-8"
server.dir-listing = "disable"

## send unhandled HTTP-header headers to error-log
#debug.dump-unknown-headers = "enable"

### only root can use these options
#
# chroot() to directory (default: no chroot() )
#server.chroot = "/"

## change uid to (default: don't care)
server.username = "www-data"

## change uid to (default: don't care)
server.groupname = "www-data"

#### compress module
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ("text/plain", "text/html", "application/x-javascript", "text/css")

#### url handling modules (rewrite, redirect, access)
# url.rewrite = ( "^/$" => "/server-status" )
# url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" )

#
# define a pattern for the host url finding
# %% => % sign
# %0 => domain name + tld
# %1 => tld
# %2 => domain name without tld
# %3 => subdomain 1 name
# %4 => subdomain 2 name
#
# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/"

#### expire module
# expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")

#### rrdtool
# rrdtool.binary = "/usr/bin/rrdtool"
# rrdtool.db-name = "/var/www/lighttpd.rrd"

#### variable usage:
## variable name without "." is auto prefixed by "var." and becomes "var.bar"
#bar = 1
#var.mystring = "foo"

## integer add
#bar += 1
## string concat, with integer cast as string, result: "www.foo1.com"
#server.name = "www." + mystring + var.bar + ".com"
## array merge
#index-file.names = (foo + ".php") + index-file.names
#index-file.names += (foo + ".php")

#### external configuration files
## mimetype mapping
include_shell "/usr/share/lighttpd/create-mime.assign.pl"

## load enabled configuration files,
## read /etc/lighttpd/conf-available/README first
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

#### handle Debian Policy Manual, Section 11.5. urls
## by default allow them only from localhost
## (This must come last due to #445459)
## Note: =~ "127.0.0.1" works with ipv6 enabled, whereas == "127.0.0.1" doesn't
$HTTP["remoteip"] =~ "127.0.0.1" {
        alias.url += (
                "/doc/" => "/usr/share/doc/",
                "/images/" => "/usr/share/images/"
        )
        $HTTP["url"] =~ "^/doc/|^/images/" {
                dir-listing.activate = "enable"
        }
}

# lighttpd.conf entry to transparently add ssl
#$SERVER["socket"] == "(your server's IP):443" {
# ssl.pemfile = "/var/www/ ... /key-cert.pem"
# ssl.ca-file = "/var/www/ ... /cacert.pem"
# ssl.engine = "enable"
#}

$HTTP["host"] =~ "(^|\.)hostname$" {

server.error-handler-404 = "/dispatch.fcgi"
server.document-root = "/var/www/ railsapp /public/"

server.errorlog = "/var/www//log/lighttpd.error.log"
accesslog.filename = "/var/www/ railsapp /log/lighttpd.access.log"

url.rewrite = ( "^/$" => "index.html", "^([^.]+)$" => "$1.html" )

compress.filetype = ( "text/plain", "text/html", "text/css", "text/javascript" )
compress.cache-dir = "/var/www/ railsapp /tmp/cache"
expire.url = ( "/favicon.ico" => "access 3 days",
                                                          "/images/" => "access 3 days",
                                                          "/stylesheets/" => "access 3 days",
                                                          "/javascripts/" => "access 3 days" )

fastcgi.server = ( ".fcgi" => ( "localhost" => (
    "min-procs" => 1,
    "max-procs" => 1,
    "socket" => "/var/www/ railsapp /tmp/sockets/fcgi.socket",
    "bin-path" => "/var/www/ railsapp /public/dispatch.fcgi",
    "bin-environment" => ( "RAILS_ENV" => "production" )
) ) )

}

Postgresql
# su - postgres
now, a user same name of your linux user who own the app
$ createuser (username) -P (give him no special privileges)
$ createdb -E UTF8 (dbname)

edit pg_hba.conf (somewhere in /etc/postgresql/...)
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL listen
# on a non-local interface via the listen_addresses configuration parameter,
# or via the -i or -h command line switches.
#
host (dbname) (www-data = username) 127.0.0.1 255.255.255.255 trust

Tried copying the rails app(s) to /var/www and work under user www-data

to make changes effective restart postgresql and lighttpd

"You show me an American who can keep his mouth shut and I'll eat him." -- Newspaperman from Frank Capra's _Meet_John_Doe_

Working...