Journal marcello_dl's Journal: Linode config
First of all, aptitude-upgrading, the debian image still has the random number gen. vulnerability. I went for lenny so i have a recent git and postgresql 8.3
Did tzsetup, and aptitude installed locales
added a normal user
Linode configures with DHCP his servers. Might have advantages but i prefer a static one
iface eth0old inet dhcp
iface eth0 inet static
address (...)
netmask 255.255.255.0
gateway (...)
dns-nameservers 207.192.69.4 207.192.69.5
and put a name in
Then installed arno-iptables-firewall.
Opened ports 80 443 (it's gonna be a server)
FULL_ACCESS_HOSTS="(my machine domain name)"
FIREWALL_LOG=/var/log/firewall
LOGLEVEL=debug
then
touch
in
and the following added:
# Logging for iptables
kern.=debug -/var/log/firewall
then
and restart arno firewall
To prevent firewall messages on lish console out add to
KLOGD="-c 4"
And restart that one too.
Better use logrotate too, see
http://linuxgazette.net/114/keeling.html
in
rotate 7
daily
compress
notifempty
create 0640 root adm
delaycompress
create
}
and start logrotate to see if it kinda works
Rails server:
installed exim4-daemon-light postgresql lighttpd ruby ruby1.8-dev irb liberb-ruby libpgsql-ruby1.8 libredcloth-ruby1.8 rdoc1.8 libfcgi-ruby1.8 rubygems rake
then:
gem install rails
(wait)
make sure the correct version for your app is present, too
gem install -v=2.0.2 rails
Postgres users need postgres gem
aptitude install postgresql-server-dev-(version) make
gem install postgres
lighty-enable-module to add fastcgi and ssl
but then removed the entries in conf-enabled dir
# Debian lighttpd configuration file
#
############ Options you really have to take care of ####################
## modules to load
# mod_access, mod_accesslog and mod_alias are loaded by default
# all other module should only be loaded if neccesary
# - saves some time
# - saves memory
server.modules = (
"mod_fastcgi",
"mod_access",
"mod_alias",
"mod_accesslog",
"mod_compress",
"mod_rewrite",
# "mod_redirect",
# "mod_evhost",
# "mod_usertrack",
# "mod_rrdtool",
# "mod_webdav",
"mod_expire",
# "mod_flv_streaming",
# "mod_evasive"
)
## a static document-root, for virtual-hosting take look at the
## server.virtual-* options
server.document-root = "/var/www/"
## where to upload files to, purged daily.
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
## where to send error-messages to
server.errorlog = "/var/log/lighttpd/error.log"
## files to check for if
index-file.names = ( "index.php", "index.html",
"index.htm", "default.htm",
"index.lighttpd.html" )
## Use the "Content-Type" extended attribute to obtain mime type if possible
# mimetype.use-xattr = "enable"
#### accesslog module
accesslog.filename = "/var/log/lighttpd/access.log"
## deny access the file-extensions
#
# ~ is for backupfiles from vi, emacs, joe,
#
# of the document-root
url.access-deny = ( "~", ".inc" )
##
# which extensions should not be handle via static-file transfer
#
#
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
######### Options that are good to be but not neccesary to be changed #######
## Use ipv6 only if available.
#include_shell "/usr/share/lighttpd/use-ipv6.pl"
## bind to port (default: 80)
# server.port = 81
## bind to localhost only (default: all interfaces)
server.bind = "(server's IP)"
## error-handler for status 404
#server.error-handler-404 = "/error-handler.html"
#server.error-handler-404 = "/error-handler.php"
## to help the rc.scripts
server.pid-file = "/var/run/lighttpd.pid"
##
## Format:
## ->
#server.errorfile-prefix = "/var/www/"
## virtual directory listings
dir-listing.encoding = "utf-8"
server.dir-listing = "disable"
## send unhandled HTTP-header headers to error-log
#debug.dump-unknown-headers = "enable"
### only root can use these options
#
# chroot() to directory (default: no chroot() )
#server.chroot = "/"
## change uid to (default: don't care)
server.username = "www-data"
## change uid to (default: don't care)
server.groupname = "www-data"
#### compress module
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ("text/plain", "text/html", "application/x-javascript", "text/css")
#### url handling modules (rewrite, redirect, access)
# url.rewrite = ( "^/$" => "/server-status" )
# url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" )
#
# define a pattern for the host url finding
# %% => % sign
# %0 => domain name + tld
# %1 => tld
# %2 => domain name without tld
# %3 => subdomain 1 name
# %4 => subdomain 2 name
#
# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/"
#### expire module
# expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")
#### rrdtool
# rrdtool.binary = "/usr/bin/rrdtool"
# rrdtool.db-name = "/var/www/lighttpd.rrd"
#### variable usage:
## variable name without "." is auto prefixed by "var." and becomes "var.bar"
#bar = 1
#var.mystring = "foo"
## integer add
#bar += 1
## string concat, with integer cast as string, result: "www.foo1.com"
#server.name = "www." + mystring + var.bar + ".com"
## array merge
#index-file.names = (foo + ".php") + index-file.names
#index-file.names += (foo + ".php")
#### external configuration files
## mimetype mapping
include_shell "/usr/share/lighttpd/create-mime.assign.pl"
## load enabled configuration files,
## read
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
#### handle Debian Policy Manual, Section 11.5. urls
## by default allow them only from localhost
## (This must come last due to #445459)
## Note: =~ "127.0.0.1" works with ipv6 enabled, whereas == "127.0.0.1" doesn't
$HTTP["remoteip"] =~ "127.0.0.1" {
alias.url += (
"/doc/" => "/usr/share/doc/",
"/images/" => "/usr/share/images/"
)
$HTTP["url"] =~ "^/doc/|^/images/" {
dir-listing.activate = "enable"
}
}
# lighttpd.conf entry to transparently add ssl
#$SERVER["socket"] == "(your server's IP):443" {
# ssl.pemfile = "/var/www/
# ssl.ca-file = "/var/www/
# ssl.engine = "enable"
#}
$HTTP["host"] =~ "(^|\.)hostname$" {
server.error-handler-404 = "/dispatch.fcgi"
server.document-root = "/var/www/ railsapp
server.errorlog = "/var/www//log/lighttpd.error.log"
accesslog.filename = "/var/www/ railsapp
url.rewrite = ( "^/$" => "index.html", "^([^.]+)$" => "$1.html" )
compress.filetype = ( "text/plain", "text/html", "text/css", "text/javascript" )
compress.cache-dir = "/var/www/ railsapp
expire.url = ( "/favicon.ico" => "access 3 days",
"/images/" => "access 3 days",
"/stylesheets/" => "access 3 days",
"/javascripts/" => "access 3 days" )
fastcgi.server = ( ".fcgi" => ( "localhost" => (
"min-procs" => 1,
"max-procs" => 1,
"socket" => "/var/www/ railsapp
"bin-path" => "/var/www/ railsapp
"bin-environment" => ( "RAILS_ENV" => "production" )
) ) )
}
Postgresql
# su - postgres
now, a user same name of your linux user who own the app
$ createuser (username) -P (give him no special privileges)
$ createdb -E UTF8 (dbname)
edit pg_hba.conf (somewhere in
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL listen
# on a non-local interface via the listen_addresses configuration parameter,
# or via the -i or -h command line switches.
#
host (dbname) (www-data = username) 127.0.0.1 255.255.255.255 trust
Tried copying the rails app(s) to
to make changes effective restart postgresql and lighttpd