Last active
April 15, 2020 18:04
-
-
Save EugZol/4263b9367b6dbdc4832a63e4fde523d6 to your computer and use it in GitHub Desktop.
Wall of text (to use in bash) to install Nginx (with Passenger), Ruby (with rb-env), Postgres, Postfix
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
VPS_DOMAIN="$(hostname --fqdn)" # changme: use your domain name | |
# Install DO agent | |
curl -sSL https://agent.digitalocean.com/install.sh | sh | |
# Update dist packages | |
apt-get update | |
apt-get dist-upgrade -y | |
# Install packages neccessary to compile stuff | |
apt-get install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev -y | |
# Git | |
apt-get install git -y | |
# Create 'deployer' user | |
adduser --disabled-password --gecos "" deployer | |
mkdir /home/deployer/.ssh | |
cp ~/.ssh/authorized_keys /home/deployer/.ssh/authorized_keys | |
chown -R deployer:deployer /home/deployer/.ssh | |
chmod 700 /home/deployer/.ssh | |
chmod 600 /home/deployer/.ssh/authorized_keys | |
# Install rbenv + ruby for deployer user | |
# 1. Log into deployer | |
su deployer | |
# 2. Install rbenv | |
git clone https://github.com/rbenv/rbenv.git ~/.rbenv | |
cd ~/.rbenv | |
git checkout v1.1.1 # CHANGEME: rbenv version | |
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc | |
echo 'eval "$(rbenv init -)"' >> ~/.bashrc | |
source ~/.bashrc | |
# 3. Install ruby-build | |
mkdir -p "$(rbenv root)"/plugins | |
git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build | |
cd "$(rbenv root)"/plugins/ruby-build | |
git checkout v20181106 # CHANGEME: ruby-build version | |
# 4. Install ruby | |
cd | |
rbenv install 2.5.3 # CHANGEME: ruby version | |
rbenv global 2.5.3 # CHANGEME: ruby version | |
# 5. Setup bundler | |
gem install bundler | |
echo "gem: --no-document" > ~/.gemrc | |
# 6. Logout | |
exit | |
# Install passenger | |
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7 | |
apt-get install -y apt-transport-https ca-certificates | |
sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger bionic main > /etc/apt/sources.list.d/passenger.list' | |
apt-get update | |
apt-get install -y nginx-extras passenger | |
echo "passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;" > /etc/nginx/conf.d/mod-http-passenger.conf | |
echo "passenger_ruby /home/deployer/.rbenv/shims/ruby;" >> /etc/nginx/conf.d/mod-http-passenger.conf | |
service nginx start | |
# Install and configure Postgresql | |
# 1. Install | |
apt-get install postgresql postgresql-contrib | |
# 2. Add superuser 'deployer' | |
su - postgres | |
createuser --superuser deployer | |
exit | |
# Install and configure postfix | |
# 1. Install | |
debconf-set-selections <<< "postfix postfix/mailname string $(echo $VPS_DOMAIN)" | |
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" | |
apt-get install -y postfix | |
# 2. Install OpenDKIM (https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy) | |
apt-get install opendkim opendkim-tools | |
# 3. Edit /etc/opendkim.conf | |
sed -i 's/UserID/#UserID/' /etc/opendkim.conf | |
sed -i 's/UMask/#UMask/' /etc/opendkim.conf | |
sed -i 's/Socket/#Socket/' /etc/opendkim.conf | |
echo "AutoRestart Yes" >> /etc/opendkim.conf | |
echo "AutoRestartRate 10/1h" >> /etc/opendkim.conf | |
echo "UMask 002" >> /etc/opendkim.conf | |
echo "Syslog yes" >> /etc/opendkim.conf | |
echo "SyslogSuccess Yes" >> /etc/opendkim.conf | |
echo "LogWhy Yes" >> /etc/opendkim.conf | |
echo "Canonicalization relaxed/simple" >> /etc/opendkim.conf | |
echo "ExternalIgnoreList refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim.conf | |
echo "InternalHosts refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim.conf | |
echo "KeyTable refile:/etc/opendkim/KeyTable" >> /etc/opendkim.conf | |
echo "SigningTable refile:/etc/opendkim/SigningTable" >> /etc/opendkim.conf | |
echo "Mode sv" >> /etc/opendkim.conf | |
echo "PidFile /var/run/opendkim/opendkim.pid" >> /etc/opendkim.conf | |
echo "SignatureAlgorithm rsa-sha256" >> /etc/opendkim.conf | |
echo "UserID opendkim:opendkim" >> /etc/opendkim.conf | |
echo "Socket inet:12301@localhost" >> /etc/opendkim.conf | |
# 4. Edit /etc/defaul/openkim | |
sed -i 's/SOCKET=/#SOCKET=/' /etc/default/opendkim | |
echo 'SOCKET="inet:12301@localhost"' >> /etc/default/opendkim | |
# 5. Edit /etc/postfix/main.cf | |
echo "milter_protocol = 2" >> /etc/postfix/main.cf | |
echo "milter_default_action = accept" >> /etc/postfix/main.cf | |
echo "smtpd_milters = inet:localhost:12301" >> /etc/postfix/main.cf | |
echo "non_smtpd_milters = inet:localhost:12301" >> /etc/postfix/main.cf | |
# 6. Edit /etc/opendkim/TrustedHosts | |
mkdir -p /etc/opendkim/keys/$(echo $VPS_DOMAIN) | |
echo "127.0.0.1" > /etc/opendkim/TrustedHosts | |
echo "localhost" >> /etc/opendkim/TrustedHosts | |
echo "192.168.0.1/24" >> /etc/opendkim/TrustedHosts | |
# 7. Edit /etc/opendkim/KeyTable | |
echo "postfixmail._domainkey.$(echo $VPS_DOMAIN) $(echo $VPS_DOMAIN):postfixmail:/etc/opendkim/keys/$(echo $VPS_DOMAIN)/postfixmail.private" > /etc/opendkim/KeyTable | |
# 8. Edit /etc/opendkim/SigningTable | |
echo "*@$(echo $VPS_DOMAIN) postfixmail._domainkey.$(echo $VPS_DOMAIN)" > /etc/opendkim/SigningTable | |
# 9. Generate keys | |
cd /etc/opendkim/keys/$(echo $VPS_DOMAIN) | |
# Use the next line instead to generate short key (useful for bad DNS managers which crop TXT, such as Yandex DNS): | |
# opendkim-genkey -s postfixmail -d $(echo $VPS_DOMAIN) -b 1024 | |
opendkim-genkey -s postfixmail -d $(echo $VPS_DOMAIN) | |
chown opendkim:opendkim postfixmail.private | |
# Add this entry to your DNS: | |
cat postfixmail.txt | |
# 10. Restart services and cleanup | |
service postfix restart | |
service opendkim restart | |
apt autoremove | |
# To test mail: | |
# 1. Set SPF: https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability | |
# 2. apt install mailutils -y | |
# 3. echo "This is the body of the email" | mail -s "This is the subject line" -r admin@$(echo $VPS_DOMAIN) [email protected] | |
# 4. tail -f /var/log/mail.log # to debug |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment