Skip to content

Instantly share code, notes, and snippets.

@jbpyn

jbpyn/wiki.md

Forked from desaiuditd/wiki.md
Created November 23, 2017 01:41
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jbpyn/973819e49a022088f079ff3d7b1df0e3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jbpyn/973819e49a022088f079ff3d7b1df0e3 to your computer and use it in GitHub Desktop.
Download ZIP
Linode-EasyEngine
Raw
wiki.md

Easy Engine on Linode

Overall Installation of Easy Engine on Linode

Basic Linux Configurations for day to day operation

  1. Choose overall linode plan
  2. Configure Linode server based on EE Guidelines Ubuntu 64bit 14.04 LTS distro. Note: Make sure to configure swap based on guidlines link
  3. Login to Linode via SSH with root user.
  4. Setup www-data as day to day user.(document password and pass along to project lead)
  • www-data user already exists in the system. So we just need to enable its ssh login & set its password.
  • vim /etc/passwd
  • Find out this line : www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
  • And replace it with this line : www-data:x:33:33:www-data:/var/www:/bin/bash
  • This will enable ssh login for www-data
  • Then set password for www-data. Run this command passwd www-data and document the password.
  1. Setup SSH Keys for root account
  • On local machine(osx): scp ~/.ssh/id_rsa.pub [email protected]<replace with linode ip>:
  • On linode server: mkdir .ssh then mv id_rsa.pub .ssh/authorized_keys
  • On linode modify permissions:
    • chown -R root:root .ssh
    • chmod 700 .ssh
    • chmod 600 .ssh/authorized_keys
    • logout of linode server and test without password: ssh [email protected] (if succees all is well!)
  1. Setup SSH keys for www-data account
  • On local machine(osx): scp ~/.ssh/id_rsa.pub [email protected]<replace with linode ip>:
  • On linode server: mkdir /var/www/.ssh then mv id_rsa.pub /var/www/.ssh/authorized_keys
  • On linode modify permissions:
    • chown -R www-data:www-data /var/www/.ssh
    • chmod 700 /var/www/.ssh
    • chmod 600 /var/www/.ssh/authorized_keys
    • logout of linode server and test without password: ssh [email protected] (if succees all is well!)
  1. Disable password authentication and root login for security
  • Edit the sshd_config: sudo vi /etc/ssh/sshd_config
  • Change PermitRootLogin from yes to no
  • Restart ssh: sudo service ssh restart
  1. Set hostname more info. Switch to root user first: su root
  • echo "<hostname_here>" > /etc/hostname
  • hostname -F /etc/hostname
  • Also add hostname entry in /etc/hosts in front of 127.0.0.1
  • Logout and check to make sure hostname was set, you should see username@hostname
  1. Update time zone on server (must be root) su root
  • dpkg-reconfigure tzdata

Easy Engine Specific tasks

  1. Login to server if not logged in and run package updates (Use root):
  • sudo apt-get update && sudo apt-get upgrade && sudo apt-get dist-upgrade
  1. Install WGET
  • sudo apt-get install wget
  1. Install Easy Engine
  • wget -qO ee rt.cx/ee && sudo bash ee
  1. Enter Details:
  • Enter your name [root]: MoxieDeveloper
  • Enter your email address [root@]: [email protected]
  1. Add A Site via site create command:
  • ee site create example.com --w3tc (uses w3 total cache)
  1. If at all, above command gives you following error,

screen shot 2015-04-24 at 13 40 42

then run following command and try again with the command in Step-5.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4F4EA0AAE5267A6C

This should fix the issue for you. Ref : EasyEngine/easyengine#507

##Miscellaneous Configurations Below are some miscellaneous task for configuring Linode servers for common tasks.

Allow www-data user to execute EasyEngine commands (Required for Deploy Process)

You need to give permission to www-data for executing ee commands. ee script is at /usr/local/sbin/ee location on server. So we need to allow this path for www-data user via visudo utility.

  1. Login with root user: ssh [email protected]
  2. Get the path of ee script.: which ee. In some cases, it will show up /usr/local/sbin/ee or in some cases it will show up /usr/local/bin/ee
  3. Edit the sudoers file: vi /etc/sudoers or visudo
  4. Append this line at the end of the file: www-data ALL=NOPASSWD: /ee/path/from/step-2
  5. Save the file and you're done.

####Configure Http Authorization for NGINX

NOTE : This part is not required since it is already handled by EasyEngine. Don't forget to document AUTH password when you setup EasyEngine for first time. To be precise, when you create the first site with EasyEngine.

  1. Install Apache Utils: apt-get install apache2-utils
  2. Add htpasswd: htpasswd -c /etc/nginx/conf.d/.htpasswd username
  3. Add the code to enable the http auth in your nginx .conf file /etc/nginx/sites-available/sitename/ under server block:
  • auth_basic "Restricted"
  • auth_basic_user_file /etc/nginx/conf.d/.htpasswd
  1. Restart nginx: sudo service nginx restart

Change HTTP Auth Username/Password with EasyEngine

  1. Login to server via ssh. ssh [email protected]
  2. ee secure --auth
  3. It will ask for new username & new password.
  4. Set your new username & password. And you're done !

Ref : http://docs.rtcamp.com/easyengine/commands/secure/

Put a particular site under HTTP Auth Blocking with EasyEngine

Let's say you want to hide a site, staging.example.com from public access. You can put it under HTTP Auth Check with EasyEngine. EasyEngine already supports HTTP Auth in-built.

You just need to update following changes in the nginx config file of the site.

  1. Login to server via ssh. ssh [email protected]
  2. ee site edit staging.example.com
  3. Add following line at the end inside server block.
  4. include common/acl.conf;
  5. Save the file. And you're done !

Test the staging.example.com site. When you try to access the site, it will ask you for HTTP Auth username & password.

####Beanstalk Configuration for deployment

NOTE : This part is not required, since we will be using root user only to perform system tasks. For general purpose tasks such as site management etc., we will use www-data user.

You may need to remove the requirement for sudo to allow for chown and chmod to work without asking for sudo password. The following steps take you thorough this process.

  1. Login and edit the sudoers file: vi /etc/sudoers
  • Preferable way : visudo
  1. Add the following rules after all others in the file: @TODO - Need to check for www-data
#Allow moxiedeveloper to use nopass for deployment
moxiedeveloper ALL = NOPASSWD: ALL
moxiedeveloper ALL = NOPASSWD: ALL

Restart SSH: service ssh restart

Adding RSA key into beanstalk
  • Login with www-data user
  • Generate SSH key with RSA. ssh-keygen -t rsa
  • Copy content of .ssh/id_rsa.pub
  • Add the copied key into beanstalk admin for access via beanstalk app.

####Finding Root MySQL Credentials

These are located in the root directory of the user who created the site.

  1. bash cd ~/
  2. base vi .my.cnf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment