jeffrafter · September 13, 2008 13:18
diff --git a/SERVER_INSTALL b/SERVER_INSTALL
 ## Install
 ## See also (http://codeplot.com/documents/3186/edit)
 I Installed Ubuntu 8.04 Server 
 US Keyboard Layout
 Zimbabwe region
 If this machine was using an SSD drive configure the paritions so that it has no swap
 I did a single partition marked as bootable and setup for the root on EXT3+Journaling
 I marked the OpenSSH server as an additional option
 I did not set it as a DNS server or Mail Server

 ## Naming
 For baobab we name our computers after trees so I called this one Sapele
 I added the default user as baobab

 ## Reboot and login

 ## Get the stuff you will need (you may want to combine these steps so you can leave the download running)
 sudo apt-get update
 sudo apt-get install mysql-server nginx build-essential sudo git-core openssl lynx

 ## At the end you will need to input the mysql root password
 In general we create paswords with a hash of the machine name, a common nonce value and some special characters

 ## Update the ssh for Debian security vulnerability
 ## If you are running Ubuntu/Debian locally, you should do this on your machine *before*
 ## You ssh into the server!
 sudo apt-get install openssh-client

 ## Check for vulnerable keys
 If you are using 8.04 like me (I think that Intrepid will include this fix by default)
 Then you will get a message saying that it is correcting the blacklisted keys
 When completed, you should run ssh-vulnkey to make sure your root user is 
 Not blacklisted. You should see two keys listed and both should start with 
 "Not blacklisted:"
 ssh-vulnkey

 ## Setup users on your server 
 sudo adduser --disabled-password deploy 
 sudo adduser --system --no-create-home --group --disabled-password www
 sudo visudo

 ## Add to the end of the visudo file (someone needs to add a quick vi how-to here)
 deploy  ALL=(ALL) ALL

 ## As an option you can give the deploy user more freedom if you control the keys carefully:
 deploy  ALL=(ALL) NOPASSWD:ALL

 ## For extra credit, change the defaults in the visudo file to insult people that try to enter passwords
 Defaults env_reset, insults

 ## Back on your local create your public key if you have not done so already
 ## Read the earlier note on Ubuntu <= 8.04 and openssh-client
 cd 
 ssh-keygen -t rsa
 Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
 Enter passphrase (empty for no passphrase): <Enter>
 Enter same passphrase again: <Enter>

 ## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
 ## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
 ## If you don't know your server's ip address, type ifconfig on the server
 scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
 password: <Enter your server's baobab user password>

 ## On the server setup the key for your deploy user (you need to be root)
 sudo su
 mkdir /home/deploy/.ssh
 chmod 700 /home/deploy/.ssh
 cat /tmp/id_rsa.pub >> /home/deploy/.ssh/authorized_keys
 chmod 600 /home/deploy/.ssh/authorized_keys 
 chown -R deploy:deploy /home/deploy/.ssh
 exit

 ## On the server, create the root project folder (our project is called "mateme")
 sudo mkdir /var/www/mateme
 sudo chown deploy:deploy /var/www/mateme
 sudo mkdir /etc/mongrel_cluster

 ## On the server, setup the database
 ## We should be calling the database openmrs, with the user openmrs
 ## The password should be common probably
 mysql -u root -p
 > CREATE DATABASE openmrs;
 > GRANT ALL on openmrs.* to 'openmrs' IDENTIFIED BY 'YOURPASS'


 ## On your local, cross your fingers and deploy (cap -T if you want to see all tasks)
 ## I have noticed that the deploy and deploy:setup tasks rely on each other
 ## So you have to run cap deploy first and let it fail... 
 ## then run setup, then run deploy again
 cap deploy
 cap deploy:setup
 cap deploy

 cap nginx:setup
 cap nginx:start

 * run the db/migrate scripts
 * run the bootstrap

 cap deploy:restart

 # ------------- Firefox
 # READ the firefox README
 # If you don't have the firefox daemon it is here https://github.com/baobab/firefox-daemon
	## Install
	## See also (http://codeplot.com/documents/3186/edit)
	I Installed Ubuntu 8.04 Server
	US Keyboard Layout
	Zimbabwe region
	If this machine was using an SSD drive configure the paritions so that it has no swap
	I did a single partition marked as bootable and setup for the root on EXT3+Journaling
	I marked the OpenSSH server as an additional option
	I did not set it as a DNS server or Mail Server

	## Naming
	For baobab we name our computers after trees so I called this one Sapele
	I added the default user as baobab

	## Reboot and login

	## Get the stuff you will need (you may want to combine these steps so you can leave the download running)
	sudo apt-get update
	sudo apt-get install mysql-server nginx build-essential sudo git-core openssl lynx

	## At the end you will need to input the mysql root password
	In general we create paswords with a hash of the machine name, a common nonce value and some special characters

	## Update the ssh for Debian security vulnerability
	## If you are running Ubuntu/Debian locally, you should do this on your machine before
	## You ssh into the server!
	sudo apt-get install openssh-client

	## Check for vulnerable keys
	If you are using 8.04 like me (I think that Intrepid will include this fix by default)
	Then you will get a message saying that it is correcting the blacklisted keys
	When completed, you should run ssh-vulnkey to make sure your root user is
	Not blacklisted. You should see two keys listed and both should start with
	"Not blacklisted:"
	ssh-vulnkey

	## Setup users on your server
	sudo adduser --disabled-password deploy
	sudo adduser --system --no-create-home --group --disabled-password www
	sudo visudo

	## Add to the end of the visudo file (someone needs to add a quick vi how-to here)
	deploy ALL=(ALL) ALL

	## As an option you can give the deploy user more freedom if you control the keys carefully:
	deploy ALL=(ALL) NOPASSWD:ALL

	## For extra credit, change the defaults in the visudo file to insult people that try to enter passwords
	Defaults env_reset, insults

	## Back on your local create your public key if you have not done so already
	## Read the earlier note on Ubuntu <= 8.04 and openssh-client
	cd
	ssh-keygen -t rsa
	Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
	Enter passphrase (empty for no passphrase): <Enter>
	Enter same passphrase again: <Enter>

	## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
	## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
	## If you don't know your server's ip address, type ifconfig on the server
	scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
	password: <Enter your server's baobab user password>

	## On the server setup the key for your deploy user (you need to be root)
	sudo su
	mkdir /home/deploy/.ssh
	chmod 700 /home/deploy/.ssh
	cat /tmp/id_rsa.pub >> /home/deploy/.ssh/authorized_keys
	chmod 600 /home/deploy/.ssh/authorized_keys
	chown -R deploy:deploy /home/deploy/.ssh
	exit

	## On the server, create the root project folder (our project is called "mateme")
	sudo mkdir /var/www/mateme
	sudo chown deploy:deploy /var/www/mateme
	sudo mkdir /etc/mongrel_cluster

	## On the server, setup the database
	## We should be calling the database openmrs, with the user openmrs
	## The password should be common probably
	mysql -u root -p
	> CREATE DATABASE openmrs;
	> GRANT ALL on openmrs.* to 'openmrs' IDENTIFIED BY 'YOURPASS'


	## On your local, cross your fingers and deploy (cap -T if you want to see all tasks)
	## I have noticed that the deploy and deploy:setup tasks rely on each other
	## So you have to run cap deploy first and let it fail...
	## then run setup, then run deploy again
	cap deploy
	cap deploy:setup
	cap deploy

	cap nginx:setup
	cap nginx:start

	* run the db/migrate scripts
	* run the bootstrap

	cap deploy:restart

	# ------------- Firefox
	# READ the firefox README
	# If you don't have the firefox daemon it is here https://github.com/baobab/firefox-daemon
No results found