manual_installation_process

Step by step installation guide of production server

This instruction is an example of setting up production server on Ubuntu 16.04. from scratch.

Creating unprivileged user for accessing the server

root@my-server# useradd coder --create-home --shell /bin/bash --comment 'Slava Semushin'
root@my-server# passwd coder
root@my-server# vim /etc/sudoers.d/01_coder
coder ALL=(ALL) NOPASSWD: ALL
root@my-server# chmod 0440 /etc/sudoers.d/01_coder

Creating unprivileged user for running application

OUTDATED: use mystamps-user Ansible role instead.

root@my-server# mkdir /data
root@my-server# useradd mystamps --comment 'MyStamps' --home /data/mystamps --create-home

Configuring hostname

This step is optional. You just need to be sure that your host has correct name and you can ping my-stamps.ru from the server.

coder@my-server$ sudo vim /etc/hostname
-vm97429.local
+my-stamps.ru
coder@my-server$ sudo vim /etc/hosts
-127.0.1.1       ubuntu-20140330.flops.ru        ubuntu-20140330
-10.7.40.29      vm97429.local
+127.0.1.1       my-stamps.ru

Configuring SSH

coder@my-server$ sudo vim /etc/ssh/sshd_config
-PermitRootLogin yes
+PermitRootLogin no
+DebianBanner no
-#PasswordAuthentication yes
+PasswordAuthentication no
+PubkeyAuthentication yes
+AllowUsers coder
+UseDNS no
coder@my-server$ sudo service ssh reload

Upgrading operating system

coder@my-server$ sudo apt-get update
coder@my-server$ sudo apt-get upgrade
coder@my-server$ sudo apt-get clean

And if reboot is required:

coder@my-server$ sudo reboot

Installing MySQL server

coder@my-server$ sudo apt-get install mysql-server-5.5
coder@my-server$ sudo vim /etc/mysql/conf.d/utf8.cnf
[mysqld]
character_set_server=utf8
coder@my-server$ sudo service mysql restart
coder@my-server$ sudo mysql -u root -p
mysql> CREATE DATABASE mystamps CHARACTER SET utf8;
mysql> CREATE USER mystamps@localhost IDENTIFIED BY 'p@assword';
mysql> GRANT ALL PRIVILEGES ON mystamps.* TO mystamps@localhost;
mysql> FLUSH PRIVILEGES;

Restoring database backup (optional)

user@home$ scp /path/to/backups/mysql_backup_mystamps_20140430-231001.sql.bz2 coder@my-server:~
coder@my-server$ bzcat mysql_backup_mystamps_20140430-231001.sql.bz2 |  mysql -u mystamps -p mystamps
coder@my-server$ rm -fv mysql_backup_mystamps_20140430-231001.sql.bz2

Installing JDK

coder@my-server$ sudo apt-get install -y software-properties-common
coder@my-server$ sudo add-apt-repository ppa:webupd8team/java
coder@my-server$ sudo apt-get update
coder@my-server$ sudo apt-get install -y oracle-java8-installer oracle-java8-set-default

Installing nginx

coder@my-server$ echo "deb http://nginx.org/packages/ubuntu/ $(lsb_release -cs) nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
coder@my-server$ curl http://nginx.org/keys/nginx_signing.key | sudo apt-key add -
coder@my-server$ sudo apt-get update
coder@my-server$ sudo apt-get install nginx
coder@my-server$ sudo rm -fv /etc/nginx/conf.d/*
removed ‘/etc/nginx/conf.d/default.conf’
removed ‘/etc/nginx/conf.d/example_ssl.conf’

Setting up application

Building application

user@home$ git clone https://github.com/php-coder/mystamps.git
user@home$ cd mystamps
user@home$ mvn clean package

Copying application

user@home$ scp target/mystamps.war coder@my-server:/tmp
coder@my-server$ sudo mv /tmp/mystamps.war /data/mystamps
coder@my-server$ sudo chown mystamps:mystamps /data/mystamps/mystamps.war
coder@my-server$ sudo chmod 700 /data/mystamps/mystamps.war

Setting up log directories

coder@my-server$ sudo mkdir /data/logs
coder@my-server$ sudo chown mystamps:mystamps /data/logs
coder@my-server$ sudo chgrp nginx /data/logs
coder@my-server$ sudo chmod 775 /data/logs

Setting up upload directory

coder@my-server$ sudo mkdir /data/uploads
coder@my-server$ sudo chown mystamps:mystamps /data/uploads

And if you have backup of uploaded files:

user@home$ scp -r /path/to/uploads coder@my-server:/tmp
coder@my-server$ sudo mv /tmp/uploads/* /data/uploads
coder@my-server$ rm -rfv /tmp/uploads
coder@my-server$ sudo chown -R mystamps:mystamps /data/uploads

Setting up init script

coder@my-server$ sudo ln -s /data/mystamps/mystamps.war /etc/init.d/mystamps
coder@my-server$ sudo update-rc.d mystamps defaults

Running application

coder@my-server$ sudo -u mystamps service mystamps start

Configuring nginx

TBD

Configuring database backup

coder@my-server$ sudo mkdir /data/backups
coder@my-server$ sudo chown mystamps:mystamps /data/backups

mystamps@my-stamps:~$ vim /data/mystamps/.my.cnf
[client]
user = mystamps
password = p@assword
mystamps@my-stamps:~$ chmod 600 .my.cnf

user@home$ scp /path/to/mystamps/repo/src/main/config/cron/mystamps coder@my-server:/tmp
coder@my-server$ sudo mv /tmp/mystamps /etc/cron.d
coder@my-server$ sudo chown root:root /etc/cron.d/mystamps

Installing NewRelic agent for application monitoring

TBD

Installing NewRelic agent for server monitoring

Follow the instructions from official site:

coder@my-server$ echo 'deb http://apt.newrelic.com/debian/ newrelic non-free' | sudo tee /etc/apt/sources.list.d/newrelic.list
coder@my-server$ wget -O- https://download.newrelic.com/548C16BF.gpg | sudo apt-key add -
coder@my-server$ sudo apt-get update
coder@my-server$ sudo apt-get install -y newrelic-sysmond
coder@my-server$ sudo vim /etc/newrelic/nrsysmond.cfg
-#license_key=REPLACE_WITH_REAL_KEY
+license_key=xxxxxxxxxxxxxxxxxxxx
-#disable_nfs=false
+disable_nfs=true
-#disable_docker=false
+disable_docker=true
coder@my-server$ sudo rm -fv /var/log/newrelic/php_agent.log /var/log/newrelic/newrelic-daemon.log

Installing Logentries agent for centralized logging

coder@my-server$ echo 'deb http://rep.logentries.com/ trusty main' | sudo tee /etc/apt/sources.list.d/logentries.list
coder@my-server$ gpg --keyserver pgp.mit.edu --recv-keys C43C79AD && gpg -a --export C43C79AD | sudo apt-key add -
coder@my-server$ sudo apt-get update
coder@my-server$ sudo apt-get install -y logentries
coder@my-server$ sudo le register
Account key is required. Enter your Logentries login credentials or specify the account key with --account-key parameter.
Email: xxx@example.org
Password:
Registered yyyy (yyyy.org)
coder@my-server$ sudo apt-get install -y logentries-daemon
coder@my-server$ sudo le follow /data/logs/mystamps.log
coder@my-server$ sudo le follow /data/logs/nginx.log
coder@my-server$ sudo le follow /data/logs/nginx-static.log
coder@my-server$ sudo le follow /var/log/auth.log
coder@my-server$ sudo le follow /var/log/kern.log
coder@my-server$ sudo le follow /var/log/mysql.err
coder@my-server$ sudo le follow /var/log/mysql.log
coder@my-server$ sudo le follow /var/log/newrelic/nrsysmond.log
coder@my-server$ sudo le follow /var/log/ufw.log
coder@my-server$ sudo le follow /var/log/syslog
coder@my-server$ sudo le follow /var/log/mail.log
coder@my-server$ sudo le follow /var/log/mail.err
coder@my-server$ sudo le follow /var/log/nginx/access.log
coder@my-server$ sudo le follow /var/log/nginx/error.log
coder@my-server$ sudo le follow /var/log/mysql/error.log --name mysql-error.log
coder@my-server$ sudo service logentries restart

manual_installation_process

Step by step installation guide of production server

Creating unprivileged user for accessing the server

Creating unprivileged user for running application

Configuring hostname

Configuring SSH

Upgrading operating system

Installing MySQL server

Restoring database backup (optional)

Installing JDK

Installing nginx

Setting up application

Building application

Copying application

Setting up log directories

Setting up upload directory

Setting up init script

Running application

Configuring nginx

Configuring database backup

Installing NewRelic agent for application monitoring

Installing NewRelic agent for server monitoring

Installing Logentries agent for centralized logging

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally