forked from arachnys/cabot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup_dependencies.sh
170 lines (144 loc) · 4.49 KB
/
setup_dependencies.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#!/usr/bin/env bash
set -e
set -o pipefail
cd "$(dirname "$0")"
# Add the 'ubuntu' user if it does not already exist
if [ -z "$(cat /etc/passwd | grep '^ubuntu:')" ]; then
useradd -m --shell /bin/bash ubuntu
fi
# Give the ubuntu user sudo privileges without a password
if [ ! -e /etc/sudoers.d/ubuntu ]; then
echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/ubuntu
chmod 440 /etc/sudoers.d/ubuntu
fi
# Generate a keypair the ubuntu user
if [ ! -f /home/ubuntu/.ssh/id_rsa ]; then
su ubuntu -c 'mkdir -p ~/.ssh && ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa'
fi
if [ ! -z "$LOCAL_SSH_KEY" ]; then
if grep -Fxq "$LOCAL_SSH_KEY" /home/ubuntu/.ssh/authorized_keys; then
echo 'Local SSH public key already in remote authorized_keys'
else
echo 'Adding local SSH public key to authorized_keys'
echo "$LOCAL_SSH_KEY" >> /home/ubuntu/.ssh/authorized_keys
echo 'Key successfully added. You should now be able to SSH to this host as ubuntu@host'
fi
fi
# SSH permissions
chown -R ubuntu:ubuntu /home/ubuntu/.ssh
chmod -R 600 /home/ubuntu/.ssh
chmod +x /home/ubuntu/.ssh
# Disable root access
passwd -l root
echo 'SSH access for root disabled. You will need to connect as ubuntu.'
packages=(
'gcc'
'g++'
'make'
'git'
'python-pip'
'python-dev'
'python-virtualenv'
'build-essential'
'redis-server'
'libpq-dev'
'rubygems'
'libxml2-dev'
'libxslt-dev'
'nodejs'
'npm'
'postgresql-9.1'
'nginx'
'htop'
)
sudo apt-get update
sudo apt-get install --quiet --assume-yes ${packages[*]}
set +e
sudo pip install -U pip # upgrade pip
set -e
sudo pip install -U pip --no-use-wheel # Don't ask
# install coffee and less
sudo npm install -g coffee-script [email protected] --registry http://registry.npmjs.org/
sudo gem install foreman
# Set redis pass
set +e
grep -q '^requirepass' /etc/redis/redis.conf
DID_FAIL=$?
set -e
if [[ DID_FAIL -eq 1 ]] ; then # if line not found
echo 'requirepass yourredispassword' | sudo tee -a /etc/redis/redis.conf
fi
# Install nginx
set -o pipefail
sudo apt-get install --quiet --assume-yes nginx
# Remove default ubuntu nginx configuration
sudo rm -f /etc/nginx/sites-enabled/default
# Generate self-signed ssl certs
# http://wiki.nginx.org/HttpSslModule
sudo mkdir -p /usr/local/nginx
if [ ! -e /usr/local/nginx/testing.crt ]; then
echo 'Generating self-signed certificate'
cd /usr/local/nginx
sudo openssl genrsa -des3 -passout pass:pass -out testing.key 1024
(
echo '.' # Country 2-letter code
echo '.' # State/province name
echo '.' # Locality name
echo 'Arachnys' # Company name
echo '.' # Organizational unit name
echo '.' # Common name
echo '.' # Email address
echo '' # Challenge password
echo '' # Optional company name
) |
sudo openssl req -new -key testing.key -passin pass:pass -out testing.csr
sudo cp testing.key testing.key.orig
sudo openssl rsa -in testing.key.orig -passin pass:pass -out testing.key
sudo openssl x509 -req -days 1825 -in testing.csr -signkey testing.key -out testing.crt
sudo rm testing.key.orig testing.csr
cd -
fi
# Configure nginx proxy
echo 'Writing nginx proxy configuration'
if [ -e /etc/nginx/sites-available/cabot ]; then
echo 'WARNING: overwriting existing nginx configuration. Any local changes will be lost'
fi
sudo tee /etc/nginx/sites-available/cabot << EOF
server {
listen 80;
location / {
proxy_pass http://localhost:5000/;
proxy_set_header Host \$http_host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
location /static/ {
alias /home/ubuntu/cabot/static/;
}
# Uncomment line below to force https
#return 301 https://\$host\$request_uri;
}
# Proxy secure traffic to cabot
# server {
# listen 443 ssl;
# ssl_certificate /usr/local/nginx/testing.crt;
# ssl_certificate_key /usr/local/nginx/testing.pem;
# location / {
# proxy_pass http://localhost:5000/;
# proxy_set_header Host \$http_host;
# proxy_set_header X-Real-IP \$remote_addr;
# proxy_set_header X-Forwarded-Proto https;
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
# proxy_redirect http:// https://;
# }
# location /static/ {
# alias $DEPLOY_PATH/static/;
# }
# }
EOF
# Enable cabot configuration and restart nginx
if [ ! -e /etc/nginx/sites-enabled/cabot ]; then
echo 'Enabling proxy in nginx configuration'
sudo ln -s /etc/nginx/sites-available/cabot /etc/nginx/sites-enabled/cabot
fi
sudo service nginx restart