cloud-config
Build configuration used for my Digital Ocean Droplet (migration in progress from the now EOLed GoDaddy Cloud Server product).
This server hosts a few of my websites:
And two websites for the Morgopolis organization:
Configuration is installed on top of Ubuntu 16.04.3 LTS (Xenial Xerus).
This repo does not cover mail setup. For that, you can follow this article.
Installing
- Create a new droplet on Digital Ocean. Choose the Ubuntu 16.04.3 image.
- SSH to the host.
- Create a new user with sudo access and switch to this new user.
adduser brian
usermod -aG sudo brian
su - brian
- Run the following commands:
sudo apt update && sudo apt upgrade -y && sudo apt install -y git
git clone https://github.com/bsclifton/cloud-config.git
cd cloud-config/ && ./install.shAfter the install, the script will print an SSH key to stdout (add this public key to your GitHub profile).
The MySQL root password is also printed; if you miss it, you can reset the root password using this procedure.
About this configuration
This config uses nginx with:
Ruby is setup using rbenv and (as of 2017/09/03) is set to 2.4.1.
sshd_config is updated to remove root login and to disallow login w/ password. To obtain SSH access, you can put your public key under ./keys and it will be installed to the authorized_keys.
This install will also pull down my personal dotfiles in the user's home directory.
Configuration files (nginx, etc) are now installed for clifton.io, blog.clifton.io.
- nginx config created using Mozilla SSL Configuration Generator
- SSL config tested using Qualys SSL Labs (both sites score an A)
- SSL certificate/key must be manually installed to
/srv/
Staying up to date
Once everything is in place and the server is up and running, the next step is to consider maintenance.
There are two scripts which can be ran:
~/scripts/maintenance.sh: this script will runapt updateandapt upgrade. This should be ran regularly.~/scripts/upgrade.sh: this script will runapt dist-upgrade. This should only be ran manually.