×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Linode config

marcello_dl (667940) writes | more than 5 years ago

Debian

First of all, aptitude-upgrading, the debian image still has the random number gen. vulnerability. I went for lenny so i have a recent git and postgresql 8.3

Did tzsetup, and aptitude installed locales
added a normal user

Linode configures with DHCP his servers. Might have advantages but i prefer a static one

iface eth0old inet dhcp

First of all, aptitude-upgrading, the debian image still has the random number gen. vulnerability. I went for lenny so i have a recent git and postgresql 8.3

Did tzsetup, and aptitude installed locales
added a normal user

Linode configures with DHCP his servers. Might have advantages but i prefer a static one

iface eth0old inet dhcp

iface eth0 inet static
        address (...)
        netmask 255.255.255.0
        gateway (...)
        dns-nameservers 207.192.69.4 207.192.69.5

and put a name in /etc/hostname

Then installed arno-iptables-firewall.
Opened ports 80 443 (it's gonna be a server)
FULL_ACCESS_HOSTS="(my machine domain name)"
FIREWALL_LOG=/var/log/firewall
LOGLEVEL=debug

then
touch /var/log/firewall

in /etc/syslog.conf kern.* must be changed to kern.!=debug
and the following added:
      # Logging for iptables
      kern.=debug -/var/log/firewall

then /etc/init.d/sysklogd restart

and restart arno firewall

To prevent firewall messages on lish console out add to /etc/init.d/klogd:

KLOGD="-c 4"

And restart that one too.

Better use logrotate too, see
http://linuxgazette.net/114/keeling.html

in /etc/logrotate/logrotate.d /var/log/firewall {
                      rotate 7
                      daily
                      compress
                      notifempty
                      create 0640 root adm
                      delaycompress
                      create
}

and start logrotate to see if it kinda works /usr/sbin/logrotate /etc/logrotate.conf

Rails server:
installed exim4-daemon-light postgresql lighttpd ruby ruby1.8-dev irb liberb-ruby libpgsql-ruby1.8 libredcloth-ruby1.8 rdoc1.8 libfcgi-ruby1.8 rubygems rake

then:
gem install rails
(wait)

make sure the correct version for your app is present, too
gem install -v=2.0.2 rails

Postgres users need postgres gem
aptitude install postgresql-server-dev-(version) make

gem install postgres

lighty-enable-module to add fastcgi and ssl
but then removed the entries in conf-enabled dir


# Debian lighttpd configuration file
#

############ Options you really have to take care of ####################

## modules to load
# mod_access, mod_accesslog and mod_alias are loaded by default
# all other module should only be loaded if neccesary
# - saves some time
# - saves memory

server.modules = (
        "mod_fastcgi",
                        "mod_access",
                        "mod_alias",
                        "mod_accesslog",
                        "mod_compress",
                      "mod_rewrite",
# "mod_redirect",
# "mod_evhost",
# "mod_usertrack",
# "mod_rrdtool",
# "mod_webdav",
                      "mod_expire",
# "mod_flv_streaming",
# "mod_evasive"
)

## a static document-root, for virtual-hosting take look at the
## server.virtual-* options
server.document-root = "/var/www/"

## where to upload files to, purged daily.
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )

## where to send error-messages to
server.errorlog = "/var/log/lighttpd/error.log"

## files to check for if .../ is requested
index-file.names = ( "index.php", "index.html",
                                                              "index.htm", "default.htm",
                                                              "index.lighttpd.html" )

## Use the "Content-Type" extended attribute to obtain mime type if possible
# mimetype.use-xattr = "enable"

#### accesslog module
accesslog.filename = "/var/log/lighttpd/access.log"

## deny access the file-extensions
#
# ~ is for backupfiles from vi, emacs, joe, ...
# .inc is often used for code includes which should in general not be part
# of the document-root
url.access-deny = ( "~", ".inc" )

##
# which extensions should not be handle via static-file transfer
#
# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

######### Options that are good to be but not neccesary to be changed #######

## Use ipv6 only if available.
#include_shell "/usr/share/lighttpd/use-ipv6.pl"

## bind to port (default: 80)
# server.port = 81

## bind to localhost only (default: all interfaces)
server.bind = "(server's IP)"

## error-handler for status 404
#server.error-handler-404 = "/error-handler.html"
#server.error-handler-404 = "/error-handler.php"

## to help the rc.scripts
server.pid-file = "/var/run/lighttpd.pid"

##
## Format: .html
## -> ..../status-404.html for 'File not found'
#server.errorfile-prefix = "/var/www/"

## virtual directory listings
dir-listing.encoding = "utf-8"
server.dir-listing = "disable"

## send unhandled HTTP-header headers to error-log
#debug.dump-unknown-headers = "enable"

### only root can use these options
#
# chroot() to directory (default: no chroot() )
#server.chroot = "/"

## change uid to (default: don't care)
server.username = "www-data"

## change uid to (default: don't care)
server.groupname = "www-data"

#### compress module
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ("text/plain", "text/html", "application/x-javascript", "text/css")

#### url handling modules (rewrite, redirect, access)
# url.rewrite = ( "^/$" => "/server-status" )
# url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" )

#
# define a pattern for the host url finding
# %% => % sign
# %0 => domain name + tld
# %1 => tld
# %2 => domain name without tld
# %3 => subdomain 1 name
# %4 => subdomain 2 name
#
# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/"

#### expire module
# expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes")

#### rrdtool
# rrdtool.binary = "/usr/bin/rrdtool"
# rrdtool.db-name = "/var/www/lighttpd.rrd"

#### variable usage:
## variable name without "." is auto prefixed by "var." and becomes "var.bar"
#bar = 1
#var.mystring = "foo"

## integer add
#bar += 1
## string concat, with integer cast as string, result: "www.foo1.com"
#server.name = "www." + mystring + var.bar + ".com"
## array merge
#index-file.names = (foo + ".php") + index-file.names
#index-file.names += (foo + ".php")

#### external configuration files
## mimetype mapping
include_shell "/usr/share/lighttpd/create-mime.assign.pl"

## load enabled configuration files,
## read /etc/lighttpd/conf-available/README first
include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

#### handle Debian Policy Manual, Section 11.5. urls
## by default allow them only from localhost
## (This must come last due to #445459)
## Note: =~ "127.0.0.1" works with ipv6 enabled, whereas == "127.0.0.1" doesn't
$HTTP["remoteip"] =~ "127.0.0.1" {
        alias.url += (
                "/doc/" => "/usr/share/doc/",
                "/images/" => "/usr/share/images/"
        )
        $HTTP["url"] =~ "^/doc/|^/images/" {
                dir-listing.activate = "enable"
        }
}

# lighttpd.conf entry to transparently add ssl
#$SERVER["socket"] == "(your server's IP):443" {
# ssl.pemfile = "/var/www/ ... /key-cert.pem"
# ssl.ca-file = "/var/www/ ... /cacert.pem"
# ssl.engine = "enable"
#}

$HTTP["host"] =~ "(^|\.)hostname$" {

server.error-handler-404 = "/dispatch.fcgi"
server.document-root = "/var/www/ railsapp /public/"

server.errorlog = "/var/www//log/lighttpd.error.log"
accesslog.filename = "/var/www/ railsapp /log/lighttpd.access.log"

url.rewrite = ( "^/$" => "index.html", "^([^.]+)$" => "$1.html" )

compress.filetype = ( "text/plain", "text/html", "text/css", "text/javascript" )
compress.cache-dir = "/var/www/ railsapp /tmp/cache"
expire.url = ( "/favicon.ico" => "access 3 days",
                                                          "/images/" => "access 3 days",
                                                          "/stylesheets/" => "access 3 days",
                                                          "/javascripts/" => "access 3 days" )

fastcgi.server = ( ".fcgi" => ( "localhost" => (
    "min-procs" => 1,
    "max-procs" => 1,
    "socket" => "/var/www/ railsapp /tmp/sockets/fcgi.socket",
    "bin-path" => "/var/www/ railsapp /public/dispatch.fcgi",
    "bin-environment" => ( "RAILS_ENV" => "production" )
) ) )

}

Postgresql
# su - postgres
now, a user same name of your linux user who own the app
$ createuser (username) -P (give him no special privileges)
$ createdb -E UTF8 (dbname)

edit pg_hba.conf (somewhere in /etc/postgresql/...)
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL listen
# on a non-local interface via the listen_addresses configuration parameter,
# or via the -i or -h command line switches.
#
host (dbname) (www-data = username) 127.0.0.1 255.255.255.255 trust

Tried copying the rails app(s) to /var/www and work under user www-data

to make changes effective restart postgresql and lighttpd

comment

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...