# System Configuration {% hint style="info" %} The commands in the **System Configuration** section should be run as the `root` user on the deployment server. {% endhint %} ## Firewall (UFW) You should set up the firewall. It is installed but inactive by default. You can check the status and available applications using the following commands: ```bash ufw status ``` ```bash ufw app list ``` Before enabling the firewall, you should allow incoming SSH requests (port 22 by default) to avoid being locked out. You should also allow incoming requests for HTTP (port 80) and HTTPS (port 443). This can be done using the following commands: ```bash ufw allow openssh ``` ```bash ufw allow http ``` ```bash ufw allow https ``` ```bash ufw enable ``` Firewall rules can be removed using the following command: ```bash ufw delete allow ``` The firewall can be disabled completely using the following command: ```bash ufw disable ``` ## SSH If necessary, you can edit the SSH configuration in `/etc/ssh/sshd_config` and then restart the `sshd` service using the following command: ```bash service sshd restart ``` For example, you might want to change the default port for incoming SSH connections using the following setting: `Port ` You could allow password authentication: `PasswordAuthentication yes` And you probably want to disable remote root login via SSH: `PermitRootLogin no` {% hint style="danger" %} Make sure you can access your server via a non-root user before disabling remote root login! {% endhint %} ## Timezone Check the current timezone: ```bash timedatectl ``` List available timezones: ```bash timedatectl list-timezones ``` Set the timezone: ```bash timedatectl set-timezone ``` If necessary, enable NTP synchronisation: ```bash timedatectl set-ntp on ``` ## Swap File Create a swap file using the following commands: ```bash fallocate -l 4G /swapfile ``` ```bash chmod 600 /swapfile ``` ```bash mkswap /swapfile ``` ```bash swapon /swapfile ``` ```bash echo "/swapfile swap swap defaults 0 0" >> /etc/fstab ``` ## Core Packages An Ubuntu 18.04 droplet from DigitalOcean is pretty bare-bones but should have the following useful packages already installed: * **git** (v 2.17.1) * **python3** (v 3.6.8) * **ssh** * **ufw** * **vim** Update the system packages: ```bash apt-get update ``` ```bash apt-get upgrade ``` ```bash apt dist-upgrade ``` Next, you'll want to install the core packages and dependencies for running a Rails application using the following command: ```bash apt-get install build-essential libcurl4-openssl-dev libffi-dev libreadline-dev libssl-dev libxml2-dev libxslt1-dev libyaml-dev software-properties-common zlib1g-dev ``` {% hint style="info" %} See the table below for a description of each package. {% endhint %} | Package | Description | | -------------------------- | ------------------------------------------------------------------------- | | build-essential |

meta-package for compiling on Debian
includes g++, gcc and make

| | libcurl4-openssl-dev | (?) OpenSSL library | | libffi-dev | (?) FFI library | | libreadline-dev | (?) | | libssl-dev | (?) SSL library | | libxml2-dev | XML library | | libxslt1-dev | (?) XSLT library | | libyaml-dev | YAML library | | software-properties-common | provides scripts for adding and removing PPAs | | zlib1g-dev | (?) compression library | ## Git Git should already be installed. If it isn't, you can install it using the following command: ```bash apt-get install git ``` ## Node.js and Yarn Install Node.js and Yarn using the following commands: ```bash curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash - ``` ```bash curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - ``` ```bash echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list ``` ```bash apt-get update ``` ```bash apt-get install nodejs yarn ``` {% hint style="info" %} This will also install Python 2.7 {% endhint %} ## Nginx Install Nginx: ```bash apt-get install nginx ``` After installing, Nginx will start automatically. You can check using the following command: ```bash systemctl status nginx ``` You can now serve static files from `/var/www/html` and access them in a web browser via the IP address of the deployment server. In addition, the configuration for the default site can be edited found at `/etc/nginx/sites-enabled/default`. ## SQLite Install SQLite: ```bash apt-get install sqlite3 libsqlite3-dev ``` ## PostgreSQL Install PostgreSQL: ```bash apt-get install postgresql postgresql-contrib ``` You can switch to the `postgres` user and launch the `psql` prompt using the following command: ```bash sudo -u postgres psql ``` You can close the `psql` prompt by typing `\q`. If necessary, while logged in as the `postgres` user, you can create a new role using the following command: ```bash createuser -d ``` To list all roles, run the following command from the `psql` prompt: ```bash \du ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.alistairtweed.com/rails/manually-deploying-a-rails-6-application-on-ubuntu-18.04-digitalocean/system-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.