System Configuration

The commands in the System Configuration section should be run as the root user on the deployment server.

Firewall (UFW)

You should set up the firewall. It is installed but inactive by default.

You can check the status and available applications using the following commands:

ufw status
ufw app list

Before enabling the firewall, you should allow incoming SSH requests (port 22 by default) to avoid being locked out. You should also allow incoming requests for HTTP (port 80) and HTTPS (port 443). This can be done using the following commands:

ufw allow openssh
ufw allow http
ufw allow https
ufw enable

Firewall rules can be removed using the following command:

ufw delete allow <RULE>

The firewall can be disabled completely using the following command:

ufw disable

SSH

If necessary, you can edit the SSH configuration in /etc/ssh/sshd_config and then restart the sshd service using the following command:

For example, you might want to change the default port for incoming SSH connections using the following setting:

Port <PORT>

You could allow password authentication:

PasswordAuthentication yes

And you probably want to disable remote root login via SSH:

PermitRootLogin no

Make sure you can access your server via a non-root user before disabling remote root login!

Timezone

Check the current timezone:

List available timezones:

Set the timezone:

If necessary, enable NTP synchronisation:

Swap File

Create a swap file using the following commands:

Core Packages

An Ubuntu 18.04 droplet from DigitalOcean is pretty bare-bones but should have the following useful packages already installed:

  • git (v 2.17.1)

  • python3 (v 3.6.8)

  • ssh

  • ufw

  • vim

Update the system packages:

Next, you'll want to install the core packages and dependencies for running a Rails application using the following command:

See the table below for a description of each package.

Package

Description

build-essential

meta-package for compiling on Debian includes g++, gcc and make

libcurl4-openssl-dev

(?) OpenSSL library

libffi-dev

(?) FFI library

libreadline-dev

(?)

libssl-dev

(?) SSL library

libxml2-dev

XML library

libxslt1-dev

(?) XSLT library

libyaml-dev

YAML library

software-properties-common

provides scripts for adding and removing PPAs

zlib1g-dev

(?) compression library

Git

Git should already be installed. If it isn't, you can install it using the following command:

Node.js and Yarn

Install Node.js and Yarn using the following commands:

This will also install Python 2.7

Nginx

Install Nginx:

After installing, Nginx will start automatically. You can check using the following command:

You can now serve static files from /var/www/html and access them in a web browser via the IP address of the deployment server.

In addition, the configuration for the default site can be edited found at /etc/nginx/sites-enabled/default.

SQLite

Install SQLite:

PostgreSQL

Install PostgreSQL:

You can switch to the postgres user and launch the psql prompt using the following command:

You can close the psql prompt by typing \q.

If necessary, while logged in as the postgres user, you can create a new role using the following command:

To list all roles, run the following command from the psql prompt:

PreviousPrerequisitesNextUser Configuration

Last updated