Skip to content
Basim Ramadhan edited this page Jun 15, 2017 · 24 revisions

Welcome to the lovelace-website wiki!

Setting up a FreeBSD server on DigitalOcean

  1. Create a FreeBSD 11.0 droplet on DigitalOcean
  2. Log into the server: ssh freebsd@<server_ip>
  3. (Optional) Set up a password for the root user: su root then passwd
  4. (Optional) Set up a password for the freebsd user: as root, run passwd freebsd then exit
  5. Disable password-authenticated SSH access for the root user:
    • open the SSH daemon configuration: sudo vim /etv/ssh/sshd_config
    • update the following line to read: PermitRootLogin without-password
    • restart the SSH daemon: sudo service sshd restart
  6. Check for base operating system updates: sudo freebsd-update fetch install, restarting with sudo shutdown -r now if kernel updates were installed
  7. Set up automatic checking for base operating system software updates:
    • open the crontab file: sudo vim /etc/crontab
    • append the following line: @daily root freebsd-update -t freebsd cron
    • that will check for updates daily and notify the freebsd user
    • check for notifications with: mail
    • if there are updates available, install them with sudo freebsd-update install
    • remember to restart after kernel updates!
  8. Set up the firewall:
    • sudo sysrc firewall_enable="yes"
    • sudo sysrc firewall_quiet="yes"
    • sudo sysrc firewall_type="workstation"
    • sudo sysrc firewall_myservices="ssh http https"
    • sudo sysrc firewall_allowservices="any"
    • sudo sysrc firewall_logdeny="yes"
    • sudo service ipfw start
  9. Set up the server's timezone:
    • sudo tzsetup
    • sudo sysrc ntpd_enable="yes"
    • sudo sysrc ntpd_sync_on_start="yes"
    • sudo service ntpd start
  10. Fetch the ports tree: sudo portsnap fetch extract (one-time setup)
  11. Check for package updates:
    • update the ports tree: sudo portsnap fetch update
    • fetch most recent package database information: sudo pkg update
    • run pkg version -vRL= for available package updates
    • check the notes before updating: less /usr/ports/UPDATING
    • proceed with updating packages: sudo pkg upgrade
  12. Package management:
    • finding packages: pkg search <name>
    • installing packages: `sudo pkg install
    • after installing package a package, run rehash to update PATH
    • viewing package information: pkg info <name>
    • removing packages: sudo pkg delete <name>
    • removing unused dependencies: sudo pkg autoremove
    • list installed packages: pkg info
    • check for security vulnerabilities in installed packages: pkg audit -F
  13. Service management:
    • enabling services: sudo sysrc <name>_enable=yes (this will append to /etc/rc.conf)
    • to enable a service means auto-starting on boot, as well as allowing users to start it
    • starting services: sudo service <name> start (service must have been enabled first)
  14. Install required packages:
    • sudo pkg install bash vim-lite python36 apache24 py27-virtualenv postgresql96-server
  15. Set up git:
    • choose the name that will be associated with commits: git config --global user.name "<name>"
    • choose the email associated with the Github account: git config --global user.email "<email>"
    • choose the default editor: git config --global core.editor "<editor>"
  16. Set up bash:
    • make sure bash is installed: which bash
    • change default shell to bash: chsh
    • specify /usr/local/bin/bash as your shell
    • log out and log back in for changes to take effect
  17. Set up PostgreSQL:
    • sudo sysrc postgresql_enable="yes" (enable the service)
    • sudo /usr/local/etc/rc.d/postgresql initdb (initialize the database)
    • sudo vim /var/db/postgres/data96/postgresql.conf
      • listen_addresses = 'localhost'
      • port = 5432
      • external_pid_file = '/var/run/postgresql.pid'
    • sudo vim /usr/local/etc/rc.d/postgresql (insert after load_rc_config postgresql to automatically create a PID file):
      touch /var/run/postgresql.pid
      chown postgres:postgres /var/run/postgresql.pid
      chmod 644 /var/run/postgresql.pid
    • sudo service postgresql start
    • sudo su - postgres
    • psql
      • CREATE DATABASE projectlovelace;
      • CREATE USER admin WITH PASSWORD '<password>';
      • ALTER ROLE admin SET client_encoding TO 'utf8';
      • ALTER ROLE admin SET default_transaction_isolation TO 'read committed';
      • ALTER ROLE admin SET timezone TO 'UTC'; (confirm that Django setting USE_TZ is 'True')
      • GRANT ALL PRIVILEGES ON DATABASE projectlovelace TO admin;
      • \q
    • exit
  18. Set up Apache:
    • sudo kldload accf_http (we need this module for our Apache configuration)
    • sudo sysrc accf_http_load="yes" (load the module at boot-time)
    • sudo vim /usr/local/etc/apache24/httpd.conf
      • LoadModule wsgi_module libexec/apache24/mod_wsgi.so (confirm mod_wsgi is loaded)
      • Include etc/apache24/Includes/*.conf (confirm this is present at the bottom)
    • sudo vim /usr/local/etc/apache24/Includes/projectlovelace.conf (copy this gist)
    • sudo sysrc apache24_enable="yes" (enable the service)
  19. Set up mod_wsgi:
    • cd /usr/ports/www/mod_wsgi4
    • sudo vim ./Makefile (we need to point to Python 3.6...)
    • CONFIGURE_ARGS+=--with-apxs="${APXS}" --with-python="/usr/local/bin/python3.6" (...by changing this line)
    • sudo make
    • sudo make install
  20. Set up the website:
    • cd /usr/local/www/apache24/data/ (files are served from here)
    • sudo git clone https://github.com/project-lovelace/lovelace-website.git
    • sudo chown -R freebsd ./lovelace-website
    • cd ./lovelace-website
    • make prepare-venv (set up the virtual environment)
    • nano ./src/lovelace/settings.py (paste password, secret key, and turn off debug)
    • source env/bin/activate (enter the virtual environment)
    • cd ./src
    • python manage.py migrate (do this if DB is empty to set up our tables)
    • python manage.py collectstatic (collect static files so Apache can serve them)
    • sudo service apache24 start
  21. Set up the Engine:
    • cd ~ (engine installation location)
    • git clone https://github.com/project-lovelace/lovelace-engine.git
    • cd ~/lovelace-engine
    • make prepare-venv (set up the virtual environment)
    • sudo vim /usr/local/etc/rc.d/engine (copy this gist to set up a FreeBSD service for the engine)
    • sudo chmod 555 /usr/local/etc/rc.d/engine
    • sudo sysrc engine_enable="yes" (enable the service)
    • sudo service engine start (confirm the engine is working)
  22. Set up monit:
    • sudo pkg install monit
    • sudo sysrc monit_enable="yes" (enable the service)
    • sudo vim /usr/local/etc/monitrc (copy this gist)
    • sudo monit -t (confirm the file's syntax is OK)
    • sudo service monit start
    • sudo monit status (check status of monitored services)
    • sudo monit start all (start monitored services)
Clone this wiki locally