Skip to content

Home

Jump to bottom
Basim Ramadhan edited this page Jun 15, 2017 · 24 revisions

Welcome to the lovelace-website wiki!

Setting up a FreeBSD server on DigitalOcean

  1. Create a FreeBSD 11.0 droplet on DigitalOcean
  2. Log into the server: ssh freebsd@<server_ip>
  3. (Optional) Set up a password for the root user: su root then passwd
  4. (Optional) Set up a password for the freebsd user: as root, run passwd freebsd then exit
  5. Disable password-authenticated SSH access for the root user:
    • open the SSH daemon configuration: sudo vim /etv/ssh/sshd_config
    • update the following line to read: PermitRootLogin without-password
    • restart the SSH daemon: sudo service sshd restart
  6. Check for base operating system updates: sudo freebsd-update fetch install, restarting with sudo shutdown -r now if kernel updates were installed
  7. Set up automatic checking for base operating system software updates:
    • open the crontab file: sudo vim /etc/crontab
    • append the following line: @daily root freebsd-update -t freebsd cron
    • that will check for updates daily and notify the freebsd user
    • check for notifications with: mail
    • if there are updates available, install them with sudo freebsd-update install
    • remember to restart after kernel updates!
  8. Set up the firewall:
    • sudo sysrc firewall_enable="yes"
    • sudo sysrc firewall_quiet="yes"
    • sudo sysrc firewall_type="workstation"
    • sudo sysrc firewall_myservices="ssh http https"
    • sudo sysrc firewall_allowservices="any"
    • sudo sysrc firewall_logdeny="yes"
    • sudo service ipfw start
  9. Set up the server's timezone:
    • sudo tzsetup
    • sudo sysrc ntpd_enable="yes"
    • sudo sysrc ntpd_sync_on_start="yes"
    • sudo service ntpd start
  10. Fetch the ports tree: sudo portsnap fetch extract (one-time setup)
  11. Check for package updates:
    • update the ports tree: sudo portsnap fetch update
    • fetch most recent package database information: sudo pkg update
    • run pkg version -vRL= for available package updates
    • check the notes before updating: less /usr/ports/UPDATING
    • proceed with updating packages: sudo pkg upgrade
  12. Package management:
    • finding packages: pkg search <name>
    • installing packages: `sudo pkg install
    • after installing package a package, run rehash to update PATH
    • viewing package information: pkg info <name>
    • removing packages: sudo pkg delete <name>
    • removing unused dependencies: sudo pkg autoremove
    • list installed packages: pkg info
    • check for security vulnerabilities in installed packages: pkg audit -F
  13. Service management:
    • enabling services: sudo sysrc <name>_enable=yes (this will append to /etc/rc.conf)
    • to enable a service means auto-starting on boot, as well as allowing users to start it
    • starting services: sudo service <name> start (service must have been enabled first)
  14. Install required packages:
    • sudo pkg install bash vim-lite python36 apache24 py27-virtualenv postgresql96-server
  15. Set up git:
    • choose the name that will be associated with commits: git config --global user.name "<name>"
    • choose the email associated with the Github account: git config --global user.email "<email>"
    • choose the default editor: git config --global core.editor "<editor>"
  16. Set up bash:
    • make sure bash is installed: which bash
    • change default shell to bash: chsh
    • specify /usr/local/bin/bash as your shell
    • log out and log back in for changes to take effect
  17. Set up PostgreSQL:
    • sudo sysrc postgresql_enable="yes"
    • sudo /usr/local/etc/rc.d/postgresql initdb
    • sudo vim /var/db/postgres/data96/postgresql.conf
      • listen_addresses = 'localhost'
      • port = 5432
      • external_pid_file = '/var/run/postgresql.pid'
    • automatically create a PID file for PostgreSQL to use:
      • sudo vim /usr/local/etc/rc.d/postgresql
      • insert the following after load_rc_config postgresql:
      touch /var/run/postgresql.pid
chown postgres:postgres /var/run/postgresql.pid
chmod 644 /var/run/postgresql.pid
    • sudo service postgresql start
    • sudo su - postgres
    • psql
      • CREATE DATABASE projectlovelace;
      • CREATE USER admin WITH PASSWORD '<password>';
      • ALTER ROLE admin SET client_encoding TO 'utf8';
      • ALTER ROLE admin SET default_transaction_isolation TO 'read committed';
      • ALTER ROLE admin SET timezone TO 'UTC'; (confirm that Django setting USE_TZ is 'True')
      • GRANT ALL PRIVILEGES ON DATABASE projectlovelace TO admin;
      • \q
    • exit
  18. Set up Apache:
    • sudo sysrc apache24_enable="yes"
    • sudo kldload accf_http
    • sudo sysrc accf_http_load="yes"
    • sudo vim /usr/local/etc/apache24/httpd.conf
      • under # Third party modules, make sure mod_wsgi is loaded:
      • LoadModule wsgi_module libexec/apache24/mod_wsgi.so
      • at the bottom of the file, make sure the following line is present:
      • Include etc/apache24/Includes/*.conf
    • sudo vim /usr/local/etc/apache24/Includes/projectlovelace.conf and paste the following: 
      # Settings
ServerName www.projectlovelace.net

## Default overrides
ServerSignature Off
ServerTokens Prod
Timeout 30

<VirtualHost *:80>

    WSGIDaemonProcess www.projectlovelace.net python-path=/usr/local/www/apache24/data/lovelace-website/src:/usr/local/www/apache24/data/lovelace-website/env/lib/python3.6/site-packages/
    WSGIProcessGroup www.projectlovelace.net
    WSGIScriptAlias / /usr/local/www/apache24/data/lovelace-website/src/lovelace/wsgi.py

    Alias /static /usr/local/www/apache24/data/lovelace-website/src/prod_static
    <Directory /usr/local/www/apache24/data/lovelace-website/src/prod_static>
        Require all granted
    </Directory>

    <Directory /usr/local/www/apache24/data/lovelace-website/src/lovelace>
        <Files wsgi.py>
        Require all granted
        </Files>
    </Directory>

</VirtualHost>
  19. Set up mod_wsgi:
    • cd /usr/ports/www/mod_wsgi4
    • sudo vim ./Makefile
      • CONFIGURE_ARGS+=--with-apxs="${APXS}" --with-python="/usr/local/bin/python3.6"
    • sudo make (enable all options)
    • sudo make install
  20. Set up the website:
    • cd /usr/local/www/apache24/data/
    • sudo git clone https://github.com/project-lovelace/lovelace-website.git
    • sudo chown -R freebsd ./lovelace-website
    • cd ./lovelace-website
    • make prepare-venv
    • nano ./src/lovelace/settings.py (paste password, secret key, turn off debug)
    • source env/bin/activate
    • cd ./src
    • python manage.py migrate (if the database is empty)
    • python manage.py collectstatic
  21. Start Apache: sudo service apache24 start
  22. Set up monit:
    • install monit: sudo pkg install monit
    • enable the monit service: sudo sysrc monit_enable="yes"
Clone this wiki locally