# Ubuntu 18.04 LTS 安裝 R4.5 標準流程 ## 前置作業 * Ubuntu 18.04 LTS 已安裝完畢並能遠端連線進入 * 當前帳號可以使用 sudo 指令 ## 建立 rulingcom 帳號(若已是 rulingcom 帳號,前往下一步驟) ```sh $ sudo su # 從當前帳號切換到 root $ adduser rulingcom $ # set the password for rulingcom $ # fill in user information, it's ok to leave all blank $ usermod -aG sudo rulingcom # 讓 rulingcom 可用 sudo $ su - rulingcom $ sudo ls -la /root # 測試 rulingcom sudo 是否可用 $ exit; exit # 第一次 exit 退回 root 帳號,第二次 exit 退回剛登入的帳號 ``` ## 安裝 Nginx 1.14 ```sh $ sudo apt update $ sudo apt install nginx $ nginx -v # 確認版本為 1.14 $ sudo systemctl status nginx # 查看 nginx 是否啟動 $ sudo systemctl restart nginx # 安全重啟 nginx,若已啟動則可跳過此步驟 $ cd /etc/nginx/ $ sudo mkdir orbit_sites/ $ sudo vim nginx.conf # add `include /etc/nginx/orbit_sites/*;` to Virtual Host Configs block $ sudo vim orbit_sites/xxx_ooo # 建立網站 nginx 設定檔,xxx 為學校縮寫,ooo 為系所、單位縮寫。內容參考附註 nginx 設定檔 ``` ```nginx # 此為附註 nginx 設定檔 # upstream xxx_sock { upstream orbit_sock { # server unix:/path/to/your/r45/tmp/unicorn.sock; server unix:/home/rulingcom/orbit_sites/orbit/tmp/unicorn.sock; } server { listen 80; # root /path/to/your/r45/public; root /home/rulingcom/orbit_sites/orbit/public; # server_name your.website.address; server_name localhost; client_max_body_size 500m; location / { try_files $uri $uri/index.html $uri.html @app; } location @app { proxy_redirect off; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_connect_timeout 360; # proxy_pass http://xxx_sock; proxy_pass http://orbit_sock; } } ``` ## 安裝 MongoDB 3.2.22 ```sh $ # 匯入 MongoDB 公鑰到套件管理系統 $ wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5.3_amd64.deb #Ubuntu 20.04LTS $ sudo dpkg -i libssl1.0.0_1.0.2n-1ubuntu5.3_amd64.deb #Ubuntu 20.04LTS $ wget -qO - https://www.mongodb.org/static/pgp/server-3.2.asc | sudo apt-key add - $ # 建立 list file $ echo "deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list $ sudo apt-get update # 更新套件管理系統 $ # 下載並安裝 MongoDB 3.2.22 $ sudo apt-get install -y mongodb-org=3.2.22 mongodb-org-server=3.2.22 mongodb-org-shell=3.2.22 mongodb-org-mongos=3.2.22 mongodb-org-tools=3.2.22 $ mongo --version # 查看 MongoDB 版本 $ sudo systemctl status mongod # 查看 MongoDB 是否啟動 $ sudo systemctl restart mongod # 安全啟動 MongoDB,若已啟動則可跳過此步驟 ``` ## 安裝 ImageMagick 6.9.7-4 (部份預設模組需要處理圖片,此為相依軟體) ```sh $ sudo apt install imagemagick $ convert -version # 檢查是否安裝成功,並確認版本 ``` ## 安裝 RVM (Ruby 版本和套件的管理程式) ```sh $ sudo apt install gnupg2 $ gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB $ \curl -sSL https://get.rvm.io | bash -s stable $ source /home/rulingcom/.rvm/scripts/rvm $ sudo vi /etc/apt/sources.list # Ubuntu 20.04LTS add `deb http://security.ubuntu.com/ubuntu bionic-security main` $ rvm install 2.1.2 $ rvm install 2.1.10 $ rvm --default use 2.1.10 ``` ## 安裝 R4.5 ### 一、建立 ssh key pair ```sh $ cd /home/rulingcom/.ssh # 如果沒有該資料夾則自行建立 `mkdir /home/rulingcom/.ssh`,接著進入 .ssh 資料夾 $ ssh-keygen # 設定 key pair name -> 設定密碼(不設定直接 enter) -> 確認密碼(不設定直接 enter) $ cat ~/.ssh/your_key.pub # 將公鑰轉交給禾綸(注意:不是私鑰) $ # 確認禾綸將公鑰加入 GitLab 後再接續下列指令與步驟二 $ eval "$(ssh-agent -s)" $ ssh-add ~/.ssh/your_private_key ``` ### 二、安裝 R4.5 Web App ```sh $ git clone git@gitlab.tp.rulingcom.com:saurabh/orbit4-5.git your_site_name $ cd your_site_name $ vim config/mongoid.yml # 所有 orbit_4_5 換成 your_site_name, :wq 存檔離開 $ vim Gemfile # 加井字號註解掉 gem 'sassc-rails', '~>1.3.0' 並拿掉此行 #gem 'sass-rails', '~> 4.0.2' 井字號取消註解 $ $ gem install nokogiri -v 1.7.0.1 #For Ubuntu 20.04LTS $ bundle install $ RAILS_ENV=production bundle exec rake assets:precompile $ bundle exec unicorn_rails -c config/unicorn.rb -D -E production $ sudo service nginx restart $ # Login the new create site with rulingcom account and choose “Admin Area” to complete the registration of this new created site. ``` ## 開啟crontab的log(獨立顯示) ### Open the file ```sh sudo vim /etc/rsyslog.d/50-default.conf ``` ### Find the line that starts with: #cron.* ```sh uncomment that line, save the file, and restart rsyslog: sudo service rsyslog restart You should now see a cron log file here: /var/log/cron.log ``` ## 設定備份(以備份一週內容為例) ### 一、資料庫備份 ```sh #### 安裝postfix,以避免NO MTA installed. sudo apt-get install -y postfix sudo service postfix start $ sudo crontab -e # 內容如下: 0 3 * * * mongodump -o /home/backup/db/`date "+\%Y\%m\%d"`_db 0 4 * * * rm -fr /home/backup/db/`date --date="1 week ago" "+\%Y\%m\%d"`_db ``` ### 二、R4.5 網站目錄備份 ```sh # 安裝 rsnapshot,如已安裝則直接編輯 /etc/rsnapshot.conf $ sudo apt-get install rsnapshot -y $ sudo vim /etc/rsnapshot.conf # 內容建附註 rsnapshot $ sudo mkdir /home/backup $ sudo mkdir /home/backup/orbit $ sudo chmod 777 /home/backup/orbit $ rsnapshot -t daily # 測試是否設定正確 $ sudo crontab -e # 加入下行內容後,儲存退出 15 4 * * * /usr/bin/rsnapshot daily ``` ```txt # 此為附註 rsnapshot # 注意!該檔使用 tab 而非 space! # find BACKUP LEVELS /INTERVALS part # at this part, remove every lines with `retain` and then add the line below: retain daily 7 # find SNAPSHOT ROOT DIRECTORY part # modify the snapshot dir path snapshot_root /home/backup/orbit # find BACKUP POINTS / SCRIPTS part # add R4.5 site backup backup /home/rulingcom localhost/ ``` ### 三、定期壓縮與刪除 log ```sh $ sudo vim /etc/logrotate.d/orbit # 內容見附註 logrotate $ sudo logrotate -d /etc/logrotate.conf # 確認系統是否有使用 /etc/logrotate.d/orbit ``` ```txt # 附註 logrotate /home/rulingcom/*/*/log/*.log { daily rotate 7 compress missingok notifempty create 644 rulingcom rulingcom postrotate [ ! -f /run/nginx.pid ] || kill -USR1 `cat /run/nginx.pid` endscript } /home/rulingcom/*/*/*/log/*.log { daily rotate 7 compress missingok notifempty create 644 rulingcom rulingcom postrotate [ ! -f /run/nginx.pid ] || kill -USR1 `cat /run/nginx.pid` endscript } /var/log/mongodb/*.log { daily rotate 7 compress missingok notifempty create 644 mongodb mongodb postrotate [ ! -f /var/lib/mongodb/mongod.lock ] || kill -SIGUSR1 `cat /var/lib/mongodb/mongod.lock` endscript } ``` ### 四、主機開機網站自動起始 ```sh # 開機網站自動起始 $ sudo vim /etc/init.d/orbit # 內容見附註 orbit $ sudo chmod 755 /etc/init.d/orbit $ update-rc.d orbit defaults $ sudo vim /etc/init.d/rc.local #內容見附註 rc.local1 $ sudo chmod 755 /etc/init.d/rc.local $ sudo vim /etc/rc.local #內容見附註 rc.local $ sudo chmod 755 /etc/rc.local $ update-rc.d rc.local defaults $ sudo systemctl start orbit $ sudo systemctl start rc.local # ``` ```txt # 附註 orbit #!/bin/bash ORBIT_USER=rulingcom if [ -f "/home/$ORBIT_USER/.rvm/scripts/rvm" ]; then source /home/$ORBIT_USER/.rvm/scripts/rvm rvm use default else if [ "$1" != "setup" ]; then echo "" echo "-----------------------------------------------------" echo "Orbit server dependencies is missing. Please run setup first." echo "command: service orbit setup" echo "-----------------------------------------------------" echo "" exit 0; fi fi ORBIT_SITES=`pwd` ORBIT_GIT=http://gitlab.tp.rulingcom.com/saurabh/orbit4-5.git NGINX_ORBIT_SITES=/etc/nginx/orbit_sites RAILS_ENV=production sig () { test -s "$ORBIT_ROOT/tmp/pids/unicorn.pid" && kill -$1 `cat $ORBIT_ROOT/tmp/pids/unicorn.pid` } get_orbit_root () { if [ ! -f $NGINX_ORBIT_SITES/$1 ]; then echo "Site $1 not found" && exit 0; fi ORBIT_ROOT=`cat $NGINX_ORBIT_SITES/$1 | grep 'root' | grep -v '#' | xargs | awk '{print $2}'`; ORBIT_ROOT=${ORBIT_ROOT//"/public;"/""}; if [ ! -d $ORBIT_ROOT ]; then echo "Site folder $ORBIT_ROOT not fount" && exit 0; fi } start_orbit () { sig 0 $ORBIT_ROOT && echo >&2 "$ORBIT_ROOT Already running" && continue; echo "Starting $ORBIT_ROOT"; sudo su -l $ORBIT_USER -c "cd $ORBIT_ROOT && bundle exec unicorn_rails -D -E $RAILS_ENV -c config/unicorn.rb"; } case $1 in start) if [ ! -z "$2" ]; then get_orbit_root $2 start_orbit else for APP in `ls -1 $NGINX_ORBIT_SITES`; do get_orbit_root $APP; start_orbit; done fi exit 0; ;; stop) while [ `whoami` != "root" ]; do if [ ! -z "$2" ]; then read -p "Stop Orbit $2? (y/n) " CONFIRM else read -p "Stop All Orbits? (y/n) " CONFIRM fi case "$CONFIRM" in y|Y ) break;; n|N ) exit 0;; * ) echo "(y/n)";; esac done if [ ! -z "$2" ]; then get_orbit_root $2 echo "Stopping $ORBIT_ROOT" sig QUIT else for APP in `ls -1 $NGINX_ORBIT_SITES`; do get_orbit_root $APP; echo "Stopping $ORBIT_ROOT"; sig QUIT && continue; done fi exit 0; ;; force-stop) while true; do if [ ! -z "$2" ]; then read -p "Stop Orbit $2? (y/n) " CONFIRM else read -p "Stop All Orbits? (y/n) " CONFIRM fi case "$CONFIRM" in y|Y ) break;; n|N ) exit 0;; * ) echo "(y/n)";; esac done if [ ! -z "$2" ]; then get_orbit_root $2 echo "Stopping $ORBIT_ROOT" sig TERM else for APP in `ls -1 $NGINX_ORBIT_SITES`; do get_orbit_root $APP; echo "Stopping $ORBIT_ROOT"; sig TERM && continue; done fi exit 0; ;; restart|reload) if [ ! -z "$2" ]; then get_orbit_root $2 sig USR2 && echo "$ORBIT_ROOT reloaded OK" && exit 0 echo >&2 "Couldn't reload $ORBIT_ROOT, starting instead" start_orbit else for APP in `ls -1 $NGINX_ORBIT_SITES`; do get_orbit_root $APP; sig USR2 && echo "$ORBIT_ROOT reloaded OK" && continue; echo >&2 "Couldn't reload $ORBIT_ROOT, starting instead"; start_orbit; done fi exit 0; ;; create) if [ "$0" == "/etc/init.d/orbit" ]; then echo "Don't use service to create." echo "Use: orbit create $2" exit 0 fi test -s "$NGINX_ORBIT_SITES/$2" && echo "Site $2 already exist." && exit 0 test -s "$ORBIT_SITES/$2" && echo "File $ORBIT_SITES/$2 already exist." && exit 0 while true; do read -p "nginx server name: " SERVER_NAME if [ ! -z "$SERVER_NAME" ]; then break; fi done while true; do read -p "port number: " PORT if [ ! -z "$PORT" ]; then break; fi done while true; do read -p "database name: " DATABASE if [ ! -z "$DATABASE" ]; then break; fi done echo "-----------------------------------------------------" echo "Path: $ORBIT_SITES/$2" echo "Database: $DATABASE" echo http://$SERVER_NAME:$PORT echo "-----------------------------------------------------" while true; do read -p "Create Orbit $2? (y/n) " CONFIRM case "$CONFIRM" in y|Y ) break;; n|N ) exit 0;; * ) echo "(y/n)";; esac done cd ~ sudo wget http://installer.tp.rulingcom.com/nginx4-5.conf sudo cp nginx4-5.conf $NGINX_ORBIT_SITES/$2 sudo rm nginx4-5.conf sudo perl -pi -e "s/{{ORBIT}}/$2/g" $NGINX_ORBIT_SITES/$2 sudo perl -pi -e "s#{{ORBIT_SITES}}#${ORBIT_SITES}#g" $NGINX_ORBIT_SITES/$2 sudo perl -pi -e "s/{{PORT}}/$PORT/g" $NGINX_ORBIT_SITES/$2 sudo perl -pi -e "s/{{SERVER_NAME}}/$SERVER_NAME/g" $NGINX_ORBIT_SITES/$2 sudo service nginx reload sudo su -l $ORBIT_USER -c "cd $ORBIT_SITES && git clone $ORBIT_GIT $2 && cd $2 && bundle" sudo su -l $ORBIT_USER -c "cd $ORBIT_SITES/$2 && perl -pi -e \"s/orbit_4_5/$DATABASE/g\" config/mongoid.yml" sudo su -l $ORBIT_USER -c "cd $ORBIT_SITES/$2 && bundle exec rake assets:precompile RAILS_ENV=production" sudo su -l $ORBIT_USER -c "cd $ORBIT_SITES/$2 && bundle exec unicorn_rails -D -E $RAILS_ENV -c $ORBIT_SITES/$2/config/unicorn.rb" sudo su -l $ORBIT_USER -c "cd $ORBIT_SITES/$2 && bundle exec rake orbit_cron:install" echo "-----------------------------------------------------" echo "$2 is ready" echo "Path: $ORBIT_SITES/$2" echo http://`ifconfig eth0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'`:$PORT echo "-----------------------------------------------------" exit 0 ;; setup) sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 sudo echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list sudo apt-get update sudo apt-get -y upgrade sudo apt-get install -y nginx git-core mongodb-org imagemagick curl openssh-server nano sudo mkdir $NGINX_ORBIT_SITES sudo perl -pi -e "s/sites-enabled/orbit_sites/g" /etc/nginx/nginx.conf sudo rm -r /etc/nginx/sites-* sudo apt-get --no-install-recommends --yes install gawk g++ gcc make libc6-dev libreadline6-dev zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config libffi-dev sudo su -l $ORBIT_USER -c "\curl -sSL https://get.rvm.io | bash -s stable" sudo su -l $ORBIT_USER -c "rvm install 2.1 --default" echo "gem: --no-ri --no-rdoc" > /home/$ORBIT_USER/.gemrc source /home/$ORBIT_USER/.rvm/scripts/rvm echo "" echo "-----------------------------------------------------" echo "System is ready. You can start creating Orbit servers." echo "command: orbit create Orbit_Folder_Name" echo "-----------------------------------------------------" echo "" exit 0 ;; *) echo >&2 "Usage $0 " exit 1 ;; esac ``` ```txt # 附註 rc.local1 #! /bin/sh ### BEGIN INIT INFO # Provides: rc.local # Required-Start: $all # Required-Stop: # Default-Start: 2 3 4 5 # Default-Stop: # Short-Description: Run /etc/rc.local if it exist ### END INIT INFO PATH=/sbin:/usr/sbin:/bin:/usr/bin . /lib/init/vars.sh . /lib/lsb/init-functions do_start() { if [ -x /etc/rc.local ]; then [ "$VERBOSE" != no ] && log_begin_msg "Running local boot scripts (/etc/rc.local)" /etc/rc.local ES=$? [ "$VERBOSE" != no ] && log_end_msg $ES return $ES fi } case "$1" in start) do_start ;; restart|reload|force-reload) echo "Error: argument '$1' not supported" >&2 exit 3 ;; stop) ;; *) echo "Usage: $0 start|stop" >&2 exit 3 ;; esac ``` ```txt # 附註 rc.local #! /bin/sh sudo mongod --config /etc/mongod.conf & exit 0 ``` ``` ### 五、網路設定 ```sh # 開機網站自動起始 $ sudo vim /etc/netplan/50-cloud-init.yaml # 內容見附註 50-cloud-init.yaml 18.04開始設定改這 # $ sudo vim /etc/netplan/00-installer-config.yaml # Ubuntu 20.04LTS # ``` ```txt # 50-cloud-init.yaml # 本範例有兩塊網卡,第一塊是DHCP,第二塊是固定IP # 其中因為子網路遮罩為255.255.255.0 ,所以是 /24 # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: enp0s29u1u1u5: dhcp4: true enp6s0: addresses: - 192.168.1.142/24 gateway4: 192.168.1.1 nameservers: addresses: - 8.8.8.8 search: - rulingcom.com version: 2