Ubuntu Server - http://www.ubuntu.com/download/server Digital Ocean - https://www.digitalocean.com/ Securing your Server - https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps Setting up a firewall - https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server

# updates and add user sudo apt-get update && sudo apt-get upgrade -y adduser deploy sudo usermod -aG sudo deploy sudo apt-get install curl nano git libmysqlclient-dev coffeescript gawk g++ gcc make libreadline6-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgmp-dev libgdbm-dev libncurses5-dev automake libtool bison pkg-config libffi-dev -y





# login as deploy user, install application gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 \curl -sSL https://get.rvm.io | bash -s stable source /home/deploy/.rvm/scripts/rvm rvm install 2.3.1 echo 'gem: --no-document' >> ~/.gemrc gem update --system gem install bundler git config --global user.email 'YOUR_EMAIL' git config --global user.name 'YOUR_NAME' ssh-keygen -t rsa -C "YOUR_EMAIL" cat ~/.ssh/id_rsa.pub git clone [email protected]:driftingruby/sample_application.git cd sample_application bundle echo 'export RAILS_ENV=production' >> ~/.bashrc source ~/.bashrc gem install passenger





# install passenger dependencies sudo apt-get install apache2 libcurl4-openssl-dev apache2-dev libapr1-dev libaprutil1-dev





# install mysql server sudo apt-get install mysql-server





# configure application settings nano config/database.yml nano config/secrets.yml





# install passenger apache module sudo a2enmod headers passenger-install-apache2-module

# /etc/apache2/apache2.conf

LoadModule passenger_module /home/deploy/.rvm/gems/ruby-2.3.1/gems/passenger-5.0.28/buildout/apache2/mod_passenger.so <IfModule mod_passenger.c> PassengerRoot /home/deploy/.rvm/gems/ruby-2.3.1/gems/passenger-5.0.28 PassengerDefaultRuby /home/deploy/.rvm/gems/ruby-2.3.1/wrappers/ruby </IfModule>

# /etc/apache2/sites-enabled/000-default.conf

PassengerMaxPoolSize 4 <VirtualHost *:80> Header add Strict-Transport-Security max-age=31536000 DocumentRoot /home/deploy/sample_application/public <Directory /home/deploy/sample_application/public> Header unset ETag AllowOverride all Options -MultiViews Order allow,deny Allow from all Require all granted </Directory> PassengerMinInstances 2 </VirtualHost>





If you need to create and configure self-signed certificates





sudo mkdir /etc/apache2/ssl cd /etc/apache2/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout apache.key -out apache.crt sudo a2enmod ssl





# enable apache module rewrite sudo a2enmod rewrite

# /etc/apache2/sites-enabled/000-default.conf

# Redirects 80 traffic to 443 <VirtualHost *:80> Redirect permanent "/" "https://107.170.118.82/" </VirtualHost> <VirtualHost *:443> Header add Strict-Transport-Security max-age=31536000 DocumentRoot /home/deploy/sample_application/public <Directory /home/deploy/sample_application/public> Header unset ETag AllowOverride all Options -MultiViews Order allow,deny Allow from all Require all granted </Directory> SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key PassengerMinInstances 2 </VirtualHost>





# restart apache sudo service apache2 restart





# locking down ssh sudo nano /etc/ssh/sshd_config sudo su sudo mv /root/.ssh/authorized_keys ~/.ssh/ sudo chown -R deploy ~/.ssh/authorized_keys sudo service ssh restart





# installing and configuring ufw sudo apt-get install ufw sudo ufw status sudo ufw allow 22222/tcp sudo ufw allow www/tcp sudo uff allow 443/tcp sudo ufw enable