Skip to content
Ruby Shell
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Primary Settings

Change root password

# apt-get install apg
$ apg -m64
# passwd root

Add admin user

# useradd -g admin -d /home/spbruby -m -s /bin/bash spbruby
# passwd spbruby
# visudo

Add following: %admin ALL NOPASSWD:ALL

Public key auth

local$ cat .ssh/
remote$ mkdir .ssh
remote$ cat > .ssh/authorized_keys
remote$ chmod 600 .ssh/authorized_keys
remote$ chmod 700 .ssh

Configure OpenSSH

Update /etc/ssh/sshd_config with: Port 22222 PermitRootLogin = No AllowUsers spbruby


# mkdir -p /var/lib/iptables
# cp var/lib/iptables/rules_save /var/lib/iptables/

Add to main interface settings in /etc/network/interfaces: pre-up /sbin/iptables-restore < /var/lib/iptables/rules_save

Update base system

# apt-get update
# apt-get dist-upgrade

User shell settings

Colors, aliases, git-branch, etc

# apt-get install bash-completion

Add to ~/.bash_profile:

if [ -f /etc/bash_completion ]; then
  . /etc/bash_completion

# set a fancy prompt (non-color, unless we know we "want" color)
if [[ ${EUID} == 0 ]] ; then    
  PS1='\[\033[01;31m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
  PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w `git branch 2>&1 | grep "*" | awk -F" " "{print \\\$2}"`\$\[\033[00m\] '

if [ -f ~/.bash_aliases ]; then
  . ~/.bash_aliases

Add to ~/.bash_aliases: alias ls='ls --color=auto' alias ll='ls -l' alias la='ls -al' alias l='ls -CF' alias grep='grep --color'

Locale settings

Add to ~/.bash_profile export LANG=ru_RU.UTF-8 export LC_MESSAGES=C

Primary Software Install


# apt-get install -y build-essential git-core git-svn automake autoconf


# apt-get install -y libexpat1-dev zlib1g zlib1g-dev libyaml-dev libonig-dev libopenssl-ruby libssl-dev libdbm-ruby libgdbm-ruby libgif4 readline-common libreadline-dev libreadline-ruby byacc
# chgrp admin /usr/local/src/
# chmod g+ws /usr/local/src/
$ cd /usr/local/src/
$ git clone git://
$ ln -s rubyenterpriseedition187-330 ruby
$ cd ruby
$ git checkout -b 2011.03 release-2011.03
$ autoconf 
$ ./configure 
$ make -j`expr $(grep processor /proc/cpuinfo | wc -l) + 1`
# make install


$ wget
$ tar xvf rubygems-1.7.2.tgz
$ cd rubygems-1.7.2
# ruby setup.rb
# gem in rubygems-update bundler --no-ri --no-rdoc


# apt-get install -y sqlite3 libsqlite3-dev mysql-server libmysqlclient15-dev postgresql-8.4 postgresql-server-dev-8.4 libpq-dev
# gem in sqlite3-ruby mysql pg thin rails  --no-ri --no-rdoc

NGINX and Phusion Passenger

# apt-get install -y libpcre3 libpcre3-dev libperl-dev libxml2-dev libxml2 libxslt-dev curl-ssl libcurl4-openssl-dev
$ cd /usr/local/src
$ wget && tar xvf nginx-1.0.5.tar.gz && ln -nfs nginx-1.0.5 nginx && rm -f nginx-1.0.5.tar.gz
$ wget && tar xvf pcre-8.12.tar.bz2 && ln -nsf pcre-8.12 pcre && rm -f pcre-8.12.tar.bz2
$ git clone git://
$ cd passenger
# ./bin/passenger-install-nginx-module  --auto --prefix=/opt/nginx --nginx-source-dir=/usr/local/src/nginx --extra-configure-flags='--with-http_flv_module --with-http_realip_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-http_stub_status_module --with-poll_module --with-pcre=/usr/local/src/pcre --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/ --user=www-data --group=www-data'

Configure RDBMS

PostgreSQL related stuff

  • Access only from localhost

Add to the /etc/postgresql/8.4/main/postgresql.conf listen_addresses = 'localhost'

  • Easy access from localhost

Add to /etc/postgresql/8.4/main/pg_hba.conf # TYPE DATABASE USER CIDR-ADDRESS METHOD # Database administrative login by UNIX sockets # "local" is for Unix domain socket connections only

# local   all         postgres                          ident
local   all         all                               trust
  • Adding user and database

Run: $ psql -Upostgres postgres=# ALTER ROLE postgres ENCRYPTED PASSWORD 'supersecurerootpassword'; postgres=# CREATE ROLE spbruby NOSUPERUSER LOGIN ENCRYPTED PASSWORD 'superpupermegapasword'; postgres=# CREATE DATABASE spbruby ENCODING 'UTF-8' OWNER spbruby;

MySQL related stuff

First run: # mysql_secure_installation Fill the questionnaire:

Enter current password for root (enter for none):

Change the root password? [Y/n] n

** ... skipping.**

** Remove anonymous users? [Y/n]** y

** ... Success!**

** Disallow root login remotely? [Y/n]** y

** ... Success!**

Remove test database and access to it? [Y/n] y

** - Dropping test database...**

** ... Success!**

** - Removing privileges on test database...**

** ... Success!**

Reloading the privilege tables will ensure that all changes made so far will take effect immediately.

Reload privilege tables now? [Y/n] y

** ... Success!**

Then run:

$ mysql -uroot -p mysql> CREATE DATABASE spbruby; mysql> GRANT ALL ON spbruby.* TO spbruby@localhost IDENTIFIED BY 'superpuperpassword'; mysql> FLUSH PRIVILEGES;

Configure SSL

Create self-signed CA

# apt-get install -y openvpn
# mv /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/ssl/easy-rsa
# apt-get remove -y openvpn
# apt-get -y autoremove
$ cd /etc/ssl/easy-rsa

Update vars file with following:

export KEY_CITY="Saint Petersburg"
export KEY_ORG=""
export KEY_EMAIL=""

Import vars to current shell:

# source vars

Initialize the $KEY_DIR directory:

# ./clean-all

Build a root certificate

# ./build-ca

Create server-side certificates

Build Diffie-Hellman parameters for the server side of an SSL/TLS connection.

# ./build-dh

Make a certificate/private key pair using a locally generated root certificate.

# ./build-key-server
# ./build-key-server

Configure nginx

Vhosts management

Place utils for manage nginx vhosts to /usr/local/bin/ and make them executable:

$ chmod +x ./usr/local/bin/*
# mv ./usr/local/bin/* /usr/local/bin/


Then place ./opt/nginx/conf/nginx.conf to /opt/nginx/conf/

After that we need to create folders for vhosts configuration $ cd /opt/nginx/conf # mkdir sites-available sites-enabled And then place config-file for our vhost (./opt/nginx/conf/sites-available/ to /opt/nginx/conf/sites-available/

And enable vhost: # nginxensite



# gem in astrails-safe --no-rdoc --no-ri

Place safe config from ./etc/safe.rb to /etc


# cat > /etc/cron.daily/safe
  /usr/local/bin/astrails-safe /etc/safe.rb
# chmod 755 /etc/cron.daily/safe

Logs Rotation

# apt-get install logrotate

Place etc/logrotate.d/ and etc/logrotate.d/nginx to /etc/logrotate.d



# apt-get install -y exim4-daemon-heavy dovecot-common dovecot-imapd dovecot-pop3d clamav-daemon
# mkdir /var/log/dovecot
# gpasswd -a clamav Debian-Exim

DB configuration

$ psql -Upostgres
postgres=# CREATE DATABASE mail ENCODING 'UTF-8' OWNER mail;
$ psql -Upostgres mail < etc/exim4/mail_schema.pgsql

SMTP configuration

# cp etc/exim4/exim.conf /etc/exim4/exim.conf.template
# cp etc/aliasdomains /etc/aliasdomains
# /etc/init.d/exim4 restart

IMAP4/POP3 configuration

# cp etc/dovecot/* /etc/dovecot
# /etc/init.d/dovecot restart

Web interface

# mkdir -p /var/www/
# chown www-data:www-data /var/www/
# chmod ug+ws /var/www/
$ cd /var/www/
$ mkdir conf log
$ cd /usr/local/src
$ wget
# tar xvf roundcubemail-0.4.tar.gz -C /var/www/
$ cd /var/www/
$ ln -s roundcubemail-0.4 public

Now we must place opt/nginx/conf/sites-available/ to /opt/nginx/conf/sites-available/
And enable it. # nginxensite

Autostart services



# apt-get install -y runit
# gem in runit-man --no-ri --no-rdoc
# mkdir -p /etc/sv/nginx /etc/sv/spawn-fcgi/log /etc/sv/runit-man/log


Place runit recipes from etc/sv to system /etc/sv # cp -r etc/sv/* /etc/sv/ And add symlinks to /etc/service/ and /etc/init.d/ for autorun # for i in nginx spawn-fcgi runit-man; do ln -s /usr/bin/sv /etc/init.d/${i}; ln -s /etc/sv/${i} /etc/service/; update-rc.d ${i} defaults; done Don't forget to enable access to runit-manager from your host # iptables -A INPUT -p tcp --dport 12700 -s -j ACCEPT And save iptables config # iptables-save > /var/lib/iptables/rules_save From now you can run runit-manager and access it via HTTP # sv start runit-man or # /etc/init.d/runit-man start It will be accessible on your host:12700 via HTTP




$ wget && tar xvf sphinx-1.10-beta.tar.gz && ln -nsf sphinx-1.10-beta sphinx && rm -f sphinx-1.10-beta.tar.gz
$ cd sphinx
$ wget && tar xvf libstemmer_c.tgz && rm -f libstemmer_c.tgz
$ ./configure --with-pgsql --without-mysql --with-libstemmer 

Use --with-mysql --without-pgsql in case of MySQL database $ make -jexpr $(grep processor /proc/cpuinfo | wc -l) + 1 # make install


Something went wrong with that request. Please try again.