Configure Server

****** server *******

Use the DigitalOcean dashboard:

create a 1 GB DigitalOcean droplet

assign a floating IP address

Everything else is command lines:

ssh root@123.123.123.123

RSA key fingerprint is b1:2d:3d:4f:58:6f:1e:ca:2a:d3:ee:30:33:33:33:33.

Are you sure you want to continue connecting (yes/no)? yes

Enter password (sent in a email)

(current) UNIX password:

Enter new UNIX password:

Retype new UNIX password:

enter a new unix password

confirm new unix password

sudo apt-get update

sudo apt-get upgrade

Do you want to continue? [Y/n] y

sudo apt-get dist-upgrade

sudo apt-get autoremove

sudo apt-get autoclean

sudo apt-get install nginx

Do you want to continue? [Y/n]

sudo ufw allow ‘Nginx HTTP’

sudo ufw allow ‘Nginx HTTPS’

sudo ufw allow http

sudo ufw allow https

sudo ufw allow ssh

sudo ufw disable

sudo ufw enable

Command may disrupt existing ssh connections. Proceed with operation (y|n)?

curl -sSL https://agent.digitalocean.com/install.sh | sh

sudo apt-get install nodejs-legacy

Do you want to continue? [Y/n] y

sudo apt-get install npm

Do you want to continue? [Y/n] y

sudo apt-get install mysql-server

Do you want to continue? [Y/n] y

New password for the MySQL “root” user:

Repeat password for the MySQL “root” user:

sudo mysql_secure_installation

Enter password for user root:

Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: n

Change the password for root ? ((Press y|Y for Yes, any other key for No) : n

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : n

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y

****** mariaDB *******

sudo apt-get install software-properties-common

sudo apt-key adv –recv-keys –keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8

sudo add-apt-repository ‘deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu xenial main’

sudo apt update

sudo apt install mariadb-server

Do you want to continue? [Y/n] y

New password for the MariaDB “root” user: (leave blank)

Repeat password for the MariaDB “root” user: (leave blank)

create new non-root db user

CREATE USER ‘mariadb-user’@’localhost’ IDENTIFIED BY ‘maria-password’;
GRANT ALL PRIVILEGES ON * . * TO ‘mariadb-user’@’localhost’ with grant option;
GRANT PROXY ON ”@” TO ‘suburbanrichard’@’localhost’ with grant option;
FLUSH PRIVILEGES;
exit

****** ghost *******

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add –

echo “deb https://dl.yarnpkg.com/debian/ stable main” | sudo tee /etc/apt/sources.list.d/yarn.list

sudo apt-get update && sudo apt-get install yarn

yarn global add ghost-cli

npm i -g ghost-cli

****** unattended upgrades *******

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

When I finished editing it, my file looked like this:

Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}-updates";
};
Unattended-Upgrade::Mail "admin@yoursite.com";
//Unattended-Upgrade::MailOnlyOnError "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";

sudo nano /etc/apt/apt.conf.d/10periodic

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

****** ssl *******

sudo apt-get install letsencrypt

Do you want to continue? [

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

****** auto-snapshots *******

create new non-root sudo user — ¬†login again

adduser newunixuser
set password newunixpassword
gpasswd -a newunixuser sudo
sudo usermod -a -G www-data newunixuser

gpg –keyserver hkp://keys.gnupg.net –recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 \curl -sSL https://get.rvm.io | bash -s stable –rails

\curl -sSL https://get.rvm.io | bash -s stable –rails

To start using RVM you need to run `source /home/suburbanrichard/.rvm/scripts/rvm`

source /home/suburbanrichard/.rvm/scripts/rvm

wget https://assets.merqlove.ru.s3.amazonaws.com/do_snapshot/do_snapshot.tgz –no-check-certificate

tar -xzf do_snapshot.tgz

cp -r do_snapshot /usr/local/

ln -s /usr/local/do_snapshot/bin/do_snapshot /usr/local/bin/do_snapshot

sudo apt install ruby

gem install do_snapshot

gem install rest-client

rvm cron setup

test: do_snapshot –digital-ocean-access-token 1234567890abcdefghijklmnop –only 1234556 -k 3 -c -v

crontab -e

03 00 * * * do_snapshot –digital-ocean-access-token 1234567890abcdefghijklmnop –only 1234556 -k 3 -c -v