How to Install and Configure Samba in Ubuntu 16.04

1. Install Samba

     sudo apt-get update
     sudo apt-get install samba
   

2. Set a password for your user in Samba

     sudo smbpasswd -a <user_name>
   

   Note: Samba uses a separate set of passwords than the standard Linux system accounts (stored in /etc/samba/smbpasswd). Having said that, I always use here whatever username I use for my Linux account.
3. Create a directory to be shared

     
   mkdir /home/<user_name>/<folder_name>
   

4. Edit the file "/etc/samba/smb.conf"

     
     sudo vim /etc/samba/smb.conf
   

   And add the following:

     
   [global]
     workgroup = HOME_NETWORK
   
   #(Set this to the name you want the shared folder to have)
   [share]
      comment = File server share folder
      path = /home/<user_name>/share/
      browsable = yes
      read only = no
      guest ok = yes
      writable = yes
      valid users = <samba_user_name>
      create mask = 0755
   

5. If you setup a firewall, allow port 445

     ufw allow 445
   

6. Restart the samba:

       sudo service smbd restart
   

7. Once Samba has restarted, use this command to check your smb.conf for any syntax errors

       testparm  
   

Install Latest MySQL in Ubuntu Server

This assumes that you already have a running Ubuntu server with Apache installed. To install basic security in Ubuntu, see Basic Security Installs for Ubuntu. This instructions was extracted from here.

1. Update the package index on your server

sudo apt-get update

2. Install the package

sudo apt-get install mysql-server 

3. Run the included security script. This changes some of the less secure default options for things like remote root logins and sample users.

sudo mysql_secure_installation

4. If you're using a version of MySQL earlier than 5.7.6, you should initialize the data directory by running command below.

sudo mysql_install_db

How to Debug Rails Application Using Pry Remote

1. Add pry remote in gemfile

gem 'pry-remote', '~> 0.1.8' 

gem 'pry-nav', '~> 0.2.4' 

2. Run bundle install in the terminal 

3. Add the following line in application.rb:

require 'pry-remote'

 

 

4. Add the following in the code where you want to stop executing and debug:

binding.remote_pry

 5. Load the application in the browser. The application will stop execution once it encounters the binding.remote_pry line

6. Open up a new terminal and run the following code:

pry-remote

7. To navigate in the terminal, use the following command:

step
next
continue
exit

 

Deploying Rails Application for the First Time

I always forget these steps when deploying a Rails app for the first time. So I'm finally writing this in as a guide for the future.

This assumes that you already have a running Ubuntu server with Apache and Passenger installed (see Basic Security Installs for Ubuntu and How to Install Passenger + Apache in Ubuntu).

1. Clone the git repo.

   git clone git@bitbucket.org:kabalweg/app_name.git
   cd app_name
   bundle install
   

   If you get a "bundle not yet installed" error, run the following comment:

   gem install bundle
   

2. Go to /var/www/ type and this command to create a symbolic link.

   sudo ln -s /home/kabalweg/app_name/ ./app_name
   

3. Go to /etc/apache2/sites-available and create a virtualhost file, app_name.conf, or copy and existing one and edit the appropriate values in that file and save.

   <VirtualHost *:80>
       ServerName app_name.net
       Redirect permanent / http://www.app_name.net/
   </VirtualHost>
   
   <VirtualHost *:80>
     ServerName www.app_name.net
     ServerAdmin kabalweg@gmail.com
   
     # Set the environment to production
     RailsEnv production
   
     <IfModule mod_passenger.c>
         # Set to on when debugging errors
         PassengerFriendlyErrorPages off
   
         #PassengerRoot /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini
         #PassengerDefaultRuby /home/kabalweg/.rvm/gems/ruby-2.2.1@rails4.2/wrappers/ruby
         PassengerMaxPoolSize 2
         PassengerPoolIdleTime 0
         PassengerMaxRequests 1000
       </IfModule>
   
       DocumentRoot /var/www/app_name/public
       <Directory /var/www/app_name/public>
         AllowOverride all
         Options -MultiViews
         #Require all granted
         Order deny,allow
         Allow from all
       </Directory>
   
       ErrorLog ${APACHE_LOG_DIR}/error.log
   
       CustomLog ${APACHE_LOG_DIR}/access.log combined
   </VirtualHost>
   

4. Disable the default virtualhost and enable the new virtualhost file and activate it.

   sudo a2dissite 000-default.conf
   
   sudo a2ensite app_name.conf
   sudo apachectl -k graceful
   

5. Generate secret key and put the resulting key in the secret.yml file.

   rake secret RAILS_ENV=production
   

   Note: It's not a good and safe practice to put production config values in the repo. A good way is to ignore config files (*.yml) using git so it don't get save in the repo, then just manually create this files, with the correct values, in the production server.
6. Pre-compile assets.

   rake assets:precompile RAILS_ENV=production
   

7. Restart application by typing below in your application's root directory.

   touch tmp/restart.txt
   

   Create this folder (tmp) if you don't have this.

How to Install Passenger + Apache in Ubuntu 16.04 LTS

Note: This assumes that you already have a running Ubuntu server. To install basic security in Ubuntu, see Basic Security Installs for Ubuntu. This instructions was extracted from here.

1. Install Apache Server

     sudo apt-get update
     sudo apt-get install apache2
     

2. Set Global ServerName to Suppress Syntax Warnings: "AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message"

     sudo vim /etc/apache2/apache2.conf
     

   and enter at the end of the file:

     ServerName server_domain_or_IP
     

3. Test config so far

     sudo apache2ctl configtest
     

4. Restart Apache for the changes to take effect

     sudo systemctl restart apache2
     

5. Install Passenger packages.

   # Install our PGP key and add HTTPS support for APT
   sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
   sudo apt-get install -y apt-transport-https ca-certificates
   
   # Add our APT repository
   sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger xenial main > /etc/apt/sources.list.d/passenger.list'
   sudo apt-get update
   
   # Install Passenger + Apache module
   sudo apt-get install -y libapache2-mod-passenger
   

   These commands will install Passenger + Apache module through Phusion's APT repository.
6. Enable the Passenger Apache module and restart Apache

   sudo a2enmod passenger
   sudo apache2ctl restart
   

7. Check installation

   sudo passenger-config validate-install
   

   All checks should pass. If any of the checks do not pass, please follow the suggestions on screen.
8. Check whether Apache has started the Passenger core processes by running the following:

   sudo passenger-memory-stats
   

Creating a Skeleton Rails Application without Database and Test Unit

1. 1. Create application without database access and test unit

       $ rails new [app_name] --skip-active-record --skip-test-unit
   

2. Include Bootstrap
   • Download Bootstrap and extract content
   • Copy bootstrap.min.css and bootstrap.css to /app/assets/css folder
   • Copy bootstrap.min.js and bootstrap.js to /app/assets/js folder
   • Copy fonts folder to /app/assets folder
   Note: The reason why I put bootstrap.css in the main root of asset folder is so I can create a file (ex: custom.css) that will over ride the Bootstrap.css rules in case I want to.
3. Create main controller that will serve as root file.

    $ rails generate controller main_controller index --no-assets --no-helper

4. Set the root route to main_controller#index

       root 'main_controller#index'
   

Basic Security Installs for Ubuntu

The original idea of this post was taken from My First 5 Minutes On A Server; Or, Essential Security for Linux Servers. As I build my server, I follow it but some of it's recommendation does not fit my requirements (ex: connecting via SSH only on certains IPs, which locked me out on several occasions). This post is my own "concoction". This assumes that you already have a fresh server running with only root as user.

1. Login as root and set root password

   passwd
   

   It's always good to use a strong root password. I recommend Random Password Generator for this.
2. Update Ubuntu

   apt-get update
   apt-get upgrade
   

3. Install Fail2ban

   apt-get install fail2ban
   

   Fail2ban is a daemon that monitors login attempts to a server and blocks suspicious activity as it occurs. It’s well configured out of the box.
4. Create user and set-up user folders

   useradd deploy
   mkdir /home/deploy
   mkdir /home/deploy/.ssh
   chmod 700 /home/deploy/.ssh
   

5. Change deploy user's login shell with the 'chsh' command. This will make sure that deploy user will have a more interactive shell.

   sudo chsh -s /bin/bash deploy
   

6. Require public key authentication for logging in

   vim /home/deploy/.ssh/authorized_keys
   

   Copy and paste the contents of the id_rsa.pub on your local machine and any other public keys that you want to have access to this server to the /home/deploy/.ssh/authorized_keys file. Save and close the file.
7. Lock down authorized_keys file and change owner of user folder

   chmod 400 /home/deploy/.ssh/authorized_keys
   chown deploy:deploy /home/deploy -R
   

8. Test the new user (deploy) in a new terminal window

   ssh deploy@<IP_OF_DROPLET>
   

9. While connected as deploy, generate SSH key. This will be used when connecting to github or bitbucket

   ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
   

10. Logout user (deploy), close the the terminal and go back to the terminal where you are logged as root.

    exit
    

11. Change deploy user password. This password will be used when doing sudo commands

    passwd deploy
    

12. Change default text editor to your preference (I like Vim)

    update-alternatives --config editor
    

13. Comment all existing user/group grant lines

    visudo
    

    Add the following line:

    root    ALL=(ALL:ALL) ALL
    deploy  ALL=(ALL:ALL) ALL
    

    This will grant sudo access to the deploy user when they enter the proper password.
14. Set up a firewall to further secure the server using ufw.

    ufw allow 22
    ufw allow 80
    ufw allow 443
    ufw enable
    

15. Enable automatic security updates

    apt-get install unattended-upgrades
    
    vim /etc/apt/apt.conf.d/10periodic
    

    Update the file to look like this:

    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Download-Upgradeable-Packages "1";
    APT::Periodic::AutocleanInterval "7";
    APT::Periodic::Unattended-Upgrade "1";
    

    One more config file to edit:

    vim /etc/apt/apt.conf.d/50unattended-upgrades
    

    Update the file to look like below. This will enable security updates only:

    Unattended-Upgrade::Allowed-Origins {
            "Ubuntu lucid-security";
    //      "Ubuntu lucid-updates";
    };
    

    or

    Unattended-Upgrade::Allowed-Origins {
            "${distro_id}:${distro_codename}";
            "${distro_id}:${distro_codename}-security";
    //      "${distro_id}:${distro_codename}-updates";
    //      "${distro_id}:${distro_codename}-proposed";
    //      "${distro_id}:${distro_codename}-backports";
    };
    

16. Restart server and you're done!

    reboot