Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
vps_setup_commands_to_use [2018/03/02 21:06]
t1m3c
— (current)
Line 1: Line 1:
-The following information was supplied by a user and reviewed by our security expert on the PT team. This is for linux VPS deployment. It includes some notes and systemd service files to integrate. This also includes a section for security settings when configuring your VPS.  
- 
-These are just notes, and are not complete, You should not rely on these to ensure your security or proper setup. ​ 
- 
-Use at your own risk.  
- 
----- 
-<​file>​ 
-##################################################################​ 
-# Notes to set up Linux VPS, these are from a Fedora 27 server 
-# but should be applicable to most systemd distributions 
-##################################################################​ 
- 
-###############################################​ 
-# SET UP VPS, AS USER ROOT 
-###############################################​ 
- 
-#################################​a 
-# Set up user/​pass/​sudo/​system requirements 
-#################################​ 
-dnf -y update; reboot 
-useradd profit; echo "​PICKAPASSWORD"​ | passwd profit --stdin 
-usermod -a -G wheel profit 
-dnf -y install java nano policycoreutils-python-utils 
- 
-#################################​ 
-# Disable root login w/ ssh 
-#################################​ 
-sed -i '​s/​PermitRootLogin yes/​PermitRootLogin no/g' /​etc/​ssh/​sshd_config 
-systemctl restart sshd.service 
- 
-#################################​ 
-# If running VPS on public cloud, change SSH listening ports from default 22 
-# in this example we use port 22222, however this can be changed to any open port 
-#################################​ 
-sed -i '​s/#​Port 22/Port 22222/​g'​ /​etc/​ssh/​sshd_config 
-semanage port -a -t ssh_port_t -p tcp 22222 
-systemctl restart sshd.service 
-firewall-cmd --add-port=22222/​tcp --permanent 
-firewall-cmd --reload 
- 
-#################################​ 
-# If running VPS local, NOT in cloud, open firewall ports so you don't need to port forward webui over ssh. Uncomment and adjust port numbers only if those ports are blocked initially 
-#################################​ 
-# firewall-cmd --add-port=8081/​tcp --permanent 
-# firewall-cmd --reload 
- 
-# Only run if setting up second instance 
-# firewall-cmd --add-port=8082/​tcp --permanent 
-# firewall-cmd --reload 
-#################################​ 
- 
-#################################​ 
-# Set up PT destination directory/​perms 
-# If running second instance, make sure you change the port in /​opt/​ProfitTrailer1 in application.properties 
-# in this example we set up the second instance to use port 8082 
-#################################​ 
-mkdir -p /​opt/​ProfitTrailer;​chown -R profit:​profit /​opt/​ProfitTrailer 
- 
-# Only run if setting up second instance 
-mkdir -p /​opt/​ProfitTrailer1;​chown -R profit:​profit /​opt/​ProfitTrailer1 
- 
-#################################​ 
-# Create systemd service file in /​etc/​systemd/​system 
-#################################​ 
-cat >> /​etc/​systemd/​system/​profit.service << EOF  
-[Unit] 
-Description=profit 
-After=network-online.target 
- 
-[Service] 
-Type=simple 
-WorkingDirectory=/​opt/​ProfitTrailer 
-ExecStart=/​usr/​bin/​java -jar /​opt/​ProfitTrailer/​ProfitTrailer.jar -XX:​+UseConcMarkSweepGC -Xmx256m -Xms256m 
-TimeoutSec=300 
- 
-[Install] 
-WantedBy=multi-user.target 
-EOF 
- 
- 
-# Only run if setting up second instance 
-cat >> /​etc/​systemd/​system/​profit1.service << EOF 
-[Unit] 
-Description=profit1 
-After=network-online.target 
- 
-[Service] 
-Type=simple 
-WorkingDirectory=/​opt/​ProfitTrailer1 
-ExecStart=/​usr/​bin/​java -jar /​opt/​ProfitTrailer1/​ProfitTrailer.jar -XX:​+UseConcMarkSweepGC -Xmx256m -Xms256m 
-TimeoutSec=300 
- 
-[Install] 
-WantedBy=multi-user.target 
-EOF 
- 
- 
-#################################​ 
-# Set up systemd service to run as profit user 
-#################################​ 
-mkdir -p /​etc/​systemd/​system/​profit.service.d 
-cat >> /​etc/​systemd/​system/​profit.service.d/​profit.conf << EOF 
-[Service] 
-User=profit 
-Group=profit 
-EOF 
- 
-# Only run if setting up second instance 
-mkdir -p /​etc/​systemd/​system/​profit1.service.d 
-cat >> /​etc/​systemd/​system/​profit1.service.d/​profit1.conf << EOF 
-[Service] 
-User=profit 
-Group=profit 
-EOF 
- 
-#################################​ 
-# Reload systemd to reflect changes / persist service 
-#################################​ 
-systemctl daemon-reload;​ systemctl enable profit.service 
- 
-# Only run if setting up second instance 
-systemctl daemon-reload;​ systemctl enable profit1.service 
- 
- 
-###############################################​ 
-# SET UP PROFIT TRAILER, AS USER “PROFIT” 
-###############################################​ 
- 
-#################################​ 
-# Unzip profit trailer to destination directory 
-# Grab the latest version from https://​github.com/​taniman/​profit-trailer/​releases and unzip to /​opt/​ProfitTrailer 
-cd ~profit;​wget https://​github.com/​taniman/​profit-trailer/​releases/​download/​v1.2.6.11/​ProfitTrailer.zip 
-unzip ProfitTrailer.zip -d /opt 
-#################################​ 
- 
- 
-#################################​ 
-# Service manipulation / log files 
-#################################​ 
-sudo systemctl status profit.service 
-sudo systemctl start profit.service 
-sudo systemctl stop profit.service 
- 
-tail -f /​opt/​ProfitTrailer/​logs/​* 
- 
- 
- 
- 
- 
- 
-#################################​ 
-# ssh to host to set up port forwarding; ​ 
-# browse to http://​localhost:​8081/​monitoring 
-# or http://​localhost:​8082/​monitoring 
-#################################​ 
-# Connect to VPS 
-ssh -L 8081:​localhost:​8081 -L 8082:​localhost:​8082 profit@VPSIPADDRESS -p 22222 
- 
-#################################​ 
-# Mount from OSX, will show up on desktop, install 
-# https://​osxfuse.github.io/​ 
-#################################​ 
-# Connect to VPS 
-mkdir -p /​Volumes/​PT/;​ sshfs -p 22222 profit@VPSIPADDRESS:/​opt/​ProfitTrailer /​Volumes/​PT/​ -o noapplexattr 
- 
- 
- 
-#################################​ 
-# Backup Profit Trailer settings from VPS 
-# rsync -n is a preview, remove -n to run 
-#################################​ 
-# If Local VPS 
-rsync -n -av --delete profit@VPSIPADDRESS:/​opt/​ProfitTrailer/​ /​DESTINATIONDIR/​Profit_Trailer/​VPS_ProfitTrailer_backup 
- 
- 
-# If Cloud VPS and ssh runs on a different port 
-rsync -n -av -e "ssh -p 22222" --delete profit@VPSIPADDRESS:/​opt/​ProfitTrailer/​ /​DESTINATIONDIR/​Profit_Trailer/​cloudVPS_ProfitTrailer_backup 
- 
-</​file>​ 
- 
  
  • vps_setup_commands_to_use.1520024793.txt.gz
  • Last modified: 16 months ago
  • by t1m3c