Ubuntu provisioning script

Community Guides
#1

This recipe is a script to install an Ubuntu 16.04 server ready for you to install your CUBA app. There is a companion recipe here for deploying to your new server using Gradle + SSH.

Yes, the cool kids use Docker or Kubernetes but my requirement is for a plain old server that can run on a Cloud service (AWS, Azure, Google, Digital Ocean etc) or locally on a virtual machine (VMWare, Hyper-V, VirtualBox etc).

Install Ubuntu Server 16.04 LTS with OpenSSH, login and upload the attached script install.sh.

Modify the script configuration settings:

export DNS_HOSTNAME=subdomain.mydomain.com # DNS CNAME or A record
export EMAIL=myemail@mydomain.com # The email address used for Lets Encrypt
export SSHD_PORT=9922 # SSH Port for admin
export TOMCAT_VERSION=8.5.28 # Version of Tomcat to install

The script will install:

  • Tomcat with a version of your choosing. I find the version packaged with Ubuntu is old and has issues when automating an install.
  • Apache2
  • Lets Encypt. Free https certs that renew automatically out of the box with http to https redirect.
  • libapache2-mod-jk to hook the Apache web server to Tomcat for SSL. No need for Tomcat to know about the certs!
  • Libre Office for PDF conversion.
  • A bunch of must have performance monitoring utilities.
  • I use MS SQL Server so I install the MS SQL Server tools. Replace with your database tools as required.
  • Fail2Ban. A firewall that will block various SSH and Apache hacking attempts to harden the server.

Once you have your script configured, execute “chmod +x install.sh && ./install.sh”.

Notes:

  • This script has only been tested with Ubuntu 16.04 and will not work with other distributions or versions.
  • In order for Lets Encrypt to acquire a cert, you need to have a DNS CNAME or A record configured and resolving to you new server from the internet. Make sure you test from the internet before running the script.
  • I move the SSH port from 22 to another port as the minute you start your server, bots will be hacking port 22. When using Fail2Ban, you end up with a long list of banned IP’s blocked by iptables.
  • Do not use Fail2Ban behind a NAT router!
  • The Fail2Ban limits in the script are very aggressive and punitive. Be careful not to lock yourself out!
  • Do not run this script without understanding of what it’s going to do!
  • This script was developed using the “Google Programming” methodology. Attribution goes to a bunch of people on the Internet. Thanks people!

Install.sh (3.9 KB)

4 Likes