Skip to content

Instantly share code, notes, and snippets.

View scarver2's full-sized avatar

Stan Carver II scarver2

View GitHub Profile
@scarver2
scarver2 / kamal-production-server-setup.sh
Created May 26, 2025 15:53 — forked from rameerez/kamal-production-server-setup.sh
Set up a Ubuntu server to deploy Kamal 2.x Docker containers to, hardened security and production ready
#!/bin/bash
# Production Docker Host Hardening Script v2
# For Ubuntu Server 24.04 LTS (Noble)
# Suitable for both Kamal deployment and builder hosts
set -euo pipefail
IFS=$'\n\t'
# --- Constants ---
I am the owner of lvh.me. And I'm glad to hear it's helpful. In truth, it's just a fancy DNS trick. lhv.me and all of it's sub-domains just point back to your computer (127.0.0.1). That means running ssl is as simple (or difficult) as running ssl on your computer.
I'm not sure how comfortable you are with the command line, but here's my how I setup my development environment. (rvm, passenger, nginx w/ SSL, etc).
# Install rvm (no sudo!)
# ------------------------------------------------------
bash < <( curl http://rvm.beginrescueend.com/releases/rvm-install-head )
source ~/.rvm/scripts/rvm
rvm install ree-1.8.7-2010.02
echo "* Updating system"
apt-get update
apt-get -y upgrade
echo "* Installing packages"
apt-get -y install build-essential libmagickcore-dev imagemagick libmagickwand-dev libxml2-dev libxslt1-dev git-core nginx redis-server curl nodejs htop
id -u deploy &> /dev/null
if [ $? -ne 0 ]
then