Created
March 10, 2018 04:14
-
-
Save fire9/96c9f5518444f7399fe81578e711358c to your computer and use it in GitHub Desktop.
Revisions
-
fire9 created this gist
Mar 10, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,643 @@ echo "flow8" > /etc/hostname hostname -F /etc/hostname echo "106.187.35.226 flow8.net flow8" >> /etc/hosts sudo apt-get install -y exim4 gem install bundler [apc] apc.enabled = 1 apc.shm_segments = 1 apc.shm_size = 64M apc.optimization = 0 apc.num_files_hint = 1000 apc.ttl = 0 apc.gc_ttl = 3600 apc.cache_by_default = On apc.slam_defense = 0 apc.file_update_protection = 2 apc.enable_cli = 0 apc.stat=0 # set ssh vi /etc/ssh/sshd_config PasswordAuthentication no PermitRootLogin no # set timezone dpkg-reconfigure tzdata # update software apt-get update apt-get upgrade --show-upgraded apt-get install language-pack-en language-pack-en-base language-pack-zh-hans language-pack-zh-hans-base language-selector language-selector-common -y sudo nano /etc/environment 在文件PATH后添加以下内容 LC_CTYPE="zh_CN.UTF-8" LANG="zh_CN.UTF-8" LC_ALL=C sudo dpkg-reconfigure locales apt-get install module-assistant build-essential fakeroot dh-make debconf linux-libc-dev dkms libpcre3-dev libbz2-dev libreadline-dev libssl-dev gettext libaio-dev libncurses5-dev libaio-dev libaio1 libaio1-dbg libsnmp-dev autoconf snmp snmpd libsasl2-dev curl git-core python-software-properties libssl-dev libreadline6-dev libyaml-dev libpng++-dev libjpeg62-dev libfreetype6-dev libmcrypt-dev libxml2-dev libmhash-dev mcrypt libopenipmi-dev libgsnmp0-dev libssl-dev zlib1g-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev checkinstall libicu-dev python-setuptools libxslt-dev liblua5.1-0-dev libcurl4-openssl-dev liblua5.1-orbit-dev software-properties-common dstat iftop nmap sysstat cmake vim python-docutils zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev openssh-server redis-server checkinstall libxml2-dev libxslt1-dev libcurl4-openssl-dev libicu-dev libxpm-dev unzip perl alien lsof wget curl htop sysstat tree vnstat iptraf iperf nload ipcalc dstat iftop ntp valgrind -y wget http://www.canonware.com/download/jemalloc/jemalloc-3.6.0.tar.bz2 wget http://ftp.exim.llorien.org/pcre/pcre-8.35.tar.gz wget https://git-core.googlecode.com/files/git-1.8.5.tar.gz wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p392.tar.gz scons sun-java6-bin # setup ntp server aptitude install ntp ntpudate # install ntp, ntpudate ntpudate 3.cn.pool.ntp.org \ # set time 2.cn.pool.ntp.org \ 1.cn.pool.ntp.org adduser --system --no-create-home --disabled-login --disabled-password --group www adduser --system --no-create-home --disabled-login --disabled-password --group mysql adduser --system --group --shell /bin/bash --home /home/fire9 fire9 wget -O init-deb.sh http://library.linode.com/assets/1131-init-deb.shmv init-deb.sh /etc/init.d/nginxchmod +x /etc/init.d/nginx /usr/sbin/update-rc.d -f nginx defaults # iptables /etc/iptables.firewall.rules *filter# Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0-A INPUT -i lo -j ACCEPT-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT# Accept all established inbound connections-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT# Allow all outbound traffic - you can modify this to only allow certain traffic-A OUTPUT -j ACCEPT# Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).-A INPUT -p tcp --dport 80 -j ACCEPT-A INPUT -p tcp --dport 443 -j ACCEPT# Allow SSH connections## The -dport number should be the same port number you set in sshd_config#-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT# Allow ping-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT# Log iptables denied calls-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7# Reject all other inbound - default deny unless explicitly allowed policy-A INPUT -j REJECT -A FORWARD -j REJECT COMMIT iptables-restore < /etc/iptables.firewall.rules iptables -L vi /etc/network/if-pre-up.d/firewall #!/bin/sh /sbin/iptables-restore < /etc/iptables.firewall.rules Fail2Ban is an application that prevents dictionary attacks on your server. When Fail2Ban detects multiple failed login attempts from the same IP address, it creates temporary firewall rules that block traffic from the attacker's IP address. Attempted logins can be monitored on a variety of protocols, including SSH, HTTP, and SMTP. By default, Fail2Ban monitors SSH only. Here's how to install and configure Fail2Ban: 1. Install Fail2Ban by entering the following command: sudo apt-get install fail2ban 2. Configure the Fail2Ban preferences by entering the following command: sudo nano /etc/fail2ban/jail.conf 3. If you have a static IP address in your home or office, enter it next to the ignoreip variable so Fail2Ban knows to ignore it. You can enter multiple IP addresses separated by spaces. 4. Set the bantime variable to specify how long (in seconds) bans should last. 5. Set the maxretry variable to specify the default number of tries a connection may be attempted before an attacker's IP address is banned. 6. Press Control-x and then press y to save the changes to the Fail2Ban configuration file. Fail2Ban is now installed and running on your Linode. It will monitor your log files for failed login attempts. After an IP address has exceeded the maximum number of authentication attempts, it will be blocked at the network level and the event will be logged in /var/log/fail2ban.log . /etc/network/if-pre-up.d/firewall /etc/network/if-pre-up.d/firewall /etc/network/if-pre-up.d/firewall update-alternatives --install /usr/bin/java java /data/apps/jdk1.6.0_32/bin/java 300 update-alternatives --install /usr/bin/javac javac /data/apps/jdk1.6.0_32/bin/javac 300 update-alternatives --config java export JAVA_HOME=/opt/jdk1.6.0_41 export PATH=$PATH:/opt/jdk1.6.0_41bin:/opt/jdk1.6.0_41/jre/bin export CLASSPATH="./:/opt/jdk1.6.0_41/lib:/opt/jdk1.6.0_41/jre/lib" export LD_LIBRARY_PATH=/opt/jdk1.6.0_41/jre/lib/amd64:/opt/jdk1.6.0_41/jre/lib/amd64/server update-alternatives --install /usr/bin/java java /opt/jdk1.6.0_32/bin/java 300 update-alternatives --install /usr/bin/javac javac /opt/jdk1.6.0_32/bin/javac 300 update-alternatives --config java $ sudo vi /etc/modprobe.d/aliases 注释 alias net-pf-10 ipv6 $ sudo vi /etc/modprobe.d/blacklist 加入 blacklist ipv6 cat /proc/modules lsmod modinfo raid0 modprobe -c modprobe -l modprobe -r rmmod insmod apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db add-apt-repository 'deb http://ftp.osuosl.org/pub/mariadb/repo/5.5/ubuntu precise main' sudo apt-get update sudo apt-get install mariadb-server-5.5 mariadb-client-5.5 libmariadbclient-dev dpkg-reconfigure mysql-server-5.0 dpkg-reconfigure exim4-config # Install Node.JS sudo apt-add-repository ppa:chris-lea/node.js sudo apt-get update sudo apt-get install nodejs sudo ln -s /lib/x86_64-linux-gnu/libssl.so.1.0.0 /lib/libssl.so.6 sudo ln -s /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /lib/libcrypto.so.6 easy_install ipython bpython pexpect MySQL-python requests wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.3-p484.tar.gz tar zxvf ruby-1.9.3-p484.tar.gz cd ruby-1.9.3-p484 ./configure make make install gem update --system gem install bundler wget http://download.savannah.gnu.org/releases/libunwind/libunwind-1.1.tar.gz tar zxvf libunwind-1.1.tar.gz cd libunwind-1.1 CFLAGS=-fPIC ./configure make CLFAGS=-fPIC make CLFAGS=-fPIC install cd .. wget http://gperftools.googlecode.com/files/gperftools-2.1.tar.gz tar zxvf gperftools-2.1.tar.gz cd gperftools-2.1 ./configure --enable-frame-pointers make && make install cd .. echo "/usr/local/lib" > /etc/ld.so.conf.d/usr_local_lib.conf /sbin/ldconfig ##### 接下来为google-perftools添加线程目录: mkdir /tmp/tcmalloc chmod 0777 /tmp/tcmalloc 修改/usr/local/nginx/conf/ncing.conf #### setup php php-fpm <pre> tar zxvf php-5.3.22.tar.gz cd php-5.3.22 ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --enable-fpm --with-snmp --with-gettext --enable-zend-multibyte --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-snmp --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-gd make make install cp php.ini-production /usr/local/php/etc/php.ini cd .. </pre> ./configure --prefix=/usr/local/php --with-config-file-path=/usr/local/php/etc --with-iconv-dir --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --enable-xml --disable-rpath --enable-bcmath --enable-shmop --enable-sysvsem --enable-inline-optimization --with-curl --with-curlwrappers --enable-mbregex --enable-mbstring --with-mcrypt --with-gd --enable-gd-native-ttf --with-openssl --with-mhash --enable-pcntl --enable-sockets --with-xmlrpc --enable-zip --enable-soap --enable-fpm --with-snmp --with-gettext --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-snmp --with-mysql=/usr/local/mysql --with-mysqli=/usr/local/mysql/bin/mysql_config --with-gd --enable-mysqlnd --enable-zip --with-zend-vm=CALL --with-zend-vm=TYPE --enable-mysqlnd --enable-zip apt-get install libcloog-ppl0 <pre> apt-get install libmagickwand-dev wget http://pecl.php.net/get/imagick-3.0.1.tgz tar zxvf imagick-3.1.2.tgz cd imagick-3.1.2/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --with-imagick=/usr/local/imagemagick make make install cd ../ </pre> wget https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz tar zxvf libevent-2.0.21-stable.tar.gz cd libevent-2.0.21-stable/ ./configure make make install wget http://memcached.googlecode.com/files/memcached-1.4.15.tar.gz tar zxvf memcached-1.4.15.tar.gz cd memcached-1.4.15/ ./configure --enable-64bit --enable-sasl --with-libevent make sudo make install cd .. tar zxvf libmemecached-1.0.16.tar.gz cd libmemcached-1.0.16 ./configure --prefix=/usr/local/libmemcached --enable-silent-rules --enable-libmemcachedprotocol --enable-memaslap --with-mysql=/usr/local/mysql/bin/mysql_config --with-memcached make -j2 make install cd ../ tar zxvf memcache-2.2.7.gz cd memcache-2.2.7 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --enable-memcache make make install apt-get install libmemcached-dev libmemcached-tools tar zxvf memcached-2.1.0.tar.gz cd memcached-2.1.0 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --enable-memcached --enable-memcached-json --with-libmemcached-dir=/usr/local/libmemcached/ git clone https://github.com/redis/hiredis.git cd hiredis make make install cd ../ git clone https://github.com/nicolasff/php-hiredis.git cd php-hiredis /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --enable-hiredis make make install cd ../ wget https://github.com/eaccelerator/eaccelerator/tarball/master mv master eaccelerator.tar.gz tar zxvf eaccelerator.tar.gz cd eaccelerator/ /usr/local/php/bin/phpize ./configure --enable-eaccelerator=shared --with-php-config=/usr/local/php/bin/php-config make && make install wget http://pecl.php.net/get/PDO_MYSQL-1.0.2.tgz tar -zxvf PDO_MYSQL-1.0.2.tgz cd PDO_MYSQL-1.0.2 /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config --with-pdo-mysql make make install cd ../ tar zxvf taint-1.2.2.tgz cd taint-1.2.2/ /usr/local/php/bin/phpize ./configure --with-php-config=/usr/local/php/bin/php-config make make install cd ../ apt-get install libcloog-ppl0 tar zxvf libmemcached-1.0.17.tar.gz cd libmemcached-1.0.17/ ./configure --enable-assert --enable-silent-rules --enable-libmemcachedprotocol --enable-hsieh_hash --enable-memaslap --with-mysql=/usr/local/mysql --with-memcached make make install cd ../ ./configure --user=www-data --group=www-data --with-rtsig_module --with-poll_module --with-file-aio --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_slice_module --with-http_mp4_module --with-http_gzip_static_module --with-http_concat_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_sysguard_module --with-pcre=/opt/pcre-8.33 --with-http_lua_module --with-http_stub_status_module --with-http_ssl_module --with-jemalloc --add-module=/opt/Modules/ngx_pagespeed --add-module=/opt/Modules/nginx-rtmp-module ---------------------------------------------------------------------------- # 在pid这行的下面添加 #pid logs/nginx.pid; google_perftools_profiles /tmp/tcmalloc; sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db sduo vi /etc/apt/sources.list # MariaDB 5.5 repository list - created 2013-01-14 15:17 UTC # http://downloads.mariadb.org/mariadb/repositories/ deb http://download.nus.edu.sg/mirror/mariadb/repo/5.5/ubuntu precise main deb-src http://download.nus.edu.sg/mirror/mariadb/repo/5.5/ubuntu precise main sudo apt-get update sudo apt-get install mariadb-server-5.5 mariadb-test.5.5 mariadb-common mariadb-client-5.5 libmariadbclient-dev libmariadbclient18 libmysqlclient18 # Setup Percona sudo gpg --keyserver hkp://keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A sduo gpg -a --export CD2EFD2A | sudo apt-key add - sudo vi /etc/apt/source.list deb http://repo.percona.com/apt lucid main deb-src http://repo.percona.com/apt lucid main deb http://repo.percona.com/apt precise main deb-src http://repo.percona.com/apt precise main sudo apt-get install percona-server-client-5.5 percona-server-common-5.5 percona-server-server-5.5 percona-server-test-5.5 percona-toolkit percona-xtrabackup percona-xtrabackup-test xtrabackup # Install MongoDB sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10 sudo vi /etc/apt/sources.list deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen sudo apt-get update sudo apt-get install mongodb-10gen memory_limit = 256M post_max_size = 32M upload_max_filesize = 16M max_execution_time = 600 max_input_time = 600 date.timezone = UTC ##### setup PostGreSQL apt-get install python-software-properties apt-get install software-properties-common add-apt-repository ppa:pitti/postgresql apt-get update apt-get -y install postgresql libpq-dev <pre> sudo -u postgres psql # \password # create user blog with password 'secret'; # create database blog_production owner blog; # \q </pre> ./configure --enable-libmemcachedprotocol --enable-memaslap --enable-hsieh_hash --with-mysql --with-memcached --with-gearmand #set java environment export JAVA_HOME=/opt/jdk1.6.0_41 export CLASSPATH=.:$CLASSPATH:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar export PATH=$PATH:$JAVA_HOME/bin ./configure --with-php-config=/usr/local/php/bin/php-config --enable-memcached --enable-memcached-json ./configure --prefix=/usr/local/pureftpd --with-pam --with-cookie --with-throttling --with-ratios --with-ftpwho --with-welcomemsg --with-uploadscript --with-virtualhosts --with-virtualchroot --with-diraliases --with-peruserlimits --with-everything --with-language= english, simplified-chinese, traditional-chinese --with-mysql --with-bonjour # 查看是否存在大量的TIME_WAIT连接 netstat -n | awk '/^tcp/ {++State[$NF]} END { for(i in State) print i, State[i]}' vi /etc/sysctl.conf net.ipv4.tcp_tw_resuse=1 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_fin_timeout=30 net.ipv4.tcp_keepalive_time=1800 net.ivp4.tcp_max_syn_backlog=8192 netstat -na | grep "SYN_RECV" | wc -l while [ 1 ];do dd if=/dev/zero of=test_file bs=4k count=20 seek=$RANDOM oflag=sync;done blktrace /dev/sdb 有IO压力的时候一会儿就可以了,通过ctrl+c停止抓取。 blktrace是需要debugfs支持的,如果系统提示debugfs没有mount,需要先mount上 mount -t debugfs none /sys/kernel/debug 再执行blktrace命令 kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm ppp-2.4.5-23.0.rhel6.x86_64.rpm ppp-devel-2.4.5-23.0.rhel6.x86_64.rpm pptpd-1.3.4-2.el6.x86_64.rpm pptp-release-4-6.rhel6.noarch.rpm mysqldump -uroot --skip-opt --single-transaction --add-drop-table --create-options --quick --extended-insert --set-charset --disable-keys -S /tmp/mysql3306.sock discuz > discuz.sql mysqldump -uroot --skip-opt --single-transaction --add-drop-table --create-options --quick --extended-insert --set-charset --disable-keys -S /tmp/mysql3306.sock wordpress > wordpress.sql mysqldump -uroot --skip-opt --single-transaction --add-drop-table --create-options --quick --extended-insert --set-charset --disable-keys -S /tmp/mysql3306.sock zabbix > zabbix.sql flush tables; flush logs; reset master; FLUSH TABLES WITH READ LOCK; slave stop; change master to master_user='repadmin', master_password='repadmin', master_host='10.147.140.11', master_port = 3320, master_log_file='mysql-bin.000069', master_log_pos=107; CHANGE MASTER TO MASTER_HOST='localhost', MASTER_PORT=3306, MASTER_USER='repl', MASTER_PASSWORD='1q2w3e4r', MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS=107; slave start; show slave status\G ----------------------------------------------------------------------------------------------- <pre> sed -i 's#extension_dir = "./"#extension_dir = "/usr/local/php/lib/php/extensions/no-debug-non-zts-20090626/"\nextension = "memcache.so"\nextension = "pdo_mysql.so"\nextension = "imagick.so"\n#' /usr/local/php/etc/php.ini sed -i 's#output_buffering = Off#output_buffering = On#' /usr/local/php/etc/php.ini sed -i "s#; always_populate_raw_post_data = On#always_populate_raw_post_data = On#g" /usr/local/php/etc/php.ini sed -i "s#; cgi.fix_pathinfo=0#cgi.fix_pathinfo=0#g" /usr/local/php/etc/php.ini </pre> mkdir /usr/local/eaccelerator_cache vi /usr/local/php/etc/php.ini mv /usr/local/php/etc/php-fpm.conf /usr/local/php/etc/php-fpm.conf.old vi /usr/local/php/etc/php-fpm.conf # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; /usr/local/nginx/sbin/nginx vi /etc/rc.local ulimit -SHn 65535 /usr/local/php/sbin/php-fpm /usr/local/nginx/sbin/nginx * ** vi /etc/sysctl.conf ** <pre> net.ipv4.tcp_max_syn_backlog = 65536 net.core.netdev_max_backlog = 32768 net.core.somaxconn = 32768 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_timestamps = 0 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 2 net.ipv4.tcp_tw_recycle = 1 #net.ipv4.tcp_tw_len = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_max_orphans = 3276800 #net.ipv4.tcp_fin_timeout = 30 #net.ipv4.tcp_keepalive_time = 120 net.ipv4.ip_local_port_range = 1024 65535 </pre> * ** /sbin/sysctl -p ** # check syantx is right /usr/local/nginx/sbin/nginx -t /usr/local/nginx/sbin/nginx -s reload #!/bin/bash # This script run at 00:00 # The Nginx logs path logs_path="/usr/local/nginx/logs/" mkdir -p ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/ mv ${logs_path}access.log ${logs_path}$(date -d "yesterday" +"%Y")/$(date -d "yesterday" +"%m")/access_$(date -d "yesterday" +"%Y%m%d").log kill -USR1 `cat /usr/local/nginx/nginx.pid` crontab -e 00 00 * * * /bin/bash /usr/local/nginx/sbin/cut_nginx_log.sh ------------------------------------------------------------------------------------------------ easy_install pygments # support python synatx highilighter ##### rbenv <pre> curl -L https://raw.github.com/fesplugas/rbenv-installer/master/bin/rbenv-installer | bash vim .bashrc # add rbenv to the top . .bashrc rbenv bootstrap-ubuntu-12-04 rbenv install 1.9.3-p385 rbenv global 1.9.3-p385 gem install bundler gem install charlock_holmes --version '0.6.9' gem install rake rbenv rehash </pre> ##### nginx <pre> add-apt-repository ppa:nginx/stable apt-get update apt-get -y install nginx service nginx start </pre> ###### PostgreSQL <pre> add-apt-repository ppa:pitti/postgresql apt-get -y update apt-get -y install postgresql libpq-dev sudo -u postgres psql # \password # create user gitlab with password 'dinghao'; # n # \q </pre> ##### Created git & gitlab user <pre> sudo adduser \ --system \ --shell /bin/sh \ --gecos 'Git Version Control' \ --group \ --disabled-password \ --home /home/git \ git sudo adduser --disabled-login --gecos 'GitLab' gitlab # Add it to the git group sudo usermod -a -G git gitlab # Generate the SSH key sudo -u gitlab -H ssh-keygen -q -N '' -t rsa -f /home/gitlab/.ssh/id_rsa </pre> <pre> cd /home/git sudo -u git -H git clone -b gl-v320 https://github.com/gitlabhq/gitolite.git /home/git/gitolite sudo -u gitlab -H ssh git@localhost sudo -u gitlab -H ssh git@gitlab sudo -u gitlab -H bundle install --deployment --without development test mysql git config --global user.name "GitLab" git config --global user.email "gitlab@GitLab"