separated install process into two scripts; one ran as root and other ran as gliders user

deploy.sh

+#!/bin/sh
+# Running as the 'gliders' user, fetch and deploy the
+# backend tools and website. This script will download
+# all our logs from various dockservers and
+# migrates data (such as users) from the old gliders
+# website database.
+
+# Generate a SSH key
+# We want passwordless authentication when logging into
+# dockservers from scripts etc.
+ssh-keygen
+
+# Install Composer
+mkdir -p /home/gliders/bin
+curl -sS https://getcomposer.org/installer | php -- --install-dir=bin
+ln -s /home/gliders/bin/composer.phar /home/gliders/bin/composer
+
+# Set up python environment and directories
+mkdir -p /home/gliders/code
+mkdir -p /home/gliders/pythonenv
+mkdir -p /var/gliders/www /var/gliders/www_dev /var/gliders/logs
+virtualenv /home/gliders/pythonenv --system-site-packages
+echo 'source /home/gliders/pythonenv/bin/activate' >> /home/gliders/.bash_profile
+source /home/gliders/pythonenv/bin/activate
+
+cd /home/gliders/code
+# Add contents of /home/gliders/.ssh/id_rsa.pub to GitLab, then:
+git clone git@gitlab.noc.soton.ac.uk:owanes/gliders-tools.git
+git clone git@gitlab.noc.soton.ac.uk:owanes/gliders-website.git
+
+# Install the gliders DB and parser python libraries,
+# then fetch all our log files and parse them!
+cd gliders-tools
+python setup.py install
+
+echo "please enter your mysql root user password when prompted (three times)"
+mysql -u root -p < new_schema.sql
+echo "CREATE USER 'gliders'@'%' IDENTIFIED BY 'gliders9876';" | mysql -u root -p
+echo "GRANT ALL ON gliders.* TO 'gliders'@'%';" | mysql -u root -p
+cd bin
+./migrate_data.sh
+./migrate_argos.sh
+
+# Deploy the website
+cd /home/gliders/code/gliders-website
+./bin/deploy.sh
+./bin/deploy_dev.sh

gliders.nginx.conf

@@ -16,7 +16,7 @@ map $host $symfony_root_dev {
 server {
     listen 80;
 
-    server_name gliders.vm;
+    server_name gliders.vm gliders.odj.me;
     root $symfony_root/web;
 
     error_log /var/log/nginx/gliders.error.log;
@@ -74,7 +74,65 @@ server {
 server {
     listen 80;
 
-    server_name dev.gliders.vm;
+    server_name dev.gliders.vm dev.gliders.odj.me;
+
+    root $symfony_root_dev/web;
+
+    error_log /var/log/nginx/dev.gliders.error.log;
+    access_log /var/log/nginx/dev.gliders.access.log;
+
+    # Enable compression. Very helpful when we're getting stuff like
+    # large amounts of vehicle tracks in JSON form!
+    gzip on;
+    gzip_types text/plain application/xml text/html text/css application/json application/x-javascript text/xml text/javascript;
+
+    # strip app.php/ prefix if it is present
+    rewrite ^/app_dev\.php/?(.*)$ /$1 permanent;
+
+    location / {
+        index app_dev.php;
+        try_files $uri @rewriteapp;
+    }
+
+    location ~ ^/(images|fonts|css|js) {
+        access_log off;
+        error_log off;
+        try_files $uri =404;
+        expires 1y;
+        add_header Cache-Control "public";
+    }
+
+    location ~ ^/images/vehicles/(?<vehicle_type>[a-zA-Z0-9]+)_(?<vehicle_name>[a-zA-Z0-9]+)\.(png|jpg)$ {
+        access_log off;
+        error_log off;
+        try_files $uri images/vehicles/$vehicle_type.png =404;
+    }
+
+    location /static/logs {
+        alias /var/gliders/logs;
+    }
+
+    location /var/gliders/logs {
+        alias /var/gliders/logs;
+    }
+
+    location @rewriteapp {
+        rewrite ^(.*)$ /app_dev.php/$1 last;
+    }
+
+    # pass the PHP scripts to FastCGI server from upstream phpfcgi
+    location ~ ^/(app|app_dev|config)\.php(/|$) {
+        fastcgi_pass phpfcgi;
+        include fastcgi_params;
+        fastcgi_split_path_info ^(.+\.php)(/.*)$;
+        fastcgi_param  SCRIPT_FILENAME $symfony_root_dev/web$fastcgi_script_name;
+        fastcgi_param  HTTPS off;
+    }
+}
+
+server {
+    listen 8000;
+
     root $symfony_root_dev/web;
 
     error_log /var/log/nginx/dev.gliders.error.log;

install.sh

@@ -2,9 +2,7 @@
 # Install the packages we need to set up our gliders website + backend.
 # This file doubles up as notes/instructions.
 
-# Installed on a VirtualBox VM with 512mb RAM, 1 CPU, 8gb storage
-# Add a second 'Host Only' network adapter to allow SSH/web connections
-# from host machine.
+# Installed on a VirtualBox VM with 2gb RAM, 1 CPU, 8gb storage
 
 # Based on a clean CentOS 7 minimal x64 installation
 # (CentOS-7-x86_64-Minimal-1503-01)
@@ -14,7 +12,7 @@
 
 # As root:
 yum check-update
-yum install epel-release  # enables another software repo
+yum install epel-release  # enables 'enterprise' software repo
 yum update
 
 # Install needed tools
@@ -32,6 +30,8 @@ pip install css-html-js-minify
 pip install bcrypt
 
 # Install (& configure) sendmail
+# This isn't needed yet! But eventually we'd like to have theystem
+# email people alerts for things (e.go velogs an alarm)
 yum install sendmail sendmail-cf m4
 systemctl enable sendmail
 
@@ -42,17 +42,30 @@ mysql_secure_installation
 # remote root login disabled
 systemctl enable mariadb
 
+# Install ElasticSearch
+# (Used for getting 
+yum install java-1.8.0-openjdk
+rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
+cp elasticsearch.repo /etc/yum/repos.d/
+yum check-update
+yum install elasticsearch
+systemctl enable elasticsearch
+
 # Install SQLAlchemy
 yum install MySQL-python python-sqlalchemy
 
 # Install PHP
 yum install php php-fpm php-apc php-pdo php-mcrypt php-mbstring
+cp php.ini /etc/php.ini
+cp php-d-fpm.ini /etc/php.d/fpm.ini
 cp php-fpm-www.conf /etc/php-fpm.d/www.conf
 systemctl enable php-fpm
 
 # As for the webserver -- either apache or nginx...
 # nginx is nice and fast, apache gets better support from
 # CentOS etc.
+# Haven't tested apache *at all* and have added stuff
+# to the nginx config that makes the site work correctly
 
 # FOR NGINX
 # Based on https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-centos-7
@@ -61,47 +74,29 @@ yum install nginx
 useradd -m gliders
 gpasswd -a nginx gliders
 gpasswd -a apache gliders
+gpasswd -a wheel gliders  # let gliders user do sudo?
 mkdir -p /home/gliders/www
+mkdir -p /var/gliders/logs /var/gliders/www/ /var/gliders/www_dev/
 chmod -R g+x /home/gliders
+chown -R gliders:nginx /var/gliders
 cp nginx.conf /etc/nginx/
 cp gliders.nginx.conf /etc/nginx/conf.d/
+chown gliders:nginx /etc/nginx/conf.d/gliders.nginx.conf # allow gliders user to edit their nginx config?
 systemctl enable nginx
 
-# Install fail2ban
+# Install fail2ban: This is some intrusion detection software
+# that can help to block people trying to do brute-force
+# logins etc.
 yum install fail2ban
 systemctl enable fail2ban
 
 # Allow web through the firewall
+systemctl enable firewalld
+systemctl start firewalld
 firewall-cmd --permanent --zone=public --add-service=http 
 firewall-cmd --permanent --zone=public --add-service=https
-firewall-cmd --permanent --zone=public --add-service=8080/tcp
+firewall-cmd --permanent --zone=public --add-service=8080/tcp  # port 8080 for dev branch of site
 firewall-cmd --reload
 
-# Pull glider website and glider scripts from git repos
-mkdir -p /home/gliders/code
-mkdir -p /home/gliders/pythonenv
-virtualenv /home/gliders/pythonenv
-cd /home/gliders/code
-ssh-keygen
-# Add contents of /home/gliders/.ssh/id_rsa.pub to GitLab, then:
-git clone git@gitlab.noc.soton.ac.uk:owanes/gliders-tools.git
-git clone git@gitlab.noc.soton.ac.uk:owanes/gliders-website.git
-
-# Install the gliders DB and parser python libraries,
-# then fetch all our log files and parse them!
-cd gliders-tools
-python setup.py install
-
-echo "please enter your mysql root user password when prompted (three times)"
-mysql -u root -p < new_schema.sql
-echo "CREATE USER 'gliders'@'%' IDENTIFIED BY PASSWORD 'gliders9876';" | mysql -u root -p
-echo "GRANT ALL ON gliders.* TO 'gliders'@'%';" | mysql -u root -p
-cd bin
-./migrate_data.sh
-
-cd /home/gliders/code/gliders-website
-./bin/deploy.sh
-
-# Restart (needed to get firewall to open ports for web, kernel might be
-# updated etc.)
-reboot
+# Set the system timezone to UTC
+timedatectl set-timezone UTC

php-d-fpm.ini

 cgi.fix_pathinfo=0
+date.timezone = 'UTC'