Configuring Ubuntu for Bitbucket pipelines

Configure OS

Create users

useradd -m -s $(which bash) -d /home/www-development -G sudo www-development
useradd -m -s $(which bash) -d /home/www-staging -G sudo www-staging
useradd -m -s $(which bash) -d /home/www-production -G sudo www-production

(Optional) Set user passwords

passwd www-development
passwd www-staging
passwd www-production

Configure filesystem

Create directories

mkdir -p /home/www-development/www/htdocs
chown -R www-development:www-development /home/www-development/www

mkdir -p /home/www-staging/www/htdocs
chown -R www-staging:www-staging /home/www-staging/www

mkdir -p /home/www-production/www/htdocs
chown -R www-production:www-production /home/www-production/www

Setup fstab

bindfs#/var/www/tld.domain.development /home/www-development/www fuse force-user=www-development,force-group=www-development,create-for-user=www-data,create-for-group=www-data,create-with-perms=0770,chgrp-ignore,chown-ignore,chmod-ignore 0 0
bindfs#/var/www/tld.domain.staging /home/www-staging/www fuse force-user=www-staging,force-group=www-staging,create-for-user=www-data,create-for-group=www-data,create-with-perms=0770,chgrp-ignore,chown-ignore,chmod-ignore 0 0
bindfs#/var/www/tld.domain.production /home/www-production/www fuse force-user=www-production,force-group=www-production,create-for-user=www-data,create-for-group=www-data,create-with-perms=0770,chgrp-ignore,chown-ignore,chmod-ignore 0 0

Mount directories

mount /home/www-development/www
mount /home/www-staging/www
mount /home/www-production/www

Configure database

Setup MySQL

CREATE USER 'domain_development'@'localhost' IDENTIFIED BY 'correct-horse-battery-staple-development';
GRANT ALL PRIVILEGES ON domain_development.* TO 'domain_development'@'localhost';

CREATE USER 'domain_staging'@'localhost' IDENTIFIED BY 'correct-horse-battery-staple-staging';
GRANT ALL PRIVILEGES ON domain_staging.* TO 'domain_staging'@'localhost';

CREATE USER 'domain_production'@'localhost' IDENTIFIED BY 'correct-horse-battery-staple-production';
GRANT ALL PRIVILEGES ON domain_production.* TO 'domain_production'@'localhost';

Configure SSL

Configure Nginx

server
{
    server_name             development.domain.tld;
    root                    /var/www/tld.domain.development/htdocs/public/;
    listen                  80;
    listen                  [::]:80;
    include                 boilerplate/disable/logging.conf;
    include                 boilerplate/locations/letsencrypt.conf;
}

server
{
    server_name             staging.domain.tld;
    root                    /var/www/tld.domain.staging/htdocs/public/;
    listen                  80;
    listen                  [::]:80;
    include                 boilerplate/disable/logging.conf;
    include                 boilerplate/locations/letsencrypt.conf;
}

server
{
    server_name             production.domain.tld;
    root                    /var/www/tld.domain.production/htdocs/public/;
    listen                  80;
    listen                  [::]:80;
    include                 boilerplate/disable/logging.conf;
    include                 boilerplate/locations/letsencrypt.conf;
}

Setup Let’s Encrypt

certbot certonly --webroot -w /var/www/tld.domain.development/ -d development.domain.tld
certbot certonly --webroot -w /var/www/tld.domain.staging/ -d staging.domain.tld
certbot certonly --webroot -w /var/www/tld.domain.production/ -d domain.tld