description "Your App"
author "Your Name "
start on (net-device-up and local-filesystems)
stop on shutdown
export HOME="/root/of/django/app" # i.e. where "manage.py" can be found
export PATH="$PATH:/root/of/django/app/env/bin" # "env" is our virtualenv
exec $HOME/env/bin/gunicorn -b 127.0.0.1:8000 -w 1 --log-file /var/log/gunicorn/yourapp.log app
import os, sys
path = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
if path not in sys.path:
application = django.core.handlers.wsgi.WSGIHandler()
Accept "related" ("packet is starting a new connection, but is associated with an existing connection") and "established" ("packet is associated with a connection which has seen packets in both directions") packets:
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
SSH; set port (XXXXX) to 22 if you're running the default, which you perhaps should not do as the script kiddies will not leave you alone. If this is changed to something non-default then do not forget to change the port in /etc/ssh/sshd_config (the Port configuration directive) and do these changes coordinatedly. Otherwise you will be locked out.
In order to try something new (and save money) I switched my personal "utility" server from EC2 to DigitalOcean. As I was running just a t1.micro instance anyway, I selected DigitalOcean's cheapest offering, which costs $5/month (512MB/20GB(SSD)/1TB). Plus $1/month for regular backups (they somehow backup the whole server while the server is running, so I'm not sure how consistent said backup can possibly be but at least it's cheap).
DigitalOcean is offering just servers, and the whole experience isn't of course quite as polished as with Amazon. Nor can you, say, access S3 (or other services) at quite the same speed as when in Amazon's network. But for my use case it's a good fit.
Like the title says, the point of this post is getting autossh up when Ubuntu boots. Place this in e.g. /etc/init/autossh.conf, after which you will be
able to says things like sudo start autossh and sudo stop autossh.
description "autossh tunnel"
author "Joni Kähärä "
start on (local-filesystems and net-device-up IFACE=eth0 and net-device-up IFACE=eth1) # assuming we have multiple interfaces
stop on runlevel 
respawn limit 5 60
exec autossh -M 0 -N -R 10000:192.168.1.1:22 -o "ServerAliveInterval 60" -o "ServerAliveCountMax 3" -o "StrictHostKeyChecking=no" -o "BatchMode=yes" -i /home/user/.ssh/id_rsa username@hostname
The “start on” line ensures that autossh won’t start before all network interfaces are up, and “stop on” will stop autossh (if it’s running) on runlevels 0, 1 and 6 (halt, single user and reboot, respectively). The “respawn limit” line will ensure that if autossh goes crazy, it will not be started again. Note that the plain “respawn” line is still needed to actually respawn the process.
Of the command line options only the first one (-M 0) is for autossh, the rest are regular ssh options.
-M 0 denotes that autossh should not set up it’s own monitoring channel and should instead rely on ssh terminating itself when it decides that the connection’s been lost (see ServerAlive* options below).
-N means “Do not execute a remote command”, i.e. just set up the connection and port forward.
-R 10000:192.168.1.1:22 means that we want TCP port 10000 on the remote host forwarded to port 22 on local host (192.168.1.1).
-o "ServerAliveInterval 60" send “keepalive” messages every 60 seconds
-o "ServerAliveCountMax 3" terminate ssh if three consecutive ServerAliveInterval inquiries fail (and thus respawn)
-o "StrictHostKeyChecking=no" don’t fail if remote server’s identity changed
-o "BatchMode=yes" don’t attempt to use a passphrase if public key login fails
-i /home/user/.ssh/id_rsa the private key we’ll use for the tunnel
username@hostname connect to this host with this username