Compare commits
2 Commits
6d2869ea04
...
66e0e9a4da
Author | SHA1 | Date | |
---|---|---|---|
|
66e0e9a4da | ||
|
d75f851959 |
@ -1,50 +0,0 @@
|
|||||||
- targets:
|
|
||||||
- amaglio.fr
|
|
||||||
- www.amaglio.fr
|
|
||||||
- collectif-arthadie.fr
|
|
||||||
- www.collectif-arthadie.fr
|
|
||||||
- copaines.jean-cloud.net
|
|
||||||
- www.copaines.jean-cloud.net
|
|
||||||
- cousinades.jean-cloud.net
|
|
||||||
- www.cousinades.jean-cloud.net
|
|
||||||
- feteducourt2020.jean-cloud.net
|
|
||||||
- www.feteducourt2020.jean-cloud.net
|
|
||||||
- feteducourt.jean-cloud.net
|
|
||||||
- www.feteducourt.jean-cloud.net
|
|
||||||
- git.jean-cloud.net
|
|
||||||
- www.git.jean-cloud.net
|
|
||||||
- gmx-webmail.jean-cloud.net
|
|
||||||
- www.gmx-webmail.jean-cloud.net
|
|
||||||
- inurbe.fr
|
|
||||||
- www.inurbe.fr
|
|
||||||
- jean-cloud.net
|
|
||||||
- www.jean-cloud.net
|
|
||||||
- lalis.fr
|
|
||||||
- leida.fr
|
|
||||||
- www.leida.fr
|
|
||||||
- metamorphosemagazine.fr
|
|
||||||
- nuage.jean-cloud.net
|
|
||||||
- www.nuage.jean-cloud.net
|
|
||||||
- oma-radio.fr
|
|
||||||
- www.oma-radio.fr
|
|
||||||
- paj.oma-radio.fr
|
|
||||||
- www.paj.oma-radio.fr
|
|
||||||
- grafana.jean-cloud.net
|
|
||||||
- www.grafana.jean-cloud.net
|
|
||||||
- radionimaitre.oma-radio.fr
|
|
||||||
- www.radionimaitre.oma-radio.fr
|
|
||||||
- registry.oma-radio.fr
|
|
||||||
- rpnow.jean-cloud.net
|
|
||||||
- www.rpnow.jean-cloud.net
|
|
||||||
- test.rpnow.jean-cloud.net
|
|
||||||
- www.test.rpnow.jean-cloud.net
|
|
||||||
- static.oma-radio.fr
|
|
||||||
- www.static.oma-radio.fr
|
|
||||||
- static.jean-cloud.net
|
|
||||||
- www.static.jean-cloud.net
|
|
||||||
- velov.jean-cloud.net
|
|
||||||
- www.velov.jean-cloud.net
|
|
||||||
- wiki-cgr.jean-cloud.net
|
|
||||||
- www.wiki-cgr.jean-cloud.net
|
|
||||||
- parsoid-wiki-cgr.jean-cloud.net
|
|
||||||
- www.parsoid-wiki-cgr.jean-cloud.net
|
|
@ -1,56 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Nginx configs
|
|
||||||
nginx_dir=/data/proxy/sites-enabled/
|
|
||||||
|
|
||||||
# The blackbox target file as it will be read by prometheus
|
|
||||||
blackbox=/data/$(cat /etc/hostname)/public/blackbox-targets.yml
|
|
||||||
|
|
||||||
|
|
||||||
echo '- targets:' > "$blackbox"
|
|
||||||
|
|
||||||
for file in "$nginx_dir"/* ; do
|
|
||||||
echo '-------------------------'
|
|
||||||
file="$file"
|
|
||||||
if [ ! -f "$file" ] ; then continue ; fi
|
|
||||||
echo "$file"
|
|
||||||
|
|
||||||
|
|
||||||
service_name="$(basename "$file")"
|
|
||||||
|
|
||||||
# Getting just the domain names
|
|
||||||
domains="$(grep '^[[:blank:]]*[^#][[:blank:]]*server_name' "$file" | sed 's/ _ / /g' | sed 's/server_name//g' | sed 's/default_server//g' | sed -e 's/^[[:space:]]*//' | cut -d ';' -f 1)"
|
|
||||||
if [ -n "$domains" ] ; then
|
|
||||||
|
|
||||||
# removing duplicates
|
|
||||||
domains="$(echo $domains | awk '{for (i=1;i<=NF;i++) if (!a[$i]++) printf("%s%s",$i,FS)}{printf("\n")}')"
|
|
||||||
for domain in $domains ; do
|
|
||||||
echo " - $domain" >> "$blackbox"
|
|
||||||
done
|
|
||||||
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
ls /etc/letsencrypt/live/*000* &> /dev/null
|
|
||||||
if [ "$?" -eq 0 ] ; then
|
|
||||||
echo " ---------------------------------------------------------------------------------------------"
|
|
||||||
echo "Bad certs detected in letsencrypt dir. Nginx conf wont work…"
|
|
||||||
echo "rm -r /etc/letsencrypt/live/*000* /etc/letsencrypt/archive/*000* /etc/letsencrypt/renewal/*000*"
|
|
||||||
echo " ---------------------------------------------------------------------------------------------"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
docker exec -it proxy_reverse-proxy_1 nginx -t
|
|
||||||
code="$?"
|
|
||||||
if [ "$code" -ne 0 ] ; then
|
|
||||||
echo "Nginx test error, can’t reloat it"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
docker exec -it proxy_reverse-proxy_1 nginx -s reload
|
|
||||||
code="$?"
|
|
||||||
if [ "$code" -ne 0 ] ; then
|
|
||||||
echo "Nginx reload error, GENERAL ALEEEEEEEEERT!!!!!"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "Done. No error detected."
|
|
@ -1,80 +0,0 @@
|
|||||||
version: '3.7'
|
|
||||||
services:
|
|
||||||
prometheus:
|
|
||||||
restart: unless-stopped
|
|
||||||
image: prom/prometheus
|
|
||||||
volumes:
|
|
||||||
- /docker/monitoring/prometheus.yml:/etc/prometheus/prometheus.yml
|
|
||||||
- /data/monitoring/blackbox-targets.yml:/etc/prometheus/blackbox-targets.yml
|
|
||||||
- type: bind
|
|
||||||
source: /data/monitoring/data
|
|
||||||
target: /prometheus
|
|
||||||
depends_on:
|
|
||||||
- cadvisor
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: 172.29.1.6
|
|
||||||
|
|
||||||
grafana:
|
|
||||||
restart: unless-stopped
|
|
||||||
image: grafana/grafana
|
|
||||||
volumes:
|
|
||||||
- /docker/monitoring/grafana.ini:/etc/grafana/grafana.ini
|
|
||||||
- /data/monitoring/grafana/data:/var/lib/grafana
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: 172.29.1.2
|
|
||||||
|
|
||||||
blackbox_exporter:
|
|
||||||
restart: unless-stopped
|
|
||||||
image: prom/blackbox-exporter
|
|
||||||
dns: 9.9.9.9
|
|
||||||
restart: always
|
|
||||||
volumes:
|
|
||||||
- /data/monitoring/blackbox-targets.yml:/config/blackbox-config.yml
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: 172.29.1.3
|
|
||||||
|
|
||||||
#icecast_exporter:
|
|
||||||
# image: markuslindenberg/icecast_exporter
|
|
||||||
# command: -icecast.scrape-uri http://listen.oma-radio.fr/status-json.xsl
|
|
||||||
|
|
||||||
cadvisor:
|
|
||||||
restart: unless-stopped
|
|
||||||
image: gcr.io/cadvisor/cadvisor:latest
|
|
||||||
container_name: cadvisor
|
|
||||||
ports:
|
|
||||||
- 8080:8080
|
|
||||||
volumes:
|
|
||||||
- /:/rootfs:ro
|
|
||||||
- /var/run:/var/run:rw
|
|
||||||
- /sys:/sys:ro
|
|
||||||
- /var/lib/docker/:/var/lib/docker:ro
|
|
||||||
depends_on:
|
|
||||||
- redis
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: 172.29.1.4
|
|
||||||
redis:
|
|
||||||
image: redis:latest
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: 172.29.1.5
|
|
||||||
|
|
||||||
node-exporter:
|
|
||||||
restart: unless-stopped
|
|
||||||
image: quay.io/prometheus/node-exporter:latest
|
|
||||||
volumes:
|
|
||||||
- /:/rootfs:ro
|
|
||||||
command:
|
|
||||||
- '--path.rootfs=/rootfs'
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: 172.29.1.7
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipam:
|
|
||||||
config:
|
|
||||||
- subnet: 172.29.1.0/24
|
|
@ -1,13 +0,0 @@
|
|||||||
[smtp]
|
|
||||||
enabled = true
|
|
||||||
|
|
||||||
host = mail.gandi.net:587
|
|
||||||
user = nepasrepondre@jean-cloud.org
|
|
||||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
|
||||||
password = ZMTX9B6VgsVvdbXSzC7Zp4ASj6DU6q22Zi7KnjXtGYHE7WmJBM3pkhW9Rcdx
|
|
||||||
;skip_verify = false
|
|
||||||
from_address = nepasrepondre@jean-cloud.org
|
|
||||||
from_name = Grafana
|
|
||||||
# EHLO identity in SMTP dialog (defaults to instance_name)
|
|
||||||
;ehlo_identity = dashboard.example.com
|
|
||||||
|
|
@ -1,326 +0,0 @@
|
|||||||
{
|
|
||||||
"annotations": {
|
|
||||||
"list": [
|
|
||||||
{
|
|
||||||
"builtIn": 1,
|
|
||||||
"datasource": "-- Grafana --",
|
|
||||||
"enable": true,
|
|
||||||
"hide": true,
|
|
||||||
"iconColor": "rgba(0, 211, 255, 1)",
|
|
||||||
"name": "Annotations & Alerts",
|
|
||||||
"type": "dashboard"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"description": "Monitor and set alerts for all the pings to your servers using blackbox exporter and prometheus.",
|
|
||||||
"editable": true,
|
|
||||||
"gnetId": 5990,
|
|
||||||
"graphTooltip": 0,
|
|
||||||
"id": 3,
|
|
||||||
"iteration": 1629329153476,
|
|
||||||
"links": [],
|
|
||||||
"panels": [
|
|
||||||
{
|
|
||||||
"alert": {
|
|
||||||
"alertRuleTags": {},
|
|
||||||
"conditions": [
|
|
||||||
{
|
|
||||||
"evaluator": {
|
|
||||||
"params": [
|
|
||||||
1
|
|
||||||
],
|
|
||||||
"type": "lt"
|
|
||||||
},
|
|
||||||
"operator": {
|
|
||||||
"type": "and"
|
|
||||||
},
|
|
||||||
"query": {
|
|
||||||
"params": [
|
|
||||||
"A",
|
|
||||||
"5m",
|
|
||||||
"now"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"reducer": {
|
|
||||||
"params": [],
|
|
||||||
"type": "sum"
|
|
||||||
},
|
|
||||||
"type": "query"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"executionErrorState": "alerting",
|
|
||||||
"for": "0m",
|
|
||||||
"frequency": "60s",
|
|
||||||
"handler": 1,
|
|
||||||
"message": "Server does not respond to ping!",
|
|
||||||
"name": "Server Status alert",
|
|
||||||
"noDataState": "no_data",
|
|
||||||
"notifications": []
|
|
||||||
},
|
|
||||||
"aliasColors": {},
|
|
||||||
"bars": false,
|
|
||||||
"dashLength": 10,
|
|
||||||
"dashes": false,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"fieldConfig": {
|
|
||||||
"defaults": {
|
|
||||||
"links": []
|
|
||||||
},
|
|
||||||
"overrides": []
|
|
||||||
},
|
|
||||||
"fill": 1,
|
|
||||||
"fillGradient": 0,
|
|
||||||
"gridPos": {
|
|
||||||
"h": 8,
|
|
||||||
"w": 24,
|
|
||||||
"x": 0,
|
|
||||||
"y": 0
|
|
||||||
},
|
|
||||||
"hiddenSeries": false,
|
|
||||||
"id": 9,
|
|
||||||
"legend": {
|
|
||||||
"avg": false,
|
|
||||||
"current": false,
|
|
||||||
"max": false,
|
|
||||||
"min": false,
|
|
||||||
"show": true,
|
|
||||||
"total": false,
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"lines": true,
|
|
||||||
"linewidth": 0,
|
|
||||||
"links": [],
|
|
||||||
"nullPointMode": "null",
|
|
||||||
"options": {
|
|
||||||
"alertThreshold": true
|
|
||||||
},
|
|
||||||
"percentage": false,
|
|
||||||
"pluginVersion": "8.0.6",
|
|
||||||
"pointradius": 5,
|
|
||||||
"points": false,
|
|
||||||
"renderer": "flot",
|
|
||||||
"seriesOverrides": [],
|
|
||||||
"spaceLength": 10,
|
|
||||||
"stack": false,
|
|
||||||
"steppedLine": false,
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"expr": "probe_success{job=\"ping\"}",
|
|
||||||
"format": "time_series",
|
|
||||||
"intervalFactor": 1,
|
|
||||||
"legendFormat": "{{instance}}",
|
|
||||||
"refId": "A"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"thresholds": [
|
|
||||||
{
|
|
||||||
"colorMode": "critical",
|
|
||||||
"fill": true,
|
|
||||||
"line": true,
|
|
||||||
"op": "lt",
|
|
||||||
"value": 1,
|
|
||||||
"visible": true
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"timeFrom": null,
|
|
||||||
"timeRegions": [],
|
|
||||||
"timeShift": null,
|
|
||||||
"title": "Server Status",
|
|
||||||
"tooltip": {
|
|
||||||
"shared": true,
|
|
||||||
"sort": 0,
|
|
||||||
"value_type": "individual"
|
|
||||||
},
|
|
||||||
"type": "graph",
|
|
||||||
"xaxis": {
|
|
||||||
"buckets": null,
|
|
||||||
"mode": "time",
|
|
||||||
"name": null,
|
|
||||||
"show": true,
|
|
||||||
"values": []
|
|
||||||
},
|
|
||||||
"yaxes": [
|
|
||||||
{
|
|
||||||
"decimals": 0,
|
|
||||||
"format": "none",
|
|
||||||
"label": "OK",
|
|
||||||
"logBase": 1,
|
|
||||||
"max": "1",
|
|
||||||
"min": "0",
|
|
||||||
"show": true
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"decimals": null,
|
|
||||||
"format": "short",
|
|
||||||
"label": "",
|
|
||||||
"logBase": 1,
|
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": false
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"yaxis": {
|
|
||||||
"align": false,
|
|
||||||
"alignLevel": null
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"cacheTimeout": null,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"fieldConfig": {
|
|
||||||
"defaults": {
|
|
||||||
"color": {
|
|
||||||
"mode": "thresholds"
|
|
||||||
},
|
|
||||||
"mappings": [
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"0": {
|
|
||||||
"text": "NOK"
|
|
||||||
},
|
|
||||||
"1": {
|
|
||||||
"text": "OK"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "value"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"thresholds": {
|
|
||||||
"mode": "absolute",
|
|
||||||
"steps": [
|
|
||||||
{
|
|
||||||
"color": "#d44a3a",
|
|
||||||
"value": null
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "rgba(237, 129, 40, 0.89)",
|
|
||||||
"value": 1
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "#299c46",
|
|
||||||
"value": 1
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"unit": "none"
|
|
||||||
},
|
|
||||||
"overrides": []
|
|
||||||
},
|
|
||||||
"gridPos": {
|
|
||||||
"h": 5,
|
|
||||||
"w": 6,
|
|
||||||
"x": 0,
|
|
||||||
"y": 8
|
|
||||||
},
|
|
||||||
"id": 2,
|
|
||||||
"interval": null,
|
|
||||||
"links": [],
|
|
||||||
"maxDataPoints": 100,
|
|
||||||
"options": {
|
|
||||||
"colorMode": "background",
|
|
||||||
"graphMode": "none",
|
|
||||||
"justifyMode": "auto",
|
|
||||||
"orientation": "horizontal",
|
|
||||||
"reduceOptions": {
|
|
||||||
"calcs": [
|
|
||||||
"lastNotNull"
|
|
||||||
],
|
|
||||||
"fields": "",
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"text": {},
|
|
||||||
"textMode": "auto"
|
|
||||||
},
|
|
||||||
"pluginVersion": "8.0.6",
|
|
||||||
"repeat": "node",
|
|
||||||
"repeatDirection": "h",
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"expr": "probe_success{instance=~\"$node\"}",
|
|
||||||
"format": "time_series",
|
|
||||||
"instant": false,
|
|
||||||
"interval": "",
|
|
||||||
"intervalFactor": 1,
|
|
||||||
"legendFormat": "",
|
|
||||||
"refId": "A"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"title": "$node",
|
|
||||||
"type": "stat"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"schemaVersion": 30,
|
|
||||||
"style": "dark",
|
|
||||||
"tags": [
|
|
||||||
"alerts",
|
|
||||||
"linux",
|
|
||||||
"windows"
|
|
||||||
],
|
|
||||||
"templating": {
|
|
||||||
"list": [
|
|
||||||
{
|
|
||||||
"allValue": null,
|
|
||||||
"current": {
|
|
||||||
"selected": false,
|
|
||||||
"text": "All",
|
|
||||||
"value": "$__all"
|
|
||||||
},
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"definition": "",
|
|
||||||
"description": null,
|
|
||||||
"error": null,
|
|
||||||
"hide": 0,
|
|
||||||
"includeAll": true,
|
|
||||||
"label": "node",
|
|
||||||
"multi": true,
|
|
||||||
"name": "node",
|
|
||||||
"options": [],
|
|
||||||
"query": {
|
|
||||||
"query": "label_values(probe_success{job=\"ping\"}, instance) ",
|
|
||||||
"refId": "Prometheus-node-Variable-Query"
|
|
||||||
},
|
|
||||||
"refresh": 1,
|
|
||||||
"regex": "",
|
|
||||||
"skipUrlSync": false,
|
|
||||||
"sort": 0,
|
|
||||||
"tagValuesQuery": "",
|
|
||||||
"tagsQuery": "",
|
|
||||||
"type": "query",
|
|
||||||
"useTags": false
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"time": {
|
|
||||||
"from": "now-24h",
|
|
||||||
"to": "now"
|
|
||||||
},
|
|
||||||
"timepicker": {
|
|
||||||
"refresh_intervals": [
|
|
||||||
"5s",
|
|
||||||
"10s",
|
|
||||||
"30s",
|
|
||||||
"1m",
|
|
||||||
"5m",
|
|
||||||
"15m",
|
|
||||||
"30m",
|
|
||||||
"1h",
|
|
||||||
"2h",
|
|
||||||
"1d"
|
|
||||||
],
|
|
||||||
"time_options": [
|
|
||||||
"5m",
|
|
||||||
"15m",
|
|
||||||
"1h",
|
|
||||||
"6h",
|
|
||||||
"12h",
|
|
||||||
"24h",
|
|
||||||
"2d",
|
|
||||||
"7d",
|
|
||||||
"30d"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"timezone": "",
|
|
||||||
"title": "Alerts - Server Status",
|
|
||||||
"uid": "pbHjqZzmk",
|
|
||||||
"version": 3
|
|
||||||
}
|
|
@ -1,903 +0,0 @@
|
|||||||
{
|
|
||||||
"annotations": {
|
|
||||||
"list": [
|
|
||||||
{
|
|
||||||
"builtIn": 1,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"enable": true,
|
|
||||||
"hide": true,
|
|
||||||
"iconColor": "rgba(0, 211, 255, 1)",
|
|
||||||
"name": "Annotations & Alerts",
|
|
||||||
"type": "dashboard"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"description": "Fork of https://grafana.com/grafana/dashboards/5345 which uses 'instance' instead of 'target' label",
|
|
||||||
"editable": true,
|
|
||||||
"gnetId": 11175,
|
|
||||||
"graphTooltip": 0,
|
|
||||||
"id": 2,
|
|
||||||
"iteration": 1629329057681,
|
|
||||||
"links": [],
|
|
||||||
"panels": [
|
|
||||||
{
|
|
||||||
"collapsed": false,
|
|
||||||
"datasource": null,
|
|
||||||
"fieldConfig": {
|
|
||||||
"defaults": {},
|
|
||||||
"overrides": []
|
|
||||||
},
|
|
||||||
"gridPos": {
|
|
||||||
"h": 1,
|
|
||||||
"w": 24,
|
|
||||||
"x": 0,
|
|
||||||
"y": 0
|
|
||||||
},
|
|
||||||
"id": 15,
|
|
||||||
"panels": [],
|
|
||||||
"repeat": "targets",
|
|
||||||
"title": "$targets UP/DOWN Status",
|
|
||||||
"type": "row"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"cacheTimeout": null,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"fieldConfig": {
|
|
||||||
"defaults": {
|
|
||||||
"color": {
|
|
||||||
"mode": "thresholds"
|
|
||||||
},
|
|
||||||
"mappings": [
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"0": {
|
|
||||||
"text": "DOWN"
|
|
||||||
},
|
|
||||||
"1": {
|
|
||||||
"text": "UP"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "value"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"match": "null",
|
|
||||||
"result": {
|
|
||||||
"text": "N/A"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "special"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"thresholds": {
|
|
||||||
"mode": "absolute",
|
|
||||||
"steps": [
|
|
||||||
{
|
|
||||||
"color": "#d44a3a",
|
|
||||||
"value": null
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "rgba(237, 129, 40, 0.89)",
|
|
||||||
"value": 1
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "#299c46",
|
|
||||||
"value": 1
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"unit": "none"
|
|
||||||
},
|
|
||||||
"overrides": []
|
|
||||||
},
|
|
||||||
"gridPos": {
|
|
||||||
"h": 2,
|
|
||||||
"w": 24,
|
|
||||||
"x": 0,
|
|
||||||
"y": 1
|
|
||||||
},
|
|
||||||
"id": 2,
|
|
||||||
"interval": null,
|
|
||||||
"links": [],
|
|
||||||
"maxDataPoints": 100,
|
|
||||||
"options": {
|
|
||||||
"colorMode": "background",
|
|
||||||
"graphMode": "none",
|
|
||||||
"justifyMode": "auto",
|
|
||||||
"orientation": "horizontal",
|
|
||||||
"reduceOptions": {
|
|
||||||
"calcs": [
|
|
||||||
"lastNotNull"
|
|
||||||
],
|
|
||||||
"fields": "",
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"text": {},
|
|
||||||
"textMode": "auto"
|
|
||||||
},
|
|
||||||
"pluginVersion": "8.0.6",
|
|
||||||
"repeat": null,
|
|
||||||
"repeatDirection": "h",
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"expr": "probe_success{instance=~\"$targets\"}",
|
|
||||||
"format": "time_series",
|
|
||||||
"interval": "$interval",
|
|
||||||
"intervalFactor": 1,
|
|
||||||
"refId": "A"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"title": "$targets",
|
|
||||||
"type": "stat"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"cacheTimeout": null,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"fieldConfig": {
|
|
||||||
"defaults": {
|
|
||||||
"color": {
|
|
||||||
"mode": "thresholds"
|
|
||||||
},
|
|
||||||
"mappings": [
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"0": {
|
|
||||||
"text": "NO"
|
|
||||||
},
|
|
||||||
"1": {
|
|
||||||
"text": "YES"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "value"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"match": "null",
|
|
||||||
"result": {
|
|
||||||
"text": "N/A"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "special"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"thresholds": {
|
|
||||||
"mode": "absolute",
|
|
||||||
"steps": [
|
|
||||||
{
|
|
||||||
"color": "#d44a3a",
|
|
||||||
"value": null
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "rgba(237, 129, 40, 0.89)",
|
|
||||||
"value": 0
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "#299c46",
|
|
||||||
"value": 1
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"unit": "none"
|
|
||||||
},
|
|
||||||
"overrides": []
|
|
||||||
},
|
|
||||||
"gridPos": {
|
|
||||||
"h": 2,
|
|
||||||
"w": 6,
|
|
||||||
"x": 0,
|
|
||||||
"y": 3
|
|
||||||
},
|
|
||||||
"id": 18,
|
|
||||||
"interval": null,
|
|
||||||
"links": [],
|
|
||||||
"maxDataPoints": 100,
|
|
||||||
"options": {
|
|
||||||
"colorMode": "background",
|
|
||||||
"graphMode": "none",
|
|
||||||
"justifyMode": "auto",
|
|
||||||
"orientation": "horizontal",
|
|
||||||
"reduceOptions": {
|
|
||||||
"calcs": [
|
|
||||||
"lastNotNull"
|
|
||||||
],
|
|
||||||
"fields": "",
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"text": {},
|
|
||||||
"textMode": "auto"
|
|
||||||
},
|
|
||||||
"pluginVersion": "8.0.6",
|
|
||||||
"repeatDirection": "h",
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"expr": "probe_http_ssl{instance=~\"$targets\"}",
|
|
||||||
"format": "time_series",
|
|
||||||
"interval": "$interval",
|
|
||||||
"intervalFactor": 1,
|
|
||||||
"refId": "A"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"title": "SSL",
|
|
||||||
"type": "stat"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"aliasColors": {},
|
|
||||||
"bars": false,
|
|
||||||
"dashLength": 10,
|
|
||||||
"dashes": false,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"fill": 1,
|
|
||||||
"fillGradient": 0,
|
|
||||||
"gridPos": {
|
|
||||||
"h": 6,
|
|
||||||
"w": 9,
|
|
||||||
"x": 6,
|
|
||||||
"y": 3
|
|
||||||
},
|
|
||||||
"hiddenSeries": false,
|
|
||||||
"id": 17,
|
|
||||||
"legend": {
|
|
||||||
"avg": false,
|
|
||||||
"current": false,
|
|
||||||
"max": false,
|
|
||||||
"min": false,
|
|
||||||
"show": true,
|
|
||||||
"total": false,
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"lines": true,
|
|
||||||
"linewidth": 1,
|
|
||||||
"links": [],
|
|
||||||
"nullPointMode": "null",
|
|
||||||
"options": {
|
|
||||||
"alertThreshold": true
|
|
||||||
},
|
|
||||||
"percentage": false,
|
|
||||||
"pluginVersion": "8.0.6",
|
|
||||||
"pointradius": 5,
|
|
||||||
"points": false,
|
|
||||||
"renderer": "flot",
|
|
||||||
"seriesOverrides": [],
|
|
||||||
"spaceLength": 10,
|
|
||||||
"stack": false,
|
|
||||||
"steppedLine": false,
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"expr": "probe_duration_seconds{instance=~\"$targets\"}",
|
|
||||||
"format": "time_series",
|
|
||||||
"interval": "$interval",
|
|
||||||
"intervalFactor": 1,
|
|
||||||
"legendFormat": "seconds",
|
|
||||||
"refId": "A"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"thresholds": [],
|
|
||||||
"timeFrom": null,
|
|
||||||
"timeRegions": [],
|
|
||||||
"timeShift": null,
|
|
||||||
"title": "Probe Duration",
|
|
||||||
"tooltip": {
|
|
||||||
"shared": true,
|
|
||||||
"sort": 0,
|
|
||||||
"value_type": "individual"
|
|
||||||
},
|
|
||||||
"type": "graph",
|
|
||||||
"xaxis": {
|
|
||||||
"buckets": null,
|
|
||||||
"mode": "time",
|
|
||||||
"name": null,
|
|
||||||
"show": true,
|
|
||||||
"values": []
|
|
||||||
},
|
|
||||||
"yaxes": [
|
|
||||||
{
|
|
||||||
"format": "s",
|
|
||||||
"label": null,
|
|
||||||
"logBase": 1,
|
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": true
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"format": "short",
|
|
||||||
"label": null,
|
|
||||||
"logBase": 1,
|
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": true
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"yaxis": {
|
|
||||||
"align": false,
|
|
||||||
"alignLevel": null
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"aliasColors": {},
|
|
||||||
"bars": false,
|
|
||||||
"dashLength": 10,
|
|
||||||
"dashes": false,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"fill": 1,
|
|
||||||
"fillGradient": 0,
|
|
||||||
"gridPos": {
|
|
||||||
"h": 6,
|
|
||||||
"w": 9,
|
|
||||||
"x": 15,
|
|
||||||
"y": 3
|
|
||||||
},
|
|
||||||
"hiddenSeries": false,
|
|
||||||
"id": 21,
|
|
||||||
"legend": {
|
|
||||||
"avg": false,
|
|
||||||
"current": false,
|
|
||||||
"max": false,
|
|
||||||
"min": false,
|
|
||||||
"show": true,
|
|
||||||
"total": false,
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"lines": true,
|
|
||||||
"linewidth": 1,
|
|
||||||
"links": [],
|
|
||||||
"nullPointMode": "null",
|
|
||||||
"options": {
|
|
||||||
"alertThreshold": true
|
|
||||||
},
|
|
||||||
"percentage": false,
|
|
||||||
"pluginVersion": "8.0.6",
|
|
||||||
"pointradius": 5,
|
|
||||||
"points": false,
|
|
||||||
"renderer": "flot",
|
|
||||||
"seriesOverrides": [],
|
|
||||||
"spaceLength": 10,
|
|
||||||
"stack": false,
|
|
||||||
"steppedLine": false,
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"expr": "probe_dns_lookup_time_seconds{instance=~\"$targets\"}",
|
|
||||||
"format": "time_series",
|
|
||||||
"interval": "$interval",
|
|
||||||
"intervalFactor": 1,
|
|
||||||
"legendFormat": "seconds",
|
|
||||||
"refId": "A"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"thresholds": [],
|
|
||||||
"timeFrom": null,
|
|
||||||
"timeRegions": [],
|
|
||||||
"timeShift": null,
|
|
||||||
"title": "DNS Lookup",
|
|
||||||
"tooltip": {
|
|
||||||
"shared": true,
|
|
||||||
"sort": 0,
|
|
||||||
"value_type": "individual"
|
|
||||||
},
|
|
||||||
"type": "graph",
|
|
||||||
"xaxis": {
|
|
||||||
"buckets": null,
|
|
||||||
"mode": "time",
|
|
||||||
"name": null,
|
|
||||||
"show": true,
|
|
||||||
"values": []
|
|
||||||
},
|
|
||||||
"yaxes": [
|
|
||||||
{
|
|
||||||
"format": "s",
|
|
||||||
"label": null,
|
|
||||||
"logBase": 1,
|
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": true
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"format": "short",
|
|
||||||
"label": null,
|
|
||||||
"logBase": 1,
|
|
||||||
"max": null,
|
|
||||||
"min": null,
|
|
||||||
"show": true
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"yaxis": {
|
|
||||||
"align": false,
|
|
||||||
"alignLevel": null
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"cacheTimeout": null,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"fieldConfig": {
|
|
||||||
"defaults": {
|
|
||||||
"color": {
|
|
||||||
"mode": "thresholds"
|
|
||||||
},
|
|
||||||
"decimals": 2,
|
|
||||||
"mappings": [
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"0": {
|
|
||||||
"text": "NO"
|
|
||||||
},
|
|
||||||
"1": {
|
|
||||||
"text": "YES"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "value"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"match": "null",
|
|
||||||
"result": {
|
|
||||||
"text": "N/A"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "special"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"thresholds": {
|
|
||||||
"mode": "absolute",
|
|
||||||
"steps": [
|
|
||||||
{
|
|
||||||
"color": "#d44a3a",
|
|
||||||
"value": null
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "rgba(237, 129, 40, 0.89)",
|
|
||||||
"value": 0
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "#299c46",
|
|
||||||
"value": 1209600
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"unit": "dtdurations"
|
|
||||||
},
|
|
||||||
"overrides": []
|
|
||||||
},
|
|
||||||
"gridPos": {
|
|
||||||
"h": 2,
|
|
||||||
"w": 6,
|
|
||||||
"x": 0,
|
|
||||||
"y": 5
|
|
||||||
},
|
|
||||||
"id": 19,
|
|
||||||
"interval": null,
|
|
||||||
"links": [],
|
|
||||||
"maxDataPoints": 100,
|
|
||||||
"options": {
|
|
||||||
"colorMode": "background",
|
|
||||||
"graphMode": "none",
|
|
||||||
"justifyMode": "auto",
|
|
||||||
"orientation": "horizontal",
|
|
||||||
"reduceOptions": {
|
|
||||||
"calcs": [
|
|
||||||
"lastNotNull"
|
|
||||||
],
|
|
||||||
"fields": "",
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"text": {},
|
|
||||||
"textMode": "auto"
|
|
||||||
},
|
|
||||||
"pluginVersion": "8.0.6",
|
|
||||||
"repeatDirection": "h",
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"expr": "probe_ssl_earliest_cert_expiry{instance=~\"$targets\"}-time()",
|
|
||||||
"format": "time_series",
|
|
||||||
"interval": "$interval",
|
|
||||||
"intervalFactor": 1,
|
|
||||||
"refId": "A"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"title": "SSL Cert Expiry",
|
|
||||||
"type": "stat"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"cacheTimeout": null,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"fieldConfig": {
|
|
||||||
"defaults": {
|
|
||||||
"color": {
|
|
||||||
"mode": "thresholds"
|
|
||||||
},
|
|
||||||
"decimals": 0,
|
|
||||||
"mappings": [
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"0": {
|
|
||||||
"text": "NO"
|
|
||||||
},
|
|
||||||
"1": {
|
|
||||||
"text": "YES"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "value"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"match": "null",
|
|
||||||
"result": {
|
|
||||||
"text": "N/A"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "special"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"thresholds": {
|
|
||||||
"mode": "absolute",
|
|
||||||
"steps": [
|
|
||||||
{
|
|
||||||
"color": "#299c46",
|
|
||||||
"value": null
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "rgba(237, 129, 40, 0.89)",
|
|
||||||
"value": 200
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "#d44a3a",
|
|
||||||
"value": 299
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"unit": "none"
|
|
||||||
},
|
|
||||||
"overrides": []
|
|
||||||
},
|
|
||||||
"gridPos": {
|
|
||||||
"h": 2,
|
|
||||||
"w": 6,
|
|
||||||
"x": 0,
|
|
||||||
"y": 7
|
|
||||||
},
|
|
||||||
"id": 20,
|
|
||||||
"interval": null,
|
|
||||||
"links": [],
|
|
||||||
"maxDataPoints": 100,
|
|
||||||
"options": {
|
|
||||||
"colorMode": "none",
|
|
||||||
"graphMode": "none",
|
|
||||||
"justifyMode": "auto",
|
|
||||||
"orientation": "horizontal",
|
|
||||||
"reduceOptions": {
|
|
||||||
"calcs": [
|
|
||||||
"lastNotNull"
|
|
||||||
],
|
|
||||||
"fields": "",
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"text": {},
|
|
||||||
"textMode": "auto"
|
|
||||||
},
|
|
||||||
"pluginVersion": "8.0.6",
|
|
||||||
"repeatDirection": "h",
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"expr": "probe_http_status_code{instance=~\"$targets\"}",
|
|
||||||
"format": "time_series",
|
|
||||||
"interval": "$interval",
|
|
||||||
"intervalFactor": 1,
|
|
||||||
"refId": "A"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"title": "HTTP Status Code",
|
|
||||||
"type": "stat"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"cacheTimeout": null,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"fieldConfig": {
|
|
||||||
"defaults": {
|
|
||||||
"color": {
|
|
||||||
"mode": "thresholds"
|
|
||||||
},
|
|
||||||
"mappings": [
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"match": "null",
|
|
||||||
"result": {
|
|
||||||
"text": "N/A"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "special"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"thresholds": {
|
|
||||||
"mode": "absolute",
|
|
||||||
"steps": [
|
|
||||||
{
|
|
||||||
"color": "green",
|
|
||||||
"value": null
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "red",
|
|
||||||
"value": 80
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"unit": "s"
|
|
||||||
},
|
|
||||||
"overrides": []
|
|
||||||
},
|
|
||||||
"gridPos": {
|
|
||||||
"h": 2,
|
|
||||||
"w": 12,
|
|
||||||
"x": 0,
|
|
||||||
"y": 9
|
|
||||||
},
|
|
||||||
"id": 23,
|
|
||||||
"interval": null,
|
|
||||||
"links": [],
|
|
||||||
"maxDataPoints": 100,
|
|
||||||
"options": {
|
|
||||||
"colorMode": "none",
|
|
||||||
"graphMode": "none",
|
|
||||||
"justifyMode": "auto",
|
|
||||||
"orientation": "horizontal",
|
|
||||||
"reduceOptions": {
|
|
||||||
"calcs": [
|
|
||||||
"lastNotNull"
|
|
||||||
],
|
|
||||||
"fields": "",
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"text": {},
|
|
||||||
"textMode": "auto"
|
|
||||||
},
|
|
||||||
"pluginVersion": "8.0.6",
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"expr": "avg(probe_duration_seconds{instance=~\"$targets\"})",
|
|
||||||
"format": "time_series",
|
|
||||||
"interval": "$interval",
|
|
||||||
"intervalFactor": 1,
|
|
||||||
"refId": "A"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"title": "Average Probe Duration",
|
|
||||||
"type": "stat"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"cacheTimeout": null,
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"fieldConfig": {
|
|
||||||
"defaults": {
|
|
||||||
"color": {
|
|
||||||
"mode": "thresholds"
|
|
||||||
},
|
|
||||||
"mappings": [
|
|
||||||
{
|
|
||||||
"options": {
|
|
||||||
"match": "null",
|
|
||||||
"result": {
|
|
||||||
"text": "N/A"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"type": "special"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"thresholds": {
|
|
||||||
"mode": "absolute",
|
|
||||||
"steps": [
|
|
||||||
{
|
|
||||||
"color": "green",
|
|
||||||
"value": null
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"color": "red",
|
|
||||||
"value": 80
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"unit": "s"
|
|
||||||
},
|
|
||||||
"overrides": []
|
|
||||||
},
|
|
||||||
"gridPos": {
|
|
||||||
"h": 2,
|
|
||||||
"w": 12,
|
|
||||||
"x": 12,
|
|
||||||
"y": 9
|
|
||||||
},
|
|
||||||
"id": 24,
|
|
||||||
"interval": null,
|
|
||||||
"links": [],
|
|
||||||
"maxDataPoints": 100,
|
|
||||||
"options": {
|
|
||||||
"colorMode": "none",
|
|
||||||
"graphMode": "none",
|
|
||||||
"justifyMode": "auto",
|
|
||||||
"orientation": "horizontal",
|
|
||||||
"reduceOptions": {
|
|
||||||
"calcs": [
|
|
||||||
"lastNotNull"
|
|
||||||
],
|
|
||||||
"fields": "",
|
|
||||||
"values": false
|
|
||||||
},
|
|
||||||
"text": {},
|
|
||||||
"textMode": "auto"
|
|
||||||
},
|
|
||||||
"pluginVersion": "8.0.6",
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"expr": "avg(probe_dns_lookup_time_seconds{instance=~\"$targets\"})",
|
|
||||||
"format": "time_series",
|
|
||||||
"interval": "$interval",
|
|
||||||
"intervalFactor": 1,
|
|
||||||
"refId": "A"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"title": "Average DNS Lookup",
|
|
||||||
"type": "stat"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"refresh": "1m",
|
|
||||||
"schemaVersion": 30,
|
|
||||||
"style": "dark",
|
|
||||||
"tags": [
|
|
||||||
"blackbox",
|
|
||||||
"prometheus"
|
|
||||||
],
|
|
||||||
"templating": {
|
|
||||||
"list": [
|
|
||||||
{
|
|
||||||
"auto": true,
|
|
||||||
"auto_count": 10,
|
|
||||||
"auto_min": "10s",
|
|
||||||
"current": {
|
|
||||||
"selected": false,
|
|
||||||
"text": "auto",
|
|
||||||
"value": "$__auto_interval_interval"
|
|
||||||
},
|
|
||||||
"description": null,
|
|
||||||
"error": null,
|
|
||||||
"hide": 0,
|
|
||||||
"label": "Interval",
|
|
||||||
"name": "interval",
|
|
||||||
"options": [
|
|
||||||
{
|
|
||||||
"selected": true,
|
|
||||||
"text": "auto",
|
|
||||||
"value": "$__auto_interval_interval"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "5s",
|
|
||||||
"value": "5s"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "10s",
|
|
||||||
"value": "10s"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "30s",
|
|
||||||
"value": "30s"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "1m",
|
|
||||||
"value": "1m"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "10m",
|
|
||||||
"value": "10m"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "30m",
|
|
||||||
"value": "30m"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "1h",
|
|
||||||
"value": "1h"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "6h",
|
|
||||||
"value": "6h"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "12h",
|
|
||||||
"value": "12h"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "1d",
|
|
||||||
"value": "1d"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "7d",
|
|
||||||
"value": "7d"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "14d",
|
|
||||||
"value": "14d"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"selected": false,
|
|
||||||
"text": "30d",
|
|
||||||
"value": "30d"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"query": "5s,10s,30s,1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
|
|
||||||
"refresh": 2,
|
|
||||||
"skipUrlSync": false,
|
|
||||||
"type": "interval"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"allValue": null,
|
|
||||||
"current": {
|
|
||||||
"selected": false,
|
|
||||||
"text": "All",
|
|
||||||
"value": "$__all"
|
|
||||||
},
|
|
||||||
"datasource": "Prometheus",
|
|
||||||
"definition": "label_values(probe_success, instance)",
|
|
||||||
"description": null,
|
|
||||||
"error": null,
|
|
||||||
"hide": 0,
|
|
||||||
"includeAll": true,
|
|
||||||
"label": null,
|
|
||||||
"multi": true,
|
|
||||||
"name": "targets",
|
|
||||||
"options": [],
|
|
||||||
"query": {
|
|
||||||
"query": "label_values(probe_success, instance)",
|
|
||||||
"refId": "Prometheus-targets-Variable-Query"
|
|
||||||
},
|
|
||||||
"refresh": 1,
|
|
||||||
"regex": "",
|
|
||||||
"skipUrlSync": false,
|
|
||||||
"sort": 0,
|
|
||||||
"tagValuesQuery": "",
|
|
||||||
"tagsQuery": "",
|
|
||||||
"type": "query",
|
|
||||||
"useTags": false
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"time": {
|
|
||||||
"from": "now-1h",
|
|
||||||
"to": "now"
|
|
||||||
},
|
|
||||||
"timepicker": {
|
|
||||||
"refresh_intervals": [
|
|
||||||
"5s",
|
|
||||||
"10s",
|
|
||||||
"30s",
|
|
||||||
"1m",
|
|
||||||
"5m",
|
|
||||||
"15m",
|
|
||||||
"30m",
|
|
||||||
"1h",
|
|
||||||
"2h",
|
|
||||||
"1d"
|
|
||||||
],
|
|
||||||
"time_options": [
|
|
||||||
"5m",
|
|
||||||
"15m",
|
|
||||||
"1h",
|
|
||||||
"6h",
|
|
||||||
"12h",
|
|
||||||
"24h",
|
|
||||||
"2d",
|
|
||||||
"7d",
|
|
||||||
"30d"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"timezone": "",
|
|
||||||
"title": "Blackbox Exporter Overview",
|
|
||||||
"uid": "xtkCtBkiz",
|
|
||||||
"version": 1
|
|
||||||
}
|
|
File diff suppressed because it is too large
Load Diff
@ -1,12 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
if [ "$1" = "uninstall" ] ; then
|
|
||||||
echo ""
|
|
||||||
else # Installation procedure below
|
|
||||||
mkdir -p /data/monitoring/grafana /data/monitoring/data
|
|
||||||
chown 472:472 /data/monitoring/grafana -R
|
|
||||||
chown nobody:nogroup -R /data/monitoring/data
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -1,20 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/monitoring/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/monitoring/privkey.pem;
|
|
||||||
|
|
||||||
server_name grafana.jean-cloud.net www.grafana.jean-cloud.net;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
#if ($remote_addr != "193.33.56.94") { return 503; }
|
|
||||||
client_max_body_size 2G;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_set_header X-NginX-Proxy true;
|
|
||||||
|
|
||||||
proxy_pass http://172.29.1.2:3000/;
|
|
||||||
proxy_redirect off;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,97 +0,0 @@
|
|||||||
# my global config
|
|
||||||
global:
|
|
||||||
scrape_interval: 60s
|
|
||||||
evaluation_interval: 60s
|
|
||||||
# scrape_timeout is set to the global default (10s).
|
|
||||||
|
|
||||||
# Attach these labels to any time series or alerts when communicating with
|
|
||||||
# external systems (federation, remote storage, Alertmanager).
|
|
||||||
external_labels:
|
|
||||||
monitor: 'codelab-monitor'
|
|
||||||
|
|
||||||
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
|
|
||||||
rule_files:
|
|
||||||
# - "first.rules"
|
|
||||||
# - "second.rules"
|
|
||||||
|
|
||||||
# A scrape configuration containing exactly one endpoint to scrape:
|
|
||||||
# Here it's Prometheus itself.
|
|
||||||
scrape_configs:
|
|
||||||
- job_name: 'prometheus'
|
|
||||||
static_configs:
|
|
||||||
- targets: ['localhost:9090']
|
|
||||||
|
|
||||||
- job_name: 'node-exporter'
|
|
||||||
metrics_path: /metrics
|
|
||||||
static_configs:
|
|
||||||
- targets:
|
|
||||||
- 'node-exporter:9100'
|
|
||||||
|
|
||||||
#- job_name: 'docker-exporter'
|
|
||||||
# metrics_path: /docker
|
|
||||||
# basic_auth:
|
|
||||||
# username: zqNQF2oQDB2SvmkJzgW9HRpeR8RiVeiEBFShVrPrLWZR4KzYgZjasCWXuMc
|
|
||||||
# password: jznVqvRQVDSpCK2y22ZFSegXVUoErm7typxuhpC5DYdnvZ2yEsYD6JQ5o9orCFMi6tHMg6J2kmiLzuzy95nZmLApe6zEiYnQB7sUGEWXWuk9o
|
|
||||||
# file_sd_configs:
|
|
||||||
# - files: ['/etc/prometheus/nodes.yml']
|
|
||||||
|
|
||||||
#- job_name: 'docker-official'
|
|
||||||
# metrics_path: /docker-official
|
|
||||||
# basic_auth:
|
|
||||||
# username: zqNQF2oQDB2SvmkJzgW9HRpeR8RiVeiEBFShVrPrLWZR4KzYgZjasCWXuMc
|
|
||||||
# password: jznVqvRQVDSpCK2y22ZFSegXVUoErm7typxuhpC5DYdnvZ2yEsYD6JQ5o9orCFMi6tHMg6J2kmiLzuzy95nZmLApe6zEiYnQB7sUGEWXWuk9o
|
|
||||||
# file_sd_configs:
|
|
||||||
# - files: ['/etc/prometheus/nodes.yml']
|
|
||||||
|
|
||||||
- job_name: cadvisor
|
|
||||||
scrape_interval: 30s
|
|
||||||
static_configs:
|
|
||||||
- targets:
|
|
||||||
- cadvisor:8080
|
|
||||||
|
|
||||||
- job_name: 'ping'
|
|
||||||
metrics_path: /probe
|
|
||||||
params:
|
|
||||||
module: [http_2xx]
|
|
||||||
file_sd_configs:
|
|
||||||
- files: ['/etc/prometheus/blackbox-targets.yml']
|
|
||||||
relabel_configs:
|
|
||||||
- source_labels: [__address__]
|
|
||||||
regex: (.*)(:80)?
|
|
||||||
target_label: __param_target
|
|
||||||
- source_labels: [__param_target]
|
|
||||||
regex: (.*)
|
|
||||||
target_label: instance
|
|
||||||
replacement: ${1}
|
|
||||||
- source_labels: []
|
|
||||||
regex: .*
|
|
||||||
target_label: __address__
|
|
||||||
replacement: blackbox_exporter:9115
|
|
||||||
|
|
||||||
- job_name: 'ssh_ping'
|
|
||||||
metrics_path: /probe
|
|
||||||
params:
|
|
||||||
module: [ssh_banner]
|
|
||||||
static_configs:
|
|
||||||
- targets:
|
|
||||||
- vandamme.jean-cloud.net
|
|
||||||
- tetede.jean-cloud.net
|
|
||||||
- carcasse.jean-cloud.net
|
|
||||||
- nougaro.jean-cloud.net
|
|
||||||
relabel_configs:
|
|
||||||
# Ensure port is 2222, pass as URL parameter
|
|
||||||
- source_labels: [__address__]
|
|
||||||
regex: (.*?)(:.*)?
|
|
||||||
replacement: ${1}:2222
|
|
||||||
target_label: __param_target
|
|
||||||
# Make instance label the target
|
|
||||||
- source_labels: [__param_target]
|
|
||||||
target_label: instance
|
|
||||||
# Actually talk to the blackbox exporter though
|
|
||||||
- target_label: __address__
|
|
||||||
replacement: 127.0.0.1:9115
|
|
||||||
|
|
||||||
#- job_name: 'icecast'
|
|
||||||
# static_configs:
|
|
||||||
# - targets: ['icecast_exporter:9146']
|
|
||||||
|
|
@ -10,4 +10,5 @@ montbonnot.jean-cloud.org
|
|||||||
max.jean-cloud.org
|
max.jean-cloud.org
|
||||||
tetede.jean-cloud.org
|
tetede.jean-cloud.org
|
||||||
raku.jean-cloud.org
|
raku.jean-cloud.org
|
||||||
#vandamme.jean-cloud.org
|
vandamme.jean-cloud.org
|
||||||
|
izzo.jean-cloud.org
|
||||||
|
Binary file not shown.
@ -30,8 +30,11 @@ if [ ! -d "$new_nginx_conf_path" ] ; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
IFS=';' read id username _ server < <(grep ";$service;" /docker/services.csv)
|
IFS=';' read id username _ server < <(grep ";$service;" /docker/services.csv)
|
||||||
|
if [ -z "$id" ] ; then
|
||||||
|
die "Service $service not found in list"
|
||||||
|
fi
|
||||||
|
|
||||||
uid=$(($services_uid_start + $id))
|
uid="$(($services_uid_start + $id))"
|
||||||
|
|
||||||
docker_service="$(echo "$service" | tr '.' '_')"
|
docker_service="$(echo "$service" | tr '.' '_')"
|
||||||
driglibash_section_prefix="[$service] "
|
driglibash_section_prefix="[$service] "
|
||||||
@ -126,8 +129,15 @@ fi
|
|||||||
for file in $( find "/docker/$service" -name "wg-*.sh") ; do
|
for file in $( find "/docker/$service" -name "wg-*.sh") ; do
|
||||||
section "Managing wg interface $(basename "$file")"
|
section "Managing wg interface $(basename "$file")"
|
||||||
if [ -x "$file" ] ; then
|
if [ -x "$file" ] ; then
|
||||||
wgif="$(basename "$file")"
|
wgnum="$(basename "$file")"
|
||||||
wgif="${wgif:3:-3}"
|
wgnum="${wgnum:3:-3}"
|
||||||
|
varname="WG_NAME_$wgnum"
|
||||||
|
wgif="${!varname}"
|
||||||
|
if [ -z "$wgif" ] ; then
|
||||||
|
echo "No wireguard name for $file"
|
||||||
|
returncode=1
|
||||||
|
continue
|
||||||
|
fi
|
||||||
"$file" $wgif > "/etc/wireguard/$wgif.conf"
|
"$file" $wgif > "/etc/wireguard/$wgif.conf"
|
||||||
if "$deploy" ; then
|
if "$deploy" ; then
|
||||||
run systemctl enable "wg-quick@$wgif"
|
run systemctl enable "wg-quick@$wgif"
|
||||||
@ -164,6 +174,7 @@ if [ "$noreload" == false ] ; then
|
|||||||
run restart_nginx.sh
|
run restart_nginx.sh
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
section "Cleaning"
|
section "Cleaning"
|
||||||
rmdir "$DATA_DIR" "$HTTP_DIR" 2>/dev/null || true
|
rmdir "$DATA_DIR" "$HTTP_DIR" 2>/dev/null || true
|
||||||
|
|
||||||
|
@ -57,18 +57,12 @@ run mkdir -p "$new_nginx_conf_path"
|
|||||||
section "Start docker"
|
section "Start docker"
|
||||||
run systemctl start docker docker.socket
|
run systemctl start docker docker.socket
|
||||||
|
|
||||||
#section "Deploy mandatory services"
|
|
||||||
#deploy_service.sh deployer.jean-cloud.org noreload
|
|
||||||
|
|
||||||
# List of failed services
|
# List of failed services
|
||||||
failed=""
|
failed=""
|
||||||
|
|
||||||
while IFS=';' read -r id username service target
|
while IFS=';' read -r id username service target
|
||||||
do
|
do
|
||||||
|
|
||||||
# Ignore _ and # prefixed services
|
|
||||||
[ "${service::1}" == '_' ] && continue
|
|
||||||
|
|
||||||
echo -n "$service -> "
|
echo -n "$service -> "
|
||||||
[ ! -d "/docker/$service" ] && die "/docker/$service directory not found"
|
[ ! -d "/docker/$service" ] && die "/docker/$service directory not found"
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@ new_nginx_conf_path='$proxy_dir/new-sites-enabled'
|
|||||||
dns_certs_path='$dns_certs_path'
|
dns_certs_path='$dns_certs_path'
|
||||||
http_certs_path='$http_certs_path'
|
http_certs_path='$http_certs_path'
|
||||||
dummy_cert_path='$http_certs_path/dummy'
|
dummy_cert_path='$http_certs_path/dummy'
|
||||||
servicefile=/docker/services.txt
|
servicefile=/docker/services.csv
|
||||||
services_uid_start=2000
|
services_uid_start=2000
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
@ -13,7 +13,7 @@ do
|
|||||||
fi
|
fi
|
||||||
done < <(grep -v '^#' /docker/services.csv)
|
done < <(grep -v '^#' /docker/services.csv)
|
||||||
|
|
||||||
apt install -y make
|
apt install -y make gcc
|
||||||
|
|
||||||
cd /usr/local/bin
|
cd /usr/local/bin
|
||||||
make
|
make
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
# This script will run on new cert and on cron renew
|
# This script will run on new cert and on cron renew
|
||||||
# there is one cert by service
|
# there is one cert by service
|
||||||
|
|
||||||
set -euo pipefail
|
set -u
|
||||||
|
|
||||||
. /etc/jeancloud.env
|
. /etc/jeancloud.env
|
||||||
|
|
||||||
|
Binary file not shown.
@ -35,8 +35,8 @@ http {
|
|||||||
##
|
##
|
||||||
# Logging Settings
|
# Logging Settings
|
||||||
##
|
##
|
||||||
log_format main '$time_local $remote_addr $status $host $request $bytes_sent'
|
log_format main '$remote_addr ($remote_user) [$time_local] $server_name "$request" $request_length $request_time -> $status $bytes_sent --- "$http_referer" "$http_user_agent"';
|
||||||
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
|
|
||||||
access_log /var/log/nginx/access.log main;
|
access_log /var/log/nginx/access.log main;
|
||||||
error_log /var/log/nginx/error.log;
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
@ -72,6 +72,7 @@ http {
|
|||||||
server{
|
server{
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
listen [::]:80 default_server;
|
listen [::]:80 default_server;
|
||||||
|
server_tokens off;
|
||||||
location '/.well-known/acme-challenge' {
|
location '/.well-known/acme-challenge' {
|
||||||
root /var/www/letsencrypt;
|
root /var/www/letsencrypt;
|
||||||
default_type "text/plain";
|
default_type "text/plain";
|
||||||
|
40
services/accent.jean-cloud.net/docker-compose.yml
Normal file
40
services/accent.jean-cloud.net/docker-compose.yml
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: mirego/accent:v1.19.12
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
environment:
|
||||||
|
- DATABASE_URL=postgres://postgres@db:5432/accent_development
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.100
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '1'
|
||||||
|
memory: 200M
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: postgres:10.3
|
||||||
|
environment:
|
||||||
|
- POSTGRES_DB=accent_development
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/db:/var/lib/postgresql/data
|
||||||
|
restart: "unless-stopped"
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.101
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '1'
|
||||||
|
memory: 300M
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
1
services/backup-borg-client/backup_list.sh
Executable file
1
services/backup-borg-client/backup_list.sh
Executable file
@ -0,0 +1 @@
|
|||||||
|
#!/bin/bash
|
26
services/backup-borg-client/deploy.sh
Executable file
26
services/backup-borg-client/deploy.sh
Executable file
@ -0,0 +1,26 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
pubkeyfile="/root/.ssh/authorized_keys"
|
||||||
|
separator="# backup-borg-begin DO NOT EDIT UNDER THIS LINE"
|
||||||
|
mkdir -p "$DATA_DIR/pubkeys" "$DATA_DIR/.ssh"
|
||||||
|
|
||||||
|
# Create ssh key if not found
|
||||||
|
if [ ! -e "$DATA_DIR/.ssh/borg-client" ] ; then
|
||||||
|
ssh-keygen -f "$DATA_DIR/.ssh/borg-client" -C "SSH key for backup trigger" -P ''
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Remove separator and automated lines if found
|
||||||
|
if [ -n "$(grep "$separator" "$pubkeyfile")" ] ; then
|
||||||
|
sed -i "/$separator/,//d" "$pubkeyfile"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Place separator back
|
||||||
|
echo "$separator" >> "$pubkeyfile"
|
||||||
|
|
||||||
|
# Foreach borg server key
|
||||||
|
while read serverkey ; do
|
||||||
|
# Add authorized_keys line
|
||||||
|
echo "command=\"$DOCKER_DIR/script-sauvegarde.sh $serverkey\" $(cat "$DATA_DIR/pubkeys/$serverkey")" >> "$pubkeyfile"
|
||||||
|
done < <(ls "$DATA_DIR/pubkeys")
|
49
services/backup-borg-client/script-sauvegarde.sh
Executable file
49
services/backup-borg-client/script-sauvegarde.sh
Executable file
@ -0,0 +1,49 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
. "$( cd -P "$( dirname "$0" )" && pwd )/.env"
|
||||||
|
|
||||||
|
server="$1"
|
||||||
|
failed=""
|
||||||
|
|
||||||
|
while IFS=';' read -r id username service target ; do
|
||||||
|
if [ ! -d "/data/$service" ] ; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo " = = ===== = ===== $service ===== = ===== = ="
|
||||||
|
|
||||||
|
# Create passfile if not exists
|
||||||
|
mkdir -p "$DATA_DIR/passphrase"
|
||||||
|
passfile="$DATA_DIR/passphrase/$service"
|
||||||
|
if [ ! -e "$passfile" ] ; then
|
||||||
|
LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 257 > "$passfile"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Borg variables
|
||||||
|
export BORG_REPO="backup-borg-server@127.0.0.1:/data/backup-borg-server/backups/$(hostname)/$service"
|
||||||
|
export BORG_PASSPHRASE="$(cat "$passfile")"
|
||||||
|
RSH='ssh -o StrictHostKeyChecking=no -p 12345'
|
||||||
|
|
||||||
|
# Get specific backup files
|
||||||
|
cd "/data/$service"
|
||||||
|
BACKUP_LIST="$(ls -A)"
|
||||||
|
if [ -x "/docker/$service/backup_list.sh" ] ; then
|
||||||
|
BACKUP_LIST="$(/docker/$service/backup_list.sh)"
|
||||||
|
fi
|
||||||
|
if [ -z "$BACKUP_LIST" ] ; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
echo "--------------> $BACKUP_LIST"
|
||||||
|
|
||||||
|
borg init --rsh "$RSH" --encryption repokey || true
|
||||||
|
borg create --rsh "$RSH" --list --filter=AMCE --stats --show-rc "::$(date +%Y%m%d%H%M)" $BACKUP_LIST
|
||||||
|
if [ "$?" -ne 0 ] ; then
|
||||||
|
failed="$failed $service"
|
||||||
|
fi
|
||||||
|
|
||||||
|
done < <(grep -v '^#' /docker/services.csv)
|
||||||
|
|
||||||
|
if [ -n "$failed" ] ; then
|
||||||
|
echo "FAILED"
|
||||||
|
echo "$failed"
|
||||||
|
fi
|
39
services/backup-borg-server/deploy_user.sh
Executable file
39
services/backup-borg-server/deploy_user.sh
Executable file
@ -0,0 +1,39 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
sshkey=~/.ssh/borg-server
|
||||||
|
backup_dir="$DATA_DIR/backups"
|
||||||
|
|
||||||
|
mkdir -p ~/.ssh "$backup_dir"
|
||||||
|
|
||||||
|
if [ ! -e "$sshkey" ] ; then
|
||||||
|
ssh-keygen -q -C 'Borg server ssh key' -N '' -t rsa -f "$sshkey" <<<y 2>&1 >/dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -n "" > ~/.ssh/authorized_keys
|
||||||
|
chmod 600 ~/.ssh/authorized_keys
|
||||||
|
|
||||||
|
# Foreach client
|
||||||
|
for client in raku.jean-cloud.org vandamme.jean-cloud.org ; do
|
||||||
|
# Generate key
|
||||||
|
clientkey="$(mktemp -d)"
|
||||||
|
ssh-keygen -q -N '' -t rsa -C 'Borg client ssh key' -f "$clientkey/id_rsa" <<<y 2>&1 >/dev/null
|
||||||
|
cat > ~/.ssh/authorized_keys <<EOF
|
||||||
|
command="borg serve --append-only --restrict-to-path '$backup_dir/$client'",restrict $(cat "$clientkey/id_rsa.pub")
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# Create needed directory
|
||||||
|
mkdir -p "$backup_dir/$client"
|
||||||
|
|
||||||
|
# Trigger the backup
|
||||||
|
eval $(ssh-agent) > /dev/null
|
||||||
|
ssh-add "$clientkey/id_rsa"
|
||||||
|
ssh -A -R localhost:12345:127.0.0.1:45985 "root@$client" -p 45985 -i "$sshkey"
|
||||||
|
|
||||||
|
# Clean
|
||||||
|
kill "${SSH_AGENT_PID}"
|
||||||
|
rm -r "$clientkey" ~/.ssh/authorized_keys
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
0
services/benevoles32.karnaval.fr/.env
Normal file
0
services/benevoles32.karnaval.fr/.env
Normal file
44
services/benevoles32.karnaval.fr/docker-compose.yml
Executable file
44
services/benevoles32.karnaval.fr/docker-compose.yml
Executable file
@ -0,0 +1,44 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: jeancloud/site-benevole:debian-develop
|
||||||
|
environment:
|
||||||
|
UID: 33
|
||||||
|
MOUNT: /
|
||||||
|
volumes:
|
||||||
|
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
||||||
|
- $DATA_DIR/app/assets:/usr/src/app/assets
|
||||||
|
- $DATA_DIR/app/media:/usr/src/app/media
|
||||||
|
- $DATA_DIR/app/local_settings.py:/usr/src/app/site_benevole/local_settings.py
|
||||||
|
- $DATA_DIR/app/plugins.toml:/usr/src/app/site_benevole/plugins.toml
|
||||||
|
- $DATA_DIR/app/.plugins.sqlite3:/usr/src/app/site_benevole/.plugins.sqlite3
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.100
|
||||||
|
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.102
|
||||||
|
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: postgres:16.1-alpine
|
||||||
|
env_file: $DATA_DIR/postgres.env
|
||||||
|
environment:
|
||||||
|
POSTGRES_USER: benevoles
|
||||||
|
POSTGRES_DB: benevoles
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/db:/var/lib/postgresql/data
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.101
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
55
services/benevoles32.karnaval.fr/nginx_server.conf
Executable file
55
services/benevoles32.karnaval.fr/nginx_server.conf
Executable file
@ -0,0 +1,55 @@
|
|||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
server_name $JC_SERVICE benevoles.karnaval.fr;
|
||||||
|
|
||||||
|
root $DATA_DIR/app/assets;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_static on;
|
||||||
|
gzip_types application/javascript image/* text/css application/font-woff application/font-woff2;
|
||||||
|
gunzip on;
|
||||||
|
|
||||||
|
ssl_session_tickets off;
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_buffer_size 4k;
|
||||||
|
client_max_body_size 4M;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
include uwsgi_params;
|
||||||
|
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi.sock;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /favicon.ico {
|
||||||
|
root $DATA_DIR/assets/;
|
||||||
|
}
|
||||||
|
location = /favicon-admin.ico {
|
||||||
|
root $DATA_DIR/assets/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /assets/ {
|
||||||
|
alias $DATA_DIR/app/assets/;
|
||||||
|
access_log off;
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
sendfile_max_chunk 1m;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
location ~* \.(jpg|jpeg|png|gif|ico|woff|woff2)$ {
|
||||||
|
access_log off;
|
||||||
|
expires 5d;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
location /media/ {
|
||||||
|
alias $DATA_DIR/app/media/;
|
||||||
|
access_log off;
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
sendfile_max_chunk 1m;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
1
services/chiloe.eu/.env
Normal file
1
services/chiloe.eu/.env
Normal file
@ -0,0 +1 @@
|
|||||||
|
SFTP_USER="chiloeRO"
|
0
services/chiloe.eu/LINKS. DO NOT EDIT
Normal file
0
services/chiloe.eu/LINKS. DO NOT EDIT
Normal file
1
services/chiloe.eu/deploy.sh
Symbolic link
1
services/chiloe.eu/deploy.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/deploy.sh
|
@ -1,3 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user chiloeRO --sftp-port 2929 --sftp-pass "$SFTP_PASS" :sftp:/public/ "$HTTP_DIR"
|
|
1
services/chiloe.eu/deploy_user.sh
Symbolic link
1
services/chiloe.eu/deploy_user.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/deploy_user.sh
|
1
services/copaines.jean-cloud.net/.env
Normal file
1
services/copaines.jean-cloud.net/.env
Normal file
@ -0,0 +1 @@
|
|||||||
|
SFTP_USER="copaines"
|
0
services/copaines.jean-cloud.net/LINKS. DO NOT EDIT
Normal file
0
services/copaines.jean-cloud.net/LINKS. DO NOT EDIT
Normal file
@ -1,3 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
chmod 700 "$SECRET_DIR/sftp.sshprivkey"
|
|
1
services/copaines.jean-cloud.net/deploy.sh
Symbolic link
1
services/copaines.jean-cloud.net/deploy.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/deploy.sh
|
@ -1,5 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
mkdir -p ~/.ssh
|
|
||||||
echo '[sftp.jean-cloud.net]:2929 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5WLG4HbhHMWZySQkCOfMyJ8HAojyJJ66prhn/WSh1T6vyi/oWuodhN5fzIenEpKrmIzXLLfFa8Q9YuEYmcwNGp0FrTnATDYLABL530DBsCQzA5S+fLecY0iLHEkluuJCcX2+cNpu7ytzgbEzHFDRDkd6RgI1cBL5smCnbxfrJSvfLR0VvihQJNZKPYEFHxt9euGkHhKilwbXa4VEtfY8GfMK18dGlM+K2nRu4G+ckoNzx9K2RdwAqUyj1WFLrS+FYY8EbHlffWf4WES32tSeyd6z3rF0jFoN83ojZ0nPfcch10tWklfRc2RcoItde9p0bR/Cgz2SI1nZT9EcBhrpqGkucLsx/xvcxXd/puQDe9svBq1vgWRuub7e6Q40v8Lhl5dTGJutKLWbCg9udonaUIR/LudSnSgEGrDoz/Yjx8Iytj9+tLj9C+rRASfUnHnTRjsVKJG3Ofx+YHhWs0gLJcV06EvM+PBgZOCnegcPrssi0OE+I5HtDixTkaBNQPHXfKcGqlSEPRmqEuwsvdcv7vOfWJn1ufmKpoaLXWPrX+U4gZYSMHrhieqdcieT8wSu/YJa8gBM5qkK1WMOYxwYzLU5q9H4g9sJfFqk14cvQk47Tb+nTLlFoYZvunATBAxQuNuMo8+scu0BuIqinB5SjO6bwF3nJUCigs8BTmo95Pw==' >> ~/.ssh/known_hosts
|
|
||||||
chmod 700 ~/.ssh/known_hosts
|
|
||||||
scp -i "$SECRET_DIR/sftp.sshprivkey" -rP 2929 copaines@sftp.jean-cloud.net:public/* "$HTTP_DIR"
|
|
1
services/copaines.jean-cloud.net/deploy_user.sh
Symbolic link
1
services/copaines.jean-cloud.net/deploy_user.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/deploy_user.sh
|
@ -1,30 +0,0 @@
|
|||||||
#server {
|
|
||||||
# listen 443 ssl http2;
|
|
||||||
# listen [::]:443 ssl http2;
|
|
||||||
# ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
# ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
# server_name wordpress.copaines.jean-cloud.net www.wordpress.copaines.jean-cloud.net;
|
|
||||||
# location / {
|
|
||||||
# auth_basic "Mot de passe !";
|
|
||||||
# auth_basic_user_file /data/copaines.jean-cloud.net/pass.txt;
|
|
||||||
# client_max_body_size 2G;
|
|
||||||
# #proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
# proxy_set_header Host $http_host;
|
|
||||||
# proxy_set_header X-Forwarded-Proto https;
|
|
||||||
# proxy_pass http://wp.copainesjean-cloudnet.docker;
|
|
||||||
# proxy_redirect off;
|
|
||||||
# }
|
|
||||||
#}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
server_name copaines.jean-cloud.net www.copaines.jean-cloud.net;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root $HTTP_DIR;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
}
|
|
1
services/copaines.jean-cloud.net/nginx_server.conf
Symbolic link
1
services/copaines.jean-cloud.net/nginx_server.conf
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/nginx_server.conf
|
@ -29,9 +29,7 @@ echo "Renew existing certs"
|
|||||||
certbot renew --config-dir "$DATA_DIR/certs" --logs-dir "$workdir/logs" --dns-rfc2136 --dns-rfc2136-credentials "$DATA_DIR/rfc2136.ini" --work-dir "$workdir"
|
certbot renew --config-dir "$DATA_DIR/certs" --logs-dir "$workdir/logs" --dns-rfc2136 --dns-rfc2136-credentials "$DATA_DIR/rfc2136.ini" --work-dir "$workdir"
|
||||||
|
|
||||||
echo "For each service, read all possible domains"
|
echo "For each service, read all possible domains"
|
||||||
while read line ; do
|
while IFS=';' read -r id username service target ; do
|
||||||
read -r service target < <(echo "$line")
|
|
||||||
|
|
||||||
# TODO remove
|
# TODO remove
|
||||||
[ "$service" = collectif-arthadie.fr ] && continue
|
[ "$service" = collectif-arthadie.fr ] && continue
|
||||||
|
|
||||||
@ -46,7 +44,7 @@ while read line ; do
|
|||||||
# acme
|
# acme
|
||||||
"$here/acme-dns.sh" "$service" "$workdir"
|
"$here/acme-dns.sh" "$service" "$workdir"
|
||||||
|
|
||||||
done < "$servicefile"
|
done < <(grep -v '^#' "$servicefile")
|
||||||
|
|
||||||
echo "Push certs to other servers"
|
echo "Push certs to other servers"
|
||||||
for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') vandamme nougaro ; do
|
for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') vandamme nougaro ; do
|
||||||
|
1
services/etrevivant.net/backup_list.sh
Executable file
1
services/etrevivant.net/backup_list.sh
Executable file
@ -0,0 +1 @@
|
|||||||
|
#!/bin/bash
|
1
services/feministesucl34.communisteslibertaires.org/.env
Normal file
1
services/feministesucl34.communisteslibertaires.org/.env
Normal file
@ -0,0 +1 @@
|
|||||||
|
SFTP_USER="feministesucl34"
|
1
services/feministesucl34.communisteslibertaires.org/deploy.sh
Symbolic link
1
services/feministesucl34.communisteslibertaires.org/deploy.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/deploy.sh
|
@ -1,5 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -euo pipefail
|
|
||||||
. "$SECRET_DIR/.env"
|
|
||||||
|
|
||||||
rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user feministesucl34 --sftp-port 2929 --sftp-pass "$SFTP_PASS" :sftp:/public/ "$HTTP_DIR"
|
|
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/deploy_user.sh
|
@ -1,16 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
server_name $JC_SERVICE;
|
|
||||||
|
|
||||||
location = /wp-login.php {
|
|
||||||
return 301 https://wordpress.feministesucl34.jean-cloud.net/wp-login.php;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root $HTTP_DIR;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
}
|
|
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/nginx_server.conf
|
@ -16,6 +16,7 @@ services:
|
|||||||
image: postgres:16-alpine
|
image: postgres:16-alpine
|
||||||
volumes:
|
volumes:
|
||||||
- /data/git.jean-cloud.net/db:/var/lib/postgresql/data
|
- /data/git.jean-cloud.net/db:/var/lib/postgresql/data
|
||||||
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
ipv4_address: $NET.101
|
ipv4_address: $NET.101
|
||||||
|
@ -4,7 +4,6 @@ server {
|
|||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
limit_req zone=defaultlimit burst=20 nodelay;
|
|
||||||
location / {
|
location / {
|
||||||
client_max_body_size 5G;
|
client_max_body_size 5G;
|
||||||
proxy_pass http://$NET.100:3000;
|
proxy_pass http://$NET.100:3000;
|
||||||
|
@ -9,5 +9,8 @@ cd "$HTTP_DIR"
|
|||||||
# Get remote content files
|
# Get remote content files
|
||||||
rclone_ncloud_publiclink.sh
|
rclone_ncloud_publiclink.sh
|
||||||
|
|
||||||
|
# Invalid cache
|
||||||
|
#rm -rf "/tmp/hugo_cache_$USER"
|
||||||
|
|
||||||
# Build website
|
# Build website
|
||||||
HUGO_CACHEDIR=/tmp/hugo_cache_$USER hugo
|
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
||||||
|
1
services/leida.fr/.env
Normal file
1
services/leida.fr/.env
Normal file
@ -0,0 +1 @@
|
|||||||
|
SFTP_USER=leidaRO
|
0
services/leida.fr/LINKS. DO NOT EDIT
Normal file
0
services/leida.fr/LINKS. DO NOT EDIT
Normal file
1
services/leida.fr/deploy.sh
Symbolic link
1
services/leida.fr/deploy.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/deploy.sh
|
1
services/leida.fr/deploy_user.sh
Symbolic link
1
services/leida.fr/deploy_user.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/deploy_user.sh
|
@ -1 +0,0 @@
|
|||||||
version: '3'
|
|
@ -1,15 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
server_name leida.fr www.leida.fr;
|
|
||||||
location / {
|
|
||||||
root /data/leida.fr/public;
|
|
||||||
index index.htm index.html;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location ~ .php {
|
|
||||||
deny all;
|
|
||||||
}
|
|
||||||
}
|
|
1
services/leida.fr/nginx_server.conf
Symbolic link
1
services/leida.fr/nginx_server.conf
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../sftp_jc/nginx_server.conf
|
1
services/lexicographe.jean-cloud.net/backup_list.sh
Symbolic link
1
services/lexicographe.jean-cloud.net/backup_list.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../pelican/backup_list.sh
|
@ -10,3 +10,4 @@ TELECOM_SERVER_PORT=3494
|
|||||||
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/core/radioDemo
|
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/core/radioDemo
|
||||||
OMA_DOCKER_VERSION=dev
|
OMA_DOCKER_VERSION=dev
|
||||||
ICECAST=.110
|
ICECAST=.110
|
||||||
|
WG_NAME_radiodemo=radiodemo
|
||||||
|
1
services/mux.radiodemo.oma-radio.fr/backup_list.sh
Executable file
1
services/mux.radiodemo.oma-radio.fr/backup_list.sh
Executable file
@ -0,0 +1 @@
|
|||||||
|
#!/bin/bash
|
@ -2,7 +2,9 @@ version: '3'
|
|||||||
services:
|
services:
|
||||||
ambre_mux:
|
ambre_mux:
|
||||||
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
|
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
|
||||||
env_file: .env
|
env_file:
|
||||||
|
- .env
|
||||||
|
- $DATA_DIR/.env
|
||||||
environment:
|
environment:
|
||||||
OMA_CONFIG_Client1Host: $NET.108
|
OMA_CONFIG_Client1Host: $NET.108
|
||||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||||
@ -10,6 +12,8 @@ services:
|
|||||||
- $SOUNDBASE_DIR/pige:/app/pige
|
- $SOUNDBASE_DIR/pige:/app/pige
|
||||||
ports:
|
ports:
|
||||||
- $MUX_SERVER_PORT:9000
|
- $MUX_SERVER_PORT:9000
|
||||||
|
depends_on:
|
||||||
|
- transcode
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
@ -58,7 +62,9 @@ services:
|
|||||||
|
|
||||||
transcode:
|
transcode:
|
||||||
image: savonet/liquidsoap:v2.1.4
|
image: savonet/liquidsoap:v2.1.4
|
||||||
env_file: .env
|
env_file:
|
||||||
|
- .env
|
||||||
|
- $DATA_DIR/.env
|
||||||
volumes:
|
volumes:
|
||||||
- ./liquidsoap.liq:/transcode.liq
|
- ./liquidsoap.liq:/transcode.liq
|
||||||
- $SOUNDBASE_DIR:/soundbase
|
- $SOUNDBASE_DIR:/soundbase
|
||||||
|
42
services/mux.radiodemo.oma-radio.fr/server.sh
Executable file
42
services/mux.radiodemo.oma-radio.fr/server.sh
Executable file
@ -0,0 +1,42 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo "Content-type: text/html"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
. .env
|
||||||
|
|
||||||
|
|
||||||
|
instance=''
|
||||||
|
since=''
|
||||||
|
until=''
|
||||||
|
|
||||||
|
action="$(echo "$QUERY_STRING" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')"
|
||||||
|
|
||||||
|
while IFS='=' read key value ; do
|
||||||
|
case "$key" in
|
||||||
|
instance)
|
||||||
|
instance="$value"
|
||||||
|
;;
|
||||||
|
since)
|
||||||
|
since="$value"
|
||||||
|
;;
|
||||||
|
until)
|
||||||
|
until="$value"
|
||||||
|
;;
|
||||||
|
list)
|
||||||
|
docker-compose ps -a --format json
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
exit 1
|
||||||
|
esac
|
||||||
|
done < <(echo "$action")
|
||||||
|
|
||||||
|
[ -z "$instance" ] && exit 2
|
||||||
|
[ -z "$since" ] && exit 3
|
||||||
|
[ -z "$until" ] && exit 4
|
||||||
|
|
||||||
|
echo docker-compose logs --since "$since" --until "$until" "$instance"
|
||||||
|
if [ "$?" -ne 0 ] ; then
|
||||||
|
echo failed
|
||||||
|
fi
|
||||||
|
|
@ -25,7 +25,8 @@ keydir="$DATA_DIR/keys"
|
|||||||
primary_ips=""
|
primary_ips=""
|
||||||
|
|
||||||
# IP of secondary servers (for zone transfer)
|
# IP of secondary servers (for zone transfer)
|
||||||
secondary_ips="37.65.119.74;"
|
# master.retzo.net
|
||||||
|
secondary_ips="159.69.124.127;2a01:4f8:c17:d8f2::1;"
|
||||||
|
|
||||||
# NS name
|
# NS name
|
||||||
default_dns_name="ns.jean-cloud.org."
|
default_dns_name="ns.jean-cloud.org."
|
||||||
|
@ -20,7 +20,7 @@ prepare () {
|
|||||||
chown bind:bind "$debian_bind_confdir" -R
|
chown bind:bind "$debian_bind_confdir" -R
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Sync the git repo
|
echo 'Sync the git repo'
|
||||||
run sudo -u bind git_update.sh -N -b main -i "$SECRET_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
|
run sudo -u bind git_update.sh -N -b main -i "$SECRET_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
|
||||||
cd /etc/bind
|
cd /etc/bind
|
||||||
|
|
||||||
@ -36,6 +36,13 @@ prepare () {
|
|||||||
}
|
}
|
||||||
|
|
||||||
restart () {
|
restart () {
|
||||||
|
echo 'Check named conf'
|
||||||
|
run named-checkconf "$debian_bind_confdir/named.conf"
|
||||||
|
for db_file in $(list_db_files) ; do
|
||||||
|
domain="${db_file:3}"
|
||||||
|
run named-checkzone "$domain" "$db_file"
|
||||||
|
done
|
||||||
|
|
||||||
echo 'Restart named'
|
echo 'Restart named'
|
||||||
rm /etc/bind/*.jnl || true
|
rm /etc/bind/*.jnl || true
|
||||||
systemctl restart named
|
systemctl restart named
|
||||||
@ -109,6 +116,10 @@ list_template_db_files () {
|
|||||||
ls "$debian_bind_confdir"/template.db.*
|
ls "$debian_bind_confdir"/template.db.*
|
||||||
}
|
}
|
||||||
|
|
||||||
|
list_db_files () {
|
||||||
|
ls "$debian_bind_confdir"/db.* | grep -v -e '.jbk$' -e '.signed$' -e '.signed.jnl'
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
create_primary_files () {
|
create_primary_files () {
|
||||||
# Compact the default SOA
|
# Compact the default SOA
|
||||||
|
2
services/nuage.jean-cloud.net/.env
Normal file
2
services/nuage.jean-cloud.net/.env
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
DATA_DIR=/tmp/mock_data
|
||||||
|
NET=172.29.1
|
94
services/nuage.jean-cloud.net/docker-compose.yml
Executable file
94
services/nuage.jean-cloud.net/docker-compose.yml
Executable file
@ -0,0 +1,94 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
db:
|
||||||
|
image: postgres:15-alpine
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/db:/var/lib/postgresql/data
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.101
|
||||||
|
|
||||||
|
nextcloud:
|
||||||
|
image: nextcloud:28-fpm-alpine
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/app:/var/www/html
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.100
|
||||||
|
|
||||||
|
etherpad:
|
||||||
|
image: etherpad/etherpad
|
||||||
|
environment:
|
||||||
|
- DB_TYPE=postgres
|
||||||
|
- DB_HOST=db_etherpad
|
||||||
|
- DB_PORT=5432
|
||||||
|
- DB_NAME=etherpad
|
||||||
|
- DB_USER=etherpad
|
||||||
|
- DB_PASS=toDEzbjoTLBCugi9MrDMtVEPCLwcDeUJ6ofvqEWqmNEm7YvjNBHnKVa
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.104
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 1000M
|
||||||
|
|
||||||
|
db_etherpad:
|
||||||
|
image: postgres:11-alpine
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/db_etherpad:/var/lib/postgresql/data
|
||||||
|
environment:
|
||||||
|
- POSTGRES_USER=etherpad
|
||||||
|
- POSTGRES_DB=etherpad
|
||||||
|
- POSTGRES_PASSWORD=toDEzbjoTLBCugi9MrDMtVEPCLwcDeUJ6ofvqEWqmNEm7YvjNBHnKVa
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.105
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 1000M
|
||||||
|
|
||||||
|
ethercalc:
|
||||||
|
image: audreyt/ethercalc
|
||||||
|
environment:
|
||||||
|
REDIS_PORT_6379_TCP_ADDR: redis
|
||||||
|
REDIS_PORT_6379_TCP_PORT: 6379
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.102
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 1000M
|
||||||
|
|
||||||
|
redis:
|
||||||
|
image: redis:latest
|
||||||
|
volumes:
|
||||||
|
- /var/lib/redis:/data
|
||||||
|
command: redis-server --appendonly yes
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.103
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 2000M
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
@ -1,36 +1,45 @@
|
|||||||
# inspired from
|
# inspired from
|
||||||
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html?highlight=nginx
|
# https://docs.nextcloud.com/server/28/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx
|
||||||
# 2021 05 25
|
# 2024 02 11
|
||||||
|
|
||||||
|
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||||
|
map $arg_v $asset_immutable {
|
||||||
|
"" "";
|
||||||
|
default ", immutable";
|
||||||
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
|
|
||||||
|
|
||||||
|
# Path to the root of your installation
|
||||||
root $DATA_DIR/app;
|
root $DATA_DIR/app;
|
||||||
|
|
||||||
|
|
||||||
|
# Use Mozilla's guidelines for SSL/TLS settings
|
||||||
|
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
|
||||||
|
|
||||||
limit_req zone=defaultlimit burst=500 nodelay;
|
limit_req zone=defaultlimit burst=500 nodelay;
|
||||||
|
|
||||||
location = /robots.txt {
|
# Prevent nginx HTTP Server Detection
|
||||||
allow all;
|
server_tokens off;
|
||||||
log_not_found off;
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
# HSTS settings
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||||
|
|
||||||
location = /.well-known/carddav {
|
# set max upload size and increase upload timeout:
|
||||||
return 301 $scheme://$host/remote.php/dav;
|
|
||||||
}
|
|
||||||
location = /.well-known/caldav {
|
|
||||||
return 301 $scheme://$host/remote.php/dav;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# set max upload size
|
|
||||||
client_max_body_size 10G;
|
client_max_body_size 10G;
|
||||||
|
client_body_timeout 300s;
|
||||||
fastcgi_buffers 64 4K;
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
# Enable gzip but do not remove ETag headers
|
# Enable gzip but do not remove ETag headers
|
||||||
@ -39,36 +48,37 @@ server {
|
|||||||
gzip_comp_level 4;
|
gzip_comp_level 4;
|
||||||
gzip_min_length 256;
|
gzip_min_length 256;
|
||||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
# Uncomment if your server is build with the ngx_pagespeed module
|
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||||
# This module is currently not supported.
|
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||||
#pagespeed off;
|
#pagespeed off;
|
||||||
|
|
||||||
|
# The settings allows you to optimize the HTTP2 bandwidth.
|
||||||
|
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
|
||||||
|
# for tuning hints
|
||||||
|
client_body_buffer_size 512k;
|
||||||
|
|
||||||
# Add headers to serve security related headers
|
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||||
# Before enabling Strict-Transport-Security headers please read into this
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
# topic first.
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
# add_header Strict-Transport-Security "max-age=15768000;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
# includeSubDomains; preload;";
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
#
|
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||||
# WARNING: Only add the preload option once you read about
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
# the consequences in https://hstspreload.org/. This option
|
|
||||||
# will add the domain to a hardcoded list that is shipped
|
|
||||||
# in all major browsers and getting removed from this list
|
|
||||||
# could take several months.
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
|
||||||
add_header X-Robots-Tag none;
|
|
||||||
add_header X-Download-Options noopen;
|
|
||||||
add_header X-Permitted-Cross-Domain-Policies none;
|
|
||||||
add_header Referrer-Policy no-referrer;
|
|
||||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN";
|
|
||||||
|
|
||||||
# Remove X-Powered-By, which is an information leak
|
# Remove X-Powered-By, which is an information leak
|
||||||
fastcgi_hide_header X-Powered-By;
|
fastcgi_hide_header X-Powered-By;
|
||||||
|
|
||||||
|
# Set .mjs and .wasm MIME types
|
||||||
|
# Either include it in the default mime.types list
|
||||||
|
# and include that list explicitly or add the file extension
|
||||||
|
# only for Nextcloud like below:
|
||||||
|
include mime.types;
|
||||||
|
types {
|
||||||
|
text/javascript js mjs;
|
||||||
|
application/wasm wasm;
|
||||||
|
}
|
||||||
|
|
||||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||||
@ -77,7 +87,7 @@ server {
|
|||||||
# that file is correctly served; if it doesn't, then the request is passed to
|
# that file is correctly served; if it doesn't, then the request is passed to
|
||||||
# the front-end controller. This consistent behaviour means that we don't need
|
# the front-end controller. This consistent behaviour means that we don't need
|
||||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||||
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
# `/updater`, `/ocs-provider`), and thus
|
||||||
# `try_files $uri $uri/ /index.php$request_uri`
|
# `try_files $uri $uri/ /index.php$request_uri`
|
||||||
# always provides the desired behaviour.
|
# always provides the desired behaviour.
|
||||||
index index.php index.html /index.php$request_uri;
|
index index.php index.html /index.php$request_uri;
|
||||||
@ -89,14 +99,43 @@ server {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
location = /robots.txt {
|
||||||
return 404;
|
allow all;
|
||||||
}
|
log_not_found off;
|
||||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
access_log off;
|
||||||
return 404;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Make a regex exception for `/.well-known` so that clients can still
|
||||||
|
# access it despite the existence of the regex rule
|
||||||
|
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||||
|
# for `/.well-known`.
|
||||||
|
location ^~ /.well-known {
|
||||||
|
# The rules in this block are an adaptation of the rules
|
||||||
|
# in `.htaccess` that concern `/.well-known`.
|
||||||
|
|
||||||
|
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||||
|
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||||
|
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||||
|
|
||||||
|
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||||
|
# requests by passing them to the front-end controller.
|
||||||
|
return 301 /index.php$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||||
|
|
||||||
|
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||||
|
# which handle static assets (as seen below). If this block is not declared first,
|
||||||
|
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||||
|
# to the URI, resulting in a HTTP 500 error response.
|
||||||
location ~ \.php(?:$|/) {
|
location ~ \.php(?:$|/) {
|
||||||
|
# Required for legacy support
|
||||||
|
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||||
|
|
||||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
set $path_info $fastcgi_path_info;
|
set $path_info $fastcgi_path_info;
|
||||||
|
|
||||||
@ -104,23 +143,30 @@ server {
|
|||||||
|
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
|
||||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
fastcgi_param PATH_INFO $path_info;
|
||||||
|
|
||||||
# TODO is it needed? Is it buggy?
|
|
||||||
fastcgi_param HTTPS on;
|
fastcgi_param HTTPS on;
|
||||||
|
|
||||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||||
fastcgi_param front_controller_active true;
|
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||||
fastcgi_pass $NET.100:9000;
|
fastcgi_pass $NET.100:9000;
|
||||||
|
|
||||||
fastcgi_intercept_errors on;
|
fastcgi_intercept_errors on;
|
||||||
fastcgi_request_buffering off;
|
fastcgi_request_buffering off;
|
||||||
|
|
||||||
|
fastcgi_max_temp_file_size 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Serve static files
|
||||||
# Make sure it is BELOW the PHP block
|
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||||
location ~ \.(?:css|js|svg|gif)$ {
|
|
||||||
try_files $uri /index.php$request_uri;
|
try_files $uri /index.php$request_uri;
|
||||||
expires 6M; # Cache-Control policy borrowed from `.htaccess`
|
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||||
|
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
||||||
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
|
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
access_log off; # Optional: Don't log access to assets
|
access_log off; # Optional: Don't log access to assets
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -174,7 +220,7 @@ server {
|
|||||||
proxy_buffers 32 64k;
|
proxy_buffers 32 64k;
|
||||||
proxy_buffer_size 128k;
|
proxy_buffer_size 128k;
|
||||||
add_header Strict-Transport-Security max-age=31536000;
|
add_header Strict-Transport-Security max-age=31536000;
|
||||||
include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
#include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||||
}
|
}
|
||||||
location / {
|
location / {
|
||||||
gzip on;
|
gzip on;
|
||||||
@ -189,7 +235,7 @@ server {
|
|||||||
proxy_buffers 32 64k;
|
proxy_buffers 32 64k;
|
||||||
proxy_buffer_size 128k;
|
proxy_buffer_size 128k;
|
||||||
add_header Strict-Transport-Security max-age=31536000;
|
add_header Strict-Transport-Security max-age=31536000;
|
||||||
include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
#include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
185
services/nuage.jean-cloud.net/nginx_server.conf.doc
Normal file
185
services/nuage.jean-cloud.net/nginx_server.conf.doc
Normal file
@ -0,0 +1,185 @@
|
|||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
upstream php-handler {
|
||||||
|
server 127.0.0.1:9000;
|
||||||
|
#server unix:/run/php/php8.2-fpm.sock;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||||
|
map $arg_v $asset_immutable {
|
||||||
|
"" "";
|
||||||
|
default ", immutable";
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name cloud.example.com;
|
||||||
|
|
||||||
|
# Path to the root of your installation
|
||||||
|
root /var/www/nextcloud;
|
||||||
|
|
||||||
|
# Use Mozilla's guidelines for SSL/TLS settings
|
||||||
|
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||||
|
ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
|
||||||
|
|
||||||
|
# Prevent nginx HTTP Server Detection
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
# HSTS settings
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||||
|
|
||||||
|
# set max upload size and increase upload timeout:
|
||||||
|
client_max_body_size 512M;
|
||||||
|
client_body_timeout 300s;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
# Enable gzip but do not remove ETag headers
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||||
|
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||||
|
#pagespeed off;
|
||||||
|
|
||||||
|
# The settings allows you to optimize the HTTP2 bandwidth.
|
||||||
|
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
|
||||||
|
# for tuning hints
|
||||||
|
client_body_buffer_size 512k;
|
||||||
|
|
||||||
|
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||||
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
|
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
|
||||||
|
# Remove X-Powered-By, which is an information leak
|
||||||
|
fastcgi_hide_header X-Powered-By;
|
||||||
|
|
||||||
|
# Set .mjs and .wasm MIME types
|
||||||
|
# Either include it in the default mime.types list
|
||||||
|
# and include that list explicitly or add the file extension
|
||||||
|
# only for Nextcloud like below:
|
||||||
|
include mime.types;
|
||||||
|
types {
|
||||||
|
text/javascript js mjs;
|
||||||
|
application/wasm wasm;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||||
|
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||||
|
# when a client requests a path that corresponds to a directory that exists
|
||||||
|
# on the server. In particular, if that directory contains an index.php file,
|
||||||
|
# that file is correctly served; if it doesn't, then the request is passed to
|
||||||
|
# the front-end controller. This consistent behaviour means that we don't need
|
||||||
|
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||||
|
# `/updater`, `/ocs-provider`), and thus
|
||||||
|
# `try_files $uri $uri/ /index.php$request_uri`
|
||||||
|
# always provides the desired behaviour.
|
||||||
|
index index.php index.html /index.php$request_uri;
|
||||||
|
|
||||||
|
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||||
|
location = / {
|
||||||
|
if ( $http_user_agent ~ ^DavClnt ) {
|
||||||
|
return 302 /remote.php/webdav/$is_args$args;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Make a regex exception for `/.well-known` so that clients can still
|
||||||
|
# access it despite the existence of the regex rule
|
||||||
|
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||||
|
# for `/.well-known`.
|
||||||
|
location ^~ /.well-known {
|
||||||
|
# The rules in this block are an adaptation of the rules
|
||||||
|
# in `.htaccess` that concern `/.well-known`.
|
||||||
|
|
||||||
|
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||||
|
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||||
|
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||||
|
|
||||||
|
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||||
|
# requests by passing them to the front-end controller.
|
||||||
|
return 301 /index.php$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||||
|
|
||||||
|
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||||
|
# which handle static assets (as seen below). If this block is not declared first,
|
||||||
|
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||||
|
# to the URI, resulting in a HTTP 500 error response.
|
||||||
|
location ~ \.php(?:$|/) {
|
||||||
|
# Required for legacy support
|
||||||
|
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||||
|
|
||||||
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
|
set $path_info $fastcgi_path_info;
|
||||||
|
|
||||||
|
try_files $fastcgi_script_name =404;
|
||||||
|
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $path_info;
|
||||||
|
fastcgi_param HTTPS on;
|
||||||
|
|
||||||
|
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||||
|
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||||
|
fastcgi_pass php-handler;
|
||||||
|
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_request_buffering off;
|
||||||
|
|
||||||
|
fastcgi_max_temp_file_size 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Serve static files
|
||||||
|
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||||
|
try_files $uri /index.php$request_uri;
|
||||||
|
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||||
|
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
||||||
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
|
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
access_log off; # Optional: Don't log access to assets
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.woff2?$ {
|
||||||
|
try_files $uri /index.php$request_uri;
|
||||||
|
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||||
|
access_log off; # Optional: Don't log access to assets
|
||||||
|
}
|
||||||
|
|
||||||
|
# Rule borrowed from `.htaccess`
|
||||||
|
location /remote {
|
||||||
|
return 301 /remote.php$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php$request_uri;
|
||||||
|
}
|
||||||
|
}
|
29
sites-enabled.vandamme/nuage.jean-cloud.net → services/nuage.jean-cloud.net/nginx_server.conf.old
Normal file → Executable file
29
sites-enabled.vandamme/nuage.jean-cloud.net → services/nuage.jean-cloud.net/nginx_server.conf.old
Normal file → Executable file
@ -6,11 +6,11 @@ server {
|
|||||||
|
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
ssl_certificate /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/fullchain.pem;
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
ssl_certificate_key /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/privkey.pem;
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
server_name nuage.jean-cloud.net www.nuage.jean-cloud.net;
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
|
|
||||||
root /data/nuage.jean-cloud.net/app;
|
root $DATA_DIR/app;
|
||||||
|
|
||||||
limit_req zone=defaultlimit burst=500 nodelay;
|
limit_req zone=defaultlimit burst=500 nodelay;
|
||||||
|
|
||||||
@ -110,8 +110,7 @@ server {
|
|||||||
fastcgi_param HTTPS on;
|
fastcgi_param HTTPS on;
|
||||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||||
fastcgi_param front_controller_active true;
|
fastcgi_param front_controller_active true;
|
||||||
#fastcgi_pass 172.16.11.100:9000;
|
fastcgi_pass $NET.100:9000;
|
||||||
fastcgi_pass nextcloud.nuagejean-cloudnet.docker:9000;
|
|
||||||
|
|
||||||
fastcgi_intercept_errors on;
|
fastcgi_intercept_errors on;
|
||||||
fastcgi_request_buffering off;
|
fastcgi_request_buffering off;
|
||||||
@ -156,8 +155,8 @@ server {
|
|||||||
large_client_header_buffers 32 64k;
|
large_client_header_buffers 32 64k;
|
||||||
root /usr/share/nginx/www;
|
root /usr/share/nginx/www;
|
||||||
index index.html index.htm;
|
index index.html index.htm;
|
||||||
ssl_certificate /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/fullchain.pem;
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
ssl_certificate_key /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/privkey.pem;
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
server_name calc.nuage.jean-cloud.net;
|
server_name calc.nuage.jean-cloud.net;
|
||||||
|
|
||||||
location ~* (\.(css|png|gif|svg|ico|txt)|static/.*\.js(on)?|manifest\.(appcache|webapp|json)|browserconfig\.xml)$ {
|
location ~* (\.(css|png|gif|svg|ico|txt)|static/.*\.js(on)?|manifest\.(appcache|webapp|json)|browserconfig\.xml)$ {
|
||||||
@ -167,7 +166,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
location ~* "(?:[.]|/_/[^/]+/)(?:html|csv|csv\.json)$" {
|
location ~* "(?:[.]|/_/[^/]+/)(?:html|csv|csv\.json)$" {
|
||||||
proxy_pass http://ethercalc.nuagejean-cloudnet.docker:8000;
|
proxy_pass http://$NET.102:8000;
|
||||||
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
|
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
@ -175,13 +174,13 @@ server {
|
|||||||
proxy_buffers 32 64k;
|
proxy_buffers 32 64k;
|
||||||
proxy_buffer_size 128k;
|
proxy_buffer_size 128k;
|
||||||
add_header Strict-Transport-Security max-age=31536000;
|
add_header Strict-Transport-Security max-age=31536000;
|
||||||
include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
#include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||||
}
|
}
|
||||||
location / {
|
location / {
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_min_length 1000;
|
gzip_min_length 1000;
|
||||||
gzip_proxied any;
|
gzip_proxied any;
|
||||||
proxy_pass http://ethercalc.nuagejean-cloudnet.docker:8000;
|
proxy_pass http://$NET.102:8000;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_read_timeout 31536000;
|
proxy_read_timeout 31536000;
|
||||||
@ -190,19 +189,19 @@ server {
|
|||||||
proxy_buffers 32 64k;
|
proxy_buffers 32 64k;
|
||||||
proxy_buffer_size 128k;
|
proxy_buffer_size 128k;
|
||||||
add_header Strict-Transport-Security max-age=31536000;
|
add_header Strict-Transport-Security max-age=31536000;
|
||||||
include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
#include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
ssl_certificate /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/fullchain.pem;
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
ssl_certificate_key /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/privkey.pem;
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
server_name pad.nuage.jean-cloud.net;
|
server_name pad.nuage.jean-cloud.net;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://etherpad.nuagejean-cloudnet.docker:9001;
|
proxy_pass http://$NET.104:9001;
|
||||||
proxy_buffering off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
|
proxy_buffering off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_pass_header Server;
|
proxy_pass_header Server;
|
195
services/nuage.jean-cloud.net/truc
Normal file
195
services/nuage.jean-cloud.net/truc
Normal file
@ -0,0 +1,195 @@
|
|||||||
|
upstream php-handler {
|
||||||
|
server 127.0.0.1:9000;
|
||||||
|
#server unix:/run/php/php8.2-fpm.sock;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||||
|
map $arg_v $asset_immutable {
|
||||||
|
"" "";
|
||||||
|
default ", immutable";
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name cloud.example.com;
|
||||||
|
|
||||||
|
# Prevent nginx HTTP Server Detection
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
# Enforce HTTPS
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name cloud.example.com;
|
||||||
|
|
||||||
|
# Path to the root of your installation
|
||||||
|
root /var/www/nextcloud;
|
||||||
|
|
||||||
|
# Use Mozilla's guidelines for SSL/TLS settings
|
||||||
|
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||||
|
ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
|
||||||
|
|
||||||
|
# Prevent nginx HTTP Server Detection
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
# HSTS settings
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||||
|
|
||||||
|
# set max upload size and increase upload timeout:
|
||||||
|
client_max_body_size 512M;
|
||||||
|
client_body_timeout 300s;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
|
||||||
|
# Enable gzip but do not remove ETag headers
|
||||||
|
gzip on;
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_comp_level 4;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
|
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
|
|
||||||
|
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||||
|
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||||
|
#pagespeed off;
|
||||||
|
|
||||||
|
# The settings allows you to optimize the HTTP2 bandwidth.
|
||||||
|
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
|
||||||
|
# for tuning hints
|
||||||
|
client_body_buffer_size 512k;
|
||||||
|
|
||||||
|
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||||
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
|
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
|
||||||
|
# Remove X-Powered-By, which is an information leak
|
||||||
|
fastcgi_hide_header X-Powered-By;
|
||||||
|
|
||||||
|
# Set .mjs and .wasm MIME types
|
||||||
|
# Either include it in the default mime.types list
|
||||||
|
# and include that list explicitly or add the file extension
|
||||||
|
# only for Nextcloud like below:
|
||||||
|
include mime.types;
|
||||||
|
types {
|
||||||
|
text/javascript js mjs;
|
||||||
|
application/wasm wasm;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||||
|
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||||
|
# when a client requests a path that corresponds to a directory that exists
|
||||||
|
# on the server. In particular, if that directory contains an index.php file,
|
||||||
|
# that file is correctly served; if it doesn't, then the request is passed to
|
||||||
|
# the front-end controller. This consistent behaviour means that we don't need
|
||||||
|
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||||
|
# `/updater`, `/ocs-provider`), and thus
|
||||||
|
# `try_files $uri $uri/ /index.php$request_uri`
|
||||||
|
# always provides the desired behaviour.
|
||||||
|
index index.php index.html /index.php$request_uri;
|
||||||
|
|
||||||
|
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||||
|
location = / {
|
||||||
|
if ( $http_user_agent ~ ^DavClnt ) {
|
||||||
|
return 302 /remote.php/webdav/$is_args$args;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Make a regex exception for `/.well-known` so that clients can still
|
||||||
|
# access it despite the existence of the regex rule
|
||||||
|
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||||
|
# for `/.well-known`.
|
||||||
|
location ^~ /.well-known {
|
||||||
|
# The rules in this block are an adaptation of the rules
|
||||||
|
# in `.htaccess` that concern `/.well-known`.
|
||||||
|
|
||||||
|
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||||
|
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||||
|
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||||
|
|
||||||
|
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||||
|
# requests by passing them to the front-end controller.
|
||||||
|
return 301 /index.php$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||||
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||||
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||||
|
|
||||||
|
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||||
|
# which handle static assets (as seen below). If this block is not declared first,
|
||||||
|
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||||
|
# to the URI, resulting in a HTTP 500 error response.
|
||||||
|
location ~ \.php(?:$|/) {
|
||||||
|
# Required for legacy support
|
||||||
|
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||||
|
|
||||||
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||||
|
set $path_info $fastcgi_path_info;
|
||||||
|
|
||||||
|
try_files $fastcgi_script_name =404;
|
||||||
|
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param PATH_INFO $path_info;
|
||||||
|
fastcgi_param HTTPS on;
|
||||||
|
|
||||||
|
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||||
|
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||||
|
fastcgi_pass php-handler;
|
||||||
|
|
||||||
|
fastcgi_intercept_errors on;
|
||||||
|
fastcgi_request_buffering off;
|
||||||
|
|
||||||
|
fastcgi_max_temp_file_size 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Serve static files
|
||||||
|
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||||
|
try_files $uri /index.php$request_uri;
|
||||||
|
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||||
|
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
||||||
|
add_header Referrer-Policy "no-referrer" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||||
|
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
access_log off; # Optional: Don't log access to assets
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.woff2?$ {
|
||||||
|
try_files $uri /index.php$request_uri;
|
||||||
|
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||||
|
access_log off; # Optional: Don't log access to assets
|
||||||
|
}
|
||||||
|
|
||||||
|
# Rule borrowed from `.htaccess`
|
||||||
|
location /remote {
|
||||||
|
return 301 /remote.php$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php$request_uri;
|
||||||
|
}
|
||||||
|
}
|
1
services/oma-radio.fr/backup_list.sh
Executable file
1
services/oma-radio.fr/backup_list.sh
Executable file
@ -0,0 +1 @@
|
|||||||
|
#!/bin/bash
|
@ -23,4 +23,8 @@ AllowedIPs = 10.100.1.252/32
|
|||||||
[Peer] # Passerelle
|
[Peer] # Passerelle
|
||||||
PublicKey = unY6v95qus8ttJvmSlxqa+J8lKj+CCiRItZ3pFwyjyM=
|
PublicKey = unY6v95qus8ttJvmSlxqa+J8lKj+CCiRItZ3pFwyjyM=
|
||||||
AllowedIPs = 10.100.1.0/24,192.168.100.0/24
|
AllowedIPs = 10.100.1.0/24,192.168.100.0/24
|
||||||
|
|
||||||
|
[Peer] # debug
|
||||||
|
PublicKey = K9IpoUbjyN+42y0YG3OIwAPRBZcd92GnKfbYEj3RZ18=
|
||||||
|
AllowedIPs = 10.100.1.21/32
|
||||||
"
|
"
|
||||||
|
47
services/raplacgr.jean-cloud.net/docker-compose.yml
Normal file
47
services/raplacgr.jean-cloud.net/docker-compose.yml
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
web:
|
||||||
|
image: jeancloud/rapla
|
||||||
|
environment:
|
||||||
|
MYSQL_DATABASE: rapla_db
|
||||||
|
MYSQL_USER: rapla_db_user
|
||||||
|
MYSQL_PASSWORD: aPxqhmqUvqNBVXEoIt9cSZTXgmtqzFdgbTHeUMNeT2iL9ch8rN0z0iIGIc2rpMQZfdk87OZ45k3mf99tbT
|
||||||
|
MYSQL_HOST: db
|
||||||
|
volumes:
|
||||||
|
- /docker/raplacgr.jean-cloud.net/server.xml:/usr/local/tomcat/conf/server.xml
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.100
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 300M
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: mysql:5.7
|
||||||
|
environment:
|
||||||
|
MYSQL_DATABASE: rapla_db
|
||||||
|
MYSQL_USER: rapla_db_user
|
||||||
|
MYSQL_PASSWORD: aPxqhmqUvqNBVXEoIt9cSZTXgmtqzFdgbTHeUMNeT2iL9ch8rN0z0iIGIc2rpMQZfdk87OZ45k3mf99tbT
|
||||||
|
MYSQL_RANDOM_ROOT_PASSWORD: yes
|
||||||
|
volumes:
|
||||||
|
- /data/raplacgr.jean-cloud.net/db:/var/lib/mysql
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.101
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 300M
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
13
services/raplacgr.jean-cloud.net/nginx_server.conf
Normal file
13
services/raplacgr.jean-cloud.net/nginx_server.conf
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
server_name raplacgr.jean-cloud.net;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://$NET.100:8080/;
|
||||||
|
proxy_set_header Host raplacgr.jean-cloud.net;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
}
|
||||||
|
}
|
48
services/raplacgr.jean-cloud.net/server.xml
Normal file
48
services/raplacgr.jean-cloud.net/server.xml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<Server port="8005" shutdown="SHUTDOWN">
|
||||||
|
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
|
||||||
|
<!-- Security listener. Documentation at /docs/config/listeners.html
|
||||||
|
<Listener className="org.apache.catalina.security.SecurityListener" />
|
||||||
|
-->
|
||||||
|
<!-- APR library loader. Documentation at /docs/apr.html -->
|
||||||
|
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
|
||||||
|
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
|
||||||
|
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
|
||||||
|
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
||||||
|
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
|
||||||
|
|
||||||
|
<GlobalNamingResources>
|
||||||
|
<Resource name="UserDatabase" auth="Container"
|
||||||
|
type="org.apache.catalina.UserDatabase"
|
||||||
|
description="User database that can be updated and saved"
|
||||||
|
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
|
||||||
|
pathname="conf/tomcat-users.xml" />
|
||||||
|
</GlobalNamingResources>
|
||||||
|
|
||||||
|
<Service name="Catalina">
|
||||||
|
|
||||||
|
<Connector port="8080" protocol="HTTP/1.1"
|
||||||
|
connectionTimeout="20000"
|
||||||
|
redirectPort="8443"
|
||||||
|
proxyName="raplacgr.jean-cloud.net"
|
||||||
|
proxyPort="443"/>
|
||||||
|
<Engine name="Catalina" defaultHost="localhost">
|
||||||
|
|
||||||
|
|
||||||
|
<Realm className="org.apache.catalina.realm.LockOutRealm">
|
||||||
|
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
||||||
|
resourceName="UserDatabase"/>
|
||||||
|
</Realm>
|
||||||
|
|
||||||
|
<Host name="localhost" appBase="webapps"
|
||||||
|
unpackWARs="true" autoDeploy="true">
|
||||||
|
|
||||||
|
|
||||||
|
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
|
||||||
|
prefix="localhost_access_log" suffix=".txt"
|
||||||
|
pattern="%h %l %u %t "%r" %s %b" />
|
||||||
|
|
||||||
|
</Host>
|
||||||
|
</Engine>
|
||||||
|
</Service>
|
||||||
|
</Server>
|
@ -13,18 +13,18 @@ services:
|
|||||||
cpus: '0.50'
|
cpus: '0.50'
|
||||||
memory: 100M
|
memory: 100M
|
||||||
|
|
||||||
test_rpnow:
|
# test_rpnow:
|
||||||
image: jeancloud/rpnow:dev
|
# image: jeancloud/rpnow:dev
|
||||||
volumes:
|
# volumes:
|
||||||
- /data/test.rpnow.jean-cloud.org/:/var/local/rpnow
|
# - /data/test.rpnow.jean-cloud.org/:/var/local/rpnow
|
||||||
networks:
|
# networks:
|
||||||
default:
|
# default:
|
||||||
ipv4_address: $NET.101
|
# ipv4_address: $NET.101
|
||||||
deploy:
|
# deploy:
|
||||||
resources:
|
# resources:
|
||||||
limits:
|
# limits:
|
||||||
cpus: '0.50'
|
# cpus: '0.50'
|
||||||
memory: 100M
|
# memory: 100M
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
|
@ -18,23 +18,23 @@ server {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
#server {
|
||||||
listen 443 ssl http2;
|
# listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
# listen [::]:443 ssl http2;
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
# ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
# ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
server_name test.rpnow.jean-cloud.net www.test.rpnow.jean-cloud.net;
|
# server_name test.rpnow.jean-cloud.net www.test.rpnow.jean-cloud.net;
|
||||||
|
#
|
||||||
location / {
|
# location / {
|
||||||
client_max_body_size 2G;
|
# client_max_body_size 2G;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
# proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header Host $http_host;
|
# proxy_set_header Host $http_host;
|
||||||
proxy_http_version 1.1;
|
# proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
# proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
# proxy_set_header Connection "upgrade";
|
||||||
proxy_read_timeout 86400;
|
# proxy_read_timeout 86400;
|
||||||
proxy_redirect off;
|
# proxy_redirect off;
|
||||||
proxy_pass http://$NET.101;
|
# proxy_pass http://$NET.101;
|
||||||
}
|
# }
|
||||||
}
|
#}
|
||||||
|
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
# This is not real CSV. Do not put separator in a field, even escaped
|
# This is not real CSV. Do not put separator in a field, even escaped
|
||||||
# UID ; username ; service name ; server name
|
# ID ; username ; service name ; server name
|
||||||
1;sftp.jean-cloud.net;sftp.jean-cloud.net;raku.jean-cloud.org
|
1;sftp.jean-cloud.net;sftp.jean-cloud.net;raku.jean-cloud.org
|
||||||
2;benevoles31.karnaval.fr;benevoles31.karnaval.fr;max.jean-cloud.org
|
2;benevoles31.karnaval.fr;benevoles31.karnaval.fr;max.jean-cloud.org
|
||||||
3;builder.rimarima.fr;builder.rimarima.fr;raku.jean-cloud.org
|
3;builder.rimarima.fr;builder.rimarima.fr;raku.jean-cloud.org
|
||||||
4;chahut.jean-cloud.net;chahut.jean-cloud.net;max.jean-cloud.org
|
4;chahut.jean-cloud.net;chahut.jean-cloud.net;max.jean-cloud.org
|
||||||
5;chiloe.eu;chiloe.eu;shlago.jean-cloud.org
|
5;chiloe.eu;chiloe.eu;shlago.jean-cloud.org
|
||||||
6;coldcms.chahut.jean-cloud.net;coldcms.chahut.jean-cloud.net;raku.jean-cloud.org
|
#6;coldcms.chahut.jean-cloud.net;coldcms.chahut.jean-cloud.net;raku.jean-cloud.org
|
||||||
7;collectif-arthadie.fr;collectif-arthadie.fr;vandamme.jean-cloud.org
|
7;collectif-arthadie.fr;collectif-arthadie.fr;vandamme.jean-cloud.org
|
||||||
8;compagnienouvelle.fr;compagnienouvelle.fr;nougaro.jean-cloud.org
|
8;compagnienouvelle.fr;compagnienouvelle.fr;nougaro.jean-cloud.org
|
||||||
9;copaines.jean-cloud.net;copaines.jean-cloud.net;max.jean-cloud.org
|
9;copaines.jean-cloud.net;copaines.jean-cloud.net;max.jean-cloud.org
|
||||||
@ -15,19 +15,19 @@
|
|||||||
14;feministesucl34.communistesliber;feministesucl34.communisteslibertaires.org;none
|
14;feministesucl34.communistesliber;feministesucl34.communisteslibertaires.org;none
|
||||||
15;feteducourt.jean-cloud.net;feteducourt.jean-cloud.net;shlago.jean-cloud.org
|
15;feteducourt.jean-cloud.net;feteducourt.jean-cloud.net;shlago.jean-cloud.org
|
||||||
16;feteducourt2020.jean-cloud.net;feteducourt2020.jean-cloud.net;shlago.jean-cloud.org
|
16;feteducourt2020.jean-cloud.net;feteducourt2020.jean-cloud.net;shlago.jean-cloud.org
|
||||||
17;git.jean-cloud.net;git.jean-cloud.net;vandamme.jean-cloud.org
|
17;git.jean-cloud.net;git.jean-cloud.net;izzo.jean-cloud.org
|
||||||
18;grapes.chahut.jean-cloud.net;grapes.chahut.jean-cloud.net;max.jean-cloud.org
|
#18;grapes.chahut.jean-cloud.net;grapes.chahut.jean-cloud.net;max.jean-cloud.org
|
||||||
20;inurbe.fr;inurbe.fr;shlago.jean-cloud.org
|
20;inurbe.fr;inurbe.fr;shlago.jean-cloud.org
|
||||||
21;jean-cloud.net;jean-cloud.net;shlago.jean-cloud.org
|
21;jean-cloud.net;jean-cloud.net;shlago.jean-cloud.org
|
||||||
22;leida.fr;leida.fr;vandamme.jean-cloud.org
|
22;leida.fr;leida.fr;shlago.jean-cloud.org
|
||||||
23;lexicographe.jean-cloud.net;lexicographe.jean-cloud.net;shlago.jean-cloud.org
|
23;lexicographe.jean-cloud.net;lexicographe.jean-cloud.net;shlago.jean-cloud.org
|
||||||
24;metamorphosemagazine.fr;metamorphosemagazine.fr;shlago.jean-cloud.org
|
24;metamorphosemagazine.fr;metamorphosemagazine.fr;shlago.jean-cloud.org
|
||||||
25;mux.radiodemo.oma-radio.fr;mux.radiodemo.oma-radio.fr;raku.jean-cloud.org
|
25;mux.radiodemo.oma-radio.fr;mux.radiodemo.oma-radio.fr;raku.jean-cloud.org
|
||||||
26;nc-backup.jean-cloud.net;nc-backup.jean-cloud.net;raku.jean-cloud.org
|
26;nc-backup.jean-cloud.net;nc-backup.jean-cloud.net;raku.jean-cloud.org
|
||||||
27;ns.jean-cloud.org;ns.jean-cloud.org;shlago.jean-cloud.org
|
27;ns.jean-cloud.org;ns.jean-cloud.org;shlago.jean-cloud.org
|
||||||
28;ns1.jean-cloud.org;ns1.jean-cloud.org;tetede.jean-cloud.org
|
28;ns1.jean-cloud.org;ns1.jean-cloud.org;tetede.jean-cloud.org
|
||||||
29;nuage.jean-cloud.net;nuage.jean-cloud.net;vandamme.jean-cloud.org
|
29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
|
||||||
30;oma-radio.fr;oma-radio.fr;vandamme.jean-cloud.org
|
30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
|
||||||
31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
|
31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
|
||||||
32;paj.oma-radio.fr;paj.oma-radio.fr;nougaro.jean-cloud.org
|
32;paj.oma-radio.fr;paj.oma-radio.fr;nougaro.jean-cloud.org
|
||||||
33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
|
33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
|
||||||
@ -35,11 +35,20 @@
|
|||||||
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org
|
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org
|
||||||
36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;tetede.jean-cloud.org
|
36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;tetede.jean-cloud.org
|
||||||
37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
|
37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
|
||||||
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;vandamme.jean-cloud.org
|
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
|
||||||
39;soundbase.radiodemo.oma-radio.fr;soundbase.radiodemo.oma-radio.fr;montbonnot.jean-cloud.org
|
39;soundbase.radiodemo.oma-radio.fr;soundbase.radiodemo.oma-radio.fr;montbonnot.jean-cloud.org
|
||||||
40;static.jean-cloud.net;static.jean-cloud.net;vandamme.jean-cloud.org
|
40;static.jean-cloud.net;static.jean-cloud.net;izzo.jean-cloud.org
|
||||||
41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
|
41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
|
||||||
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;vandamme.jean-cloud.org
|
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
|
||||||
43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org
|
43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org
|
||||||
44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;max.jean-cloud.org
|
44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;max.jean-cloud.org
|
||||||
45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
|
45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
|
||||||
|
46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
|
||||||
|
47;backup-borg-server;backup-borg-server;montbonnot.jean-cloud.org
|
||||||
|
48;backup-borg-client;backup-borg-client;raku.jean-cloud.org
|
||||||
|
49;soundbase.radionimaitre.oma;soundbase.radionimaitre.oma-radio.fr;montbonnot.jean-cloud.org
|
||||||
|
50;monitoring.jean-cloud.net;monitoring.jean-cloud.net;montbonnot.jean-cloud.org
|
||||||
|
51;benevoles32.karnaval.fr;benevoles32.karnaval.fr;izzo.jean-cloud.org
|
||||||
|
52;nginx_exporter;nginx_exporter;shlago.jean-cloud.org
|
||||||
|
53;benevoles.karnaval.fr;benevoles.karnaval.fr;izzo.jean-cloud.org
|
||||||
|
54;accent.jean-cloud.net;accent.jean-cloud.net;raku.jean-cloud.org
|
||||||
|
|
@ -9,9 +9,8 @@ services:
|
|||||||
- $DOCKER_DIR/init.sh:/etc/sftp.d/init.sh:ro
|
- $DOCKER_DIR/init.sh:/etc/sftp.d/init.sh:ro
|
||||||
|
|
||||||
- $DATA_DIR/home:/home
|
- $DATA_DIR/home:/home
|
||||||
- $DATA_DIR/home/feministesucl34:/home/feministesucl34RO
|
- $DATA_DIR/home/leida/public:/home/leidaRO/public:ro
|
||||||
- $DATA_DIR/home/leida:/home/leidaRO
|
- $DATA_DIR/home/chiloe/public:/home/chiloeRO/public:ro
|
||||||
- $DATA_DIR/home/chiloe:/home/chiloeRO
|
|
||||||
ports:
|
ports:
|
||||||
- '2929:22'
|
- '2929:22'
|
||||||
|
|
||||||
|
3
services/sftp_jc/deploy.sh
Executable file
3
services/sftp_jc/deploy.sh
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
chmod 700 "$SECRET_DIR/sftp.sshprivkey"
|
7
services/sftp_jc/deploy_user.sh
Executable file
7
services/sftp_jc/deploy_user.sh
Executable file
@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
mkdir -p ~/.ssh
|
||||||
|
echo '[sftp.jean-cloud.net]:2929 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5WLG4HbhHMWZySQkCOfMyJ8HAojyJJ66prhn/WSh1T6vyi/oWuodhN5fzIenEpKrmIzXLLfFa8Q9YuEYmcwNGp0FrTnATDYLABL530DBsCQzA5S+fLecY0iLHEkluuJCcX2+cNpu7ytzgbEzHFDRDkd6RgI1cBL5smCnbxfrJSvfLR0VvihQJNZKPYEFHxt9euGkHhKilwbXa4VEtfY8GfMK18dGlM+K2nRu4G+ckoNzx9K2RdwAqUyj1WFLrS+FYY8EbHlffWf4WES32tSeyd6z3rF0jFoN83ojZ0nPfcch10tWklfRc2RcoItde9p0bR/Cgz2SI1nZT9EcBhrpqGkucLsx/xvcxXd/puQDe9svBq1vgWRuub7e6Q40v8Lhl5dTGJutKLWbCg9udonaUIR/LudSnSgEGrDoz/Yjx8Iytj9+tLj9C+rRASfUnHnTRjsVKJG3Ofx+YHhWs0gLJcV06EvM+PBgZOCnegcPrssi0OE+I5HtDixTkaBNQPHXfKcGqlSEPRmqEuwsvdcv7vOfWJn1ufmKpoaLXWPrX+U4gZYSMHrhieqdcieT8wSu/YJa8gBM5qkK1WMOYxwYzLU5q9H4g9sJfFqk14cvQk47Tb+nTLlFoYZvunATBAxQuNuMo8+scu0BuIqinB5SjO6bwF3nJUCigs8BTmo95Pw==' > ~/.ssh/known_hosts
|
||||||
|
chmod 700 ~/.ssh/known_hosts
|
||||||
|
|
||||||
|
rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user "$SFTP_USER" --sftp-port 2929 --sftp-key-file "$SECRET_DIR/sftp.sshprivkey" --sftp-known-hosts-file ~/.ssh/known_hosts :sftp:/public/ "$HTTP_DIR"
|
12
services/sftp_jc/nginx_server.conf
Executable file
12
services/sftp_jc/nginx_server.conf
Executable file
@ -0,0 +1,12 @@
|
|||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root $HTTP_DIR;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
@ -4,8 +4,6 @@ services:
|
|||||||
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
environment:
|
||||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
|
||||||
OMA_CONFIG_TelecommandePort: $TELECOM_SERVER_PORT
|
|
||||||
OMA_CONFIG_Client1Host: mux.radiodemo.oma-radio.fr
|
OMA_CONFIG_Client1Host: mux.radiodemo.oma-radio.fr
|
||||||
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
||||||
volumes:
|
volumes:
|
||||||
@ -24,8 +22,6 @@ services:
|
|||||||
azurite_jukebox_simulator:
|
azurite_jukebox_simulator:
|
||||||
image: registry.gitlab.com/omaradio/core/oma-jukebox-simulator:$OMA_DOCKER_VERSION
|
image: registry.gitlab.com/omaradio/core/oma-jukebox-simulator:$OMA_DOCKER_VERSION
|
||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
|
||||||
volumes:
|
volumes:
|
||||||
- $SOUNDBASE_DIR:/app/soundBase
|
- $SOUNDBASE_DIR:/app/soundBase
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@ -47,8 +43,6 @@ services:
|
|||||||
agate_importer:
|
agate_importer:
|
||||||
image: registry.gitlab.com/omaradio/core/oma-baseimport:$OMA_DOCKER_VERSION
|
image: registry.gitlab.com/omaradio/core/oma-baseimport:$OMA_DOCKER_VERSION
|
||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
|
||||||
volumes:
|
volumes:
|
||||||
- $SOUNDBASE_DIR:/app/soundBase
|
- $SOUNDBASE_DIR:/app/soundBase
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
@ -65,8 +59,6 @@ services:
|
|||||||
rubis_base_mg:
|
rubis_base_mg:
|
||||||
image: registry.gitlab.com/omaradio/core/oma-base-mg:$OMA_DOCKER_VERSION
|
image: registry.gitlab.com/omaradio/core/oma-base-mg:$OMA_DOCKER_VERSION
|
||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
volumes:
|
volumes:
|
||||||
- $SOUNDBASE_DIR:/soundbase
|
- $SOUNDBASE_DIR:/soundbase
|
||||||
@ -83,8 +75,6 @@ services:
|
|||||||
system_api:
|
system_api:
|
||||||
image: jeancloud/system-api:dev
|
image: jeancloud/system-api:dev
|
||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
|
||||||
UID: 33
|
UID: 33
|
||||||
SOUNDBASE_PATH: /soundbase
|
SOUNDBASE_PATH: /soundbase
|
||||||
MOUNT: /api
|
MOUNT: /api
|
||||||
@ -108,7 +98,6 @@ services:
|
|||||||
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
|
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
|
||||||
# env_file: .env
|
# env_file: .env
|
||||||
# environment:
|
# environment:
|
||||||
# OMA_CONFIG_TelecommandeHost: $NET.101
|
|
||||||
# OMA_CONFIG_PigePrefix: /opt
|
# OMA_CONFIG_PigePrefix: /opt
|
||||||
# restart: unless-stopped
|
# restart: unless-stopped
|
||||||
# volumes:
|
# volumes:
|
||||||
|
@ -4,7 +4,7 @@ server {
|
|||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
server_name static.oma-radio.fr www.static.oma-radio.fr $JC_SERVICE www.$JC_SERVICE;
|
server_name static.oma-radio.fr www.static.oma-radio.fr $JC_SERVICE www.$JC_SERVICE;
|
||||||
root $HTTP_DIR/public/;
|
root $DATA_DIR/public/;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
@ -1,28 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/collectif-arthadie.fr/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/collectif-arthadie.fr/privkey.pem;
|
|
||||||
server_name wordpress.collectif-arthadie.fr www.wordpress.collectif-arthadie.fr;
|
|
||||||
location / {
|
|
||||||
client_max_body_size 2G;
|
|
||||||
#proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
|
||||||
proxy_pass http://wp.collectif-arthadiefr.docker;
|
|
||||||
proxy_redirect off;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/collectif-arthadie.fr/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/collectif-arthadie.fr/privkey.pem;
|
|
||||||
server_name collectif-arthadie.fr www.collectif-arthadie.fr;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root /data/collectif-arthadie.fr/static;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,25 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/cousinades.jean-cloud.net/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/cousinades.jean-cloud.net/privkey.pem;
|
|
||||||
server_name cousinades.jean-cloud.net www.cousinades.jean-cloud.net;
|
|
||||||
|
|
||||||
index index.php;
|
|
||||||
root /data/cousinades.jean-cloud.net/public;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
#auth_basic "Restricted";
|
|
||||||
#auth_basic_user_file /data/cousinades.jean-cloud.net/private/passwords.txt;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ \.php$ {
|
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
||||||
fastcgi_pass app.cousinadesjean-cloudnet.docker:9000;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
include fastcgi_params;
|
|
||||||
fastcgi_param SCRIPT_FILENAME /usr/src/app/$fastcgi_script_name;
|
|
||||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,12 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/git.jean-cloud.net/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/git.jean-cloud.net/privkey.pem;
|
|
||||||
server_name git.jean-cloud.net www.git.jean-cloud.net;
|
|
||||||
location / {
|
|
||||||
client_max_body_size 5G;
|
|
||||||
proxy_pass http://gitea.gitjean-cloudnet.docker:3000;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -1,17 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/inurbe.fr/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/inurbe.fr/privkey.pem;
|
|
||||||
server_name inurbe.fr www.inurbe.fr;
|
|
||||||
|
|
||||||
location /.git {
|
|
||||||
deny all;
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root /data/inurbe.fr;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,15 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/leida.fr/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/leida.fr/privkey.pem;
|
|
||||||
server_name leida.fr www.leida.fr;
|
|
||||||
location / {
|
|
||||||
root /data/leida.fr/public;
|
|
||||||
index index.htm index.html;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location ~ .php {
|
|
||||||
deny all;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,13 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/oma-radio.fr/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/oma-radio.fr/privkey.pem;
|
|
||||||
server_name oma-radio.fr www.oma-radio.fr;
|
|
||||||
root /data/oma-radio.fr;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
index index.html;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,17 +0,0 @@
|
|||||||
server{
|
|
||||||
listen 80 default_server;
|
|
||||||
listen [::]:80 default_server;
|
|
||||||
location '/.well-known/acme-challenge' {
|
|
||||||
root /var/www/letsencrypt;
|
|
||||||
default_type "text/plain";
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
return 301 https://$host$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
location = /basic_status {
|
|
||||||
stub_status;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,40 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/rpnow.jean-cloud.net/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/rpnow.jean-cloud.net/privkey.pem;
|
|
||||||
server_name rpnow.jean-cloud.net www.rpnow.jean-cloud.net;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
client_max_body_size 2G;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_read_timeout 86400;
|
|
||||||
proxy_redirect off;
|
|
||||||
proxy_pass http://rpnow.rpnowjean-cloudnet.docker;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/rpnow.jean-cloud.net/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/rpnow.jean-cloud.net/privkey.pem;
|
|
||||||
server_name test.rpnow.jean-cloud.net www.test.rpnow.jean-cloud.net;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
client_max_body_size 2G;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_read_timeout 86400;
|
|
||||||
proxy_redirect off;
|
|
||||||
proxy_pass http://test_rpnow.rpnowjean-cloudnet.docker;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -1,15 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/static.jean-cloud.net/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/static.jean-cloud.net/privkey.pem;
|
|
||||||
server_name static.oma-radio.fr www.static.oma-radio.fr static.jean-cloud.net www.static.jean-cloud.net;
|
|
||||||
root /data/static.jean-cloud.net/public/;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
add_header 'Access-Control-Allow-Origin' '*';
|
|
||||||
add_header 'Access-Control-Allow-Methods' 'GET';
|
|
||||||
index index.html;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,30 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/wiki-cgr.jean-cloud.net/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/wiki-cgr.jean-cloud.net/privkey.pem;
|
|
||||||
server_name wiki-cgr.jean-cloud.net www.wiki-cgr.jean-cloud.net;
|
|
||||||
location / {
|
|
||||||
client_max_body_size 2G;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_pass http://mediawiki.wiki-cgrjean-cloudnet.docker;
|
|
||||||
proxy_redirect off;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Is the parsoid mutualisable on all wikis ?
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/wiki-cgr.jean-cloud.net/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/wiki-cgr.jean-cloud.net/privkey.pem;
|
|
||||||
server_name parsoid-wiki-cgr.jean-cloud.net www.parsoid-wiki-cgr.jean-cloud.net;
|
|
||||||
location / {
|
|
||||||
client_max_body_size 2G;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_pass http://parsoid.wiki-cgrjean-cloudnet.docker;
|
|
||||||
proxy_redirect off;
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user