Compare commits
2 Commits
6d2869ea04
...
66e0e9a4da
Author | SHA1 | Date | |
---|---|---|---|
|
66e0e9a4da | ||
|
d75f851959 |
@ -1,50 +0,0 @@
|
||||
- targets:
|
||||
- amaglio.fr
|
||||
- www.amaglio.fr
|
||||
- collectif-arthadie.fr
|
||||
- www.collectif-arthadie.fr
|
||||
- copaines.jean-cloud.net
|
||||
- www.copaines.jean-cloud.net
|
||||
- cousinades.jean-cloud.net
|
||||
- www.cousinades.jean-cloud.net
|
||||
- feteducourt2020.jean-cloud.net
|
||||
- www.feteducourt2020.jean-cloud.net
|
||||
- feteducourt.jean-cloud.net
|
||||
- www.feteducourt.jean-cloud.net
|
||||
- git.jean-cloud.net
|
||||
- www.git.jean-cloud.net
|
||||
- gmx-webmail.jean-cloud.net
|
||||
- www.gmx-webmail.jean-cloud.net
|
||||
- inurbe.fr
|
||||
- www.inurbe.fr
|
||||
- jean-cloud.net
|
||||
- www.jean-cloud.net
|
||||
- lalis.fr
|
||||
- leida.fr
|
||||
- www.leida.fr
|
||||
- metamorphosemagazine.fr
|
||||
- nuage.jean-cloud.net
|
||||
- www.nuage.jean-cloud.net
|
||||
- oma-radio.fr
|
||||
- www.oma-radio.fr
|
||||
- paj.oma-radio.fr
|
||||
- www.paj.oma-radio.fr
|
||||
- grafana.jean-cloud.net
|
||||
- www.grafana.jean-cloud.net
|
||||
- radionimaitre.oma-radio.fr
|
||||
- www.radionimaitre.oma-radio.fr
|
||||
- registry.oma-radio.fr
|
||||
- rpnow.jean-cloud.net
|
||||
- www.rpnow.jean-cloud.net
|
||||
- test.rpnow.jean-cloud.net
|
||||
- www.test.rpnow.jean-cloud.net
|
||||
- static.oma-radio.fr
|
||||
- www.static.oma-radio.fr
|
||||
- static.jean-cloud.net
|
||||
- www.static.jean-cloud.net
|
||||
- velov.jean-cloud.net
|
||||
- www.velov.jean-cloud.net
|
||||
- wiki-cgr.jean-cloud.net
|
||||
- www.wiki-cgr.jean-cloud.net
|
||||
- parsoid-wiki-cgr.jean-cloud.net
|
||||
- www.parsoid-wiki-cgr.jean-cloud.net
|
@ -1,56 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Nginx configs
|
||||
nginx_dir=/data/proxy/sites-enabled/
|
||||
|
||||
# The blackbox target file as it will be read by prometheus
|
||||
blackbox=/data/$(cat /etc/hostname)/public/blackbox-targets.yml
|
||||
|
||||
|
||||
echo '- targets:' > "$blackbox"
|
||||
|
||||
for file in "$nginx_dir"/* ; do
|
||||
echo '-------------------------'
|
||||
file="$file"
|
||||
if [ ! -f "$file" ] ; then continue ; fi
|
||||
echo "$file"
|
||||
|
||||
|
||||
service_name="$(basename "$file")"
|
||||
|
||||
# Getting just the domain names
|
||||
domains="$(grep '^[[:blank:]]*[^#][[:blank:]]*server_name' "$file" | sed 's/ _ / /g' | sed 's/server_name//g' | sed 's/default_server//g' | sed -e 's/^[[:space:]]*//' | cut -d ';' -f 1)"
|
||||
if [ -n "$domains" ] ; then
|
||||
|
||||
# removing duplicates
|
||||
domains="$(echo $domains | awk '{for (i=1;i<=NF;i++) if (!a[$i]++) printf("%s%s",$i,FS)}{printf("\n")}')"
|
||||
for domain in $domains ; do
|
||||
echo " - $domain" >> "$blackbox"
|
||||
done
|
||||
|
||||
fi
|
||||
done
|
||||
|
||||
ls /etc/letsencrypt/live/*000* &> /dev/null
|
||||
if [ "$?" -eq 0 ] ; then
|
||||
echo " ---------------------------------------------------------------------------------------------"
|
||||
echo "Bad certs detected in letsencrypt dir. Nginx conf wont work…"
|
||||
echo "rm -r /etc/letsencrypt/live/*000* /etc/letsencrypt/archive/*000* /etc/letsencrypt/renewal/*000*"
|
||||
echo " ---------------------------------------------------------------------------------------------"
|
||||
fi
|
||||
|
||||
|
||||
docker exec -it proxy_reverse-proxy_1 nginx -t
|
||||
code="$?"
|
||||
if [ "$code" -ne 0 ] ; then
|
||||
echo "Nginx test error, can’t reloat it"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
docker exec -it proxy_reverse-proxy_1 nginx -s reload
|
||||
code="$?"
|
||||
if [ "$code" -ne 0 ] ; then
|
||||
echo "Nginx reload error, GENERAL ALEEEEEEEEERT!!!!!"
|
||||
exit 1
|
||||
fi
|
||||
echo "Done. No error detected."
|
@ -1,80 +0,0 @@
|
||||
version: '3.7'
|
||||
services:
|
||||
prometheus:
|
||||
restart: unless-stopped
|
||||
image: prom/prometheus
|
||||
volumes:
|
||||
- /docker/monitoring/prometheus.yml:/etc/prometheus/prometheus.yml
|
||||
- /data/monitoring/blackbox-targets.yml:/etc/prometheus/blackbox-targets.yml
|
||||
- type: bind
|
||||
source: /data/monitoring/data
|
||||
target: /prometheus
|
||||
depends_on:
|
||||
- cadvisor
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 172.29.1.6
|
||||
|
||||
grafana:
|
||||
restart: unless-stopped
|
||||
image: grafana/grafana
|
||||
volumes:
|
||||
- /docker/monitoring/grafana.ini:/etc/grafana/grafana.ini
|
||||
- /data/monitoring/grafana/data:/var/lib/grafana
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 172.29.1.2
|
||||
|
||||
blackbox_exporter:
|
||||
restart: unless-stopped
|
||||
image: prom/blackbox-exporter
|
||||
dns: 9.9.9.9
|
||||
restart: always
|
||||
volumes:
|
||||
- /data/monitoring/blackbox-targets.yml:/config/blackbox-config.yml
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 172.29.1.3
|
||||
|
||||
#icecast_exporter:
|
||||
# image: markuslindenberg/icecast_exporter
|
||||
# command: -icecast.scrape-uri http://listen.oma-radio.fr/status-json.xsl
|
||||
|
||||
cadvisor:
|
||||
restart: unless-stopped
|
||||
image: gcr.io/cadvisor/cadvisor:latest
|
||||
container_name: cadvisor
|
||||
ports:
|
||||
- 8080:8080
|
||||
volumes:
|
||||
- /:/rootfs:ro
|
||||
- /var/run:/var/run:rw
|
||||
- /sys:/sys:ro
|
||||
- /var/lib/docker/:/var/lib/docker:ro
|
||||
depends_on:
|
||||
- redis
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 172.29.1.4
|
||||
redis:
|
||||
image: redis:latest
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 172.29.1.5
|
||||
|
||||
node-exporter:
|
||||
restart: unless-stopped
|
||||
image: quay.io/prometheus/node-exporter:latest
|
||||
volumes:
|
||||
- /:/rootfs:ro
|
||||
command:
|
||||
- '--path.rootfs=/rootfs'
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: 172.29.1.7
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: 172.29.1.0/24
|
@ -1,13 +0,0 @@
|
||||
[smtp]
|
||||
enabled = true
|
||||
|
||||
host = mail.gandi.net:587
|
||||
user = nepasrepondre@jean-cloud.org
|
||||
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
||||
password = ZMTX9B6VgsVvdbXSzC7Zp4ASj6DU6q22Zi7KnjXtGYHE7WmJBM3pkhW9Rcdx
|
||||
;skip_verify = false
|
||||
from_address = nepasrepondre@jean-cloud.org
|
||||
from_name = Grafana
|
||||
# EHLO identity in SMTP dialog (defaults to instance_name)
|
||||
;ehlo_identity = dashboard.example.com
|
||||
|
@ -1,326 +0,0 @@
|
||||
{
|
||||
"annotations": {
|
||||
"list": [
|
||||
{
|
||||
"builtIn": 1,
|
||||
"datasource": "-- Grafana --",
|
||||
"enable": true,
|
||||
"hide": true,
|
||||
"iconColor": "rgba(0, 211, 255, 1)",
|
||||
"name": "Annotations & Alerts",
|
||||
"type": "dashboard"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": "Monitor and set alerts for all the pings to your servers using blackbox exporter and prometheus.",
|
||||
"editable": true,
|
||||
"gnetId": 5990,
|
||||
"graphTooltip": 0,
|
||||
"id": 3,
|
||||
"iteration": 1629329153476,
|
||||
"links": [],
|
||||
"panels": [
|
||||
{
|
||||
"alert": {
|
||||
"alertRuleTags": {},
|
||||
"conditions": [
|
||||
{
|
||||
"evaluator": {
|
||||
"params": [
|
||||
1
|
||||
],
|
||||
"type": "lt"
|
||||
},
|
||||
"operator": {
|
||||
"type": "and"
|
||||
},
|
||||
"query": {
|
||||
"params": [
|
||||
"A",
|
||||
"5m",
|
||||
"now"
|
||||
]
|
||||
},
|
||||
"reducer": {
|
||||
"params": [],
|
||||
"type": "sum"
|
||||
},
|
||||
"type": "query"
|
||||
}
|
||||
],
|
||||
"executionErrorState": "alerting",
|
||||
"for": "0m",
|
||||
"frequency": "60s",
|
||||
"handler": 1,
|
||||
"message": "Server does not respond to ping!",
|
||||
"name": "Server Status alert",
|
||||
"noDataState": "no_data",
|
||||
"notifications": []
|
||||
},
|
||||
"aliasColors": {},
|
||||
"bars": false,
|
||||
"dashLength": 10,
|
||||
"dashes": false,
|
||||
"datasource": "Prometheus",
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"links": []
|
||||
},
|
||||
"overrides": []
|
||||
},
|
||||
"fill": 1,
|
||||
"fillGradient": 0,
|
||||
"gridPos": {
|
||||
"h": 8,
|
||||
"w": 24,
|
||||
"x": 0,
|
||||
"y": 0
|
||||
},
|
||||
"hiddenSeries": false,
|
||||
"id": 9,
|
||||
"legend": {
|
||||
"avg": false,
|
||||
"current": false,
|
||||
"max": false,
|
||||
"min": false,
|
||||
"show": true,
|
||||
"total": false,
|
||||
"values": false
|
||||
},
|
||||
"lines": true,
|
||||
"linewidth": 0,
|
||||
"links": [],
|
||||
"nullPointMode": "null",
|
||||
"options": {
|
||||
"alertThreshold": true
|
||||
},
|
||||
"percentage": false,
|
||||
"pluginVersion": "8.0.6",
|
||||
"pointradius": 5,
|
||||
"points": false,
|
||||
"renderer": "flot",
|
||||
"seriesOverrides": [],
|
||||
"spaceLength": 10,
|
||||
"stack": false,
|
||||
"steppedLine": false,
|
||||
"targets": [
|
||||
{
|
||||
"expr": "probe_success{job=\"ping\"}",
|
||||
"format": "time_series",
|
||||
"intervalFactor": 1,
|
||||
"legendFormat": "{{instance}}",
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"thresholds": [
|
||||
{
|
||||
"colorMode": "critical",
|
||||
"fill": true,
|
||||
"line": true,
|
||||
"op": "lt",
|
||||
"value": 1,
|
||||
"visible": true
|
||||
}
|
||||
],
|
||||
"timeFrom": null,
|
||||
"timeRegions": [],
|
||||
"timeShift": null,
|
||||
"title": "Server Status",
|
||||
"tooltip": {
|
||||
"shared": true,
|
||||
"sort": 0,
|
||||
"value_type": "individual"
|
||||
},
|
||||
"type": "graph",
|
||||
"xaxis": {
|
||||
"buckets": null,
|
||||
"mode": "time",
|
||||
"name": null,
|
||||
"show": true,
|
||||
"values": []
|
||||
},
|
||||
"yaxes": [
|
||||
{
|
||||
"decimals": 0,
|
||||
"format": "none",
|
||||
"label": "OK",
|
||||
"logBase": 1,
|
||||
"max": "1",
|
||||
"min": "0",
|
||||
"show": true
|
||||
},
|
||||
{
|
||||
"decimals": null,
|
||||
"format": "short",
|
||||
"label": "",
|
||||
"logBase": 1,
|
||||
"max": null,
|
||||
"min": null,
|
||||
"show": false
|
||||
}
|
||||
],
|
||||
"yaxis": {
|
||||
"align": false,
|
||||
"alignLevel": null
|
||||
}
|
||||
},
|
||||
{
|
||||
"cacheTimeout": null,
|
||||
"datasource": "Prometheus",
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
"mode": "thresholds"
|
||||
},
|
||||
"mappings": [
|
||||
{
|
||||
"options": {
|
||||
"0": {
|
||||
"text": "NOK"
|
||||
},
|
||||
"1": {
|
||||
"text": "OK"
|
||||
}
|
||||
},
|
||||
"type": "value"
|
||||
}
|
||||
],
|
||||
"thresholds": {
|
||||
"mode": "absolute",
|
||||
"steps": [
|
||||
{
|
||||
"color": "#d44a3a",
|
||||
"value": null
|
||||
},
|
||||
{
|
||||
"color": "rgba(237, 129, 40, 0.89)",
|
||||
"value": 1
|
||||
},
|
||||
{
|
||||
"color": "#299c46",
|
||||
"value": 1
|
||||
}
|
||||
]
|
||||
},
|
||||
"unit": "none"
|
||||
},
|
||||
"overrides": []
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 5,
|
||||
"w": 6,
|
||||
"x": 0,
|
||||
"y": 8
|
||||
},
|
||||
"id": 2,
|
||||
"interval": null,
|
||||
"links": [],
|
||||
"maxDataPoints": 100,
|
||||
"options": {
|
||||
"colorMode": "background",
|
||||
"graphMode": "none",
|
||||
"justifyMode": "auto",
|
||||
"orientation": "horizontal",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
"lastNotNull"
|
||||
],
|
||||
"fields": "",
|
||||
"values": false
|
||||
},
|
||||
"text": {},
|
||||
"textMode": "auto"
|
||||
},
|
||||
"pluginVersion": "8.0.6",
|
||||
"repeat": "node",
|
||||
"repeatDirection": "h",
|
||||
"targets": [
|
||||
{
|
||||
"expr": "probe_success{instance=~\"$node\"}",
|
||||
"format": "time_series",
|
||||
"instant": false,
|
||||
"interval": "",
|
||||
"intervalFactor": 1,
|
||||
"legendFormat": "",
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "$node",
|
||||
"type": "stat"
|
||||
}
|
||||
],
|
||||
"schemaVersion": 30,
|
||||
"style": "dark",
|
||||
"tags": [
|
||||
"alerts",
|
||||
"linux",
|
||||
"windows"
|
||||
],
|
||||
"templating": {
|
||||
"list": [
|
||||
{
|
||||
"allValue": null,
|
||||
"current": {
|
||||
"selected": false,
|
||||
"text": "All",
|
||||
"value": "$__all"
|
||||
},
|
||||
"datasource": "Prometheus",
|
||||
"definition": "",
|
||||
"description": null,
|
||||
"error": null,
|
||||
"hide": 0,
|
||||
"includeAll": true,
|
||||
"label": "node",
|
||||
"multi": true,
|
||||
"name": "node",
|
||||
"options": [],
|
||||
"query": {
|
||||
"query": "label_values(probe_success{job=\"ping\"}, instance) ",
|
||||
"refId": "Prometheus-node-Variable-Query"
|
||||
},
|
||||
"refresh": 1,
|
||||
"regex": "",
|
||||
"skipUrlSync": false,
|
||||
"sort": 0,
|
||||
"tagValuesQuery": "",
|
||||
"tagsQuery": "",
|
||||
"type": "query",
|
||||
"useTags": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"time": {
|
||||
"from": "now-24h",
|
||||
"to": "now"
|
||||
},
|
||||
"timepicker": {
|
||||
"refresh_intervals": [
|
||||
"5s",
|
||||
"10s",
|
||||
"30s",
|
||||
"1m",
|
||||
"5m",
|
||||
"15m",
|
||||
"30m",
|
||||
"1h",
|
||||
"2h",
|
||||
"1d"
|
||||
],
|
||||
"time_options": [
|
||||
"5m",
|
||||
"15m",
|
||||
"1h",
|
||||
"6h",
|
||||
"12h",
|
||||
"24h",
|
||||
"2d",
|
||||
"7d",
|
||||
"30d"
|
||||
]
|
||||
},
|
||||
"timezone": "",
|
||||
"title": "Alerts - Server Status",
|
||||
"uid": "pbHjqZzmk",
|
||||
"version": 3
|
||||
}
|
@ -1,903 +0,0 @@
|
||||
{
|
||||
"annotations": {
|
||||
"list": [
|
||||
{
|
||||
"builtIn": 1,
|
||||
"datasource": "Prometheus",
|
||||
"enable": true,
|
||||
"hide": true,
|
||||
"iconColor": "rgba(0, 211, 255, 1)",
|
||||
"name": "Annotations & Alerts",
|
||||
"type": "dashboard"
|
||||
}
|
||||
]
|
||||
},
|
||||
"description": "Fork of https://grafana.com/grafana/dashboards/5345 which uses 'instance' instead of 'target' label",
|
||||
"editable": true,
|
||||
"gnetId": 11175,
|
||||
"graphTooltip": 0,
|
||||
"id": 2,
|
||||
"iteration": 1629329057681,
|
||||
"links": [],
|
||||
"panels": [
|
||||
{
|
||||
"collapsed": false,
|
||||
"datasource": null,
|
||||
"fieldConfig": {
|
||||
"defaults": {},
|
||||
"overrides": []
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 1,
|
||||
"w": 24,
|
||||
"x": 0,
|
||||
"y": 0
|
||||
},
|
||||
"id": 15,
|
||||
"panels": [],
|
||||
"repeat": "targets",
|
||||
"title": "$targets UP/DOWN Status",
|
||||
"type": "row"
|
||||
},
|
||||
{
|
||||
"cacheTimeout": null,
|
||||
"datasource": "Prometheus",
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
"mode": "thresholds"
|
||||
},
|
||||
"mappings": [
|
||||
{
|
||||
"options": {
|
||||
"0": {
|
||||
"text": "DOWN"
|
||||
},
|
||||
"1": {
|
||||
"text": "UP"
|
||||
}
|
||||
},
|
||||
"type": "value"
|
||||
},
|
||||
{
|
||||
"options": {
|
||||
"match": "null",
|
||||
"result": {
|
||||
"text": "N/A"
|
||||
}
|
||||
},
|
||||
"type": "special"
|
||||
}
|
||||
],
|
||||
"thresholds": {
|
||||
"mode": "absolute",
|
||||
"steps": [
|
||||
{
|
||||
"color": "#d44a3a",
|
||||
"value": null
|
||||
},
|
||||
{
|
||||
"color": "rgba(237, 129, 40, 0.89)",
|
||||
"value": 1
|
||||
},
|
||||
{
|
||||
"color": "#299c46",
|
||||
"value": 1
|
||||
}
|
||||
]
|
||||
},
|
||||
"unit": "none"
|
||||
},
|
||||
"overrides": []
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 2,
|
||||
"w": 24,
|
||||
"x": 0,
|
||||
"y": 1
|
||||
},
|
||||
"id": 2,
|
||||
"interval": null,
|
||||
"links": [],
|
||||
"maxDataPoints": 100,
|
||||
"options": {
|
||||
"colorMode": "background",
|
||||
"graphMode": "none",
|
||||
"justifyMode": "auto",
|
||||
"orientation": "horizontal",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
"lastNotNull"
|
||||
],
|
||||
"fields": "",
|
||||
"values": false
|
||||
},
|
||||
"text": {},
|
||||
"textMode": "auto"
|
||||
},
|
||||
"pluginVersion": "8.0.6",
|
||||
"repeat": null,
|
||||
"repeatDirection": "h",
|
||||
"targets": [
|
||||
{
|
||||
"expr": "probe_success{instance=~\"$targets\"}",
|
||||
"format": "time_series",
|
||||
"interval": "$interval",
|
||||
"intervalFactor": 1,
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "$targets",
|
||||
"type": "stat"
|
||||
},
|
||||
{
|
||||
"cacheTimeout": null,
|
||||
"datasource": "Prometheus",
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
"mode": "thresholds"
|
||||
},
|
||||
"mappings": [
|
||||
{
|
||||
"options": {
|
||||
"0": {
|
||||
"text": "NO"
|
||||
},
|
||||
"1": {
|
||||
"text": "YES"
|
||||
}
|
||||
},
|
||||
"type": "value"
|
||||
},
|
||||
{
|
||||
"options": {
|
||||
"match": "null",
|
||||
"result": {
|
||||
"text": "N/A"
|
||||
}
|
||||
},
|
||||
"type": "special"
|
||||
}
|
||||
],
|
||||
"thresholds": {
|
||||
"mode": "absolute",
|
||||
"steps": [
|
||||
{
|
||||
"color": "#d44a3a",
|
||||
"value": null
|
||||
},
|
||||
{
|
||||
"color": "rgba(237, 129, 40, 0.89)",
|
||||
"value": 0
|
||||
},
|
||||
{
|
||||
"color": "#299c46",
|
||||
"value": 1
|
||||
}
|
||||
]
|
||||
},
|
||||
"unit": "none"
|
||||
},
|
||||
"overrides": []
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 2,
|
||||
"w": 6,
|
||||
"x": 0,
|
||||
"y": 3
|
||||
},
|
||||
"id": 18,
|
||||
"interval": null,
|
||||
"links": [],
|
||||
"maxDataPoints": 100,
|
||||
"options": {
|
||||
"colorMode": "background",
|
||||
"graphMode": "none",
|
||||
"justifyMode": "auto",
|
||||
"orientation": "horizontal",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
"lastNotNull"
|
||||
],
|
||||
"fields": "",
|
||||
"values": false
|
||||
},
|
||||
"text": {},
|
||||
"textMode": "auto"
|
||||
},
|
||||
"pluginVersion": "8.0.6",
|
||||
"repeatDirection": "h",
|
||||
"targets": [
|
||||
{
|
||||
"expr": "probe_http_ssl{instance=~\"$targets\"}",
|
||||
"format": "time_series",
|
||||
"interval": "$interval",
|
||||
"intervalFactor": 1,
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "SSL",
|
||||
"type": "stat"
|
||||
},
|
||||
{
|
||||
"aliasColors": {},
|
||||
"bars": false,
|
||||
"dashLength": 10,
|
||||
"dashes": false,
|
||||
"datasource": "Prometheus",
|
||||
"fill": 1,
|
||||
"fillGradient": 0,
|
||||
"gridPos": {
|
||||
"h": 6,
|
||||
"w": 9,
|
||||
"x": 6,
|
||||
"y": 3
|
||||
},
|
||||
"hiddenSeries": false,
|
||||
"id": 17,
|
||||
"legend": {
|
||||
"avg": false,
|
||||
"current": false,
|
||||
"max": false,
|
||||
"min": false,
|
||||
"show": true,
|
||||
"total": false,
|
||||
"values": false
|
||||
},
|
||||
"lines": true,
|
||||
"linewidth": 1,
|
||||
"links": [],
|
||||
"nullPointMode": "null",
|
||||
"options": {
|
||||
"alertThreshold": true
|
||||
},
|
||||
"percentage": false,
|
||||
"pluginVersion": "8.0.6",
|
||||
"pointradius": 5,
|
||||
"points": false,
|
||||
"renderer": "flot",
|
||||
"seriesOverrides": [],
|
||||
"spaceLength": 10,
|
||||
"stack": false,
|
||||
"steppedLine": false,
|
||||
"targets": [
|
||||
{
|
||||
"expr": "probe_duration_seconds{instance=~\"$targets\"}",
|
||||
"format": "time_series",
|
||||
"interval": "$interval",
|
||||
"intervalFactor": 1,
|
||||
"legendFormat": "seconds",
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"thresholds": [],
|
||||
"timeFrom": null,
|
||||
"timeRegions": [],
|
||||
"timeShift": null,
|
||||
"title": "Probe Duration",
|
||||
"tooltip": {
|
||||
"shared": true,
|
||||
"sort": 0,
|
||||
"value_type": "individual"
|
||||
},
|
||||
"type": "graph",
|
||||
"xaxis": {
|
||||
"buckets": null,
|
||||
"mode": "time",
|
||||
"name": null,
|
||||
"show": true,
|
||||
"values": []
|
||||
},
|
||||
"yaxes": [
|
||||
{
|
||||
"format": "s",
|
||||
"label": null,
|
||||
"logBase": 1,
|
||||
"max": null,
|
||||
"min": null,
|
||||
"show": true
|
||||
},
|
||||
{
|
||||
"format": "short",
|
||||
"label": null,
|
||||
"logBase": 1,
|
||||
"max": null,
|
||||
"min": null,
|
||||
"show": true
|
||||
}
|
||||
],
|
||||
"yaxis": {
|
||||
"align": false,
|
||||
"alignLevel": null
|
||||
}
|
||||
},
|
||||
{
|
||||
"aliasColors": {},
|
||||
"bars": false,
|
||||
"dashLength": 10,
|
||||
"dashes": false,
|
||||
"datasource": "Prometheus",
|
||||
"fill": 1,
|
||||
"fillGradient": 0,
|
||||
"gridPos": {
|
||||
"h": 6,
|
||||
"w": 9,
|
||||
"x": 15,
|
||||
"y": 3
|
||||
},
|
||||
"hiddenSeries": false,
|
||||
"id": 21,
|
||||
"legend": {
|
||||
"avg": false,
|
||||
"current": false,
|
||||
"max": false,
|
||||
"min": false,
|
||||
"show": true,
|
||||
"total": false,
|
||||
"values": false
|
||||
},
|
||||
"lines": true,
|
||||
"linewidth": 1,
|
||||
"links": [],
|
||||
"nullPointMode": "null",
|
||||
"options": {
|
||||
"alertThreshold": true
|
||||
},
|
||||
"percentage": false,
|
||||
"pluginVersion": "8.0.6",
|
||||
"pointradius": 5,
|
||||
"points": false,
|
||||
"renderer": "flot",
|
||||
"seriesOverrides": [],
|
||||
"spaceLength": 10,
|
||||
"stack": false,
|
||||
"steppedLine": false,
|
||||
"targets": [
|
||||
{
|
||||
"expr": "probe_dns_lookup_time_seconds{instance=~\"$targets\"}",
|
||||
"format": "time_series",
|
||||
"interval": "$interval",
|
||||
"intervalFactor": 1,
|
||||
"legendFormat": "seconds",
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"thresholds": [],
|
||||
"timeFrom": null,
|
||||
"timeRegions": [],
|
||||
"timeShift": null,
|
||||
"title": "DNS Lookup",
|
||||
"tooltip": {
|
||||
"shared": true,
|
||||
"sort": 0,
|
||||
"value_type": "individual"
|
||||
},
|
||||
"type": "graph",
|
||||
"xaxis": {
|
||||
"buckets": null,
|
||||
"mode": "time",
|
||||
"name": null,
|
||||
"show": true,
|
||||
"values": []
|
||||
},
|
||||
"yaxes": [
|
||||
{
|
||||
"format": "s",
|
||||
"label": null,
|
||||
"logBase": 1,
|
||||
"max": null,
|
||||
"min": null,
|
||||
"show": true
|
||||
},
|
||||
{
|
||||
"format": "short",
|
||||
"label": null,
|
||||
"logBase": 1,
|
||||
"max": null,
|
||||
"min": null,
|
||||
"show": true
|
||||
}
|
||||
],
|
||||
"yaxis": {
|
||||
"align": false,
|
||||
"alignLevel": null
|
||||
}
|
||||
},
|
||||
{
|
||||
"cacheTimeout": null,
|
||||
"datasource": "Prometheus",
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
"mode": "thresholds"
|
||||
},
|
||||
"decimals": 2,
|
||||
"mappings": [
|
||||
{
|
||||
"options": {
|
||||
"0": {
|
||||
"text": "NO"
|
||||
},
|
||||
"1": {
|
||||
"text": "YES"
|
||||
}
|
||||
},
|
||||
"type": "value"
|
||||
},
|
||||
{
|
||||
"options": {
|
||||
"match": "null",
|
||||
"result": {
|
||||
"text": "N/A"
|
||||
}
|
||||
},
|
||||
"type": "special"
|
||||
}
|
||||
],
|
||||
"thresholds": {
|
||||
"mode": "absolute",
|
||||
"steps": [
|
||||
{
|
||||
"color": "#d44a3a",
|
||||
"value": null
|
||||
},
|
||||
{
|
||||
"color": "rgba(237, 129, 40, 0.89)",
|
||||
"value": 0
|
||||
},
|
||||
{
|
||||
"color": "#299c46",
|
||||
"value": 1209600
|
||||
}
|
||||
]
|
||||
},
|
||||
"unit": "dtdurations"
|
||||
},
|
||||
"overrides": []
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 2,
|
||||
"w": 6,
|
||||
"x": 0,
|
||||
"y": 5
|
||||
},
|
||||
"id": 19,
|
||||
"interval": null,
|
||||
"links": [],
|
||||
"maxDataPoints": 100,
|
||||
"options": {
|
||||
"colorMode": "background",
|
||||
"graphMode": "none",
|
||||
"justifyMode": "auto",
|
||||
"orientation": "horizontal",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
"lastNotNull"
|
||||
],
|
||||
"fields": "",
|
||||
"values": false
|
||||
},
|
||||
"text": {},
|
||||
"textMode": "auto"
|
||||
},
|
||||
"pluginVersion": "8.0.6",
|
||||
"repeatDirection": "h",
|
||||
"targets": [
|
||||
{
|
||||
"expr": "probe_ssl_earliest_cert_expiry{instance=~\"$targets\"}-time()",
|
||||
"format": "time_series",
|
||||
"interval": "$interval",
|
||||
"intervalFactor": 1,
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "SSL Cert Expiry",
|
||||
"type": "stat"
|
||||
},
|
||||
{
|
||||
"cacheTimeout": null,
|
||||
"datasource": "Prometheus",
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
"mode": "thresholds"
|
||||
},
|
||||
"decimals": 0,
|
||||
"mappings": [
|
||||
{
|
||||
"options": {
|
||||
"0": {
|
||||
"text": "NO"
|
||||
},
|
||||
"1": {
|
||||
"text": "YES"
|
||||
}
|
||||
},
|
||||
"type": "value"
|
||||
},
|
||||
{
|
||||
"options": {
|
||||
"match": "null",
|
||||
"result": {
|
||||
"text": "N/A"
|
||||
}
|
||||
},
|
||||
"type": "special"
|
||||
}
|
||||
],
|
||||
"thresholds": {
|
||||
"mode": "absolute",
|
||||
"steps": [
|
||||
{
|
||||
"color": "#299c46",
|
||||
"value": null
|
||||
},
|
||||
{
|
||||
"color": "rgba(237, 129, 40, 0.89)",
|
||||
"value": 200
|
||||
},
|
||||
{
|
||||
"color": "#d44a3a",
|
||||
"value": 299
|
||||
}
|
||||
]
|
||||
},
|
||||
"unit": "none"
|
||||
},
|
||||
"overrides": []
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 2,
|
||||
"w": 6,
|
||||
"x": 0,
|
||||
"y": 7
|
||||
},
|
||||
"id": 20,
|
||||
"interval": null,
|
||||
"links": [],
|
||||
"maxDataPoints": 100,
|
||||
"options": {
|
||||
"colorMode": "none",
|
||||
"graphMode": "none",
|
||||
"justifyMode": "auto",
|
||||
"orientation": "horizontal",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
"lastNotNull"
|
||||
],
|
||||
"fields": "",
|
||||
"values": false
|
||||
},
|
||||
"text": {},
|
||||
"textMode": "auto"
|
||||
},
|
||||
"pluginVersion": "8.0.6",
|
||||
"repeatDirection": "h",
|
||||
"targets": [
|
||||
{
|
||||
"expr": "probe_http_status_code{instance=~\"$targets\"}",
|
||||
"format": "time_series",
|
||||
"interval": "$interval",
|
||||
"intervalFactor": 1,
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "HTTP Status Code",
|
||||
"type": "stat"
|
||||
},
|
||||
{
|
||||
"cacheTimeout": null,
|
||||
"datasource": "Prometheus",
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
"mode": "thresholds"
|
||||
},
|
||||
"mappings": [
|
||||
{
|
||||
"options": {
|
||||
"match": "null",
|
||||
"result": {
|
||||
"text": "N/A"
|
||||
}
|
||||
},
|
||||
"type": "special"
|
||||
}
|
||||
],
|
||||
"thresholds": {
|
||||
"mode": "absolute",
|
||||
"steps": [
|
||||
{
|
||||
"color": "green",
|
||||
"value": null
|
||||
},
|
||||
{
|
||||
"color": "red",
|
||||
"value": 80
|
||||
}
|
||||
]
|
||||
},
|
||||
"unit": "s"
|
||||
},
|
||||
"overrides": []
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 2,
|
||||
"w": 12,
|
||||
"x": 0,
|
||||
"y": 9
|
||||
},
|
||||
"id": 23,
|
||||
"interval": null,
|
||||
"links": [],
|
||||
"maxDataPoints": 100,
|
||||
"options": {
|
||||
"colorMode": "none",
|
||||
"graphMode": "none",
|
||||
"justifyMode": "auto",
|
||||
"orientation": "horizontal",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
"lastNotNull"
|
||||
],
|
||||
"fields": "",
|
||||
"values": false
|
||||
},
|
||||
"text": {},
|
||||
"textMode": "auto"
|
||||
},
|
||||
"pluginVersion": "8.0.6",
|
||||
"targets": [
|
||||
{
|
||||
"expr": "avg(probe_duration_seconds{instance=~\"$targets\"})",
|
||||
"format": "time_series",
|
||||
"interval": "$interval",
|
||||
"intervalFactor": 1,
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "Average Probe Duration",
|
||||
"type": "stat"
|
||||
},
|
||||
{
|
||||
"cacheTimeout": null,
|
||||
"datasource": "Prometheus",
|
||||
"fieldConfig": {
|
||||
"defaults": {
|
||||
"color": {
|
||||
"mode": "thresholds"
|
||||
},
|
||||
"mappings": [
|
||||
{
|
||||
"options": {
|
||||
"match": "null",
|
||||
"result": {
|
||||
"text": "N/A"
|
||||
}
|
||||
},
|
||||
"type": "special"
|
||||
}
|
||||
],
|
||||
"thresholds": {
|
||||
"mode": "absolute",
|
||||
"steps": [
|
||||
{
|
||||
"color": "green",
|
||||
"value": null
|
||||
},
|
||||
{
|
||||
"color": "red",
|
||||
"value": 80
|
||||
}
|
||||
]
|
||||
},
|
||||
"unit": "s"
|
||||
},
|
||||
"overrides": []
|
||||
},
|
||||
"gridPos": {
|
||||
"h": 2,
|
||||
"w": 12,
|
||||
"x": 12,
|
||||
"y": 9
|
||||
},
|
||||
"id": 24,
|
||||
"interval": null,
|
||||
"links": [],
|
||||
"maxDataPoints": 100,
|
||||
"options": {
|
||||
"colorMode": "none",
|
||||
"graphMode": "none",
|
||||
"justifyMode": "auto",
|
||||
"orientation": "horizontal",
|
||||
"reduceOptions": {
|
||||
"calcs": [
|
||||
"lastNotNull"
|
||||
],
|
||||
"fields": "",
|
||||
"values": false
|
||||
},
|
||||
"text": {},
|
||||
"textMode": "auto"
|
||||
},
|
||||
"pluginVersion": "8.0.6",
|
||||
"targets": [
|
||||
{
|
||||
"expr": "avg(probe_dns_lookup_time_seconds{instance=~\"$targets\"})",
|
||||
"format": "time_series",
|
||||
"interval": "$interval",
|
||||
"intervalFactor": 1,
|
||||
"refId": "A"
|
||||
}
|
||||
],
|
||||
"title": "Average DNS Lookup",
|
||||
"type": "stat"
|
||||
}
|
||||
],
|
||||
"refresh": "1m",
|
||||
"schemaVersion": 30,
|
||||
"style": "dark",
|
||||
"tags": [
|
||||
"blackbox",
|
||||
"prometheus"
|
||||
],
|
||||
"templating": {
|
||||
"list": [
|
||||
{
|
||||
"auto": true,
|
||||
"auto_count": 10,
|
||||
"auto_min": "10s",
|
||||
"current": {
|
||||
"selected": false,
|
||||
"text": "auto",
|
||||
"value": "$__auto_interval_interval"
|
||||
},
|
||||
"description": null,
|
||||
"error": null,
|
||||
"hide": 0,
|
||||
"label": "Interval",
|
||||
"name": "interval",
|
||||
"options": [
|
||||
{
|
||||
"selected": true,
|
||||
"text": "auto",
|
||||
"value": "$__auto_interval_interval"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "5s",
|
||||
"value": "5s"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "10s",
|
||||
"value": "10s"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "30s",
|
||||
"value": "30s"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "1m",
|
||||
"value": "1m"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "10m",
|
||||
"value": "10m"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "30m",
|
||||
"value": "30m"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "1h",
|
||||
"value": "1h"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "6h",
|
||||
"value": "6h"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "12h",
|
||||
"value": "12h"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "1d",
|
||||
"value": "1d"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "7d",
|
||||
"value": "7d"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "14d",
|
||||
"value": "14d"
|
||||
},
|
||||
{
|
||||
"selected": false,
|
||||
"text": "30d",
|
||||
"value": "30d"
|
||||
}
|
||||
],
|
||||
"query": "5s,10s,30s,1m,10m,30m,1h,6h,12h,1d,7d,14d,30d",
|
||||
"refresh": 2,
|
||||
"skipUrlSync": false,
|
||||
"type": "interval"
|
||||
},
|
||||
{
|
||||
"allValue": null,
|
||||
"current": {
|
||||
"selected": false,
|
||||
"text": "All",
|
||||
"value": "$__all"
|
||||
},
|
||||
"datasource": "Prometheus",
|
||||
"definition": "label_values(probe_success, instance)",
|
||||
"description": null,
|
||||
"error": null,
|
||||
"hide": 0,
|
||||
"includeAll": true,
|
||||
"label": null,
|
||||
"multi": true,
|
||||
"name": "targets",
|
||||
"options": [],
|
||||
"query": {
|
||||
"query": "label_values(probe_success, instance)",
|
||||
"refId": "Prometheus-targets-Variable-Query"
|
||||
},
|
||||
"refresh": 1,
|
||||
"regex": "",
|
||||
"skipUrlSync": false,
|
||||
"sort": 0,
|
||||
"tagValuesQuery": "",
|
||||
"tagsQuery": "",
|
||||
"type": "query",
|
||||
"useTags": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"time": {
|
||||
"from": "now-1h",
|
||||
"to": "now"
|
||||
},
|
||||
"timepicker": {
|
||||
"refresh_intervals": [
|
||||
"5s",
|
||||
"10s",
|
||||
"30s",
|
||||
"1m",
|
||||
"5m",
|
||||
"15m",
|
||||
"30m",
|
||||
"1h",
|
||||
"2h",
|
||||
"1d"
|
||||
],
|
||||
"time_options": [
|
||||
"5m",
|
||||
"15m",
|
||||
"1h",
|
||||
"6h",
|
||||
"12h",
|
||||
"24h",
|
||||
"2d",
|
||||
"7d",
|
||||
"30d"
|
||||
]
|
||||
},
|
||||
"timezone": "",
|
||||
"title": "Blackbox Exporter Overview",
|
||||
"uid": "xtkCtBkiz",
|
||||
"version": 1
|
||||
}
|
File diff suppressed because it is too large
Load Diff
@ -1,12 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
if [ "$1" = "uninstall" ] ; then
|
||||
echo ""
|
||||
else # Installation procedure below
|
||||
mkdir -p /data/monitoring/grafana /data/monitoring/data
|
||||
chown 472:472 /data/monitoring/grafana -R
|
||||
chown nobody:nogroup -R /data/monitoring/data
|
||||
fi
|
||||
|
||||
|
||||
|
@ -1,20 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/monitoring/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/monitoring/privkey.pem;
|
||||
|
||||
server_name grafana.jean-cloud.net www.grafana.jean-cloud.net;
|
||||
|
||||
location / {
|
||||
#if ($remote_addr != "193.33.56.94") { return 503; }
|
||||
client_max_body_size 2G;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
|
||||
proxy_pass http://172.29.1.2:3000/;
|
||||
proxy_redirect off;
|
||||
}
|
||||
}
|
@ -1,97 +0,0 @@
|
||||
# my global config
|
||||
global:
|
||||
scrape_interval: 60s
|
||||
evaluation_interval: 60s
|
||||
# scrape_timeout is set to the global default (10s).
|
||||
|
||||
# Attach these labels to any time series or alerts when communicating with
|
||||
# external systems (federation, remote storage, Alertmanager).
|
||||
external_labels:
|
||||
monitor: 'codelab-monitor'
|
||||
|
||||
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
|
||||
rule_files:
|
||||
# - "first.rules"
|
||||
# - "second.rules"
|
||||
|
||||
# A scrape configuration containing exactly one endpoint to scrape:
|
||||
# Here it's Prometheus itself.
|
||||
scrape_configs:
|
||||
- job_name: 'prometheus'
|
||||
static_configs:
|
||||
- targets: ['localhost:9090']
|
||||
|
||||
- job_name: 'node-exporter'
|
||||
metrics_path: /metrics
|
||||
static_configs:
|
||||
- targets:
|
||||
- 'node-exporter:9100'
|
||||
|
||||
#- job_name: 'docker-exporter'
|
||||
# metrics_path: /docker
|
||||
# basic_auth:
|
||||
# username: zqNQF2oQDB2SvmkJzgW9HRpeR8RiVeiEBFShVrPrLWZR4KzYgZjasCWXuMc
|
||||
# password: jznVqvRQVDSpCK2y22ZFSegXVUoErm7typxuhpC5DYdnvZ2yEsYD6JQ5o9orCFMi6tHMg6J2kmiLzuzy95nZmLApe6zEiYnQB7sUGEWXWuk9o
|
||||
# file_sd_configs:
|
||||
# - files: ['/etc/prometheus/nodes.yml']
|
||||
|
||||
#- job_name: 'docker-official'
|
||||
# metrics_path: /docker-official
|
||||
# basic_auth:
|
||||
# username: zqNQF2oQDB2SvmkJzgW9HRpeR8RiVeiEBFShVrPrLWZR4KzYgZjasCWXuMc
|
||||
# password: jznVqvRQVDSpCK2y22ZFSegXVUoErm7typxuhpC5DYdnvZ2yEsYD6JQ5o9orCFMi6tHMg6J2kmiLzuzy95nZmLApe6zEiYnQB7sUGEWXWuk9o
|
||||
# file_sd_configs:
|
||||
# - files: ['/etc/prometheus/nodes.yml']
|
||||
|
||||
- job_name: cadvisor
|
||||
scrape_interval: 30s
|
||||
static_configs:
|
||||
- targets:
|
||||
- cadvisor:8080
|
||||
|
||||
- job_name: 'ping'
|
||||
metrics_path: /probe
|
||||
params:
|
||||
module: [http_2xx]
|
||||
file_sd_configs:
|
||||
- files: ['/etc/prometheus/blackbox-targets.yml']
|
||||
relabel_configs:
|
||||
- source_labels: [__address__]
|
||||
regex: (.*)(:80)?
|
||||
target_label: __param_target
|
||||
- source_labels: [__param_target]
|
||||
regex: (.*)
|
||||
target_label: instance
|
||||
replacement: ${1}
|
||||
- source_labels: []
|
||||
regex: .*
|
||||
target_label: __address__
|
||||
replacement: blackbox_exporter:9115
|
||||
|
||||
- job_name: 'ssh_ping'
|
||||
metrics_path: /probe
|
||||
params:
|
||||
module: [ssh_banner]
|
||||
static_configs:
|
||||
- targets:
|
||||
- vandamme.jean-cloud.net
|
||||
- tetede.jean-cloud.net
|
||||
- carcasse.jean-cloud.net
|
||||
- nougaro.jean-cloud.net
|
||||
relabel_configs:
|
||||
# Ensure port is 2222, pass as URL parameter
|
||||
- source_labels: [__address__]
|
||||
regex: (.*?)(:.*)?
|
||||
replacement: ${1}:2222
|
||||
target_label: __param_target
|
||||
# Make instance label the target
|
||||
- source_labels: [__param_target]
|
||||
target_label: instance
|
||||
# Actually talk to the blackbox exporter though
|
||||
- target_label: __address__
|
||||
replacement: 127.0.0.1:9115
|
||||
|
||||
#- job_name: 'icecast'
|
||||
# static_configs:
|
||||
# - targets: ['icecast_exporter:9146']
|
||||
|
@ -10,4 +10,5 @@ montbonnot.jean-cloud.org
|
||||
max.jean-cloud.org
|
||||
tetede.jean-cloud.org
|
||||
raku.jean-cloud.org
|
||||
#vandamme.jean-cloud.org
|
||||
vandamme.jean-cloud.org
|
||||
izzo.jean-cloud.org
|
||||
|
Binary file not shown.
@ -30,8 +30,11 @@ if [ ! -d "$new_nginx_conf_path" ] ; then
|
||||
fi
|
||||
|
||||
IFS=';' read id username _ server < <(grep ";$service;" /docker/services.csv)
|
||||
if [ -z "$id" ] ; then
|
||||
die "Service $service not found in list"
|
||||
fi
|
||||
|
||||
uid=$(($services_uid_start + $id))
|
||||
uid="$(($services_uid_start + $id))"
|
||||
|
||||
docker_service="$(echo "$service" | tr '.' '_')"
|
||||
driglibash_section_prefix="[$service] "
|
||||
@ -126,8 +129,15 @@ fi
|
||||
for file in $( find "/docker/$service" -name "wg-*.sh") ; do
|
||||
section "Managing wg interface $(basename "$file")"
|
||||
if [ -x "$file" ] ; then
|
||||
wgif="$(basename "$file")"
|
||||
wgif="${wgif:3:-3}"
|
||||
wgnum="$(basename "$file")"
|
||||
wgnum="${wgnum:3:-3}"
|
||||
varname="WG_NAME_$wgnum"
|
||||
wgif="${!varname}"
|
||||
if [ -z "$wgif" ] ; then
|
||||
echo "No wireguard name for $file"
|
||||
returncode=1
|
||||
continue
|
||||
fi
|
||||
"$file" $wgif > "/etc/wireguard/$wgif.conf"
|
||||
if "$deploy" ; then
|
||||
run systemctl enable "wg-quick@$wgif"
|
||||
@ -164,6 +174,7 @@ if [ "$noreload" == false ] ; then
|
||||
run restart_nginx.sh
|
||||
fi
|
||||
|
||||
|
||||
section "Cleaning"
|
||||
rmdir "$DATA_DIR" "$HTTP_DIR" 2>/dev/null || true
|
||||
|
||||
|
@ -57,18 +57,12 @@ run mkdir -p "$new_nginx_conf_path"
|
||||
section "Start docker"
|
||||
run systemctl start docker docker.socket
|
||||
|
||||
#section "Deploy mandatory services"
|
||||
#deploy_service.sh deployer.jean-cloud.org noreload
|
||||
|
||||
# List of failed services
|
||||
failed=""
|
||||
|
||||
while IFS=';' read -r id username service target
|
||||
do
|
||||
|
||||
# Ignore _ and # prefixed services
|
||||
[ "${service::1}" == '_' ] && continue
|
||||
|
||||
echo -n "$service -> "
|
||||
[ ! -d "/docker/$service" ] && die "/docker/$service directory not found"
|
||||
|
||||
|
@ -16,7 +16,7 @@ new_nginx_conf_path='$proxy_dir/new-sites-enabled'
|
||||
dns_certs_path='$dns_certs_path'
|
||||
http_certs_path='$http_certs_path'
|
||||
dummy_cert_path='$http_certs_path/dummy'
|
||||
servicefile=/docker/services.txt
|
||||
servicefile=/docker/services.csv
|
||||
services_uid_start=2000
|
||||
EOF
|
||||
|
||||
|
@ -13,7 +13,7 @@ do
|
||||
fi
|
||||
done < <(grep -v '^#' /docker/services.csv)
|
||||
|
||||
apt install -y make
|
||||
apt install -y make gcc
|
||||
|
||||
cd /usr/local/bin
|
||||
make
|
||||
|
@ -2,7 +2,7 @@
|
||||
# This script will run on new cert and on cron renew
|
||||
# there is one cert by service
|
||||
|
||||
set -euo pipefail
|
||||
set -u
|
||||
|
||||
. /etc/jeancloud.env
|
||||
|
||||
|
Binary file not shown.
@ -35,8 +35,8 @@ http {
|
||||
##
|
||||
# Logging Settings
|
||||
##
|
||||
log_format main '$time_local $remote_addr $status $host $request $bytes_sent'
|
||||
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
|
||||
log_format main '$remote_addr ($remote_user) [$time_local] $server_name "$request" $request_length $request_time -> $status $bytes_sent --- "$http_referer" "$http_user_agent"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
@ -72,6 +72,7 @@ http {
|
||||
server{
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_tokens off;
|
||||
location '/.well-known/acme-challenge' {
|
||||
root /var/www/letsencrypt;
|
||||
default_type "text/plain";
|
||||
|
40
services/accent.jean-cloud.net/docker-compose.yml
Normal file
40
services/accent.jean-cloud.net/docker-compose.yml
Normal file
@ -0,0 +1,40 @@
|
||||
version: '3'
|
||||
services:
|
||||
app:
|
||||
image: mirego/accent:v1.19.12
|
||||
depends_on:
|
||||
- db
|
||||
environment:
|
||||
- DATABASE_URL=postgres://postgres@db:5432/accent_development
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.100
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '1'
|
||||
memory: 200M
|
||||
|
||||
db:
|
||||
image: postgres:10.3
|
||||
environment:
|
||||
- POSTGRES_DB=accent_development
|
||||
volumes:
|
||||
- $DATA_DIR/db:/var/lib/postgresql/data
|
||||
restart: "unless-stopped"
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.101
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '1'
|
||||
memory: 300M
|
||||
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
1
services/backup-borg-client/backup_list.sh
Executable file
1
services/backup-borg-client/backup_list.sh
Executable file
@ -0,0 +1 @@
|
||||
#!/bin/bash
|
26
services/backup-borg-client/deploy.sh
Executable file
26
services/backup-borg-client/deploy.sh
Executable file
@ -0,0 +1,26 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
pubkeyfile="/root/.ssh/authorized_keys"
|
||||
separator="# backup-borg-begin DO NOT EDIT UNDER THIS LINE"
|
||||
mkdir -p "$DATA_DIR/pubkeys" "$DATA_DIR/.ssh"
|
||||
|
||||
# Create ssh key if not found
|
||||
if [ ! -e "$DATA_DIR/.ssh/borg-client" ] ; then
|
||||
ssh-keygen -f "$DATA_DIR/.ssh/borg-client" -C "SSH key for backup trigger" -P ''
|
||||
fi
|
||||
|
||||
# Remove separator and automated lines if found
|
||||
if [ -n "$(grep "$separator" "$pubkeyfile")" ] ; then
|
||||
sed -i "/$separator/,//d" "$pubkeyfile"
|
||||
fi
|
||||
|
||||
# Place separator back
|
||||
echo "$separator" >> "$pubkeyfile"
|
||||
|
||||
# Foreach borg server key
|
||||
while read serverkey ; do
|
||||
# Add authorized_keys line
|
||||
echo "command=\"$DOCKER_DIR/script-sauvegarde.sh $serverkey\" $(cat "$DATA_DIR/pubkeys/$serverkey")" >> "$pubkeyfile"
|
||||
done < <(ls "$DATA_DIR/pubkeys")
|
49
services/backup-borg-client/script-sauvegarde.sh
Executable file
49
services/backup-borg-client/script-sauvegarde.sh
Executable file
@ -0,0 +1,49 @@
|
||||
#!/bin/bash
|
||||
|
||||
. "$( cd -P "$( dirname "$0" )" && pwd )/.env"
|
||||
|
||||
server="$1"
|
||||
failed=""
|
||||
|
||||
while IFS=';' read -r id username service target ; do
|
||||
if [ ! -d "/data/$service" ] ; then
|
||||
continue
|
||||
fi
|
||||
|
||||
echo " = = ===== = ===== $service ===== = ===== = ="
|
||||
|
||||
# Create passfile if not exists
|
||||
mkdir -p "$DATA_DIR/passphrase"
|
||||
passfile="$DATA_DIR/passphrase/$service"
|
||||
if [ ! -e "$passfile" ] ; then
|
||||
LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 257 > "$passfile"
|
||||
fi
|
||||
|
||||
# Borg variables
|
||||
export BORG_REPO="backup-borg-server@127.0.0.1:/data/backup-borg-server/backups/$(hostname)/$service"
|
||||
export BORG_PASSPHRASE="$(cat "$passfile")"
|
||||
RSH='ssh -o StrictHostKeyChecking=no -p 12345'
|
||||
|
||||
# Get specific backup files
|
||||
cd "/data/$service"
|
||||
BACKUP_LIST="$(ls -A)"
|
||||
if [ -x "/docker/$service/backup_list.sh" ] ; then
|
||||
BACKUP_LIST="$(/docker/$service/backup_list.sh)"
|
||||
fi
|
||||
if [ -z "$BACKUP_LIST" ] ; then
|
||||
continue
|
||||
fi
|
||||
echo "--------------> $BACKUP_LIST"
|
||||
|
||||
borg init --rsh "$RSH" --encryption repokey || true
|
||||
borg create --rsh "$RSH" --list --filter=AMCE --stats --show-rc "::$(date +%Y%m%d%H%M)" $BACKUP_LIST
|
||||
if [ "$?" -ne 0 ] ; then
|
||||
failed="$failed $service"
|
||||
fi
|
||||
|
||||
done < <(grep -v '^#' /docker/services.csv)
|
||||
|
||||
if [ -n "$failed" ] ; then
|
||||
echo "FAILED"
|
||||
echo "$failed"
|
||||
fi
|
39
services/backup-borg-server/deploy_user.sh
Executable file
39
services/backup-borg-server/deploy_user.sh
Executable file
@ -0,0 +1,39 @@
|
||||
#!/bin/bash
|
||||
|
||||
sshkey=~/.ssh/borg-server
|
||||
backup_dir="$DATA_DIR/backups"
|
||||
|
||||
mkdir -p ~/.ssh "$backup_dir"
|
||||
|
||||
if [ ! -e "$sshkey" ] ; then
|
||||
ssh-keygen -q -C 'Borg server ssh key' -N '' -t rsa -f "$sshkey" <<<y 2>&1 >/dev/null
|
||||
fi
|
||||
|
||||
echo -n "" > ~/.ssh/authorized_keys
|
||||
chmod 600 ~/.ssh/authorized_keys
|
||||
|
||||
# Foreach client
|
||||
for client in raku.jean-cloud.org vandamme.jean-cloud.org ; do
|
||||
# Generate key
|
||||
clientkey="$(mktemp -d)"
|
||||
ssh-keygen -q -N '' -t rsa -C 'Borg client ssh key' -f "$clientkey/id_rsa" <<<y 2>&1 >/dev/null
|
||||
cat > ~/.ssh/authorized_keys <<EOF
|
||||
command="borg serve --append-only --restrict-to-path '$backup_dir/$client'",restrict $(cat "$clientkey/id_rsa.pub")
|
||||
EOF
|
||||
|
||||
# Create needed directory
|
||||
mkdir -p "$backup_dir/$client"
|
||||
|
||||
# Trigger the backup
|
||||
eval $(ssh-agent) > /dev/null
|
||||
ssh-add "$clientkey/id_rsa"
|
||||
ssh -A -R localhost:12345:127.0.0.1:45985 "root@$client" -p 45985 -i "$sshkey"
|
||||
|
||||
# Clean
|
||||
kill "${SSH_AGENT_PID}"
|
||||
rm -r "$clientkey" ~/.ssh/authorized_keys
|
||||
done
|
||||
|
||||
|
||||
|
||||
|
0
services/benevoles32.karnaval.fr/.env
Normal file
0
services/benevoles32.karnaval.fr/.env
Normal file
44
services/benevoles32.karnaval.fr/docker-compose.yml
Executable file
44
services/benevoles32.karnaval.fr/docker-compose.yml
Executable file
@ -0,0 +1,44 @@
|
||||
version: '3'
|
||||
services:
|
||||
app:
|
||||
image: jeancloud/site-benevole:debian-develop
|
||||
environment:
|
||||
UID: 33
|
||||
MOUNT: /
|
||||
volumes:
|
||||
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
||||
- $DATA_DIR/app/assets:/usr/src/app/assets
|
||||
- $DATA_DIR/app/media:/usr/src/app/media
|
||||
- $DATA_DIR/app/local_settings.py:/usr/src/app/site_benevole/local_settings.py
|
||||
- $DATA_DIR/app/plugins.toml:/usr/src/app/site_benevole/plugins.toml
|
||||
- $DATA_DIR/app/.plugins.sqlite3:/usr/src/app/site_benevole/.plugins.sqlite3
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.100
|
||||
|
||||
|
||||
redis:
|
||||
image: redis
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.102
|
||||
|
||||
|
||||
db:
|
||||
image: postgres:16.1-alpine
|
||||
env_file: $DATA_DIR/postgres.env
|
||||
environment:
|
||||
POSTGRES_USER: benevoles
|
||||
POSTGRES_DB: benevoles
|
||||
volumes:
|
||||
- $DATA_DIR/db:/var/lib/postgresql/data
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.101
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
55
services/benevoles32.karnaval.fr/nginx_server.conf
Executable file
55
services/benevoles32.karnaval.fr/nginx_server.conf
Executable file
@ -0,0 +1,55 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE benevoles.karnaval.fr;
|
||||
|
||||
root $DATA_DIR/app/assets;
|
||||
|
||||
gzip on;
|
||||
gzip_static on;
|
||||
gzip_types application/javascript image/* text/css application/font-woff application/font-woff2;
|
||||
gunzip on;
|
||||
|
||||
ssl_session_tickets off;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_buffer_size 4k;
|
||||
client_max_body_size 4M;
|
||||
|
||||
location / {
|
||||
include uwsgi_params;
|
||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi.sock;
|
||||
}
|
||||
|
||||
location = /favicon.ico {
|
||||
root $DATA_DIR/assets/;
|
||||
}
|
||||
location = /favicon-admin.ico {
|
||||
root $DATA_DIR/assets/;
|
||||
}
|
||||
|
||||
location /assets/ {
|
||||
alias $DATA_DIR/app/assets/;
|
||||
access_log off;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
sendfile_max_chunk 1m;
|
||||
keepalive_timeout 65;
|
||||
location ~* \.(jpg|jpeg|png|gif|ico|woff|woff2)$ {
|
||||
access_log off;
|
||||
expires 5d;
|
||||
}
|
||||
}
|
||||
|
||||
location /media/ {
|
||||
alias $DATA_DIR/app/media/;
|
||||
access_log off;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
sendfile_max_chunk 1m;
|
||||
keepalive_timeout 65;
|
||||
}
|
||||
|
||||
|
||||
}
|
1
services/chiloe.eu/.env
Normal file
1
services/chiloe.eu/.env
Normal file
@ -0,0 +1 @@
|
||||
SFTP_USER="chiloeRO"
|
0
services/chiloe.eu/LINKS. DO NOT EDIT
Normal file
0
services/chiloe.eu/LINKS. DO NOT EDIT
Normal file
1
services/chiloe.eu/deploy.sh
Symbolic link
1
services/chiloe.eu/deploy.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../sftp_jc/deploy.sh
|
@ -1,3 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user chiloeRO --sftp-port 2929 --sftp-pass "$SFTP_PASS" :sftp:/public/ "$HTTP_DIR"
|
1
services/chiloe.eu/deploy_user.sh
Symbolic link
1
services/chiloe.eu/deploy_user.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../sftp_jc/deploy_user.sh
|
1
services/copaines.jean-cloud.net/.env
Normal file
1
services/copaines.jean-cloud.net/.env
Normal file
@ -0,0 +1 @@
|
||||
SFTP_USER="copaines"
|
0
services/copaines.jean-cloud.net/LINKS. DO NOT EDIT
Normal file
0
services/copaines.jean-cloud.net/LINKS. DO NOT EDIT
Normal file
@ -1,3 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
chmod 700 "$SECRET_DIR/sftp.sshprivkey"
|
1
services/copaines.jean-cloud.net/deploy.sh
Symbolic link
1
services/copaines.jean-cloud.net/deploy.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../sftp_jc/deploy.sh
|
@ -1,5 +0,0 @@
|
||||
#!/bin/bash
|
||||
mkdir -p ~/.ssh
|
||||
echo '[sftp.jean-cloud.net]:2929 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5WLG4HbhHMWZySQkCOfMyJ8HAojyJJ66prhn/WSh1T6vyi/oWuodhN5fzIenEpKrmIzXLLfFa8Q9YuEYmcwNGp0FrTnATDYLABL530DBsCQzA5S+fLecY0iLHEkluuJCcX2+cNpu7ytzgbEzHFDRDkd6RgI1cBL5smCnbxfrJSvfLR0VvihQJNZKPYEFHxt9euGkHhKilwbXa4VEtfY8GfMK18dGlM+K2nRu4G+ckoNzx9K2RdwAqUyj1WFLrS+FYY8EbHlffWf4WES32tSeyd6z3rF0jFoN83ojZ0nPfcch10tWklfRc2RcoItde9p0bR/Cgz2SI1nZT9EcBhrpqGkucLsx/xvcxXd/puQDe9svBq1vgWRuub7e6Q40v8Lhl5dTGJutKLWbCg9udonaUIR/LudSnSgEGrDoz/Yjx8Iytj9+tLj9C+rRASfUnHnTRjsVKJG3Ofx+YHhWs0gLJcV06EvM+PBgZOCnegcPrssi0OE+I5HtDixTkaBNQPHXfKcGqlSEPRmqEuwsvdcv7vOfWJn1ufmKpoaLXWPrX+U4gZYSMHrhieqdcieT8wSu/YJa8gBM5qkK1WMOYxwYzLU5q9H4g9sJfFqk14cvQk47Tb+nTLlFoYZvunATBAxQuNuMo8+scu0BuIqinB5SjO6bwF3nJUCigs8BTmo95Pw==' >> ~/.ssh/known_hosts
|
||||
chmod 700 ~/.ssh/known_hosts
|
||||
scp -i "$SECRET_DIR/sftp.sshprivkey" -rP 2929 copaines@sftp.jean-cloud.net:public/* "$HTTP_DIR"
|
1
services/copaines.jean-cloud.net/deploy_user.sh
Symbolic link
1
services/copaines.jean-cloud.net/deploy_user.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../sftp_jc/deploy_user.sh
|
@ -1,30 +0,0 @@
|
||||
#server {
|
||||
# listen 443 ssl http2;
|
||||
# listen [::]:443 ssl http2;
|
||||
# ssl_certificate $JC_CERT/fullchain.pem;
|
||||
# ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
# server_name wordpress.copaines.jean-cloud.net www.wordpress.copaines.jean-cloud.net;
|
||||
# location / {
|
||||
# auth_basic "Mot de passe !";
|
||||
# auth_basic_user_file /data/copaines.jean-cloud.net/pass.txt;
|
||||
# client_max_body_size 2G;
|
||||
# #proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header Host $http_host;
|
||||
# proxy_set_header X-Forwarded-Proto https;
|
||||
# proxy_pass http://wp.copainesjean-cloudnet.docker;
|
||||
# proxy_redirect off;
|
||||
# }
|
||||
#}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name copaines.jean-cloud.net www.copaines.jean-cloud.net;
|
||||
|
||||
location / {
|
||||
root $HTTP_DIR;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
1
services/copaines.jean-cloud.net/nginx_server.conf
Symbolic link
1
services/copaines.jean-cloud.net/nginx_server.conf
Symbolic link
@ -0,0 +1 @@
|
||||
../sftp_jc/nginx_server.conf
|
@ -29,9 +29,7 @@ echo "Renew existing certs"
|
||||
certbot renew --config-dir "$DATA_DIR/certs" --logs-dir "$workdir/logs" --dns-rfc2136 --dns-rfc2136-credentials "$DATA_DIR/rfc2136.ini" --work-dir "$workdir"
|
||||
|
||||
echo "For each service, read all possible domains"
|
||||
while read line ; do
|
||||
read -r service target < <(echo "$line")
|
||||
|
||||
while IFS=';' read -r id username service target ; do
|
||||
# TODO remove
|
||||
[ "$service" = collectif-arthadie.fr ] && continue
|
||||
|
||||
@ -46,7 +44,7 @@ while read line ; do
|
||||
# acme
|
||||
"$here/acme-dns.sh" "$service" "$workdir"
|
||||
|
||||
done < "$servicefile"
|
||||
done < <(grep -v '^#' "$servicefile")
|
||||
|
||||
echo "Push certs to other servers"
|
||||
for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') vandamme nougaro ; do
|
||||
|
1
services/etrevivant.net/backup_list.sh
Executable file
1
services/etrevivant.net/backup_list.sh
Executable file
@ -0,0 +1 @@
|
||||
#!/bin/bash
|
1
services/feministesucl34.communisteslibertaires.org/.env
Normal file
1
services/feministesucl34.communisteslibertaires.org/.env
Normal file
@ -0,0 +1 @@
|
||||
SFTP_USER="feministesucl34"
|
1
services/feministesucl34.communisteslibertaires.org/deploy.sh
Symbolic link
1
services/feministesucl34.communisteslibertaires.org/deploy.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../sftp_jc/deploy.sh
|
@ -1,5 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
. "$SECRET_DIR/.env"
|
||||
|
||||
rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user feministesucl34 --sftp-port 2929 --sftp-pass "$SFTP_PASS" :sftp:/public/ "$HTTP_DIR"
|
@ -0,0 +1 @@
|
||||
../sftp_jc/deploy_user.sh
|
@ -1,16 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE;
|
||||
|
||||
location = /wp-login.php {
|
||||
return 301 https://wordpress.feministesucl34.jean-cloud.net/wp-login.php;
|
||||
}
|
||||
|
||||
location / {
|
||||
root $HTTP_DIR;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
@ -0,0 +1 @@
|
||||
../sftp_jc/nginx_server.conf
|
@ -16,6 +16,7 @@ services:
|
||||
image: postgres:16-alpine
|
||||
volumes:
|
||||
- /data/git.jean-cloud.net/db:/var/lib/postgresql/data
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.101
|
||||
|
@ -4,7 +4,6 @@ server {
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||
limit_req zone=defaultlimit burst=20 nodelay;
|
||||
location / {
|
||||
client_max_body_size 5G;
|
||||
proxy_pass http://$NET.100:3000;
|
||||
|
@ -9,5 +9,8 @@ cd "$HTTP_DIR"
|
||||
# Get remote content files
|
||||
rclone_ncloud_publiclink.sh
|
||||
|
||||
# Invalid cache
|
||||
#rm -rf "/tmp/hugo_cache_$USER"
|
||||
|
||||
# Build website
|
||||
HUGO_CACHEDIR=/tmp/hugo_cache_$USER hugo
|
||||
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
||||
|
1
services/leida.fr/.env
Normal file
1
services/leida.fr/.env
Normal file
@ -0,0 +1 @@
|
||||
SFTP_USER=leidaRO
|
0
services/leida.fr/LINKS. DO NOT EDIT
Normal file
0
services/leida.fr/LINKS. DO NOT EDIT
Normal file
1
services/leida.fr/deploy.sh
Symbolic link
1
services/leida.fr/deploy.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../sftp_jc/deploy.sh
|
1
services/leida.fr/deploy_user.sh
Symbolic link
1
services/leida.fr/deploy_user.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../sftp_jc/deploy_user.sh
|
@ -1 +0,0 @@
|
||||
version: '3'
|
@ -1,15 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name leida.fr www.leida.fr;
|
||||
location / {
|
||||
root /data/leida.fr/public;
|
||||
index index.htm index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location ~ .php {
|
||||
deny all;
|
||||
}
|
||||
}
|
1
services/leida.fr/nginx_server.conf
Symbolic link
1
services/leida.fr/nginx_server.conf
Symbolic link
@ -0,0 +1 @@
|
||||
../sftp_jc/nginx_server.conf
|
1
services/lexicographe.jean-cloud.net/backup_list.sh
Symbolic link
1
services/lexicographe.jean-cloud.net/backup_list.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../pelican/backup_list.sh
|
@ -10,3 +10,4 @@ TELECOM_SERVER_PORT=3494
|
||||
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/core/radioDemo
|
||||
OMA_DOCKER_VERSION=dev
|
||||
ICECAST=.110
|
||||
WG_NAME_radiodemo=radiodemo
|
||||
|
1
services/mux.radiodemo.oma-radio.fr/backup_list.sh
Executable file
1
services/mux.radiodemo.oma-radio.fr/backup_list.sh
Executable file
@ -0,0 +1 @@
|
||||
#!/bin/bash
|
@ -2,7 +2,9 @@ version: '3'
|
||||
services:
|
||||
ambre_mux:
|
||||
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
env_file:
|
||||
- .env
|
||||
- $DATA_DIR/.env
|
||||
environment:
|
||||
OMA_CONFIG_Client1Host: $NET.108
|
||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||
@ -10,6 +12,8 @@ services:
|
||||
- $SOUNDBASE_DIR/pige:/app/pige
|
||||
ports:
|
||||
- $MUX_SERVER_PORT:9000
|
||||
depends_on:
|
||||
- transcode
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
@ -58,7 +62,9 @@ services:
|
||||
|
||||
transcode:
|
||||
image: savonet/liquidsoap:v2.1.4
|
||||
env_file: .env
|
||||
env_file:
|
||||
- .env
|
||||
- $DATA_DIR/.env
|
||||
volumes:
|
||||
- ./liquidsoap.liq:/transcode.liq
|
||||
- $SOUNDBASE_DIR:/soundbase
|
||||
|
42
services/mux.radiodemo.oma-radio.fr/server.sh
Executable file
42
services/mux.radiodemo.oma-radio.fr/server.sh
Executable file
@ -0,0 +1,42 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "Content-type: text/html"
|
||||
echo ""
|
||||
|
||||
. .env
|
||||
|
||||
|
||||
instance=''
|
||||
since=''
|
||||
until=''
|
||||
|
||||
action="$(echo "$QUERY_STRING" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')"
|
||||
|
||||
while IFS='=' read key value ; do
|
||||
case "$key" in
|
||||
instance)
|
||||
instance="$value"
|
||||
;;
|
||||
since)
|
||||
since="$value"
|
||||
;;
|
||||
until)
|
||||
until="$value"
|
||||
;;
|
||||
list)
|
||||
docker-compose ps -a --format json
|
||||
;;
|
||||
*)
|
||||
exit 1
|
||||
esac
|
||||
done < <(echo "$action")
|
||||
|
||||
[ -z "$instance" ] && exit 2
|
||||
[ -z "$since" ] && exit 3
|
||||
[ -z "$until" ] && exit 4
|
||||
|
||||
echo docker-compose logs --since "$since" --until "$until" "$instance"
|
||||
if [ "$?" -ne 0 ] ; then
|
||||
echo failed
|
||||
fi
|
||||
|
@ -25,7 +25,8 @@ keydir="$DATA_DIR/keys"
|
||||
primary_ips=""
|
||||
|
||||
# IP of secondary servers (for zone transfer)
|
||||
secondary_ips="37.65.119.74;"
|
||||
# master.retzo.net
|
||||
secondary_ips="159.69.124.127;2a01:4f8:c17:d8f2::1;"
|
||||
|
||||
# NS name
|
||||
default_dns_name="ns.jean-cloud.org."
|
||||
|
@ -20,7 +20,7 @@ prepare () {
|
||||
chown bind:bind "$debian_bind_confdir" -R
|
||||
fi
|
||||
|
||||
# Sync the git repo
|
||||
echo 'Sync the git repo'
|
||||
run sudo -u bind git_update.sh -N -b main -i "$SECRET_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
|
||||
cd /etc/bind
|
||||
|
||||
@ -36,6 +36,13 @@ prepare () {
|
||||
}
|
||||
|
||||
restart () {
|
||||
echo 'Check named conf'
|
||||
run named-checkconf "$debian_bind_confdir/named.conf"
|
||||
for db_file in $(list_db_files) ; do
|
||||
domain="${db_file:3}"
|
||||
run named-checkzone "$domain" "$db_file"
|
||||
done
|
||||
|
||||
echo 'Restart named'
|
||||
rm /etc/bind/*.jnl || true
|
||||
systemctl restart named
|
||||
@ -109,6 +116,10 @@ list_template_db_files () {
|
||||
ls "$debian_bind_confdir"/template.db.*
|
||||
}
|
||||
|
||||
list_db_files () {
|
||||
ls "$debian_bind_confdir"/db.* | grep -v -e '.jbk$' -e '.signed$' -e '.signed.jnl'
|
||||
}
|
||||
|
||||
|
||||
create_primary_files () {
|
||||
# Compact the default SOA
|
||||
|
2
services/nuage.jean-cloud.net/.env
Normal file
2
services/nuage.jean-cloud.net/.env
Normal file
@ -0,0 +1,2 @@
|
||||
DATA_DIR=/tmp/mock_data
|
||||
NET=172.29.1
|
94
services/nuage.jean-cloud.net/docker-compose.yml
Executable file
94
services/nuage.jean-cloud.net/docker-compose.yml
Executable file
@ -0,0 +1,94 @@
|
||||
version: '3'
|
||||
services:
|
||||
db:
|
||||
image: postgres:15-alpine
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- $DATA_DIR/db:/var/lib/postgresql/data
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.101
|
||||
|
||||
nextcloud:
|
||||
image: nextcloud:28-fpm-alpine
|
||||
volumes:
|
||||
- $DATA_DIR/app:/var/www/html
|
||||
depends_on:
|
||||
- db
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.100
|
||||
|
||||
etherpad:
|
||||
image: etherpad/etherpad
|
||||
environment:
|
||||
- DB_TYPE=postgres
|
||||
- DB_HOST=db_etherpad
|
||||
- DB_PORT=5432
|
||||
- DB_NAME=etherpad
|
||||
- DB_USER=etherpad
|
||||
- DB_PASS=toDEzbjoTLBCugi9MrDMtVEPCLwcDeUJ6ofvqEWqmNEm7YvjNBHnKVa
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.104
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 1000M
|
||||
|
||||
db_etherpad:
|
||||
image: postgres:11-alpine
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- $DATA_DIR/db_etherpad:/var/lib/postgresql/data
|
||||
environment:
|
||||
- POSTGRES_USER=etherpad
|
||||
- POSTGRES_DB=etherpad
|
||||
- POSTGRES_PASSWORD=toDEzbjoTLBCugi9MrDMtVEPCLwcDeUJ6ofvqEWqmNEm7YvjNBHnKVa
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.105
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 1000M
|
||||
|
||||
ethercalc:
|
||||
image: audreyt/ethercalc
|
||||
environment:
|
||||
REDIS_PORT_6379_TCP_ADDR: redis
|
||||
REDIS_PORT_6379_TCP_PORT: 6379
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.102
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 1000M
|
||||
|
||||
redis:
|
||||
image: redis:latest
|
||||
volumes:
|
||||
- /var/lib/redis:/data
|
||||
command: redis-server --appendonly yes
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.103
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 2000M
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
@ -1,36 +1,45 @@
|
||||
# inspired from
|
||||
# https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html?highlight=nginx
|
||||
# 2021 05 25
|
||||
# https://docs.nextcloud.com/server/28/admin_manual/installation/nginx.html#nextcloud-in-the-webroot-of-nginx
|
||||
# 2024 02 11
|
||||
|
||||
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||
map $arg_v $asset_immutable {
|
||||
"" "";
|
||||
default ", immutable";
|
||||
}
|
||||
|
||||
server {
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||
|
||||
|
||||
# Path to the root of your installation
|
||||
root $DATA_DIR/app;
|
||||
|
||||
|
||||
# Use Mozilla's guidelines for SSL/TLS settings
|
||||
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
|
||||
|
||||
limit_req zone=defaultlimit burst=500 nodelay;
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||
|
||||
location = /.well-known/carddav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
location = /.well-known/caldav {
|
||||
return 301 $scheme://$host/remote.php/dav;
|
||||
}
|
||||
|
||||
|
||||
# set max upload size
|
||||
# set max upload size and increase upload timeout:
|
||||
client_max_body_size 10G;
|
||||
client_body_timeout 300s;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
@ -39,36 +48,37 @@ server {
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Uncomment if your server is build with the ngx_pagespeed module
|
||||
# This module is currently not supported.
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
#pagespeed off;
|
||||
|
||||
# The settings allows you to optimize the HTTP2 bandwidth.
|
||||
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
|
||||
# for tuning hints
|
||||
client_body_buffer_size 512k;
|
||||
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
# topic first.
|
||||
# add_header Strict-Transport-Security "max-age=15768000;
|
||||
# includeSubDomains; preload;";
|
||||
#
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Set .mjs and .wasm MIME types
|
||||
# Either include it in the default mime.types list
|
||||
# and include that list explicitly or add the file extension
|
||||
# only for Nextcloud like below:
|
||||
include mime.types;
|
||||
types {
|
||||
text/javascript js mjs;
|
||||
application/wasm wasm;
|
||||
}
|
||||
|
||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||
@ -77,7 +87,7 @@ server {
|
||||
# that file is correctly served; if it doesn't, then the request is passed to
|
||||
# the front-end controller. This consistent behaviour means that we don't need
|
||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
|
||||
# `/updater`, `/ocs-provider`), and thus
|
||||
# `try_files $uri $uri/ /index.php$request_uri`
|
||||
# always provides the desired behaviour.
|
||||
index index.php index.html /index.php$request_uri;
|
||||
@ -89,14 +99,43 @@ server {
|
||||
}
|
||||
}
|
||||
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||
return 404;
|
||||
}
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||
return 404;
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
location ^~ /.well-known {
|
||||
# The rules in this block are an adaptation of the rules
|
||||
# in `.htaccess` that concern `/.well-known`.
|
||||
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /index.php$request_uri;
|
||||
}
|
||||
|
||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||
|
||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||
# which handle static assets (as seen below). If this block is not declared first,
|
||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||
# to the URI, resulting in a HTTP 500 error response.
|
||||
location ~ \.php(?:$|/) {
|
||||
# Required for legacy support
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
||||
@ -104,23 +143,30 @@ server {
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME /var/www/html/$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
|
||||
# TODO is it needed? Is it buggy?
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||
fastcgi_param front_controller_active true;
|
||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||
fastcgi_pass $NET.100:9000;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
|
||||
fastcgi_max_temp_file_size 0;
|
||||
}
|
||||
|
||||
|
||||
# Make sure it is BELOW the PHP block
|
||||
location ~ \.(?:css|js|svg|gif)$ {
|
||||
# Serve static files
|
||||
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 6M; # Cache-Control policy borrowed from `.htaccess`
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
@ -174,7 +220,7 @@ server {
|
||||
proxy_buffers 32 64k;
|
||||
proxy_buffer_size 128k;
|
||||
add_header Strict-Transport-Security max-age=31536000;
|
||||
include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||
#include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||
}
|
||||
location / {
|
||||
gzip on;
|
||||
@ -189,7 +235,7 @@ server {
|
||||
proxy_buffers 32 64k;
|
||||
proxy_buffer_size 128k;
|
||||
add_header Strict-Transport-Security max-age=31536000;
|
||||
include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||
#include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||
}
|
||||
}
|
||||
|
||||
|
185
services/nuage.jean-cloud.net/nginx_server.conf.doc
Normal file
185
services/nuage.jean-cloud.net/nginx_server.conf.doc
Normal file
@ -0,0 +1,185 @@
|
||||
#
|
||||
#
|
||||
|
||||
upstream php-handler {
|
||||
server 127.0.0.1:9000;
|
||||
#server unix:/run/php/php8.2-fpm.sock;
|
||||
}
|
||||
|
||||
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||
map $arg_v $asset_immutable {
|
||||
"" "";
|
||||
default ", immutable";
|
||||
}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name cloud.example.com;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/nextcloud;
|
||||
|
||||
# Use Mozilla's guidelines for SSL/TLS settings
|
||||
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||
ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
|
||||
ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
|
||||
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||
|
||||
# set max upload size and increase upload timeout:
|
||||
client_max_body_size 512M;
|
||||
client_body_timeout 300s;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
#pagespeed off;
|
||||
|
||||
# The settings allows you to optimize the HTTP2 bandwidth.
|
||||
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
|
||||
# for tuning hints
|
||||
client_body_buffer_size 512k;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Set .mjs and .wasm MIME types
|
||||
# Either include it in the default mime.types list
|
||||
# and include that list explicitly or add the file extension
|
||||
# only for Nextcloud like below:
|
||||
include mime.types;
|
||||
types {
|
||||
text/javascript js mjs;
|
||||
application/wasm wasm;
|
||||
}
|
||||
|
||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||
# when a client requests a path that corresponds to a directory that exists
|
||||
# on the server. In particular, if that directory contains an index.php file,
|
||||
# that file is correctly served; if it doesn't, then the request is passed to
|
||||
# the front-end controller. This consistent behaviour means that we don't need
|
||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||
# `/updater`, `/ocs-provider`), and thus
|
||||
# `try_files $uri $uri/ /index.php$request_uri`
|
||||
# always provides the desired behaviour.
|
||||
index index.php index.html /index.php$request_uri;
|
||||
|
||||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||
location = / {
|
||||
if ( $http_user_agent ~ ^DavClnt ) {
|
||||
return 302 /remote.php/webdav/$is_args$args;
|
||||
}
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
location ^~ /.well-known {
|
||||
# The rules in this block are an adaptation of the rules
|
||||
# in `.htaccess` that concern `/.well-known`.
|
||||
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /index.php$request_uri;
|
||||
}
|
||||
|
||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||
|
||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||
# which handle static assets (as seen below). If this block is not declared first,
|
||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||
# to the URI, resulting in a HTTP 500 error response.
|
||||
location ~ \.php(?:$|/) {
|
||||
# Required for legacy support
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
||||
try_files $fastcgi_script_name =404;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||
fastcgi_pass php-handler;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
|
||||
fastcgi_max_temp_file_size 0;
|
||||
}
|
||||
|
||||
# Serve static files
|
||||
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
location ~ \.woff2?$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
# Rule borrowed from `.htaccess`
|
||||
location /remote {
|
||||
return 301 /remote.php$request_uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$request_uri;
|
||||
}
|
||||
}
|
29
sites-enabled.vandamme/nuage.jean-cloud.net → services/nuage.jean-cloud.net/nginx_server.conf.old
Normal file → Executable file
29
sites-enabled.vandamme/nuage.jean-cloud.net → services/nuage.jean-cloud.net/nginx_server.conf.old
Normal file → Executable file
@ -6,11 +6,11 @@ server {
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/privkey.pem;
|
||||
server_name nuage.jean-cloud.net www.nuage.jean-cloud.net;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||
|
||||
root /data/nuage.jean-cloud.net/app;
|
||||
root $DATA_DIR/app;
|
||||
|
||||
limit_req zone=defaultlimit burst=500 nodelay;
|
||||
|
||||
@ -110,8 +110,7 @@ server {
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
|
||||
fastcgi_param front_controller_active true;
|
||||
#fastcgi_pass 172.16.11.100:9000;
|
||||
fastcgi_pass nextcloud.nuagejean-cloudnet.docker:9000;
|
||||
fastcgi_pass $NET.100:9000;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
@ -156,8 +155,8 @@ server {
|
||||
large_client_header_buffers 32 64k;
|
||||
root /usr/share/nginx/www;
|
||||
index index.html index.htm;
|
||||
ssl_certificate /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/privkey.pem;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name calc.nuage.jean-cloud.net;
|
||||
|
||||
location ~* (\.(css|png|gif|svg|ico|txt)|static/.*\.js(on)?|manifest\.(appcache|webapp|json)|browserconfig\.xml)$ {
|
||||
@ -167,7 +166,7 @@ server {
|
||||
}
|
||||
|
||||
location ~* "(?:[.]|/_/[^/]+/)(?:html|csv|csv\.json)$" {
|
||||
proxy_pass http://ethercalc.nuagejean-cloudnet.docker:8000;
|
||||
proxy_pass http://$NET.102:8000;
|
||||
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
@ -175,13 +174,13 @@ server {
|
||||
proxy_buffers 32 64k;
|
||||
proxy_buffer_size 128k;
|
||||
add_header Strict-Transport-Security max-age=31536000;
|
||||
include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||
#include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||
}
|
||||
location / {
|
||||
gzip on;
|
||||
gzip_min_length 1000;
|
||||
gzip_proxied any;
|
||||
proxy_pass http://ethercalc.nuagejean-cloudnet.docker:8000;
|
||||
proxy_pass http://$NET.102:8000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_read_timeout 31536000;
|
||||
@ -190,19 +189,19 @@ server {
|
||||
proxy_buffers 32 64k;
|
||||
proxy_buffer_size 128k;
|
||||
add_header Strict-Transport-Security max-age=31536000;
|
||||
include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||
#include /data/proxy/nuage.jean-cloud.net/nginx_cors.conf;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /data/dnscerts.jean-cloud.org/certs/live/nuage.jean-cloud.net/privkey.pem;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name pad.nuage.jean-cloud.net;
|
||||
|
||||
location / {
|
||||
proxy_pass http://etherpad.nuagejean-cloudnet.docker:9001;
|
||||
proxy_pass http://$NET.104:9001;
|
||||
proxy_buffering off; # be careful, this line doesn't override any proxy_buffering on set in a conf.d/file.conf
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass_header Server;
|
195
services/nuage.jean-cloud.net/truc
Normal file
195
services/nuage.jean-cloud.net/truc
Normal file
@ -0,0 +1,195 @@
|
||||
upstream php-handler {
|
||||
server 127.0.0.1:9000;
|
||||
#server unix:/run/php/php8.2-fpm.sock;
|
||||
}
|
||||
|
||||
# Set the `immutable` cache control options only for assets with a cache busting `v` argument
|
||||
map $arg_v $asset_immutable {
|
||||
"" "";
|
||||
default ", immutable";
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name cloud.example.com;
|
||||
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
# Enforce HTTPS
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name cloud.example.com;
|
||||
|
||||
# Path to the root of your installation
|
||||
root /var/www/nextcloud;
|
||||
|
||||
# Use Mozilla's guidelines for SSL/TLS settings
|
||||
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
|
||||
ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
|
||||
ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
|
||||
|
||||
# Prevent nginx HTTP Server Detection
|
||||
server_tokens off;
|
||||
|
||||
# HSTS settings
|
||||
# WARNING: Only add the preload option once you read about
|
||||
# the consequences in https://hstspreload.org/. This option
|
||||
# will add the domain to a hardcoded list that is shipped
|
||||
# in all major browsers and getting removed from this list
|
||||
# could take several months.
|
||||
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||
|
||||
# set max upload size and increase upload timeout:
|
||||
client_max_body_size 512M;
|
||||
client_body_timeout 300s;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
# Pagespeed is not supported by Nextcloud, so if your server is built
|
||||
# with the `ngx_pagespeed` module, uncomment this line to disable it.
|
||||
#pagespeed off;
|
||||
|
||||
# The settings allows you to optimize the HTTP2 bandwidth.
|
||||
# See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
|
||||
# for tuning hints
|
||||
client_body_buffer_size 512k;
|
||||
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# Set .mjs and .wasm MIME types
|
||||
# Either include it in the default mime.types list
|
||||
# and include that list explicitly or add the file extension
|
||||
# only for Nextcloud like below:
|
||||
include mime.types;
|
||||
types {
|
||||
text/javascript js mjs;
|
||||
application/wasm wasm;
|
||||
}
|
||||
|
||||
# Specify how to handle directories -- specifying `/index.php$request_uri`
|
||||
# here as the fallback means that Nginx always exhibits the desired behaviour
|
||||
# when a client requests a path that corresponds to a directory that exists
|
||||
# on the server. In particular, if that directory contains an index.php file,
|
||||
# that file is correctly served; if it doesn't, then the request is passed to
|
||||
# the front-end controller. This consistent behaviour means that we don't need
|
||||
# to specify custom rules for certain paths (e.g. images and other assets,
|
||||
# `/updater`, `/ocs-provider`), and thus
|
||||
# `try_files $uri $uri/ /index.php$request_uri`
|
||||
# always provides the desired behaviour.
|
||||
index index.php index.html /index.php$request_uri;
|
||||
|
||||
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
|
||||
location = / {
|
||||
if ( $http_user_agent ~ ^DavClnt ) {
|
||||
return 302 /remote.php/webdav/$is_args$args;
|
||||
}
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
allow all;
|
||||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
location ^~ /.well-known {
|
||||
# The rules in this block are an adaptation of the rules
|
||||
# in `.htaccess` that concern `/.well-known`.
|
||||
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
|
||||
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
|
||||
|
||||
# Let Nextcloud's API for `/.well-known` URIs handle all other
|
||||
# requests by passing them to the front-end controller.
|
||||
return 301 /index.php$request_uri;
|
||||
}
|
||||
|
||||
# Rules borrowed from `.htaccess` to hide certain paths from clients
|
||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
|
||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
|
||||
|
||||
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
|
||||
# which handle static assets (as seen below). If this block is not declared first,
|
||||
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
|
||||
# to the URI, resulting in a HTTP 500 error response.
|
||||
location ~ \.php(?:$|/) {
|
||||
# Required for legacy support
|
||||
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
|
||||
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
set $path_info $fastcgi_path_info;
|
||||
|
||||
try_files $fastcgi_script_name =404;
|
||||
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $path_info;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
|
||||
fastcgi_param front_controller_active true; # Enable pretty urls
|
||||
fastcgi_pass php-handler;
|
||||
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_request_buffering off;
|
||||
|
||||
fastcgi_max_temp_file_size 0;
|
||||
}
|
||||
|
||||
# Serve static files
|
||||
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
# HTTP response headers borrowed from Nextcloud `.htaccess`
|
||||
add_header Cache-Control "public, max-age=15778463$asset_immutable";
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "noindex, nofollow" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
location ~ \.woff2?$ {
|
||||
try_files $uri /index.php$request_uri;
|
||||
expires 7d; # Cache-Control policy borrowed from `.htaccess`
|
||||
access_log off; # Optional: Don't log access to assets
|
||||
}
|
||||
|
||||
# Rule borrowed from `.htaccess`
|
||||
location /remote {
|
||||
return 301 /remote.php$request_uri;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$request_uri;
|
||||
}
|
||||
}
|
1
services/oma-radio.fr/backup_list.sh
Executable file
1
services/oma-radio.fr/backup_list.sh
Executable file
@ -0,0 +1 @@
|
||||
#!/bin/bash
|
@ -23,4 +23,8 @@ AllowedIPs = 10.100.1.252/32
|
||||
[Peer] # Passerelle
|
||||
PublicKey = unY6v95qus8ttJvmSlxqa+J8lKj+CCiRItZ3pFwyjyM=
|
||||
AllowedIPs = 10.100.1.0/24,192.168.100.0/24
|
||||
|
||||
[Peer] # debug
|
||||
PublicKey = K9IpoUbjyN+42y0YG3OIwAPRBZcd92GnKfbYEj3RZ18=
|
||||
AllowedIPs = 10.100.1.21/32
|
||||
"
|
||||
|
47
services/raplacgr.jean-cloud.net/docker-compose.yml
Normal file
47
services/raplacgr.jean-cloud.net/docker-compose.yml
Normal file
@ -0,0 +1,47 @@
|
||||
version: '3'
|
||||
services:
|
||||
web:
|
||||
image: jeancloud/rapla
|
||||
environment:
|
||||
MYSQL_DATABASE: rapla_db
|
||||
MYSQL_USER: rapla_db_user
|
||||
MYSQL_PASSWORD: aPxqhmqUvqNBVXEoIt9cSZTXgmtqzFdgbTHeUMNeT2iL9ch8rN0z0iIGIc2rpMQZfdk87OZ45k3mf99tbT
|
||||
MYSQL_HOST: db
|
||||
volumes:
|
||||
- /docker/raplacgr.jean-cloud.net/server.xml:/usr/local/tomcat/conf/server.xml
|
||||
depends_on:
|
||||
- db
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.100
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 300M
|
||||
|
||||
db:
|
||||
image: mysql:5.7
|
||||
environment:
|
||||
MYSQL_DATABASE: rapla_db
|
||||
MYSQL_USER: rapla_db_user
|
||||
MYSQL_PASSWORD: aPxqhmqUvqNBVXEoIt9cSZTXgmtqzFdgbTHeUMNeT2iL9ch8rN0z0iIGIc2rpMQZfdk87OZ45k3mf99tbT
|
||||
MYSQL_RANDOM_ROOT_PASSWORD: yes
|
||||
volumes:
|
||||
- /data/raplacgr.jean-cloud.net/db:/var/lib/mysql
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.101
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 300M
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
13
services/raplacgr.jean-cloud.net/nginx_server.conf
Normal file
13
services/raplacgr.jean-cloud.net/nginx_server.conf
Normal file
@ -0,0 +1,13 @@
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name raplacgr.jean-cloud.net;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://$NET.100:8080/;
|
||||
proxy_set_header Host raplacgr.jean-cloud.net;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
}
|
||||
}
|
48
services/raplacgr.jean-cloud.net/server.xml
Normal file
48
services/raplacgr.jean-cloud.net/server.xml
Normal file
@ -0,0 +1,48 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<Server port="8005" shutdown="SHUTDOWN">
|
||||
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
|
||||
<!-- Security listener. Documentation at /docs/config/listeners.html
|
||||
<Listener className="org.apache.catalina.security.SecurityListener" />
|
||||
-->
|
||||
<!-- APR library loader. Documentation at /docs/apr.html -->
|
||||
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
|
||||
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
|
||||
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
|
||||
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
|
||||
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
|
||||
|
||||
<GlobalNamingResources>
|
||||
<Resource name="UserDatabase" auth="Container"
|
||||
type="org.apache.catalina.UserDatabase"
|
||||
description="User database that can be updated and saved"
|
||||
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
|
||||
pathname="conf/tomcat-users.xml" />
|
||||
</GlobalNamingResources>
|
||||
|
||||
<Service name="Catalina">
|
||||
|
||||
<Connector port="8080" protocol="HTTP/1.1"
|
||||
connectionTimeout="20000"
|
||||
redirectPort="8443"
|
||||
proxyName="raplacgr.jean-cloud.net"
|
||||
proxyPort="443"/>
|
||||
<Engine name="Catalina" defaultHost="localhost">
|
||||
|
||||
|
||||
<Realm className="org.apache.catalina.realm.LockOutRealm">
|
||||
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
|
||||
resourceName="UserDatabase"/>
|
||||
</Realm>
|
||||
|
||||
<Host name="localhost" appBase="webapps"
|
||||
unpackWARs="true" autoDeploy="true">
|
||||
|
||||
|
||||
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
|
||||
prefix="localhost_access_log" suffix=".txt"
|
||||
pattern="%h %l %u %t "%r" %s %b" />
|
||||
|
||||
</Host>
|
||||
</Engine>
|
||||
</Service>
|
||||
</Server>
|
@ -13,18 +13,18 @@ services:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
test_rpnow:
|
||||
image: jeancloud/rpnow:dev
|
||||
volumes:
|
||||
- /data/test.rpnow.jean-cloud.org/:/var/local/rpnow
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.101
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
# test_rpnow:
|
||||
# image: jeancloud/rpnow:dev
|
||||
# volumes:
|
||||
# - /data/test.rpnow.jean-cloud.org/:/var/local/rpnow
|
||||
# networks:
|
||||
# default:
|
||||
# ipv4_address: $NET.101
|
||||
# deploy:
|
||||
# resources:
|
||||
# limits:
|
||||
# cpus: '0.50'
|
||||
# memory: 100M
|
||||
|
||||
networks:
|
||||
default:
|
||||
|
@ -18,23 +18,23 @@ server {
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name test.rpnow.jean-cloud.net www.test.rpnow.jean-cloud.net;
|
||||
|
||||
location / {
|
||||
client_max_body_size 2G;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_read_timeout 86400;
|
||||
proxy_redirect off;
|
||||
proxy_pass http://$NET.101;
|
||||
}
|
||||
}
|
||||
#server {
|
||||
# listen 443 ssl http2;
|
||||
# listen [::]:443 ssl http2;
|
||||
# ssl_certificate $JC_CERT/fullchain.pem;
|
||||
# ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
# server_name test.rpnow.jean-cloud.net www.test.rpnow.jean-cloud.net;
|
||||
#
|
||||
# location / {
|
||||
# client_max_body_size 2G;
|
||||
# proxy_set_header X-Real-IP $remote_addr;
|
||||
# proxy_set_header Host $http_host;
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "upgrade";
|
||||
# proxy_read_timeout 86400;
|
||||
# proxy_redirect off;
|
||||
# proxy_pass http://$NET.101;
|
||||
# }
|
||||
#}
|
||||
|
||||
|
@ -1,11 +1,11 @@
|
||||
# This is not real CSV. Do not put separator in a field, even escaped
|
||||
# UID ; username ; service name ; server name
|
||||
# ID ; username ; service name ; server name
|
||||
1;sftp.jean-cloud.net;sftp.jean-cloud.net;raku.jean-cloud.org
|
||||
2;benevoles31.karnaval.fr;benevoles31.karnaval.fr;max.jean-cloud.org
|
||||
3;builder.rimarima.fr;builder.rimarima.fr;raku.jean-cloud.org
|
||||
4;chahut.jean-cloud.net;chahut.jean-cloud.net;max.jean-cloud.org
|
||||
5;chiloe.eu;chiloe.eu;shlago.jean-cloud.org
|
||||
6;coldcms.chahut.jean-cloud.net;coldcms.chahut.jean-cloud.net;raku.jean-cloud.org
|
||||
#6;coldcms.chahut.jean-cloud.net;coldcms.chahut.jean-cloud.net;raku.jean-cloud.org
|
||||
7;collectif-arthadie.fr;collectif-arthadie.fr;vandamme.jean-cloud.org
|
||||
8;compagnienouvelle.fr;compagnienouvelle.fr;nougaro.jean-cloud.org
|
||||
9;copaines.jean-cloud.net;copaines.jean-cloud.net;max.jean-cloud.org
|
||||
@ -15,19 +15,19 @@
|
||||
14;feministesucl34.communistesliber;feministesucl34.communisteslibertaires.org;none
|
||||
15;feteducourt.jean-cloud.net;feteducourt.jean-cloud.net;shlago.jean-cloud.org
|
||||
16;feteducourt2020.jean-cloud.net;feteducourt2020.jean-cloud.net;shlago.jean-cloud.org
|
||||
17;git.jean-cloud.net;git.jean-cloud.net;vandamme.jean-cloud.org
|
||||
18;grapes.chahut.jean-cloud.net;grapes.chahut.jean-cloud.net;max.jean-cloud.org
|
||||
17;git.jean-cloud.net;git.jean-cloud.net;izzo.jean-cloud.org
|
||||
#18;grapes.chahut.jean-cloud.net;grapes.chahut.jean-cloud.net;max.jean-cloud.org
|
||||
20;inurbe.fr;inurbe.fr;shlago.jean-cloud.org
|
||||
21;jean-cloud.net;jean-cloud.net;shlago.jean-cloud.org
|
||||
22;leida.fr;leida.fr;vandamme.jean-cloud.org
|
||||
22;leida.fr;leida.fr;shlago.jean-cloud.org
|
||||
23;lexicographe.jean-cloud.net;lexicographe.jean-cloud.net;shlago.jean-cloud.org
|
||||
24;metamorphosemagazine.fr;metamorphosemagazine.fr;shlago.jean-cloud.org
|
||||
25;mux.radiodemo.oma-radio.fr;mux.radiodemo.oma-radio.fr;raku.jean-cloud.org
|
||||
26;nc-backup.jean-cloud.net;nc-backup.jean-cloud.net;raku.jean-cloud.org
|
||||
27;ns.jean-cloud.org;ns.jean-cloud.org;shlago.jean-cloud.org
|
||||
28;ns1.jean-cloud.org;ns1.jean-cloud.org;tetede.jean-cloud.org
|
||||
29;nuage.jean-cloud.net;nuage.jean-cloud.net;vandamme.jean-cloud.org
|
||||
30;oma-radio.fr;oma-radio.fr;vandamme.jean-cloud.org
|
||||
29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
|
||||
30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
|
||||
31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
|
||||
32;paj.oma-radio.fr;paj.oma-radio.fr;nougaro.jean-cloud.org
|
||||
33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
|
||||
@ -35,11 +35,20 @@
|
||||
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org
|
||||
36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;tetede.jean-cloud.org
|
||||
37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
|
||||
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;vandamme.jean-cloud.org
|
||||
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
|
||||
39;soundbase.radiodemo.oma-radio.fr;soundbase.radiodemo.oma-radio.fr;montbonnot.jean-cloud.org
|
||||
40;static.jean-cloud.net;static.jean-cloud.net;vandamme.jean-cloud.org
|
||||
40;static.jean-cloud.net;static.jean-cloud.net;izzo.jean-cloud.org
|
||||
41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
|
||||
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;vandamme.jean-cloud.org
|
||||
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
|
||||
43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org
|
||||
44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;max.jean-cloud.org
|
||||
45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
|
||||
46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
|
||||
47;backup-borg-server;backup-borg-server;montbonnot.jean-cloud.org
|
||||
48;backup-borg-client;backup-borg-client;raku.jean-cloud.org
|
||||
49;soundbase.radionimaitre.oma;soundbase.radionimaitre.oma-radio.fr;montbonnot.jean-cloud.org
|
||||
50;monitoring.jean-cloud.net;monitoring.jean-cloud.net;montbonnot.jean-cloud.org
|
||||
51;benevoles32.karnaval.fr;benevoles32.karnaval.fr;izzo.jean-cloud.org
|
||||
52;nginx_exporter;nginx_exporter;shlago.jean-cloud.org
|
||||
53;benevoles.karnaval.fr;benevoles.karnaval.fr;izzo.jean-cloud.org
|
||||
54;accent.jean-cloud.net;accent.jean-cloud.net;raku.jean-cloud.org
|
||||
|
|
@ -9,9 +9,8 @@ services:
|
||||
- $DOCKER_DIR/init.sh:/etc/sftp.d/init.sh:ro
|
||||
|
||||
- $DATA_DIR/home:/home
|
||||
- $DATA_DIR/home/feministesucl34:/home/feministesucl34RO
|
||||
- $DATA_DIR/home/leida:/home/leidaRO
|
||||
- $DATA_DIR/home/chiloe:/home/chiloeRO
|
||||
- $DATA_DIR/home/leida/public:/home/leidaRO/public:ro
|
||||
- $DATA_DIR/home/chiloe/public:/home/chiloeRO/public:ro
|
||||
ports:
|
||||
- '2929:22'
|
||||
|
||||
|
3
services/sftp_jc/deploy.sh
Executable file
3
services/sftp_jc/deploy.sh
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
|
||||
chmod 700 "$SECRET_DIR/sftp.sshprivkey"
|
7
services/sftp_jc/deploy_user.sh
Executable file
7
services/sftp_jc/deploy_user.sh
Executable file
@ -0,0 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
mkdir -p ~/.ssh
|
||||
echo '[sftp.jean-cloud.net]:2929 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5WLG4HbhHMWZySQkCOfMyJ8HAojyJJ66prhn/WSh1T6vyi/oWuodhN5fzIenEpKrmIzXLLfFa8Q9YuEYmcwNGp0FrTnATDYLABL530DBsCQzA5S+fLecY0iLHEkluuJCcX2+cNpu7ytzgbEzHFDRDkd6RgI1cBL5smCnbxfrJSvfLR0VvihQJNZKPYEFHxt9euGkHhKilwbXa4VEtfY8GfMK18dGlM+K2nRu4G+ckoNzx9K2RdwAqUyj1WFLrS+FYY8EbHlffWf4WES32tSeyd6z3rF0jFoN83ojZ0nPfcch10tWklfRc2RcoItde9p0bR/Cgz2SI1nZT9EcBhrpqGkucLsx/xvcxXd/puQDe9svBq1vgWRuub7e6Q40v8Lhl5dTGJutKLWbCg9udonaUIR/LudSnSgEGrDoz/Yjx8Iytj9+tLj9C+rRASfUnHnTRjsVKJG3Ofx+YHhWs0gLJcV06EvM+PBgZOCnegcPrssi0OE+I5HtDixTkaBNQPHXfKcGqlSEPRmqEuwsvdcv7vOfWJn1ufmKpoaLXWPrX+U4gZYSMHrhieqdcieT8wSu/YJa8gBM5qkK1WMOYxwYzLU5q9H4g9sJfFqk14cvQk47Tb+nTLlFoYZvunATBAxQuNuMo8+scu0BuIqinB5SjO6bwF3nJUCigs8BTmo95Pw==' > ~/.ssh/known_hosts
|
||||
chmod 700 ~/.ssh/known_hosts
|
||||
|
||||
rclone sync --config=/notfound --sftp-host sftp.jean-cloud.net --sftp-user "$SFTP_USER" --sftp-port 2929 --sftp-key-file "$SECRET_DIR/sftp.sshprivkey" --sftp-known-hosts-file ~/.ssh/known_hosts :sftp:/public/ "$HTTP_DIR"
|
12
services/sftp_jc/nginx_server.conf
Executable file
12
services/sftp_jc/nginx_server.conf
Executable file
@ -0,0 +1,12 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||
|
||||
location / {
|
||||
root $HTTP_DIR;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
@ -4,8 +4,6 @@ services:
|
||||
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||
OMA_CONFIG_TelecommandePort: $TELECOM_SERVER_PORT
|
||||
OMA_CONFIG_Client1Host: mux.radiodemo.oma-radio.fr
|
||||
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
||||
volumes:
|
||||
@ -24,8 +22,6 @@ services:
|
||||
azurite_jukebox_simulator:
|
||||
image: registry.gitlab.com/omaradio/core/oma-jukebox-simulator:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||
volumes:
|
||||
- $SOUNDBASE_DIR:/app/soundBase
|
||||
restart: unless-stopped
|
||||
@ -47,8 +43,6 @@ services:
|
||||
agate_importer:
|
||||
image: registry.gitlab.com/omaradio/core/oma-baseimport:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||
volumes:
|
||||
- $SOUNDBASE_DIR:/app/soundBase
|
||||
restart: unless-stopped
|
||||
@ -65,8 +59,6 @@ services:
|
||||
rubis_base_mg:
|
||||
image: registry.gitlab.com/omaradio/core/oma-base-mg:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- $SOUNDBASE_DIR:/soundbase
|
||||
@ -83,8 +75,6 @@ services:
|
||||
system_api:
|
||||
image: jeancloud/system-api:dev
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||
UID: 33
|
||||
SOUNDBASE_PATH: /soundbase
|
||||
MOUNT: /api
|
||||
@ -108,7 +98,6 @@ services:
|
||||
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
|
||||
# env_file: .env
|
||||
# environment:
|
||||
# OMA_CONFIG_TelecommandeHost: $NET.101
|
||||
# OMA_CONFIG_PigePrefix: /opt
|
||||
# restart: unless-stopped
|
||||
# volumes:
|
||||
|
@ -4,7 +4,7 @@ server {
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name static.oma-radio.fr www.static.oma-radio.fr $JC_SERVICE www.$JC_SERVICE;
|
||||
root $HTTP_DIR/public/;
|
||||
root $DATA_DIR/public/;
|
||||
|
||||
location / {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
|
@ -1,28 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/collectif-arthadie.fr/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/collectif-arthadie.fr/privkey.pem;
|
||||
server_name wordpress.collectif-arthadie.fr www.wordpress.collectif-arthadie.fr;
|
||||
location / {
|
||||
client_max_body_size 2G;
|
||||
#proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_pass http://wp.collectif-arthadiefr.docker;
|
||||
proxy_redirect off;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/collectif-arthadie.fr/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/collectif-arthadie.fr/privkey.pem;
|
||||
server_name collectif-arthadie.fr www.collectif-arthadie.fr;
|
||||
|
||||
location / {
|
||||
root /data/collectif-arthadie.fr/static;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
@ -1,25 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/cousinades.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/cousinades.jean-cloud.net/privkey.pem;
|
||||
server_name cousinades.jean-cloud.net www.cousinades.jean-cloud.net;
|
||||
|
||||
index index.php;
|
||||
root /data/cousinades.jean-cloud.net/public;
|
||||
|
||||
location / {
|
||||
#auth_basic "Restricted";
|
||||
#auth_basic_user_file /data/cousinades.jean-cloud.net/private/passwords.txt;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass app.cousinadesjean-cloudnet.docker:9000;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME /usr/src/app/$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
}
|
||||
}
|
@ -1,12 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/git.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/git.jean-cloud.net/privkey.pem;
|
||||
server_name git.jean-cloud.net www.git.jean-cloud.net;
|
||||
location / {
|
||||
client_max_body_size 5G;
|
||||
proxy_pass http://gitea.gitjean-cloudnet.docker:3000;
|
||||
}
|
||||
}
|
||||
|
@ -1,17 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/inurbe.fr/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/inurbe.fr/privkey.pem;
|
||||
server_name inurbe.fr www.inurbe.fr;
|
||||
|
||||
location /.git {
|
||||
deny all;
|
||||
return 404;
|
||||
}
|
||||
|
||||
location / {
|
||||
root /data/inurbe.fr;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
@ -1,15 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/leida.fr/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/leida.fr/privkey.pem;
|
||||
server_name leida.fr www.leida.fr;
|
||||
location / {
|
||||
root /data/leida.fr/public;
|
||||
index index.htm index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location ~ .php {
|
||||
deny all;
|
||||
}
|
||||
}
|
@ -1,13 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/oma-radio.fr/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/oma-radio.fr/privkey.pem;
|
||||
server_name oma-radio.fr www.oma-radio.fr;
|
||||
root /data/oma-radio.fr;
|
||||
|
||||
location / {
|
||||
index index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
@ -1,17 +0,0 @@
|
||||
server{
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
location '/.well-known/acme-challenge' {
|
||||
root /var/www/letsencrypt;
|
||||
default_type "text/plain";
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
location = /basic_status {
|
||||
stub_status;
|
||||
}
|
||||
}
|
@ -1,40 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/rpnow.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/rpnow.jean-cloud.net/privkey.pem;
|
||||
server_name rpnow.jean-cloud.net www.rpnow.jean-cloud.net;
|
||||
|
||||
location / {
|
||||
client_max_body_size 2G;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_read_timeout 86400;
|
||||
proxy_redirect off;
|
||||
proxy_pass http://rpnow.rpnowjean-cloudnet.docker;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/rpnow.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/rpnow.jean-cloud.net/privkey.pem;
|
||||
server_name test.rpnow.jean-cloud.net www.test.rpnow.jean-cloud.net;
|
||||
|
||||
location / {
|
||||
client_max_body_size 2G;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_read_timeout 86400;
|
||||
proxy_redirect off;
|
||||
proxy_pass http://test_rpnow.rpnowjean-cloudnet.docker;
|
||||
}
|
||||
}
|
||||
|
@ -1,15 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/static.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/static.jean-cloud.net/privkey.pem;
|
||||
server_name static.oma-radio.fr www.static.oma-radio.fr static.jean-cloud.net www.static.jean-cloud.net;
|
||||
root /data/static.jean-cloud.net/public/;
|
||||
|
||||
location / {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET';
|
||||
index index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
@ -1,30 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/wiki-cgr.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/wiki-cgr.jean-cloud.net/privkey.pem;
|
||||
server_name wiki-cgr.jean-cloud.net www.wiki-cgr.jean-cloud.net;
|
||||
location / {
|
||||
client_max_body_size 2G;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_pass http://mediawiki.wiki-cgrjean-cloudnet.docker;
|
||||
proxy_redirect off;
|
||||
}
|
||||
}
|
||||
|
||||
# Is the parsoid mutualisable on all wikis ?
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/wiki-cgr.jean-cloud.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/wiki-cgr.jean-cloud.net/privkey.pem;
|
||||
server_name parsoid-wiki-cgr.jean-cloud.net www.parsoid-wiki-cgr.jean-cloud.net;
|
||||
location / {
|
||||
client_max_body_size 2G;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_pass http://parsoid.wiki-cgrjean-cloudnet.docker;
|
||||
proxy_redirect off;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user