INT 21h

Hi, I am Vladimir Smagin, SysAdmin and Kaptain. Telegram Email / GIT / Thingiverse / RSS / GPG

Add cache control and CORS to nginx ingress in Kubernetes

№ 11131 В разделе "Sysadmin" от November 3rd, 2020,
В подшивках: ,

annotations:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      if ($request_uri ~* \.(js|css|gif|jpe?g|png|woff|woff2|ico)) {
        expires 1M;
        add_header Cache-Control "public";
      }
    nginx.ingress.kubernetes.io/cors-allow-headers: >-
      DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,X-CSRF-Token,
      Authorization
    nginx.ingress.kubernetes.io/cors-allow-methods: 'GET, PUT, POST, DELETE, PATCH, OPTIONS'
    nginx.ingress.kubernetes.io/cors-allow-origin: '*'
    nginx.ingress.kubernetes.io/enable-cors: 'true'

Нет комментариев »

Laravel applications scaling inside Kubernetes

№ 11122 В разделе "Sysadmin" от November 3rd, 2020,
В подшивках: , , ,

I ran into the problem of scaling a Laravel application today. It scales well, but this is hampered by the session management plugin that stores data in files. If you do not share sessions between Pods after scaling the browser will show error 419, page expired.

First of all, I needed to create a Redis cluster that would store the sessions. You can do it however you want, I used the redis-operator which I wrote. For best results, I added balancing via haproxy and turned off persistent storage.

$ k get po -l instance=sessions-store
NAME                                       READY   STATUS    RESTARTS   AGE
sessions-store-haproxy-59b45854f4-48sfp    2/2     Running   0          5h16m
sessions-store-redis-0                     1/1     Running   0          5h16m
sessions-store-redis-1                     1/1     Running   0          5h15m
sessions-store-redis-2                     1/1     Running   0          5h15m
sessions-store-sentinel-586f47d744-4kgqx   1/1     Running   0          5h16m
sessions-store-sentinel-586f47d744-cfwng   1/1     Running   0          5h16m
sessions-store-sentinel-586f47d744-fd254   1/1     Running   0          5h16m

After that, you need to create a connection to the new Redis cluster in config/database.php.

    'redis' => [

        'client' => env('REDIS_CLIENT', 'phpredis'),
        ...
        'sessions' => [
            'host' => env('SESSION_REDIS_HOST', '127.0.0.1'),
            'password' => env('SESSION_REDIS_PASSWORD', null),
            'port' => env('SESSION_REDIS_PORT', 6379),
            'database' => 0,
        ],

    ],

Now you need to apply a patch that will allow you to take the necessary connection parameters from the ENV in config/session.php.

    'driver' => env('SESSION_DRIVER', 'file'),
    'connection' => env('SESSION_CONNECTION', null),

Don’t forget about the php library for working with Redis in Dockerfile.

RUN apt-get install php7.3-redis

Also you can add additional support to php.ini if some additional non-laravel scripts used:

RUN sed -i 's/session.save_handler = files/session.save_handler = redis/g' /etc/php/7.3/fpm/php.ini
RUN sed -i 's/;session.save_path = "\/var\/lib\/php\/sessions"/session.save_path = "tcp:\/\/sessions-store-haproxy:6379"/g' /etc/php/7.3/fpm/php.ini

Now provide all the necessary environment variables to Pod and you can start deploying.

  SESSION_DRIVER: redis
  SESSION_CONNECTION: sessions
  SESSION_REDIS_HOST: "sessions-store-haproxy"
  SESSION_REDIS_PASSWORD: ""
  SESSION_REDIS_PORT: 6379

Login to Laravel and check Redis

Nice.

Нет комментариев »

How to create docker volume from directory

№ 11114 В разделе "Sysadmin" от October 6th, 2020,
В подшивках: ,

Typically its not useful because you can directly mount directory to containers, but… who knows? May be you just want it.

For example, you have directory on your hard drive and want to move files inside docker volume:

root@boroda:/tmp/future-volume# find .
.
./somedir
./somedir/config.yaml
./file1
./test.txt
./myfile2

Just run move (or copy) command in busybox container:

docker run --rm -it \
    -v my-docker-volume:/destination \
    -v /tmp/future-volume:/source \
    busybox \
    /bin/sh -c "mv /source/* /destination/ && find /destination"

This command mounts (or create if not exists already) volume, mount directory on disk and move files from disk to volume.

After move completion you’ll see tree on moved files:

/destination
/destination/somedir
/destination/somedir/config.yaml
/destination/file1
/destination/test.txt
/destination/myfile2

That’s all, easy.

Нет комментариев »

Dimming display under Ubuntu Linux

№ 11106 В разделе "Sysadmin" от September 17th, 2020,
В подшивках:

NOT COMPATIBLE WITH REDSHIFT! Turn it off completely, not just disable.

Easiest way:

sudo add-apt-repository ppa:apandada1/brightness-controller
sudo apt-get update
sudo apt-get install brightness-controller-simple

Not easiest way:

xrandr -q | grep " connected"
xrandr --output HDMI-0 --brightness 0.5

Нет комментариев »

Wireguard VPN between Mikrotik and my android phone (without changing firmware to openwrt!)

№ 11088 В разделе "Sysadmin" от September 1st, 2020,
В подшивках: ,

At last, Mikrotik released version 7.1b with Wireguard support! YES!

You can upgrade your device now by switching to development branch.

So, create new wireguard interface, keys and set port.

Assign IP address to your new interface

[admin@MikroTik] > /ip address
[admin@MikroTik] /ip/address> add address=10.50.20.1/24 interface=wgvpn

On your mobile phone install Wireguard client and make same steps, assign IP address in same subnet, use public key of your Mikrotik.

Now on Mikrotik create new peer with public key of your phone

Check it

[admin@MikroTik] /ip/address> /tool/ping 10.50.20.4
  SEQ HOST                                     SIZE TTL TIME  STATUS             
    0 10.50.20.4                                 56  64 126ms
    1 10.50.20.4                                 56  64 52ms 
    2 10.50.20.4                                 56  64 80ms 
    sent=3 received=3 packet-loss=0% min-rtt=52ms avg-rtt=86ms max-rtt=126ms 

Allow connections

In absolutely same way you can set up private network on your computer.

Нет комментариев »

Яндекс.Метрика

Fortune cookie: "By elevating dogma above reason, the individual's intelligence is prevented from becoming self-reliant." [Eric Hoffer, "The True Believer"]