INT 21h

Hi, I am Vladimir Smagin, SysAdmin, DevOps and barely good guy. Telegram Email / GIT / Микроблог / Thingiverse / GPG

Zabbix: monitor days before SSL expired

№ 10870 В разделе "Sysadmin" от December 30th, 2019,
В подшивках: ,

I monitor my SSL enabled domains with automatic discovery feature. On server I placed text file with new line separated domain list /etc/zabbix/scripts/ssl_list.txt, zabbix checking it every minute and creating new items with domains. No empty line at the end! Install jq tool to work with JSON.

See archive file at the end.

Create directory /etc/zabbix/scripts and place 2 files inside: ssl_get_days.sh, ssl_list.txt.
Copy configuration file for zabbix agent /etc/zabbix/zabbix_agentd.d/ssl.conf

Now import XML file with template or create discovery rule by hands:

Good! Good! Add new item prototype

And two triggers “expires” and “expired”

Now wait few minutes and you see your domains in latest data

All files you need at once, just import template data in zabbix web interface.

zabbix_ssl_check.tar

Нет комментариев »

Nginx Unit for Codeigniter

№ 10457 В разделе "Sysadmin" от December 16th, 2019,
В подшивках: , ,

Share all static files in subdirectories, all others requests goes to index.php of application.

{
    "listeners": {
        "*:8300": {
            "pass": "routes"
        }
    },
    "applications": {
        "app": {
            "type": "php",
            "user": "www-data",
            "group": "www-data",
            "root": "/www/app",
            "index": "index.php",
            "script": "index.php"
        }
    },
    "routes": [
        {
            "match": {
                "uri": "/pics/*"
            },
            "action": {
                "share": "/www/app/"
            }
        },
        {
            "match": {
                "uri": "/images/*"
            },
            "action": {
                "share": "/www/app/"
            }
        },
        {
            "match": {
                "uri": "/cover/*"
            },
            "action": {
                "share": "/www/app/"
            }
        },
        {
            "action": {
                "pass": "applications/app"
            }
        }
    ],
    "access_log": "/var/log/access.log"
}

Нет комментариев »

Nginx Unit config for Dokuwiki

№ 10455 В разделе "Sysadmin" от December 16th, 2019,
В подшивках: , ,

Requests to / and php files goes to application, all other files is static.

{
    "listeners": {
        "*:8300": {
            "pass": "routes"
        }
    },
    "applications": {
        "app": {
            "type": "php",
            "user": "www-data",
            "group": "www-data",
            "root": "/www/app",
            "index": "index.php",
        }
    },
    "routes": [
        {
            "match": {
                "uri": "/"
            },
            "action": {
                "pass": "applications/app"
            }
        },
        {
            "match": {
                "uri": "*.php"
            },
            "action": {
                "pass": "applications/app"
            }
        },
        {
            "action": {
                "share": "/www/app/"
            }
        }

    ]
}

Нет комментариев »

Dockerfile for Nginx Unit projects

№ 10453 В разделе "Sysadmin" от December 16th, 2019,
В подшивках: ,

Place unit_config.json file in project root directory, it will be moved to /state during image building. Find example configs by hash tag #unit.

Do not forget to change timezone and packages to install.

FROM ubuntu:eoan

ENV TZ=Asia/Tomsk
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

RUN set -xe \
    && apt-get -y update \
    && apt-get -y install --no-install-recommends gnupg2 curl php mysql-client ca-certificates \
    php-curl php-mysql \
    && curl https://nginx.org/keys/nginx_signing.key | apt-key add - \
    && echo "deb https://packages.nginx.org/unit/ubuntu/ eoan unit"  | tee -a /etc/apt/sources.list \
    && echo "deb-src https://packages.nginx.org/unit/ubuntu/ eoan unit" | tee -a /etc/apt/sources.list \
    && apt-get -y update \
    && apt-get -y install unit unit-php unit-dev \
    && unitd --version

RUN rm /etc/init.d/unit

WORKDIR /www/app

COPY . .

RUN mkdir -p /state/certs && mv unit_config.json /state/conf.json \
    && chmod 700 -R /state && chown root:root -R /state
RUN chown -R www-data:www-data /www/app

CMD ["unitd", "--no-daemon", "--state", "/state"]

Нет комментариев »

cert-manager can’t resolve new domain to perform HTTP01 challenge

№ 10443 В разделе "Sysadmin" от December 14th, 2019,
В подшивках: , ,

In ingress resource you created new domain to perform HTTP01 challenge and obtain new LE certificate but something goes wrong in log file:

E1214 14:35:06.644315 1 sync.go:183] cert-manager/controller/challenges "msg"="propagation check failed" "error"="failed to perform self check GET request 'http://test.k8s.blindage.org/.well-known/acme-challenge/nmxxZh0K7iXuOnqGRm52PqymHj8YFVpN2MryLfRdVoU': Get http://test.k8s.blindage.org/.well-known/acme-challenge/nmxxZh0K7iXuOnqGRm52PqymHj8YFVpN2MryLfRdVoU: dial tcp: lookup test.k8s.blindage.org on 10.245.0.10:53: no such host" "dnsName"="test.k8s.blindage.org" "resource_kind"="Challenge" "resource_name"="tls-test-k8s-blindage-org-749846670-0" "resource_namespace"="testing" "type"="http-01"

… and this error repeats multiple times without any progress. Its managed Kubernetes in DigitalOcean.

To solve this problem just uncomment these lines in Helm chart of cert-manager to provide your own nameservers:

podDnsPolicy: "None"
podDnsConfig:
  nameservers:
    - "1.1.1.1"
    - "8.8.8.8"

Voila! You got new certificate.

Нет комментариев »

Микроблог перейти

# 2019-12-23 09:14:01

Очень интересная концепция, docker-compose для kubernetes kompose.io/ #devops #kubernetes #docker

# 2019-12-16 17:21:18

Надо будет почитать для общего развития как оживить кластер в случае проеба сертов habr.com/ru/company/southbridg #kubernetes #devops

# 2019-12-12 17:33:46

js bootstrap с интерфейсом как в DOS github.com/kristopolous/BOOTST


© Vladimir Smagin, 2005-2019. Копирование материалов без разрешения запрещено. GPG DA4CD0F5E222EA727D6A40C413BCE12E5618F071 *
Яндекс.Метрика

Fortune cookie: A toast to the kisses you've snatched and vice-versa.