INT 21h

Hi, I am Vladimir Smagin, SysAdmin, DevOps and barely good guy. Telegram Email / GIT / Микроблог / Thingiverse / GPG

docker-compose for Elasticsearch, Kibana and oauth2 protection

№ 10908 В разделе "Sysadmin" от January 17th, 2020,
В подшивках: Docker, ELK

version: '3.7'
services:
  kibana:
    image: kibana:7.3.0
    depends_on:
      - elasticsearch
    networks:
      - elk

  elasticsearch:
    image: elasticsearch:7.3.0
    volumes:
      - esdata:/usr/share/elasticsearch/data
    networks:
      - elk
    ports:
      - 39200:9200
    environment:
      - "discovery.type=single-node"
      - "cluster.name=docker-cluster"
      - "bootstrap.memory_lock=true"
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1

  oauth:
    # cloned git repo with enabled bitbucket support
    build: ./oauth2_proxy
    image: oauth2proxy
    entrypoint:
      - oauth2_proxy
      - --upstream=http://kibana:5601
      - --email-domain=*
      - --http-address=0.0.0.0:4180
      - --bitbucket-team=my_organization
      - --client-id=zZYjbsBVMBDyaXvk5v
      - --client-secret=wxz3uFvKVBXR2EaQPJAcQyPY44XbyNKT
      - --provider=bitbucket
      - --cookie-secret=cy-BbEK5MgHg5NcQe8FcdQ==
      - --cookie-secure=true
    depends_on:
      - elasticsearch
      - kibana
    ports:
      - 127.0.0.1:4180:4180
    networks:
      - elk

networks:
  elk:

volumes:
  esdata:
    driver: local

Нет комментариев »

Zabbix: monitor days before SSL expired

№ 10870 В разделе "Sysadmin" от December 30th, 2019,
В подшивках: Monitoring, Zabbix

I monitor my SSL enabled domains with automatic discovery feature. On server I placed text file with new line separated domain list /etc/zabbix/scripts/ssl_list.txt, zabbix checking it every minute and creating new items with domains. No empty line at the end! Install jq tool to work with JSON.

See archive file at the end.

Create directory /etc/zabbix/scripts and place 2 files inside: ssl_get_days.sh, ssl_list.txt.
Copy configuration file for zabbix agent /etc/zabbix/zabbix_agentd.d/ssl.conf

Now import XML file with template or create discovery rule by hands:

Good! Good! Add new item prototype

And two triggers “expires” and “expired”

Now wait few minutes and you see your domains in latest data

All files you need at once, just import template data in zabbix web interface.

zabbix_ssl_check.tar

Нет комментариев »

Nginx Unit for Codeigniter

№ 10457 В разделе "Sysadmin" от December 16th, 2019,
В подшивках: CodeIgniter, PHP, Unit

Share all static files in subdirectories, all others requests goes to index.php of application.

{
    "listeners": {
        "*:8300": {
            "pass": "routes"
        }
    },
    "applications": {
        "app": {
            "type": "php",
            "user": "www-data",
            "group": "www-data",
            "root": "/www/app",
            "index": "index.php",
            "script": "index.php"
        }
    },
    "routes": [
        {
            "match": {
                "uri": "/pics/*"
            },
            "action": {
                "share": "/www/app/"
            }
        },
        {
            "match": {
                "uri": "/images/*"
            },
            "action": {
                "share": "/www/app/"
            }
        },
        {
            "match": {
                "uri": "/cover/*"
            },
            "action": {
                "share": "/www/app/"
            }
        },
        {
            "action": {
                "pass": "applications/app"
            }
        }
    ],
    "access_log": "/var/log/access.log"
}

Нет комментариев »

Nginx Unit config for Dokuwiki

№ 10455 В разделе "Sysadmin" от December 16th, 2019,
В подшивках: Dokuwiki, PHP, Unit

Requests to / and php files goes to application, all other files is static.

{
    "listeners": {
        "*:8300": {
            "pass": "routes"
        }
    },
    "applications": {
        "app": {
            "type": "php",
            "user": "www-data",
            "group": "www-data",
            "root": "/www/app",
            "index": "index.php",
        }
    },
    "routes": [
        {
            "match": {
                "uri": "/"
            },
            "action": {
                "pass": "applications/app"
            }
        },
        {
            "match": {
                "uri": "*.php"
            },
            "action": {
                "pass": "applications/app"
            }
        },
        {
            "action": {
                "share": "/www/app/"
            }
        }

    ]
}

Нет комментариев »

Dockerfile for Nginx Unit projects

№ 10453 В разделе "Sysadmin" от December 16th, 2019,
В подшивках: Docker, Unit

Place unit_config.json file in project root directory, it will be moved to /state during image building. Find example configs by hash tag #unit.

Do not forget to change timezone and packages to install.

FROM ubuntu:eoan

ENV TZ=Asia/Tomsk
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

RUN set -xe \
    && apt-get -y update \
    && apt-get -y install --no-install-recommends gnupg2 curl php mysql-client ca-certificates \
    php-curl php-mysql \
    && curl https://nginx.org/keys/nginx_signing.key | apt-key add - \
    && echo "deb https://packages.nginx.org/unit/ubuntu/ eoan unit"  | tee -a /etc/apt/sources.list \
    && echo "deb-src https://packages.nginx.org/unit/ubuntu/ eoan unit" | tee -a /etc/apt/sources.list \
    && apt-get -y update \
    && apt-get -y install unit unit-php unit-dev \
    && unitd --version

RUN rm /etc/init.d/unit

WORKDIR /www/app

COPY . .

RUN mkdir -p /state/certs && mv unit_config.json /state/conf.json \
    && chmod 700 -R /state && chown root:root -R /state
RUN chown -R www-data:www-data /www/app

CMD ["unitd", "--no-daemon", "--state", "/state"]

Нет комментариев »

Вперёд » Перейти наверх