diff --git a/playbook.yml b/playbook.yml index 42b4356b..90f0e378 100644 --- a/playbook.yml +++ b/playbook.yml @@ -7,6 +7,11 @@ - system-update - native-journalctl #- native-hostname +- name: setup btrfs health check + hosts: btrfs_health_check_hosts + become: true + roles: + - native-btrfs-health-check - name: setup standard wireguard hosts hosts: wireguard_hosts become: true diff --git a/roles/docker-mailu/templates/docker-compose.yml.j2 b/roles/docker-mailu/templates/docker-compose.yml.j2 index 5188625e..e4d63875 100644 --- a/roles/docker-mailu/templates/docker-compose.yml.j2 +++ b/roles/docker-mailu/templates/docker-compose.yml.j2 @@ -14,6 +14,8 @@ services: interval: 1s timeout: 3s retries: 30 + logging: + driver: journald database: image: mariadb restart: always @@ -29,13 +31,16 @@ services: interval: 3s timeout: 1s retries: 5 + logging: + driver: journald + # Core services front: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.8} restart: always env_file: mailu.env logging: - driver: json-file + driver: journald ports: - "127.0.0.1:{{ http_port }}:80" - "{{ ip4_address }}:25:25" @@ -60,6 +65,8 @@ services: - "dkim:/dkim" depends_on: - front + logging: + driver: journald imap: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.8} restart: always @@ -69,6 +76,8 @@ services: - "/etc/mailu/overrides:/overrides" depends_on: - front + logging: + driver: journald smtp: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.8} @@ -79,6 +88,8 @@ services: - "smtp_queue:/queue" depends_on: - front + logging: + driver: journald antispam: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.8} @@ -90,6 +101,8 @@ services: - "/etc/mailu/overrides/rspamd:/etc/rspamd/override.d" depends_on: - front + logging: + driver: journald # Optional services antivirus: @@ -98,6 +111,8 @@ services: env_file: mailu.env volumes: - "filter:/data" + logging: + driver: journald webdav: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.8} @@ -105,13 +120,17 @@ services: env_file: mailu.env volumes: - "webdav_data:/data" + logging: + driver: journald # Deactivated, because service leads to slowing down of webservices. # Checkout the readme.md for more information - # fetchmail: + #fetchmail: # image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8} # restart: always - # env_file: mailu.env + # env_file: mailu.env + # logging: + # driver: journald # Webmail webmail: @@ -122,6 +141,8 @@ services: - "webmail_data:/data" depends_on: - imap + logging: + driver: journald volumes: database: smtp_queue: diff --git a/roles/docker-nextcloud/README.md b/roles/docker-nextcloud/README.md index 0fec0490..c382c083 100644 --- a/roles/docker-nextcloud/README.md +++ b/roles/docker-nextcloud/README.md @@ -67,6 +67,15 @@ To use occ run: ```bash docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ ``` +### app relevant tables +- oc_appconfig +- oc_migrations + +### initialize duplicates + +```bash + sudo docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ duplicates:find-all --output +``` ### unlock files ```bash @@ -81,12 +90,17 @@ Until NC24 MariaDB version has to be used. ## performance ### 504 Gateway Timeout -- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se -- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070 + +```bash + docker logs nextcloud_web_1 --tail 1000 | grep 504 +``` #### See +- https://support.f5.com/csp/article/K48373902 - https://github.com/nextcloud/server/issues/25436 - https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/23?page=2 +- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se +- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070 ## further information - https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml diff --git a/roles/docker-nextcloud/templates/nginx.conf.j2 b/roles/docker-nextcloud/templates/nginx.conf.j2 index ef2525a9..9fbea656 100644 --- a/roles/docker-nextcloud/templates/nginx.conf.j2 +++ b/roles/docker-nextcloud/templates/nginx.conf.j2 @@ -25,6 +25,7 @@ http { keepalive_timeout 65; fastcgi_send_timeout 600s; fastcgi_read_timeout 600s; + proxy_buffering off; #gzip on; diff --git a/roles/native-btrfs-health-check/README.md b/roles/native-btrfs-health-check/README.md new file mode 100644 index 00000000..1f888ba0 --- /dev/null +++ b/roles/native-btrfs-health-check/README.md @@ -0,0 +1,8 @@ +# btrfs-health-check + +Sends a health report + +## see +- https://superuser.com/questions/789303/how-to-monitor-btrfs-filesystem-raid-for-errors +- https://unix.stackexchange.com/questions/193619/list-all-btrfs-filesystems-and-subvolumes-in-shell +- https://www.freedesktop.org/software/systemd/man/systemd.unit.html diff --git a/roles/native-btrfs-health-check/files/btrfs-health-check.service b/roles/native-btrfs-health-check/files/btrfs-health-check.service new file mode 100644 index 00000000..23b65736 --- /dev/null +++ b/roles/native-btrfs-health-check/files/btrfs-health-check.service @@ -0,0 +1,8 @@ +[Unit] +Description=Check btrfs status +OnFailure=systemd-email@%n.service +OnSuccess=systemd-email@%n.service + +[Service] +Type=oneshot +ExecStart=/bin/bash /home/administrator/scripts/btrfs-health-check/btrfs-health-check.sh diff --git a/roles/native-btrfs-health-check/files/btrfs-health-check.sh b/roles/native-btrfs-health-check/files/btrfs-health-check.sh new file mode 100644 index 00000000..5a8b7a00 --- /dev/null +++ b/roles/native-btrfs-health-check/files/btrfs-health-check.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# Checks the healt of all btrfs volumes +for path in $(btrfs filesystem show | awk '/ path /{print $NF}') +do + btrfs device stats $path +done diff --git a/roles/native-btrfs-health-check/files/btrfs-health-check.timer b/roles/native-btrfs-health-check/files/btrfs-health-check.timer new file mode 100644 index 00000000..9f116f74 --- /dev/null +++ b/roles/native-btrfs-health-check/files/btrfs-health-check.timer @@ -0,0 +1,8 @@ +[Unit] +Description=starts btrfs-health-check.service + +[Timer] +OnCalendar=12:00 + +[Install] +WantedBy=timers.target diff --git a/roles/native-btrfs-health-check/handlers/main.yml b/roles/native-btrfs-health-check/handlers/main.yml new file mode 100644 index 00000000..a6104905 --- /dev/null +++ b/roles/native-btrfs-health-check/handlers/main.yml @@ -0,0 +1,12 @@ +- name: "restart btrfs-health-check.service" + systemd: + name: btrfs-health-check.service + state: restarted + enabled: yes + daemon_reload: yes +- name: "restart btrfs-health-check.timer" + systemd: + name: btrfs-health-check.timer + state: restarted + enabled: yes + daemon_reload: yes diff --git a/roles/native-btrfs-health-check/meta/main.yml b/roles/native-btrfs-health-check/meta/main.yml new file mode 100644 index 00000000..9d9d34e2 --- /dev/null +++ b/roles/native-btrfs-health-check/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - native-systemd-email diff --git a/roles/native-btrfs-health-check/tasks/main.yml b/roles/native-btrfs-health-check/tasks/main.yml new file mode 100644 index 00000000..0e88f5ad --- /dev/null +++ b/roles/native-btrfs-health-check/tasks/main.yml @@ -0,0 +1,22 @@ +- name: "create /home/administrator/scripts/btrfs-health-check/" + file: + path: "/home/administrator/scripts/btrfs-health-check" + state: directory + mode: 0755 + +- name: create btrfs-health-check.sh + copy: + src: btrfs-health-check.sh + dest: "/home/administrator/scripts/btrfs-health-check/btrfs-health-check.sh" + +- name: create btrfs-health-check.service + copy: + src: btrfs-health-check.service + dest: "/etc/systemd/system/btrfs-health-check.service" + notify: restart btrfs-health-check.service + +- name: create btrfs-health-check.timer + copy: + src: btrfs-health-check.timer + dest: "/etc/systemd/system/btrfs-health-check.timer" + notify: restart btrfs-health-check.timer diff --git a/roles/native-docker-reverse-proxy/readme.md b/roles/native-docker-reverse-proxy/readme.md index 38356c94..e9df5f0b 100644 --- a/roles/native-docker-reverse-proxy/readme.md +++ b/roles/native-docker-reverse-proxy/readme.md @@ -11,3 +11,9 @@ curl -I {{address}} ## performance - https://stackoverflow.com/questions/33703230/caching-images-on-all-folder-levels-of-nginx-reverse-proxy - https://www.tweaked.io/guide/nginx-proxying/ +- https://serverfault.com/questions/796735/nginx-reverse-proxy-is-slow/796740 +- https://serverfault.com/questions/741610/what-is-the-difference-between-proxy-request-buffering-and-proxy-buffering-on-ng +- https://askubuntu.com/questions/1103626/should-i-enable-client-max-body-size-proxy-request-buffering-and-proxy-bufferin +- https://serverfault.com/questions/692577/whats-the-difference-between-proxy-buffer-and-proxy-cache-module-in-nginx-confi +- https://github.com/sissbruecker/linkding/issues/88 +- https://www.bogotobogo.com/DevOps/Docker/Docker-Compose-Nginx-Reverse-Proxy-Multiple-Containers.php diff --git a/roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2 b/roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2 index dc361ea3..4e42384c 100644 --- a/roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2 +++ b/roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2 @@ -6,11 +6,16 @@ location / proxy_pass http://127.0.0.1:{{http_port}}/; {% endif %} + # headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443; + # deactivate buffering + proxy_buffering off; + proxy_request_buffering off; + # timeouts proxy_connect_timeout 1s; proxy_send_timeout 300s; @@ -19,6 +24,7 @@ location / # cache media files location ~* \.(gif|ico|jpg|jpeg|png|svg|mp4|mp3|pdf)$ { + proxy_buffering on; proxy_cache cache; proxy_cache_key $host$uri$is_args$args; proxy_cache_revalidate on; @@ -37,6 +43,7 @@ location / # cache content location ~* \.(html|css|js)$ { + proxy_buffering on; proxy_cache cache; proxy_cache_key $host$uri$is_args$args; proxy_cache_revalidate on;