mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2024-11-22 20:51:07 +01:00
Merge branch 'master' of github.com:kevinveenbirkenbach/server-manager
This commit is contained in:
commit
be6000476f
@ -7,6 +7,11 @@
|
|||||||
- system-update
|
- system-update
|
||||||
- native-journalctl
|
- native-journalctl
|
||||||
#- native-hostname
|
#- native-hostname
|
||||||
|
- name: setup btrfs health check
|
||||||
|
hosts: btrfs_health_check_hosts
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- native-btrfs-health-check
|
||||||
- name: setup standard wireguard hosts
|
- name: setup standard wireguard hosts
|
||||||
hosts: wireguard_hosts
|
hosts: wireguard_hosts
|
||||||
become: true
|
become: true
|
||||||
|
@ -14,6 +14,8 @@ services:
|
|||||||
interval: 1s
|
interval: 1s
|
||||||
timeout: 3s
|
timeout: 3s
|
||||||
retries: 30
|
retries: 30
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
database:
|
database:
|
||||||
image: mariadb
|
image: mariadb
|
||||||
restart: always
|
restart: always
|
||||||
@ -29,13 +31,16 @@ services:
|
|||||||
interval: 3s
|
interval: 3s
|
||||||
timeout: 1s
|
timeout: 1s
|
||||||
retries: 5
|
retries: 5
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
|
|
||||||
# Core services
|
# Core services
|
||||||
front:
|
front:
|
||||||
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.8}
|
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.8}
|
||||||
restart: always
|
restart: always
|
||||||
env_file: mailu.env
|
env_file: mailu.env
|
||||||
logging:
|
logging:
|
||||||
driver: json-file
|
driver: journald
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:{{ http_port }}:80"
|
- "127.0.0.1:{{ http_port }}:80"
|
||||||
- "{{ ip4_address }}:25:25"
|
- "{{ ip4_address }}:25:25"
|
||||||
@ -60,6 +65,8 @@ services:
|
|||||||
- "dkim:/dkim"
|
- "dkim:/dkim"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
imap:
|
imap:
|
||||||
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.8}
|
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.8}
|
||||||
restart: always
|
restart: always
|
||||||
@ -69,6 +76,8 @@ services:
|
|||||||
- "/etc/mailu/overrides:/overrides"
|
- "/etc/mailu/overrides:/overrides"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
|
|
||||||
smtp:
|
smtp:
|
||||||
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.8}
|
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.8}
|
||||||
@ -79,6 +88,8 @@ services:
|
|||||||
- "smtp_queue:/queue"
|
- "smtp_queue:/queue"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
|
|
||||||
antispam:
|
antispam:
|
||||||
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.8}
|
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.8}
|
||||||
@ -90,6 +101,8 @@ services:
|
|||||||
- "/etc/mailu/overrides/rspamd:/etc/rspamd/override.d"
|
- "/etc/mailu/overrides/rspamd:/etc/rspamd/override.d"
|
||||||
depends_on:
|
depends_on:
|
||||||
- front
|
- front
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
|
|
||||||
# Optional services
|
# Optional services
|
||||||
antivirus:
|
antivirus:
|
||||||
@ -98,6 +111,8 @@ services:
|
|||||||
env_file: mailu.env
|
env_file: mailu.env
|
||||||
volumes:
|
volumes:
|
||||||
- "filter:/data"
|
- "filter:/data"
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
|
|
||||||
webdav:
|
webdav:
|
||||||
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.8}
|
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.8}
|
||||||
@ -105,13 +120,17 @@ services:
|
|||||||
env_file: mailu.env
|
env_file: mailu.env
|
||||||
volumes:
|
volumes:
|
||||||
- "webdav_data:/data"
|
- "webdav_data:/data"
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
|
|
||||||
# Deactivated, because service leads to slowing down of webservices.
|
# Deactivated, because service leads to slowing down of webservices.
|
||||||
# Checkout the readme.md for more information
|
# Checkout the readme.md for more information
|
||||||
# fetchmail:
|
#fetchmail:
|
||||||
# image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8}
|
# image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8}
|
||||||
# restart: always
|
# restart: always
|
||||||
# env_file: mailu.env
|
# env_file: mailu.env
|
||||||
|
# logging:
|
||||||
|
# driver: journald
|
||||||
|
|
||||||
# Webmail
|
# Webmail
|
||||||
webmail:
|
webmail:
|
||||||
@ -122,6 +141,8 @@ services:
|
|||||||
- "webmail_data:/data"
|
- "webmail_data:/data"
|
||||||
depends_on:
|
depends_on:
|
||||||
- imap
|
- imap
|
||||||
|
logging:
|
||||||
|
driver: journald
|
||||||
volumes:
|
volumes:
|
||||||
database:
|
database:
|
||||||
smtp_queue:
|
smtp_queue:
|
||||||
|
@ -67,6 +67,15 @@ To use occ run:
|
|||||||
```bash
|
```bash
|
||||||
docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ
|
docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ
|
||||||
```
|
```
|
||||||
|
### app relevant tables
|
||||||
|
- oc_appconfig
|
||||||
|
- oc_migrations
|
||||||
|
|
||||||
|
### initialize duplicates
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ duplicates:find-all --output
|
||||||
|
```
|
||||||
|
|
||||||
### unlock files
|
### unlock files
|
||||||
```bash
|
```bash
|
||||||
@ -81,12 +90,17 @@ Until NC24 MariaDB version has to be used.
|
|||||||
|
|
||||||
## performance
|
## performance
|
||||||
### 504 Gateway Timeout
|
### 504 Gateway Timeout
|
||||||
- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se
|
|
||||||
- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070
|
```bash
|
||||||
|
docker logs nextcloud_web_1 --tail 1000 | grep 504
|
||||||
|
```
|
||||||
|
|
||||||
#### See
|
#### See
|
||||||
|
- https://support.f5.com/csp/article/K48373902
|
||||||
- https://github.com/nextcloud/server/issues/25436
|
- https://github.com/nextcloud/server/issues/25436
|
||||||
- https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/23?page=2
|
- https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/23?page=2
|
||||||
|
- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se
|
||||||
|
- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070
|
||||||
|
|
||||||
## further information
|
## further information
|
||||||
- https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
|
- https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
|
||||||
|
@ -25,6 +25,7 @@ http {
|
|||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
fastcgi_send_timeout 600s;
|
fastcgi_send_timeout 600s;
|
||||||
fastcgi_read_timeout 600s;
|
fastcgi_read_timeout 600s;
|
||||||
|
proxy_buffering off;
|
||||||
|
|
||||||
#gzip on;
|
#gzip on;
|
||||||
|
|
||||||
|
8
roles/native-btrfs-health-check/README.md
Normal file
8
roles/native-btrfs-health-check/README.md
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# btrfs-health-check
|
||||||
|
|
||||||
|
Sends a health report
|
||||||
|
|
||||||
|
## see
|
||||||
|
- https://superuser.com/questions/789303/how-to-monitor-btrfs-filesystem-raid-for-errors
|
||||||
|
- https://unix.stackexchange.com/questions/193619/list-all-btrfs-filesystems-and-subvolumes-in-shell
|
||||||
|
- https://www.freedesktop.org/software/systemd/man/systemd.unit.html
|
@ -0,0 +1,8 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Check btrfs status
|
||||||
|
OnFailure=systemd-email@%n.service
|
||||||
|
OnSuccess=systemd-email@%n.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/bin/bash /home/administrator/scripts/btrfs-health-check/btrfs-health-check.sh
|
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# Checks the healt of all btrfs volumes
|
||||||
|
for path in $(btrfs filesystem show | awk '/ path /{print $NF}')
|
||||||
|
do
|
||||||
|
btrfs device stats $path
|
||||||
|
done
|
@ -0,0 +1,8 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=starts btrfs-health-check.service
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=12:00
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
12
roles/native-btrfs-health-check/handlers/main.yml
Normal file
12
roles/native-btrfs-health-check/handlers/main.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
- name: "restart btrfs-health-check.service"
|
||||||
|
systemd:
|
||||||
|
name: btrfs-health-check.service
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
daemon_reload: yes
|
||||||
|
- name: "restart btrfs-health-check.timer"
|
||||||
|
systemd:
|
||||||
|
name: btrfs-health-check.timer
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
daemon_reload: yes
|
2
roles/native-btrfs-health-check/meta/main.yml
Normal file
2
roles/native-btrfs-health-check/meta/main.yml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
dependencies:
|
||||||
|
- native-systemd-email
|
22
roles/native-btrfs-health-check/tasks/main.yml
Normal file
22
roles/native-btrfs-health-check/tasks/main.yml
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
- name: "create /home/administrator/scripts/btrfs-health-check/"
|
||||||
|
file:
|
||||||
|
path: "/home/administrator/scripts/btrfs-health-check"
|
||||||
|
state: directory
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: create btrfs-health-check.sh
|
||||||
|
copy:
|
||||||
|
src: btrfs-health-check.sh
|
||||||
|
dest: "/home/administrator/scripts/btrfs-health-check/btrfs-health-check.sh"
|
||||||
|
|
||||||
|
- name: create btrfs-health-check.service
|
||||||
|
copy:
|
||||||
|
src: btrfs-health-check.service
|
||||||
|
dest: "/etc/systemd/system/btrfs-health-check.service"
|
||||||
|
notify: restart btrfs-health-check.service
|
||||||
|
|
||||||
|
- name: create btrfs-health-check.timer
|
||||||
|
copy:
|
||||||
|
src: btrfs-health-check.timer
|
||||||
|
dest: "/etc/systemd/system/btrfs-health-check.timer"
|
||||||
|
notify: restart btrfs-health-check.timer
|
@ -11,3 +11,9 @@ curl -I {{address}}
|
|||||||
## performance
|
## performance
|
||||||
- https://stackoverflow.com/questions/33703230/caching-images-on-all-folder-levels-of-nginx-reverse-proxy
|
- https://stackoverflow.com/questions/33703230/caching-images-on-all-folder-levels-of-nginx-reverse-proxy
|
||||||
- https://www.tweaked.io/guide/nginx-proxying/
|
- https://www.tweaked.io/guide/nginx-proxying/
|
||||||
|
- https://serverfault.com/questions/796735/nginx-reverse-proxy-is-slow/796740
|
||||||
|
- https://serverfault.com/questions/741610/what-is-the-difference-between-proxy-request-buffering-and-proxy-buffering-on-ng
|
||||||
|
- https://askubuntu.com/questions/1103626/should-i-enable-client-max-body-size-proxy-request-buffering-and-proxy-bufferin
|
||||||
|
- https://serverfault.com/questions/692577/whats-the-difference-between-proxy-buffer-and-proxy-cache-module-in-nginx-confi
|
||||||
|
- https://github.com/sissbruecker/linkding/issues/88
|
||||||
|
- https://www.bogotobogo.com/DevOps/Docker/Docker-Compose-Nginx-Reverse-Proxy-Multiple-Containers.php
|
||||||
|
@ -6,11 +6,16 @@ location /
|
|||||||
proxy_pass http://127.0.0.1:{{http_port}}/;
|
proxy_pass http://127.0.0.1:{{http_port}}/;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
# headers
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
proxy_set_header X-Forwarded-Port 443;
|
proxy_set_header X-Forwarded-Port 443;
|
||||||
|
|
||||||
|
# deactivate buffering
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_request_buffering off;
|
||||||
|
|
||||||
# timeouts
|
# timeouts
|
||||||
proxy_connect_timeout 1s;
|
proxy_connect_timeout 1s;
|
||||||
proxy_send_timeout 300s;
|
proxy_send_timeout 300s;
|
||||||
@ -19,6 +24,7 @@ location /
|
|||||||
|
|
||||||
# cache media files
|
# cache media files
|
||||||
location ~* \.(gif|ico|jpg|jpeg|png|svg|mp4|mp3|pdf)$ {
|
location ~* \.(gif|ico|jpg|jpeg|png|svg|mp4|mp3|pdf)$ {
|
||||||
|
proxy_buffering on;
|
||||||
proxy_cache cache;
|
proxy_cache cache;
|
||||||
proxy_cache_key $host$uri$is_args$args;
|
proxy_cache_key $host$uri$is_args$args;
|
||||||
proxy_cache_revalidate on;
|
proxy_cache_revalidate on;
|
||||||
@ -37,6 +43,7 @@ location /
|
|||||||
|
|
||||||
# cache content
|
# cache content
|
||||||
location ~* \.(html|css|js)$ {
|
location ~* \.(html|css|js)$ {
|
||||||
|
proxy_buffering on;
|
||||||
proxy_cache cache;
|
proxy_cache cache;
|
||||||
proxy_cache_key $host$uri$is_args$args;
|
proxy_cache_key $host$uri$is_args$args;
|
||||||
proxy_cache_revalidate on;
|
proxy_cache_revalidate on;
|
||||||
|
Loading…
Reference in New Issue
Block a user