Merge branch 'master' of github.com:kevinveenbirkenbach/server-manager

2024-11-22 12:41:05 +01:00 · 2022-02-01 10:49:12 +01:00 · 2022-02-01 10:49:12 +01:00 · d8877d1c6e
commit d8877d1c6e
parent 3e2425c39d 5869e0782d
13 changed files with 125 additions and 5 deletions
--- a/playbook.yml
+++ b/playbook.yml
@ -7,6 +7,11 @@
    - system-update
    - native-journalctl
    #- native-hostname
+- name: setup btrfs health check
+  hosts: btrfs_health_check_hosts
+  become: true
+  roles:
+    - native-btrfs-health-check
 - name: setup standard wireguard hosts
  hosts: wireguard_hosts
  become: true
--- a/roles/docker-mailu/templates/docker-compose.yml.j2
+++ b/roles/docker-mailu/templates/docker-compose.yml.j2
@ -14,6 +14,8 @@ services:
      interval: 1s
      timeout: 3s
      retries: 30
+    logging:
+      driver: journald
  database:
    image: mariadb
    restart: always
@ -29,13 +31,16 @@ services:
      interval: 3s
      timeout: 1s
      retries: 5
+    logging:
+      driver: journald
+
  # Core services
  front:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.8}
    restart: always
    env_file: mailu.env
    logging:
-      driver: json-file
+      driver: journald
    ports:
      - "127.0.0.1:{{ http_port }}:80"
      - "{{ ip4_address }}:25:25"
@ -60,6 +65,8 @@ services:
      - "dkim:/dkim"
    depends_on:
      - front
+    logging:
+      driver: journald
  imap:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.8}
    restart: always
@ -69,6 +76,8 @@ services:
      - "/etc/mailu/overrides:/overrides"
    depends_on:
      - front
+    logging:
+      driver: journald

  smtp:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.8}
@ -79,6 +88,8 @@ services:
      - "smtp_queue:/queue"
    depends_on:
      - front
+    logging:
+      driver: journald

  antispam:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.8}
@ -90,6 +101,8 @@ services:
      - "/etc/mailu/overrides/rspamd:/etc/rspamd/override.d"
    depends_on:
      - front
+    logging:
+      driver: journald

  # Optional services
  antivirus:
@ -98,6 +111,8 @@ services:
    env_file: mailu.env
    volumes:
      - "filter:/data"
+    logging:
+      driver: journald

  webdav:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.8}
@ -105,13 +120,17 @@ services:
    env_file: mailu.env
    volumes:
      - "webdav_data:/data"
+    logging:
+      driver: journald

  # Deactivated, because service leads to slowing down of webservices.
  # Checkout the readme.md for more information
-  # fetchmail:
+  #fetchmail:
  #  image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8}
  #  restart: always
-  #   env_file: mailu.env
+  #  env_file: mailu.env
+  #  logging:
+  #    driver: journald

  # Webmail
  webmail:
@ -122,6 +141,8 @@ services:
      - "webmail_data:/data"
    depends_on:
      - imap
+    logging:
+      driver: journald
 volumes:
  database:
  smtp_queue:
--- a/roles/docker-nextcloud/README.md
+++ b/roles/docker-nextcloud/README.md
@ -67,6 +67,15 @@ To use occ run:
 ```bash
  docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ
 ```
+### app relevant tables
+- oc_appconfig
+- oc_migrations
+
+### initialize duplicates
+
+```bash
+  sudo docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ duplicates:find-all --output
+```

 ### unlock files
 ```bash
@ -81,12 +90,17 @@ Until NC24 MariaDB version has to be used.

 ## performance
 ### 504 Gateway Timeout
- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se
- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070
+
+```bash
+  docker logs nextcloud_web_1 --tail 1000 | grep 504
+```

 #### See
+- https://support.f5.com/csp/article/K48373902
 - https://github.com/nextcloud/server/issues/25436
 - https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/23?page=2
+- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se
+- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070

 ## further information
 - https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
--- a/roles/docker-nextcloud/templates/nginx.conf.j2
+++ b/roles/docker-nextcloud/templates/nginx.conf.j2
@ -25,6 +25,7 @@ http {
    keepalive_timeout     65;
    fastcgi_send_timeout  600s;
    fastcgi_read_timeout  600s;
+    proxy_buffering       off;

    #gzip  on;

--- a/roles/native-btrfs-health-check/README.md
+++ b/roles/native-btrfs-health-check/README.md
@ -0,0 +1,8 @@
+# btrfs-health-check
+
+Sends a health report
+
+## see
+- https://superuser.com/questions/789303/how-to-monitor-btrfs-filesystem-raid-for-errors
+- https://unix.stackexchange.com/questions/193619/list-all-btrfs-filesystems-and-subvolumes-in-shell
+- https://www.freedesktop.org/software/systemd/man/systemd.unit.html
--- a/roles/native-btrfs-health-check/files/btrfs-health-check.service
+++ b/roles/native-btrfs-health-check/files/btrfs-health-check.service
@ -0,0 +1,8 @@
+[Unit]
+Description=Check btrfs status
+OnFailure=systemd-email@%n.service
+OnSuccess=systemd-email@%n.service
+
+[Service]
+Type=oneshot
+ExecStart=/bin/bash /home/administrator/scripts/btrfs-health-check/btrfs-health-check.sh
--- a/roles/native-btrfs-health-check/files/btrfs-health-check.sh
+++ b/roles/native-btrfs-health-check/files/btrfs-health-check.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+# Checks the healt of all btrfs volumes
+for path in $(btrfs filesystem show | awk '/ path /{print $NF}')
+do
+  btrfs device stats $path
+done
--- a/roles/native-btrfs-health-check/files/btrfs-health-check.timer
+++ b/roles/native-btrfs-health-check/files/btrfs-health-check.timer
@ -0,0 +1,8 @@
+[Unit]
+Description=starts btrfs-health-check.service
+
+[Timer]
+OnCalendar=12:00
+
+[Install]
+WantedBy=timers.target
--- a/roles/native-btrfs-health-check/handlers/main.yml
+++ b/roles/native-btrfs-health-check/handlers/main.yml
@ -0,0 +1,12 @@
+- name: "restart btrfs-health-check.service"
+  systemd:
+    name: btrfs-health-check.service
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
+- name: "restart btrfs-health-check.timer"
+  systemd:
+    name: btrfs-health-check.timer
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
--- a/roles/native-btrfs-health-check/meta/main.yml
+++ b/roles/native-btrfs-health-check/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - native-systemd-email
--- a/roles/native-btrfs-health-check/tasks/main.yml
+++ b/roles/native-btrfs-health-check/tasks/main.yml
@ -0,0 +1,22 @@
+- name: "create /home/administrator/scripts/btrfs-health-check/"
+  file:
+    path: "/home/administrator/scripts/btrfs-health-check"
+    state: directory
+    mode: 0755
+
+- name: create btrfs-health-check.sh
+  copy:
+    src: btrfs-health-check.sh
+    dest: "/home/administrator/scripts/btrfs-health-check/btrfs-health-check.sh"
+
+- name: create btrfs-health-check.service
+  copy:
+    src: btrfs-health-check.service
+    dest: "/etc/systemd/system/btrfs-health-check.service"
+  notify: restart btrfs-health-check.service
+
+- name: create btrfs-health-check.timer
+  copy:
+    src: btrfs-health-check.timer
+    dest: "/etc/systemd/system/btrfs-health-check.timer"
+  notify: restart btrfs-health-check.timer
--- a/roles/native-docker-reverse-proxy/readme.md
+++ b/roles/native-docker-reverse-proxy/readme.md
@ -11,3 +11,9 @@ curl -I {{address}}
 ## performance
 - https://stackoverflow.com/questions/33703230/caching-images-on-all-folder-levels-of-nginx-reverse-proxy
 - https://www.tweaked.io/guide/nginx-proxying/
+- https://serverfault.com/questions/796735/nginx-reverse-proxy-is-slow/796740
+- https://serverfault.com/questions/741610/what-is-the-difference-between-proxy-request-buffering-and-proxy-buffering-on-ng
+- https://askubuntu.com/questions/1103626/should-i-enable-client-max-body-size-proxy-request-buffering-and-proxy-bufferin
+- https://serverfault.com/questions/692577/whats-the-difference-between-proxy-buffer-and-proxy-cache-module-in-nginx-confi
+- https://github.com/sissbruecker/linkding/issues/88
+- https://www.bogotobogo.com/DevOps/Docker/Docker-Compose-Nginx-Reverse-Proxy-Multiple-Containers.php
--- a/roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2
+++ b/roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2
@ -6,11 +6,16 @@ location /
    proxy_pass http://127.0.0.1:{{http_port}}/;
  {% endif %}

+  # headers
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-Proto https;
  proxy_set_header X-Forwarded-Port 443;

+  # deactivate buffering
+  proxy_buffering off;
+  proxy_request_buffering off;
+
  # timeouts
  proxy_connect_timeout       1s;
  proxy_send_timeout          300s;
@ -19,6 +24,7 @@ location /

  # cache media files
  location ~* \.(gif|ico|jpg|jpeg|png|svg|mp4|mp3|pdf)$ {
+    proxy_buffering               on;
    proxy_cache                   cache;
    proxy_cache_key               $host$uri$is_args$args;
    proxy_cache_revalidate        on;
@ -37,6 +43,7 @@ location /

  # cache content
  location ~* \.(html|css|js)$ {
+    proxy_buffering               on;
    proxy_cache                   cache;
    proxy_cache_key               $host$uri$is_args$args;
    proxy_cache_revalidate        on;