From 34ee4cf5045ee631356243ea18aa21fd565280c7 Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Sat, 29 Jan 2022 16:39:02 +0100 Subject: [PATCH 1/7] Activated fetchmail --- roles/docker-mailu/templates/docker-compose.yml.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/docker-mailu/templates/docker-compose.yml.j2 b/roles/docker-mailu/templates/docker-compose.yml.j2 index 5188625e..ec73f383 100644 --- a/roles/docker-mailu/templates/docker-compose.yml.j2 +++ b/roles/docker-mailu/templates/docker-compose.yml.j2 @@ -108,10 +108,10 @@ services: # Deactivated, because service leads to slowing down of webservices. # Checkout the readme.md for more information - # fetchmail: - # image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8} - # restart: always - # env_file: mailu.env + fetchmail: + image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8} + restart: always + env_file: mailu.env # Webmail webmail: From 8e5d2a0529c1ec8348c130dfc4f65d795e29319a Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Sat, 29 Jan 2022 16:39:23 +0100 Subject: [PATCH 2/7] removed buffering --- roles/docker-nextcloud/README.md | 9 +++++++-- roles/docker-nextcloud/templates/nginx.conf.j2 | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/docker-nextcloud/README.md b/roles/docker-nextcloud/README.md index 0fec0490..59e134b3 100644 --- a/roles/docker-nextcloud/README.md +++ b/roles/docker-nextcloud/README.md @@ -81,12 +81,17 @@ Until NC24 MariaDB version has to be used. ## performance ### 504 Gateway Timeout -- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se -- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070 + +```bash + docker logs nextcloud_web_1 --tail 1000 | grep 504 +``` #### See +- https://support.f5.com/csp/article/K48373902 - https://github.com/nextcloud/server/issues/25436 - https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/23?page=2 +- https://serverfault.com/questions/178671/nginx-php-fpm-504-gateway-time-out-error-with-almost-zero-load-on-a-test-se +- https://help.nextcloud.com/t/solved-manual-lemp-install-php-fpm-timing-out/39070 ## further information - https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml diff --git a/roles/docker-nextcloud/templates/nginx.conf.j2 b/roles/docker-nextcloud/templates/nginx.conf.j2 index ef2525a9..9fbea656 100644 --- a/roles/docker-nextcloud/templates/nginx.conf.j2 +++ b/roles/docker-nextcloud/templates/nginx.conf.j2 @@ -25,6 +25,7 @@ http { keepalive_timeout 65; fastcgi_send_timeout 600s; fastcgi_read_timeout 600s; + proxy_buffering off; #gzip on; From 84345be7e2c5df484c672539dafe04bece124a91 Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Sat, 29 Jan 2022 19:07:44 +0100 Subject: [PATCH 3/7] Deactivated buffering to reduce reverse proxy as bottle neck --- roles/native-docker-reverse-proxy/readme.md | 4 ++++ .../templates/proxy_pass.conf.j2 | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/roles/native-docker-reverse-proxy/readme.md b/roles/native-docker-reverse-proxy/readme.md index 38356c94..2c941e8f 100644 --- a/roles/native-docker-reverse-proxy/readme.md +++ b/roles/native-docker-reverse-proxy/readme.md @@ -11,3 +11,7 @@ curl -I {{address}} ## performance - https://stackoverflow.com/questions/33703230/caching-images-on-all-folder-levels-of-nginx-reverse-proxy - https://www.tweaked.io/guide/nginx-proxying/ +- https://serverfault.com/questions/796735/nginx-reverse-proxy-is-slow/796740 +- https://serverfault.com/questions/741610/what-is-the-difference-between-proxy-request-buffering-and-proxy-buffering-on-ng +- https://askubuntu.com/questions/1103626/should-i-enable-client-max-body-size-proxy-request-buffering-and-proxy-bufferin +- https://serverfault.com/questions/692577/whats-the-difference-between-proxy-buffer-and-proxy-cache-module-in-nginx-confi diff --git a/roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2 b/roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2 index dc361ea3..4e42384c 100644 --- a/roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2 +++ b/roles/native-docker-reverse-proxy/templates/proxy_pass.conf.j2 @@ -6,11 +6,16 @@ location / proxy_pass http://127.0.0.1:{{http_port}}/; {% endif %} + # headers proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443; + # deactivate buffering + proxy_buffering off; + proxy_request_buffering off; + # timeouts proxy_connect_timeout 1s; proxy_send_timeout 300s; @@ -19,6 +24,7 @@ location / # cache media files location ~* \.(gif|ico|jpg|jpeg|png|svg|mp4|mp3|pdf)$ { + proxy_buffering on; proxy_cache cache; proxy_cache_key $host$uri$is_args$args; proxy_cache_revalidate on; @@ -37,6 +43,7 @@ location / # cache content location ~* \.(html|css|js)$ { + proxy_buffering on; proxy_cache cache; proxy_cache_key $host$uri$is_args$args; proxy_cache_revalidate on; From 003f46c5dfef63a598f4b201f9121be9c8fa27d1 Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Sat, 29 Jan 2022 19:21:46 +0100 Subject: [PATCH 4/7] Implemented logging with journald --- .../templates/docker-compose.yml.j2 | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/roles/docker-mailu/templates/docker-compose.yml.j2 b/roles/docker-mailu/templates/docker-compose.yml.j2 index ec73f383..ffce11b6 100644 --- a/roles/docker-mailu/templates/docker-compose.yml.j2 +++ b/roles/docker-mailu/templates/docker-compose.yml.j2 @@ -14,6 +14,8 @@ services: interval: 1s timeout: 3s retries: 30 + logging: + driver: journald database: image: mariadb restart: always @@ -29,13 +31,16 @@ services: interval: 3s timeout: 1s retries: 5 + logging: + driver: journald + # Core services front: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.8} restart: always env_file: mailu.env logging: - driver: json-file + driver: journald ports: - "127.0.0.1:{{ http_port }}:80" - "{{ ip4_address }}:25:25" @@ -60,6 +65,8 @@ services: - "dkim:/dkim" depends_on: - front + logging: + driver: journald imap: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.8} restart: always @@ -69,6 +76,8 @@ services: - "/etc/mailu/overrides:/overrides" depends_on: - front + logging: + driver: journald smtp: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.8} @@ -79,6 +88,8 @@ services: - "smtp_queue:/queue" depends_on: - front + logging: + driver: journald antispam: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.8} @@ -90,6 +101,8 @@ services: - "/etc/mailu/overrides/rspamd:/etc/rspamd/override.d" depends_on: - front + logging: + driver: journald # Optional services antivirus: @@ -98,6 +111,8 @@ services: env_file: mailu.env volumes: - "filter:/data" + logging: + driver: journald webdav: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-1.8} @@ -105,6 +120,8 @@ services: env_file: mailu.env volumes: - "webdav_data:/data" + logging: + driver: journald # Deactivated, because service leads to slowing down of webservices. # Checkout the readme.md for more information @@ -112,6 +129,8 @@ services: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8} restart: always env_file: mailu.env + logging: + driver: journald # Webmail webmail: @@ -122,6 +141,8 @@ services: - "webmail_data:/data" depends_on: - imap + logging: + driver: journald volumes: database: smtp_queue: From 3b30832e60875abf52aeeafff3c8e5de970bc97d Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Sat, 29 Jan 2022 20:32:06 +0100 Subject: [PATCH 5/7] Deactivated fetchmal again, because it still slows down all other docker containers --- roles/docker-mailu/templates/docker-compose.yml.j2 | 12 ++++++------ roles/native-docker-reverse-proxy/readme.md | 2 ++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/roles/docker-mailu/templates/docker-compose.yml.j2 b/roles/docker-mailu/templates/docker-compose.yml.j2 index ffce11b6..e4d63875 100644 --- a/roles/docker-mailu/templates/docker-compose.yml.j2 +++ b/roles/docker-mailu/templates/docker-compose.yml.j2 @@ -125,12 +125,12 @@ services: # Deactivated, because service leads to slowing down of webservices. # Checkout the readme.md for more information - fetchmail: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8} - restart: always - env_file: mailu.env - logging: - driver: journald + #fetchmail: + # image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-1.8} + # restart: always + # env_file: mailu.env + # logging: + # driver: journald # Webmail webmail: diff --git a/roles/native-docker-reverse-proxy/readme.md b/roles/native-docker-reverse-proxy/readme.md index 2c941e8f..e9df5f0b 100644 --- a/roles/native-docker-reverse-proxy/readme.md +++ b/roles/native-docker-reverse-proxy/readme.md @@ -15,3 +15,5 @@ curl -I {{address}} - https://serverfault.com/questions/741610/what-is-the-difference-between-proxy-request-buffering-and-proxy-buffering-on-ng - https://askubuntu.com/questions/1103626/should-i-enable-client-max-body-size-proxy-request-buffering-and-proxy-bufferin - https://serverfault.com/questions/692577/whats-the-difference-between-proxy-buffer-and-proxy-cache-module-in-nginx-confi +- https://github.com/sissbruecker/linkding/issues/88 +- https://www.bogotobogo.com/DevOps/Docker/Docker-Compose-Nginx-Reverse-Proxy-Multiple-Containers.php From 5caeb99c1d75acabe423a96d2e1660366ddaea5d Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Sun, 30 Jan 2022 13:22:47 +0100 Subject: [PATCH 6/7] created health check for btrfs --- playbook.yml | 5 +++++ roles/native-btrfs-health-check/README.md | 8 +++++++ .../files/btrfs-health-check.service | 8 +++++++ .../files/btrfs-health-check.sh | 6 +++++ .../files/btrfs-health-check.timer | 8 +++++++ .../handlers/main.yml | 12 ++++++++++ roles/native-btrfs-health-check/meta/main.yml | 2 ++ .../native-btrfs-health-check/tasks/main.yml | 22 +++++++++++++++++++ 8 files changed, 71 insertions(+) create mode 100644 roles/native-btrfs-health-check/README.md create mode 100644 roles/native-btrfs-health-check/files/btrfs-health-check.service create mode 100644 roles/native-btrfs-health-check/files/btrfs-health-check.sh create mode 100644 roles/native-btrfs-health-check/files/btrfs-health-check.timer create mode 100644 roles/native-btrfs-health-check/handlers/main.yml create mode 100644 roles/native-btrfs-health-check/meta/main.yml create mode 100644 roles/native-btrfs-health-check/tasks/main.yml diff --git a/playbook.yml b/playbook.yml index 42b4356b..90f0e378 100644 --- a/playbook.yml +++ b/playbook.yml @@ -7,6 +7,11 @@ - system-update - native-journalctl #- native-hostname +- name: setup btrfs health check + hosts: btrfs_health_check_hosts + become: true + roles: + - native-btrfs-health-check - name: setup standard wireguard hosts hosts: wireguard_hosts become: true diff --git a/roles/native-btrfs-health-check/README.md b/roles/native-btrfs-health-check/README.md new file mode 100644 index 00000000..1f888ba0 --- /dev/null +++ b/roles/native-btrfs-health-check/README.md @@ -0,0 +1,8 @@ +# btrfs-health-check + +Sends a health report + +## see +- https://superuser.com/questions/789303/how-to-monitor-btrfs-filesystem-raid-for-errors +- https://unix.stackexchange.com/questions/193619/list-all-btrfs-filesystems-and-subvolumes-in-shell +- https://www.freedesktop.org/software/systemd/man/systemd.unit.html diff --git a/roles/native-btrfs-health-check/files/btrfs-health-check.service b/roles/native-btrfs-health-check/files/btrfs-health-check.service new file mode 100644 index 00000000..23b65736 --- /dev/null +++ b/roles/native-btrfs-health-check/files/btrfs-health-check.service @@ -0,0 +1,8 @@ +[Unit] +Description=Check btrfs status +OnFailure=systemd-email@%n.service +OnSuccess=systemd-email@%n.service + +[Service] +Type=oneshot +ExecStart=/bin/bash /home/administrator/scripts/btrfs-health-check/btrfs-health-check.sh diff --git a/roles/native-btrfs-health-check/files/btrfs-health-check.sh b/roles/native-btrfs-health-check/files/btrfs-health-check.sh new file mode 100644 index 00000000..5a8b7a00 --- /dev/null +++ b/roles/native-btrfs-health-check/files/btrfs-health-check.sh @@ -0,0 +1,6 @@ +#!/bin/bash +# Checks the healt of all btrfs volumes +for path in $(btrfs filesystem show | awk '/ path /{print $NF}') +do + btrfs device stats $path +done diff --git a/roles/native-btrfs-health-check/files/btrfs-health-check.timer b/roles/native-btrfs-health-check/files/btrfs-health-check.timer new file mode 100644 index 00000000..9f116f74 --- /dev/null +++ b/roles/native-btrfs-health-check/files/btrfs-health-check.timer @@ -0,0 +1,8 @@ +[Unit] +Description=starts btrfs-health-check.service + +[Timer] +OnCalendar=12:00 + +[Install] +WantedBy=timers.target diff --git a/roles/native-btrfs-health-check/handlers/main.yml b/roles/native-btrfs-health-check/handlers/main.yml new file mode 100644 index 00000000..a6104905 --- /dev/null +++ b/roles/native-btrfs-health-check/handlers/main.yml @@ -0,0 +1,12 @@ +- name: "restart btrfs-health-check.service" + systemd: + name: btrfs-health-check.service + state: restarted + enabled: yes + daemon_reload: yes +- name: "restart btrfs-health-check.timer" + systemd: + name: btrfs-health-check.timer + state: restarted + enabled: yes + daemon_reload: yes diff --git a/roles/native-btrfs-health-check/meta/main.yml b/roles/native-btrfs-health-check/meta/main.yml new file mode 100644 index 00000000..9d9d34e2 --- /dev/null +++ b/roles/native-btrfs-health-check/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - native-systemd-email diff --git a/roles/native-btrfs-health-check/tasks/main.yml b/roles/native-btrfs-health-check/tasks/main.yml new file mode 100644 index 00000000..0e88f5ad --- /dev/null +++ b/roles/native-btrfs-health-check/tasks/main.yml @@ -0,0 +1,22 @@ +- name: "create /home/administrator/scripts/btrfs-health-check/" + file: + path: "/home/administrator/scripts/btrfs-health-check" + state: directory + mode: 0755 + +- name: create btrfs-health-check.sh + copy: + src: btrfs-health-check.sh + dest: "/home/administrator/scripts/btrfs-health-check/btrfs-health-check.sh" + +- name: create btrfs-health-check.service + copy: + src: btrfs-health-check.service + dest: "/etc/systemd/system/btrfs-health-check.service" + notify: restart btrfs-health-check.service + +- name: create btrfs-health-check.timer + copy: + src: btrfs-health-check.timer + dest: "/etc/systemd/system/btrfs-health-check.timer" + notify: restart btrfs-health-check.timer From 5869e0782dff3444113cb96c5a52e24dd9a3b229 Mon Sep 17 00:00:00 2001 From: "Kevin Veen-Birkenbach [aka. Frantz]" Date: Sun, 30 Jan 2022 16:13:35 +0100 Subject: [PATCH 7/7] Updated readme --- roles/docker-nextcloud/README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/roles/docker-nextcloud/README.md b/roles/docker-nextcloud/README.md index 59e134b3..c382c083 100644 --- a/roles/docker-nextcloud/README.md +++ b/roles/docker-nextcloud/README.md @@ -67,6 +67,15 @@ To use occ run: ```bash docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ ``` +### app relevant tables +- oc_appconfig +- oc_migrations + +### initialize duplicates + +```bash + sudo docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ duplicates:find-all --output +``` ### unlock files ```bash