mirror of
https://github.com/IntenseWebs/servercode.git
synced 2024-11-21 16:27:22 -06:00
Add nginx, python3-django-uwsgi, update disks, freeipa and misc
This commit is contained in:
IntenseWebs
parent
faac5e83f7
commit
d4d7f68601
@ -17,7 +17,6 @@ domain intensewebs.com
|
|||||||
search intensewebs.com
|
search intensewebs.com
|
||||||
nameserver 192.168.1.140
|
nameserver 192.168.1.140
|
||||||
nameserver 192.168.1.141
|
nameserver 192.168.1.141
|
||||||
nameserver 192.168.1.124
|
|
||||||
|
|
||||||
sudo vi /etc/hosts
|
sudo vi /etc/hosts
|
||||||
# ADD/CHANGE
|
# ADD/CHANGE
|
||||||
@ -27,7 +26,8 @@ sudo vi /etc/hostname
|
|||||||
# ADD/CHANGE
|
# ADD/CHANGE
|
||||||
ctp1.intensewebs.com
|
ctp1.intensewebs.com
|
||||||
|
|
||||||
sudo systemctl restart networking
|
reboot
|
||||||
|
# sudo systemctl restart networking
|
||||||
# Frozen SSH afterwards do this:
|
# Frozen SSH afterwards do this:
|
||||||
<enter>
|
<enter>
|
||||||
~
|
~
|
||||||
|
|||||||
31
disks.txt
31
disks.txt
@ -14,10 +14,22 @@ pvs
|
|||||||
vgs
|
vgs
|
||||||
lvs
|
lvs
|
||||||
|
|
||||||
RESIZE
|
# RESIZE LVM AS ROOT: https://www.golinuxcloud.com/lvm-shrink-logical-volume/
|
||||||
# unmount /home because an ext4 filesystem cannot be reduced while mounted
|
df -hT /home
|
||||||
|
lsblk -f
|
||||||
|
umount /home
|
||||||
|
fsck -f /dev/mapper/pg--vg-home
|
||||||
|
resize2fs /dev/mapper/pg--vg-home 5G
|
||||||
|
lvreduce -r -L 5G /dev/mapper/pg--vg-home
|
||||||
|
mount /dev/mapper/pg--vg-home /home
|
||||||
|
|
||||||
|
# Extend the logical volume zeus-vg/var by 4G
|
||||||
|
lvextend -L+4G /dev/mapper/zeus--vg-var
|
||||||
|
# resize the ext4 filesystem in logical volume zeus-vg/var to the new volume size
|
||||||
|
resize2fs /dev/mapper/zeus--vg-var
|
||||||
|
|
||||||
|
#RESIZE ext4 - # unmount /home because an ext4 filesystem cannot be reduced while mounted
|
||||||
umount /home
|
umount /home
|
||||||
# resize the ext4 filesystem in logical volume zeus-vg/home to 50G
|
|
||||||
fsck -f /dev/mapper/zeus--vg-home
|
fsck -f /dev/mapper/zeus--vg-home
|
||||||
resize2fs /dev/mapper/zeus--vg-home 50G
|
resize2fs /dev/mapper/zeus--vg-home 50G
|
||||||
# reduce the logical volume zeus-vg/home to 50G
|
# reduce the logical volume zeus-vg/home to 50G
|
||||||
@ -25,19 +37,6 @@ lvreduce -L50G /dev/mapper/zeus--vg-home
|
|||||||
# remount /home
|
# remount /home
|
||||||
mount /home
|
mount /home
|
||||||
|
|
||||||
# Extend the logical volume zeus-vg/var by 20G
|
|
||||||
lvextend -L+20G /dev/mapper/zeus--vg-var
|
|
||||||
# resize the ext4 filesystem in logical volume zeus-vg/var to the new volume size
|
|
||||||
resize2fs /dev/mapper/zeus--vg-var
|
|
||||||
|
|
||||||
# RESIZE AS ROOT: https://www.golinuxcloud.com/lvm-shrink-logical-volume/
|
|
||||||
df -hT /home
|
|
||||||
umount /home
|
|
||||||
fsck -f /dev/mapper/sd--vg-home
|
|
||||||
resize2fs /dev/mapper/sd--vg-home 100G
|
|
||||||
lvreduce -r -L 100G /dev/mapper/sd--vg-home
|
|
||||||
mount /dev/mapper/sd--vg-home /home
|
|
||||||
|
|
||||||
# MOUNT OTHER DRIVES
|
# MOUNT OTHER DRIVES
|
||||||
cd/media
|
cd/media
|
||||||
mkdir 2TBSEAGATE
|
mkdir 2TBSEAGATE
|
||||||
|
|||||||
58
freeipa.txt
58
freeipa.txt
@ -1,81 +1,39 @@
|
|||||||
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/index / https://youtu.be/xzfHRJNjqDI / https://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/linux-manual#host-setup-proc
|
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/index / https://youtu.be/xzfHRJNjqDI / https://www.freeipa.org/page/Howto/ISC_DHCPd_and_Dynamic_DNS_update # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/linux-manual#host-setup-proc
|
||||||
# FreeIPA requires over 2Gb+ in /usr - Change to root, Check DNS
|
# FreeIPA requires over 2Gb+ in /usr - Change to root, Check DNS
|
||||||
# REPLICA - Server A can be installed with a CA and DNS services, while Replica A can be based on Server A's configuration but not host either DNS or CA services. Replica B can be added to the domain, also without CA or DNS services. At any time in the future, a CA or DNS service can be created and configured on Replica A or Replica B.
|
# REPLICA - Server A can be installed with a CA and DNS services, while Replica A can be based on Server A's configuration but not host either DNS or CA services. Replica B can be added to the domain, also without CA or DNS services. At any time in the future, a CA or DNS service can be created and configured on Replica A or Replica B.
|
||||||
|
|
||||||
# FEDORA FREEIPA SERVER FIREWALL
|
|
||||||
systemd-resolve --status enp1s0
|
|
||||||
firewall-cmd --get-active-zones
|
|
||||||
firewall-cmd --list-all
|
|
||||||
firewall-cmd --add-service=freeipa-ldap --add-service=freeipa-ldaps --add-service=dns --permanent
|
|
||||||
firewall-cmd --add-port 80/tcp --permanent
|
|
||||||
firewall-cmd --add-port 443/tcp --permanent
|
|
||||||
firewall-cmd --add-port 389/tcp --permanent
|
|
||||||
firewall-cmd --add-port 636/tcp --permanent
|
|
||||||
firewall-cmd --add-port 88/tcp --permanent
|
|
||||||
firewall-cmd --add-port 464/tcp --permanent
|
|
||||||
firewall-cmd --add-port 7389/tcp --permanent
|
|
||||||
firewall-cmd --add-port 88/udp --permanent
|
|
||||||
firewall-cmd --add-port 464/udp --permanent
|
|
||||||
firewall-cmd --add-port 53/udp --permanent
|
|
||||||
firewall-cmd --add-port 123/udp --permanent
|
|
||||||
firewall-cmd --reload
|
|
||||||
firewall-cmd --list-all
|
|
||||||
|
|
||||||
# DEBIAN FREEIPA SERVER FIREWALL as root
|
|
||||||
apt install ufw
|
|
||||||
systemctl enable ufw
|
|
||||||
ufw enable
|
|
||||||
sudo ufw status verbose
|
|
||||||
sudo ufw status numbered
|
|
||||||
sudo ufw --force disable \
|
|
||||||
&& sudo ufw --force reset \
|
|
||||||
&& sudo ufw default deny incoming \
|
|
||||||
&& sudo ufw default allow outgoing \
|
|
||||||
&& sudo ufw allow from 192.168.1.0/24 to any port 22 \
|
|
||||||
&& sudo ufw allow 53/tcp \
|
|
||||||
&& sudo ufw allow 80/tcp \
|
|
||||||
&& sudo ufw allow 389/tcp \
|
|
||||||
&& sudo ufw allow 443/tcp \
|
|
||||||
&& sudo ufw allow 636/tcp \
|
|
||||||
&& sudo ufw allow 88/tcp \
|
|
||||||
&& sudo ufw allow 464/tcp \
|
|
||||||
&& sudo ufw allow 7389/tcp \
|
|
||||||
&& sudo ufw allow 53/udp \
|
|
||||||
&& sudo ufw allow 88/udp \
|
|
||||||
&& sudo ufw allow 464/udp \
|
|
||||||
&& sudo ufw allow 123/udp \
|
|
||||||
&& sudo ufw --force enable \
|
|
||||||
&& sudo ufw reload
|
|
||||||
reboot
|
|
||||||
__________________________________________________________
|
__________________________________________________________
|
||||||
# SERVER INSTALL: TEST SERVER AT: https://SERVER.SUBDOMAIN.DOMAIN.COM/ipa/ui
|
|
||||||
|
# SERVER INSTALL: # ipactl status stop start restart TEST SERVER AT: https://SERVER.SUBDOMAIN.DOMAIN.COM/ipa/ui
|
||||||
dnf install freeipa-server freeipa-server-dns nfs-utils
|
dnf install freeipa-server freeipa-server-dns nfs-utils
|
||||||
fips-mode-setup --enable
|
fips-mode-setup --enable
|
||||||
reboot
|
reboot
|
||||||
|
|
||||||
fips-mode-setup --check
|
fips-mode-setup --check
|
||||||
update-crypto-policies --show
|
update-crypto-policies --show
|
||||||
|
|
||||||
ipa-server-install --mkhomedir
|
ipa-server-install --mkhomedir
|
||||||
reboot
|
reboot
|
||||||
|
|
||||||
# ipactl status stop start restart
|
|
||||||
kinit admin
|
kinit admin
|
||||||
klist
|
klist
|
||||||
__________________________________________________________
|
__________________________________________________________
|
||||||
# CLIENT MACHINE
|
# CLIENT MACHINE
|
||||||
# FEDORA # sudo dnf install freeipa-client ipa-admintools
|
# FEDORA # sudo dnf install freeipa-client ipa-admintools
|
||||||
|
# ipa host-add-managedby --hosts=server.example.com ipaclient.example.com
|
||||||
|
# ipa-getkeytab -s server.example.com -p host/ipaclient.example.com -k /tmp/ipaclient.keytab
|
||||||
apt install freeipa-client
|
apt install freeipa-client
|
||||||
ipa-client-install --mkhomedir --all-ip-addresses --enable-dns-updates --request-cert --domain iweb.corp --server ipa1.iweb.corp --realm IWEB.CORP --fixed-primary ipa1.iweb.corp
|
ipa-client-install --enable-dns-updates --mkhomedir --ip-address
|
||||||
|
|
||||||
|
ipa-client-install --uninstall
|
||||||
__________________________________________________________
|
__________________________________________________________
|
||||||
# USER CREATE: Add User in FreeIPA Web GUI or below. Go to new machine to test. Require ipa-admintools
|
# USER CREATE: Add User in FreeIPA Web GUI or below. Go to new machine to test. Require ipa-admintools
|
||||||
|
# ipa host-add --force --ip-address=192.168.166.31 ipaclient.example.com
|
||||||
kinit admin
|
kinit admin
|
||||||
klist
|
klist
|
||||||
ipa user-add bsmith
|
ipa user-add bsmith
|
||||||
ipa user-mod bsmith --title="Accounting II"
|
ipa user-mod bsmith --title="Accounting II"
|
||||||
ipa user-add bsmith --first=Bob --last=Smith --email=bsmit@intensewebs.com
|
ipa user-add bsmith --first=Bob --last=Smith --email=bsmit@intensewebs.com
|
||||||
ipa user-find bsmith
|
ipa user-find bsmith
|
||||||
|
|
||||||
ipa config-mod --defaultshell=/bin/bash
|
ipa config-mod --defaultshell=/bin/bash
|
||||||
kinit bsmith
|
kinit bsmith
|
||||||
klist
|
klist
|
||||||
|
|||||||
7
misc.txt
7
misc.txt
@ -22,6 +22,7 @@ sudo apt autoclean && sudo apt autoremove
|
|||||||
sudo apt install gvfs-backends
|
sudo apt install gvfs-backends
|
||||||
sudo apt reinstall gvfs-backends
|
sudo apt reinstall gvfs-backends
|
||||||
|
|
||||||
|
systemctl list-unit-files | grep masked
|
||||||
sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
|
sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
|
||||||
|
|
||||||
tar zcvf email-backup.tar.gz /home/privacy/.thunderbird/
|
tar zcvf email-backup.tar.gz /home/privacy/.thunderbird/
|
||||||
@ -54,6 +55,12 @@ pacmd list-cards
|
|||||||
sudo pacmd list-cards
|
sudo pacmd list-cards
|
||||||
sudo apt-get install alsa-tools-gui
|
sudo apt-get install alsa-tools-gui
|
||||||
---------------------------------------------
|
---------------------------------------------
|
||||||
|
# sudo systemctl restart networking
|
||||||
|
# Frozen SSH afterwards do this:
|
||||||
|
<enter>
|
||||||
|
~
|
||||||
|
.
|
||||||
|
---------------------------------------------
|
||||||
sudo dnf install akmod-nvidia
|
sudo dnf install akmod-nvidia
|
||||||
sudo dnf install xorg-x11-drv-nvidia-cuda
|
sudo dnf install xorg-x11-drv-nvidia-cuda
|
||||||
---------------------------------------------
|
---------------------------------------------
|
||||||
|
|||||||
50
nginx.txt
Normal file
50
nginx.txt
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
firewall-cmd --permanent --add-port=80/tcp
|
||||||
|
firewall-cmd --permanent --add-port=443/tcp
|
||||||
|
firewall-cmd --reload
|
||||||
|
sudo firewall-cmd --state
|
||||||
|
firewall-cmd --list-services
|
||||||
|
firewall-cmd --list-all
|
||||||
|
curl localhost:3000
|
||||||
|
|
||||||
|
cd /etc/nginx
|
||||||
|
vi /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
user nginx;
|
||||||
|
worker_processes auto;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log notice;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
}
|
||||||
|
|
||||||
|
cd /etc/nginx/conf.d
|
||||||
|
vi /etc/nginx/conf.d/pg.iweb.city.conf
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 3001;
|
||||||
|
server_name pg.iweb.city;
|
||||||
|
root /var/www/pg.iweb.city/html;
|
||||||
|
}
|
||||||
22
python3-venv-django-uwsgi
Normal file
22
python3-venv-django-uwsgi
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
# https://tonyteaches.tech/django-nginx-uwsgi-tutorial/
|
||||||
|
which python3
|
||||||
|
# sudo apt install python3 python3-pip
|
||||||
|
|
||||||
|
# INSTALL PYTHON VIRTUAL ENVVIRONMENT
|
||||||
|
sudo apt-get install python3-venv
|
||||||
|
mkdir ~/env
|
||||||
|
python3 -m venv ~/env/mypyenv
|
||||||
|
ls env/mypyenv/bin
|
||||||
|
source ~/env/mypyenv/bin/activate
|
||||||
|
which python
|
||||||
|
pip install Django
|
||||||
|
django-admin startproject py1
|
||||||
|
cd py1
|
||||||
|
# TEST DJANGO PYTHON INCLUDED WEBSERVER ONLY
|
||||||
|
# python manage.py runserver 0.0.0.0:8000
|
||||||
|
|
||||||
|
sudo apt-get install python3-dev
|
||||||
|
# sudo apt-get install gcc
|
||||||
|
pip install uwsgi
|
||||||
|
# uwsgi --http :8000 --wsgi-file test.py
|
||||||
|
uwsgi --http :8000 --module py1.wsgi
|
||||||
Loading…
Reference in New Issue
Block a user