rwx.work/help
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

_toctree

Browse source
This commit is contained in:
Marc Beninca 2018-05-11 21:34:48 +02:00
parent 94e6467e54
commit 4376dfe409
38 changed files with 50 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

7
in/public/containerization/index.rst Normal file
View file

@ -0,0 +1,7 @@
Containerization
================
.. toctree::
:maxdepth: 2
lxc/index

170
in/public/containerization/lxc/container.rst Normal file
View file

@ -0,0 +1,170 @@
*********
Container
*********
TODO
====
* look for creation through debootstrap
Create
======
.. code:: shell
lxc-create \
--name="container_name" \
--template="debian" \
-- \
--release="stretch" \
--mirror="file:/mirrors/debian/debian-stretch" \
--security-mirror="file:/mirrors/debian/debian-stretch-security" \
Configure
=========
In containers/directory/container_name :
* config
.. code:: ini
lxc.include = /usr/share/lxc/config/debian.common.conf
lxc.arch = amd64
lxc.autodev = 1
lxc.kmsg = 0
lxc.mount = /var/lib/lxc/container_name/fstab
lxc.rootfs = /var/lib/lxc/container_name/rootfs
lxc.rootfs.backend = dir
lxc.start.auto = 1
lxc.utsname = hostname
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.veth.pair = container_name
lxc.network.hwaddr = virtual_mac_address
Static addresses variant:
.. code:: ini
lxc.network.ipv4 = container_ip4/network_mask_bits
lxc.network.ipv6 = container_ip6
* fstab
.. warning::
| Do not forget to create the data directories
| otherwise the container start process will fail!
::
data/directory/container_name data none bind,create=dir
/mirrors mirrors none bind,create=dir
* rootfs/
* TODO Debian configuration
* rootfs/etc/network/interfaces.d/eth0
if the container uses DHCP:
::
auto eth0
iface eth0 inet dhcp
Start
=====
.. warning::
| Be patient, for it can take a container
| up to 1 minute to get its network stack up!
.. code:: shell
lxc-start -n "container_name"
.. code:: shell
lxc-start --name="container_name"
Run command
===========
.. code:: shell
lxc-attach -n "container_name" -- command
.. code:: shell
lxc-attach --name="container_name" -- command
Stop
====
.. code:: shell
lxc-stop -n "container_name"
.. code:: shell
lxc-stop --name="container_name"
Backup
======
system
------
.. code:: shell
cd containers/directory
tar --numeric-owner -cvaf container_name.backup_name.txz container_name
data
----
.. code:: shell
cd data/directory
tar --numeric-owner -cvaf container_name.backup_name.txz container_name
Destroy
=======
.. code:: shell
lxc-destroy -n "container_name"
.. code:: shell
lxc-destroy --name="container_name"
Restore
=======
system
------
.. code:: shell
cd containers/directory
rm --recursive container_name
tar --numeric-owner -xvf container_name.backup_name.txz
data
----
.. code:: shell
cd data/directory
rm --recursive container_name
tar --numeric-owner -xvf container_name.backup_name.txz

78
in/public/containerization/lxc/host.rst Normal file
View file

@ -0,0 +1,78 @@
****
Host
****
Check
=====
.. code:: shell
lxc-checkconfig
List
====
.. code:: shell
lxc-ls -f
.. code:: shell
lxc-ls --fancy
Network bridge
==============
Create bridge br0 onto host's network interface eth0:
* /etc/network/interfaces.d/eth0
::
auto br0
iface br0 inet static
address host_ip/network_mask_bits
gateway gateway_ip
bridge_fd 0
bridge_maxwait 0
bridge_ports eth0
bridge_stp on
Service
=======
Default configuration for new containers:
* /etc/lxc/default.conf
.. code:: ini
lxc.include = /usr/share/lxc/config/debian.common.conf
lxc.arch = amd64
lxc.autodev = 1
lxc.kmsg = 0
lxc.rootfs.backend = dir
lxc.start.auto = 1
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
Directories
===========
* 1 for the containers
* 1 for their data
.. code:: shell
mkdir --parents "containers/directory"
rmdir "/var/lib/lxc"
ln --symbolic "containers/directory" "/var/lib/lxc"
.. code:: shell
mkdir --parents "data/directory"

29
in/public/containerization/lxc/index.rst Normal file
View file

@ -0,0 +1,29 @@
###
LXC
###
.. toctree::
host
container
***
ESX
***
.. warning::
| If the host is part of an ESX virtual network architecture,
| make sure to configure its virtual switch to avoid packet drops.
* Edit Settings / Policies / Security
=================== ======
Key Value
=================== ======
Promiscuous Mode Accept
MAC Address Changes Accept
Forged Transmits Accept
=================== ======
.. todo:: same problem with VirtualBox network

64
in/public/packages/apt/configure.rst Normal file
View file

@ -0,0 +1,64 @@
*********
Configure
*********
Keys
====
.. code:: shell
apt-key add "path/to/key/file"
Configuration
=============
* etc/apt/apt.conf
::
APT::Get::Show-Versions true;
Dpkg::Progress-Fancy true;
Acquire::Check-Valid-Until false;
* etc/apt/preferences
::
Package: *
Pin: release n=stretch-backports
Pin-Priority: 400
Package: *
Pin: release n=buster
Pin-Priority: 200
Package: *
Pin: release n=sid
Pin-Priority: 100
* etc/apt/sources.list
.. todo::
deb.debian.org ↔ ftp.cc.debian.org
::
deb http://deb.debian.org/debian stretch main contrib non-free
deb http://deb.debian.org/debian stretch-backports main contrib non-free
deb http://deb.debian.org/debian stretch-updates main contrib non-free
deb http://security.debian.org stretch/updates main contrib non-free
deb http://deb.debian.org/debian buster main contrib non-free
deb http://security.debian.org buster/updates main contrib non-free
deb http://deb.debian.org/debian sid main contrib non-free
.. warning::
apt's file protocol handling fails with locations containing spaces
::
deb file:/media/deb.debian.org/debian stretch main contrib non-free

7
in/public/packages/apt/index.rst Normal file
View file

@ -0,0 +1,7 @@
APT
===
.. toctree::
configure
upgrade

27
in/public/packages/apt/upgrade.rst Normal file
View file

@ -0,0 +1,27 @@
*******
Upgrade
*******
Hold
====
Hold
----
.. code:: shell
apt-mark hold linux-*
Show
----
.. code:: shell
apt-mark showhold
Unhold
------
.. code:: shell
apt-mark unhold linux-*

7
in/public/packages/index.rst Normal file
View file

@ -0,0 +1,7 @@
Packages
========
.. toctree::
:maxdepth: 2
apt/index

9
in/public/security/index.rst Normal file
View file

@ -0,0 +1,9 @@
Security
========
.. toctree::
:maxdepth: 2
openssh-client/index
openssh-server/index
openssl/index

23
in/public/security/openssh-client/index.rst Normal file
View file

@ -0,0 +1,23 @@
##############
OpenSSH client
##############
*********
Configure
*********
* /etc/ssh/ssh_config
.. todo:: lines
**********
Create key
**********
* ~/.ssh/id_rsa*
.. code:: shell
ssh-keygen -b 4096
.. todo:: other arguments

76
in/public/security/openssh-server/index.rst Normal file
View file

@ -0,0 +1,76 @@
##############
OpenSSH server
##############
*********
Configure
*********
* /etc/ssh/moduli
Generate usable prime numbers pool.
.. warning::
These are **VERY** long operations!
.. code:: shell
ssh-keygen -b 4096 -G 4096.G
ssh-keygen -f 4096.G -T moduli
* /etc/ssh/ssh_host_*_key
types: rsa/ed25519/…?
.. code:: shell
ssh-keygen -b 4096 -f /etc/ssh/ssh_host_rsa_key
* /etc/ssh/sshd_config
::
# daemon
AllowTcpForwarding yes
ClientAliveInterval 30
Compression no
HostKey /etc/ssh/ssh_host_rsa_key
IgnoreRhosts yes
LogLevel INFO
MaxStartups 16:32:64
PermitTunnel no
Port 22
Protocol 2
Subsystem sftp internal-sftp
TCPKeepAlive yes
UseDNS no
UseLogin no
UsePAM yes
X11Forwarding no
# authentication
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
HostbasedAuthentication no
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
LoginGraceTime 60
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin without-password
PubkeyAuthentication yes
StrictModes yes
UsePrivilegeSeparation sandbox
# prompt
Banner none
DebianBanner no
PrintLastLog yes
PrintMotd no
VersionAddendum none
* authorized_keys
.. todo:: about

151
in/public/security/openssl/index.rst Normal file
View file

@ -0,0 +1,151 @@
#######
OpenSSL
#######
Generate private key
====================
.. code:: shell
openssl \
genrsa \
-out "private_key.pem" \
4096 \
Human readable:
.. code:: shell
openssl \
rsa \
-in "private_key.pem" \
-noout \
-text \
Generate a certificate request
==============================
* generate a private key
* using . for empty fields, generate the request with:
* Country Name (2 letter code)
* State or Province Name (full name)
* Locality Name (eg, city)
* Organization Name (eg, company)
* Organizational Unit Name (eg, section)
* Common Name (e.g. server FQDN or YOUR name)
* Email Address
* A challenge password
* An optional company name
.. code:: shell
echo -n "\
US
Region / County (code)
City / Place
Group / Management / Unit
Section
certificate_name
alias@domain.tld
.
.
" \
| \
openssl \
req \
-new \
-key "private_key.pem" \
-out "certificate_request.csr" \
-utf8 \
Human readable:
.. code:: shell
openssl \
req \
-in "certificate_request.csr" \
-noout \
-text \
Create a Certification Authority
================================
init
----
.. code:: shell
rm --force --recursive "demoCA"
mkdir --parents "demoCA/newcerts"
echo -n "" > "demoCA/index.txt"
echo "00" > "demoCA/serial"
request
-------
.. code:: shell
echo -n "\
US
Region / County (code)
City / Place
Decreasing / Hierarchy
Name
Name
alias@domain.tld
.
.
" \
| \
openssl \
req \
-new \
-key "name.pem" \
-out "name.csr" \
-utf8 \
signature
---------
.. code:: shell
openssl \
ca \
-selfsign \
-in "name.csr" \
-keyfile "name.pem" \
-notext \
-out "name.crt" \
-startdate 20160801000000Z \
-enddate 20180801000000Z \
-batch \
-extensions "v3_ca" \
----
quick & dirty variant
---------------------
.. code:: shell
openssl \
ca \
-selfsign \
-keyfile "private_key.pem" \
Sign request
============
.. code:: shell
openssl \
req \
-in "certificate_request.csr" \
-key "private_key.pem" \
-x509 \
-set_serial 0 \
-days 730 \
-out "certificate.crt" \

10
in/public/systems/debian/index.rst Normal file
View file

@ -0,0 +1,10 @@
######
Debian
######
.. toctree::
mirror
packages
repositories
system

57
in/public/systems/debian/mirror.rst Normal file
View file

@ -0,0 +1,57 @@
******
Mirror
******
apt-mirror
==========
.. todo:: syntax
debmirror
=========
traditional
-----------
.. code:: shell
debmirror \
--source \
--method="http" \
--host="sous.domaine.tld" \
--root="chemin/ressource" \
--dist="stretch" \
--section="main" \
--keyring="/etc/apt/trusted.gpg" \
--arch="amd64" \
--check-gpg \
--checksums \
--diff="none" \
--postcleanup \
--progress \
--rsync-extra="none" \
--timeout=360000 \
--verbose \
"répertoire_miroirs/nom" \
debian only
-----------
.. code:: shell
--di-arch="arches" \
--di-dist="stretch" \
--i18n \
--keyring="/usr/share/keyrings/debian-archive-keyring.gpg" \
violations
----------
.. code:: shell
--no-source \
--method="https" \
--root="/" \
--ignore-missing-release \
--dist="nom,chemin/ressource" \
--section="autre,1.2/main" \

201
in/public/systems/debian/packages.rst Normal file
View file

@ -0,0 +1,201 @@
********
Packages
********
Base
====
+-----------+
| locales |
| apt-utils |
| dialog |
+-----------+
System
======
+-------------------+
| linux-image-amd64 |
| systemd-sysv |
| live-boot |
+-------------------+
Drivers
=======
+------------------------+
| firmware-linux-nonfree |
| firmware-iwlwifi |
+------------------------+
Architecture
============
+----------------+
| clonezilla |
| debootstrap |
| gparted |
| squashfs-tools |
+----------------+
Desktop
=======
+------------+
| gnome |
| gnome-core |
+------------+
Commands
========
.. todo:: link
+--------------------------+
| [bash](../bash/index.md) |
| bash-completion |
+--------------------------+
Development
===========
+----------+
| kdevelop |
| nuitka |
| python3 |
+----------+
Documentation
=============
+--------------------------------+
| mkdocs |
| pandoc |
| python3-recommonmark |
| python3-sphinx |
| python3-sphinx-bootstrap-theme |
| python3-sphinx-rtd-theme |
+--------------------------------+
Hardware
========
+-----------+-------+
| dmidecode | |
| pciutils | lspci |
| usbutils | lsusb |
+-----------+-------+
Multimedia
==========
+----------------+
| audacity |
| ffmpeg |
| mkvtoolnix |
| subtitleeditor |
| vlc |
+----------------+
Domain names
============
+---------+
| bind9 |
| unbound |
+---------+
Processes
=========
+---------+
| htop |
| iotop |
| jnettop |
+---------+
Security
========
.. todo:: link
+----------------------------------------------+-----------------------------------------------+
| openssh-client | Utiliser un service de connexion sécurisée |
| [openssh-server](../openssh-server/index.md) | Héberger un service de connexion sécurisée |
| sudo | Changer de privilèges le temps d’une commande |
| tcplay | |
+----------------------------------------------+-----------------------------------------------+
Text
====
+------+
| nano |
| vim |
+------+
Versioning
==========
+--------+
| git |
| gitg |
| gource |
+--------+
Virtualization
==============
+---------------------+
| build-essential |
| dkms |
| linux-headers-amd64 |
| lxc |
| virt-manager |
+---------------------+
Web
===
+-------------+
| firefox |
| firefox-esr |
| wget |
+-------------+
To sort
=======
+--------------+
| apparmor |
| curl |
| iputils-ping |
| less |
| locate |
| man |
| ncdu |
| numlockx |
| qdirstat |
| syslog-ng |
| tree |
+--------------+
+--------------------------+
| firmware-linux-free |
| firmware-linux-nonfree |
| firmware-misc-nonfree |
| xserver-xorg-video-intel |
+--------------------------+
+---------------------+
| blender |
| deadbeef |
| filezilla |
| ghex |
| hexchat |
| libreoffice |
| mumble |
| texlive-lang-french |
| texlive-xetex |
| thunderbird |
+---------------------+

116
in/public/systems/debian/repositories.rst Normal file
View file

@ -0,0 +1,116 @@
************
Repositories
************
Locations
=========
* http://deb.debian.org/debian
* http://ftp.fr.debian.org/debian
* http://ftp.us.debian.org/debian
* http://security.debian.org
Structure
=========
* ? changelogs
* ? DEP-11
* ? doc
* ? extrafiles
* ? indices
* dists
* ?
* dists
* oldstable
* oldstable-backports
* oldstable-updates
* stable
* stable-backports
* stable-updates
Files
=====
README
------
============================= ===================================================
oldoldstable, or wheezy the released Debian 7.11
oldstable, or jessie the released Debian 8.9
stable, or stretch the released Debian 9.2
oldoldstable-proposed-updates possible updates to Debian 7
oldstable-proposed-updates possible updates to Debian 8
stable-proposed-updates possible updates to Debian 9
wheezy-updates important updates to Debian 7
jessie-updates important updates to Debian 8
stretch-updates important updates to Debian 9
testing, or buster the development version of the next release
unstable, or sid untested candidate packages for future releases
experimental, or rc-buggy experimental packages to be used on top of unstable
============================= ===================================================
Release
-------
contrib main non-free
* ?/Contents-*
* ?/Contents-source
* ?/Contents-udeb-*
* ?/binary-all
* ?/binary-*
* ?/debian-installer/binary-all
* ?/debian-installer/binary-*
* ?/dep11/Components-*
* ?/dep11/icons
* ?/i18n
* main/installer-*
* ?/contrib/source
::
Origin: Debian
Label: Debian
Suite: stable
Version: 9.2
Codename: stretch
Changelogs: http://metadata.ftp-master.debian.org/changelogs/@CHANGEPATH@_changelog
Date: Sat, 07 Oct 2017 09:44:42 UTC
Acquire-By-Hash: yes
Architectures: amd64 arm64 armel armhf i386 mips mips64el mipsel ppc64el s390x
Components: main contrib non-free
Description: Debian 9.2 Released 07 October 2017
MD5Sum:
f9bbab6d94f45e56c672017d8720a24c 1181459 contrib/Contents-amd64
SHA256:
e3bf2ecc2ce89bc48e2339b86ceaba9e1fff7d6668eafab1445e7f7990c4802e 1181459 contrib/Contents-amd64
Packages
--------
::
Package: astrometry-data-2mass-00
Source: astrometry-data-2mass
Version: 1.1
Installed-Size: 13882041
Maintainer: Debian Astronomy Team <debian-astro-maintainers@lists.alioth.debian.org>
Architecture: all
Depends: astrometry.net, curl
Enhances: astrometry.net
Description: Astrometry.net 2MASS index files downloader (2'-2.8')
Homepage: http://data.astrometry.net/4200
Description-md5: b0effd246d35f7c4108f5a91527965cd
Section: contrib/science
Priority: optional
Filename: pool/contrib/a/astrometry-data-2mass/astrometry-data-2mass-00_1.1_all.deb
Size: 3204
MD5sum: 1a51ad538ca17d1113802820856dc4d5
SHA256: 36eafa5e9dbea55ecea5b2595f0d7c0a591e0831e20ac3ac98a239605074798a

325
in/public/systems/debian/system.rst Normal file
View file

@ -0,0 +1,325 @@
******************************************
Debian GNU/Linux distribution installation
******************************************
.. todo::
* /etc/motd
Choices
=======
have up-to-date mirrors available
---------------------------------
.. todo:: mirrors
choose critical base packages
-----------------------------
paquets proposés pour pouvoir travailler correctement
+-----------+--------------------------------------------------+
| locales | générer des locales binaires pour les messages |
| apt-utils | sinon la configuration des paquets est repoussée |
| dialog | sans quoi APT remonte des messages d’alerte |
+-----------+--------------------------------------------------+
decide the desired type of system
---------------------------------
* le système sera-t-il architecturé
* en 64 bits ?
* en 32 bits ?
* les 2 ?!
* le système sera-t-il exécuté
* sur une machine physique ?
* dans une machine virtuelle ?
* dans un conteneur ?
* dans un conteneur dans une machine virtuelle ?
* le système sera-t-il utilisé
* en écriture, sur un support de stockage ?
* en lecture, chargé en mémoire au démarrage ?
Install required tools
======================
============== ===============================================
debootstrap générer un système de fichiers de base minimal
squashfs-tools compresser ou décompresser une image de système
============== ===============================================
.. code:: shell
apt-get install "debootstrap squashfs-tools"
Create a base file hierarchy
============================
prepare the system's directory
------------------------------
* devenir root
* créer un répertoire, et s’y positionner
.. code:: shell
su
.. code:: shell
mkdir -p "chemin"
cd "chemin"
generate the minimal base
-------------------------
.. code:: shell
debootstrap \
--arch="amd64" \
--include="locales,apt-utils,dialog" \
--variant="minbase" \
"stretch" \
. \
"miroir"
Configure preinstalled packages
===============================
define default keyboard layouts
-------------------------------
* /etc/default/keyboard
::
XKBMODEL="pc105"
XKBLAYOUT="fr,fr"
XKBVARIANT="oss,bepo"
XKBOPTIONS=""
BACKSPACE="guess"
define default locales to generate
----------------------------------
* etc/default/locale
::
LANG=en_US.UTF-8
LANGUAGE=en_US
LC_CTYPE="fr_FR.UTF-8"
LC_NUMERIC="fr_FR.UTF-8"
LC_TIME="fr_FR.UTF-8"
LC_COLLATE="fr_FR.UTF-8"
LC_MONETARY="fr_FR.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="fr_FR.UTF-8"
LC_NAME="fr_FR.UTF-8"
LC_ADDRESS="fr_FR.UTF-8"
LC_TELEPHONE="fr_FR.UTF-8"
LC_MEASUREMENT="fr_FR.UTF-8"
LC_IDENTIFICATION="fr_FR.UTF-8"
* etc/locale.gen
::
en_US.UTF-8 UTF-8
fr_FR.UTF-8 UTF-8
[configure command shell](../bash/index.md)
-------------------------------------------
[configure package manager](../apt/index.md)
--------------------------------------------
redefine hostname
-----------------
.. code:: shell
echo "hostname" > "etc/hostname"
provide known file systems
--------------------------
* etc/fstab
Volume temporaire en RAM
::
tmpfs /tmp tmpfs auto,mode=1777 0 0
Install additional packages
===========================
switch into context
-------------------
.. code:: shell
mount --bind /proc proc
mount --bind /sys sys
chroot .
.. todo:: /dev
generate locales
----------------
.. code:: shell
locale-gen
define root password
--------------------
.. code:: shell
passwd
user, guest, sudo
-----------------
.. code:: shell
apt-get install sudo
useradd -s /bin/bash user
mkdir /home/user
chown user: /home/user
adduser user sudo
useradd -s /bin/bash guest
chown guest: /home/guest
authentications: passwords, SSH keys
------------------------------------
.. todo:: files
upgrade system
--------------
* dans tous les cas :
.. code:: shell
apt-get update
apt-get upgrade
* si besoin, car des paquets rétroportés modifient la distribution :
.. code:: shell
apt-get dist-upgrade
apply system type elements
--------------------------
================= ==================================================
linux-image-amd64 s’il ne s’agit pas d’un conteneur
live-boot si à destination de boot live
systemd-sysv sans quoi le système ne démarrera pas complètement
================= ==================================================
.. code:: shell
apt-get install -t stretch-backports "linux-image-amd64"
apt-get install "live-boot"
----
initialization settings
-----------------------
.. code:: shell
apt-get install -t stretch-backports "systemd-sysv"
* etc/sysctl.conf
Espace mémoire maximum allouable (à augmenter si hébergement de conteneurs)
Pourcentage de RAM disponible avant utilisation de la partition d’échange
.. code:: ini
vm.max_map_count=1048576
vm.swappiness=0
keeping things light
--------------------
.. code:: shell
apt-get install --no-install-recommends …
install useful packages
-----------------------
.. code:: shell
apt-get install \
bash-completion \
lxc \
less nano vim \
pciutils usbutils \
python3 \
squashfs-tools \
.. code:: shell
apt-get install -t "stretch-backports" \
debootstrap \
install other packages
----------------------
[Choix de paquets commentés](packages.md)
.. code:: shell
apt-get install "package1" …
apt-get install -t stretch-backports "package1" …
properly switch back from context
---------------------------------
* vider le cache d’APT
.. code:: shell
apt-get clean
* s’extraire de l’environnement
.. code:: shell
exit
* démonter les liens au système hôte
.. code:: shell
umount sys
umount proc
clean up commands history
-------------------------
* root/.bash_history
Configure installed packages
============================
.. todo:: files
Archive prepared file system
============================
.. code:: shell
mksquashfs . "../name.squashfs" -comp "xz"

7
in/public/systems/index.rst Normal file
View file

@ -0,0 +1,7 @@
Systems
=======
.. toctree::
:maxdepth: 2
debian/index

3
in/public/web/apache/index.rst Normal file
View file

@ -0,0 +1,3 @@
######
Apache
######

3
in/public/web/glassfish/certify.rst Normal file
View file

@ -0,0 +1,3 @@
*******************
Certify application
*******************

3
in/public/web/glassfish/configure.rst Normal file
View file

@ -0,0 +1,3 @@
*****************
Configure service
*****************

3
in/public/web/glassfish/deploy.rst Normal file
View file

@ -0,0 +1,3 @@
******************
Deploy application
******************

9
in/public/web/glassfish/index.rst Normal file
View file

@ -0,0 +1,9 @@
#########
GlassFish
#########
.. toctree::
configure
deploy
certify

12
in/public/web/index.rst Normal file
View file

@ -0,0 +1,12 @@
Web
===
.. toctree::
:maxdepth: 2
nginx/index
apache/index
nodejs/index
tomcat/index
glassfish/index

77
in/public/web/nginx/configure.rst Normal file
View file

@ -0,0 +1,77 @@
*********
Configure
*********
* /etc/nginx/nginx.conf
.. code::
pid /run/nginx.pid;
user user;
worker_processes auto;
events {
multi_accept off;
worker_connections 512;
}
http {
# General
keepalive_timeout 60;
sendfile on;
server_tokens off;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
# Names
server_name_in_redirect off;
server_names_hash_bucket_size 128;
# File types
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Security
ssl_buffer_size 8k;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-ECDSA-AES256-SHA,DHE-DSS-AES256-GCM-SHA384,DHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-SHA256,DHE-DSS-AES256-SHA256,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA";
ssl_dhparam /etc/nginx/dhparam;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_session_cache shared:ssl_session_cache:16m;
ssl_session_timeout 15m;
# Log
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Compression
gzip on;
gzip_buffers 32 8k;
gzip_comp_level 5;
gzip_http_version 1.1;
gzip_proxied any;
gzip_types *;
gzip_vary off;
# Misc
add_header Strict-Transport-Security max-age=31557600;
client_max_body_size 16m;
index index.html;
proxy_pass_request_body on;
proxy_pass_request_headers on;
proxy_redirect off;
# Includes
include /etc/nginx/sites-enabled/*;
}

8
in/public/web/nginx/index.rst Normal file
View file

@ -0,0 +1,8 @@
#####
NginX
#####
.. toctree::
configure
serve

37
in/public/web/nginx/serve.rst Normal file
View file

@ -0,0 +1,37 @@
*****
Serve
*****
* /etc/nginx/sites-available/…
.. code::
server {
listen 80;
server_name _;
location "/mirrors" {
root "/";
autoindex on;
}
location "/" {
root "/data/http";
autoindex on;
}
}
server {
listen 443 ssl http2;
server_name "sous.domaine.tld";
ssl_certificate "/etc/nginx/certificates/nom.crt";
ssl_certificate_key "/etc/nginx/certificates/nom.key";
location "/static" {
root "/data/https";
default_type "text/html";
index "index.html";
}
location "/" {
proxy_pass "http://127.0.0.1:8069";
proxy_redirect off;
proxy_set_header Host $host;
}
}

3
in/public/web/nodejs/index.rst Normal file
View file

@ -0,0 +1,3 @@
######
NodeJS
######

3
in/public/web/tomcat/certify.rst Normal file
View file

@ -0,0 +1,3 @@
*******************
Certify application
*******************

3
in/public/web/tomcat/configure.rst Normal file
View file

@ -0,0 +1,3 @@
*****************
Configure service
*****************

3
in/public/web/tomcat/deploy.rst Normal file
View file

@ -0,0 +1,3 @@
******************
Deploy application
******************

9
in/public/web/tomcat/index.rst Normal file
View file

@ -0,0 +1,9 @@
######
TomCat
######
.. toctree::
configure
deploy
certify