archive

75a6895d · Recolic K · 5df8a5d0 · 75a6895d · 75a6895d · 75a6895d
Commit 75a6895d authored 3 years ago by Recolic K
--- a/README.md
+++ b/README.md
@@ -20,16 +20,24 @@ do not use docker attach.
 docker exec -ti rweb /bin/bash
 ```

-**acme.sh and nginx**: Add nginx-reload to crontab to refresh certificate. 
+Every server saves `acme.sh`, `nginx.conf`, `crontab.log`, `cert.sh`, `startup.sh` into `/srv/conf`. Every server has an nginx, which redirects 
+all HTTPS traffic to `http://localhost:xxxx`. 

-```
-2 0 * * * /srv/conf/acme-sh/acme.sh --cron --home "/srv/conf/acme-sh" > /dev/null
+## docker-ipv6 support

-# nginx reload certificate once a month, at 6 AM UTC+8, means 22:00 UTC. 
-0 22 1 * * systemctl restart nginx
+Requires docker > 20.10.2, edit `/etc/docker/daemon.json`: 

-# If necessary:
-10 22 1 * * docker restart rmail
+```json
+{
+  "experimental": true,
+  "ip6tables": true,
+  "ipv6": true,
+  "fixed-cidr-v6": "2400:8902::f03c:92ff:febe:6c0d/64",
+  "log-driver": "json-file",
+  "log-opts": {
+    "max-size": "100m"
+  }
+}
 ```

 # DO NOT FORGET WRITING DOCKER-START INTO rc.local
@@ -90,13 +98,13 @@ docker exec -ti rweb /bin/bash
 |31000-31499|Virtualbox dynamic ports (Other use)|
 |30400-30499|Generic dynamic ports (Other use)|

-## tw1 migration (gcp)
+--------

-run `ssh-keygen -A` by serial after setup the new machine.
+# Services

--------
+> doc for closed services are archived into archived/README.md

-## recolic.net
+## www.recolic.net

 fresh deploy:
 201905 update: move all /var out.
@@ -109,16 +117,7 @@ Put the website into /srv/html, and make sure `/srv/html/.config/nginx.conf` exi
 docker run --log-opt max-size=10M -tid -p 3091:80 -v /srv/html:/var/www/html --name rwww --restart=always recolic/php-nginx /entry.sh
 ```

-The docker image contains no config or certificate since 20210630. 
-
-cert issue: (note that currently mail and www are on same machine. )
-```
-./acme.sh --issue -d recolic.net -d www.recolic.net -d dl.recolic.net -d mail.recolic.net -d recolic.org -d www.recolic.org -d dl.recolic.org -d mail.recolic.org --dns dns_cf
-./acme.sh --issue -d recolic.net -d www.recolic.net -d dl.recolic.net -d mail.recolic.net -d recolic.org -d www.recolic.org -d dl.recolic.org -d mail.recolic.org --dns dns_cf --keylength ec-384
-
-# For mail.recolic.net container, it runs imap/smtp/pop3...
-./acme.sh --issue -d mail.recolic.net -d imap.recolic.net -d pop3.recolic.net -d smtp.recolic.net -d mail.recolic.org -d imap.recolic.org -d pop3.recolic.org -d smtp.recolic.org --dns dns_cf
-```
+The docker image is HTTP-only and contains no certificate since 20210630. 

 ## mail.recolic.net

@@ -187,25 +186,6 @@ docker commit rvpn 600163736385.dkr.ecr.us-west-2.amazonaws.com/openvpn-server
 docker push 600163736385.dkr.ecr.us-west-2.amazonaws.com/openvpn-server
 ```

-## tm.recolic.net
-
-build docker image
-```
-docker build -f Dockerfile --tag tm --build-arg GIT_REPO_TM_WEB="https://path/to/your/tm.git" .
-docker tag tm 600163736385.dkr.ecr.us-west-2.amazonaws.com/tm
-```
-
-deploy (using /srv as datadir)
-```
-docker run --log-opt max-size=10M -tid -v /srv/tm/log:/app/log -v /srv/tm/keys:/app/keys -p 3080:80 --name rtm --restart=always 600163736385.dkr.ecr.us-west-2.amazonaws.com/tm
-# Then use nginx to proxy_pass port 3080.
-```
-
-exec
-```
-docker exec -ti rtm /bin/bash
-```
-
 ## git.recolic.net

 deploy (using /srv as datadir)
@@ -231,25 +211,6 @@ frontend cert issue:
 ./acme.sh --issue -d git.recolic.net -d tm.recolic.net -d hustdb.recolic.net -d git.recolic.org -d tm.recolic.org -d hustdb.recolic.org --dns dns_cf
 ```

-## push-to-markdown agent [closed, no data]
-
-** DEPRECATED! Use a better recolic.net/go **
-
-I use this tool to send testing result from GitlabCI-runner to markdown.
-
-GitlabCI runner performs http request from its own docker container: `https://api.recolic.net/kv-store/set/my_project_test_result|http://img4me.com/6qtJ6Qw.png`
-
-Then I use this link in my markdown: `Testing result is ![](https://api.recolic.net/kv-store/redirect_to_val/my_project_test_result|https://api.recolic.net/echo.php?Error_Occurred)`
-
-Get image from img4me.com: `curl 'http://api.img4me.com/?text=Testing%20result%20not%20available...&font=firacode&fcolor=000000&size=10&bcolor=FFFFFF&type=png'`
-
-Run docker image:
-
-```
-# YOU SHOULD ALWAYS LIMIT ITS MEMORY TO PREVENT ATTACK!!!!!
-docker run --log-opt max-size=10M -d --restart=always --name rmd-agent -m 100m -p 8080:8080 recolic/push-to-markdown-agent
-```
-
 ## drive.recolic.net

 data dir: `/srv/nextcloud`.
@@ -269,69 +230,7 @@ touch /srv/html/status.html
 docker run --log-opt max-size=10M -d --name rmon --restart=always -v /srv/html/status.html:/app/status.html recolic/rserver-status
 ```

-## rocket chat [closed, data on drive machine]
-
-datadir: /srv/mongo
-
-with `/srv/mongo/mongod.conf`:
-
-```
-replication:
-  replSetName: "rs01"
-```
-
-```
-docker run --log-opt max-size=10M --name rdb --restart=always -v /srv/mongo:/data/db -v /srv/mongo/mongod.conf:/etc/mongod.conf -d mongo:latest --smallfiles --config /etc/mongod.conf
-docker run --log-opt max-size=10M --name rocketchat --link rdb:db --restart=always -p 3000:3000 --env ROOT_URL=http://localhost --env 'MONGO_OPLOG_URL=mongodb://db:27017/local?replSet=rs01' -d rocket.chat
-```
-
-> Note: old command maybe missing ` -v /srv/rocket:/app/uploads`
-
- [ROCKET.CHAT new version: use docker-compose](https://rocket.chat/docs/installation/docker-containers/docker-compose/)
-
-fresh deploy:
-
-```
-mkdir /srv/rocket && cd /srv/rocket
-curl -L https://raw.githubusercontent.com/RocketChat/Rocket.Chat/develop/docker-compose.yml -o docker-compose.yml
-docker-compose up -d mongo
-#wait
-docker-compose up -d mongo-init-replica
-#wait
-docker-compose up -d rocketchat
-```
-
-## EFB telegram bot [closed, unstable]
-
-FROM: https://github.com/tinyRatP/Docker-Hub.git , also archived at drive machine.
-
-```
-docker-compose up -d
-```
-
-## Zulip [closed, unstable]
-
-nginx conf and docker-compose conf archived at tw1 machine. Zulip eats massive RAM of the server. Not recommended.
-
-docker-compose conf is basing on https://github.com/zulip/docker-zulip.git , and changes vol path, ports (3004:443).
-
- fresh deploy
-
-```
-docker-compose up -d
-```
-
-However, you still need to run docker-exec to set the following commands:
-
-1. Initial admin account (create initial organization). `manage.py generate_realm_creation_link`
-
-2. TEST the email service, https://zulip.readthedocs.io/en/latest/production/email.html#troubleshooting
-
-3. Mobile notification, https://zulip.readthedocs.io/en/latest/production/mobile-push-notifications.html
-
-All data backed up in tw1 machine.
-
-## Matrix + Riot.im (closed)
+## Matrix + Riot.im (TODO: it's outdated)

 > https://git.recolic.net/root/matrix-riot-docker

@@ -350,26 +249,6 @@ nohup /root/go/bin/go-shadowsocks2 -s 'ss://chacha20-ietf-poly1305:>>>>>>>>>>>>>

 gen url: https://zhiyuan-l.github.io/SS-Config-Generator/

-## Virtualbox server at HMS (deprecated, use webvirtmgr+KVM)
-
- setup
-
-```
-useradd vbox ; mkdir /home/vbox ; chown vbox:vbox /home/vbox ; usermod -a -G vboxusers vbox ; usermod -g vboxusers vbox
-passwd vbox # vbox
-
-docker run --log-opt max-size=10M --name vbox_http --restart=always -p 9399:80 \
-    -e ID_HOSTPORT=10.100.100.101:18083 -e ID_NAME=hms.recolic -e ID_USER=vbox -e ID_PW='vbox' -e CONF_browserRestrictFolders="/mnt/fsdisk/nfs/rpc_downloads,/home" \
-    -d joweisberg/phpvirtualbox
-    # version 6.1.x
-```
-
- daemon (on every boot)
-
-```
-nohup sudo -u vbox /usr/bin/vboxwebsrv --host 0.0.0.0 & disown
-```
-
 ## blog (htmly), included in www.recolic.net docker image

 - fresh deploy
@@ -565,9 +444,4 @@ Clone the repo and setup crontab.

 follow the guide at source=<https://git.recolic.net/root/scripts/-/tree/one/storage-server-backup-sh>

-## onlyoffice server for nextcloud online office

-```
-# The server is stateful, but no need to save it at all. 
-docker run --log-opt max-size=10M -tid --restart=always --name roffice -p 3008:80 onlyoffice/documentserver
-```
--- a/archived/README.md
+++ b/archived/README.md
+
+## tw1 migration (gcp)
+
+run `ssh-keygen -A` by serial after setup the new machine.
+
+## www.recolic.net
+
+cert issue: (note that currently mail and www are on same machine. )
+```
+./acme.sh --issue -d recolic.net -d www.recolic.net -d dl.recolic.net -d mail.recolic.net -d recolic.org -d www.recolic.org -d dl.recolic.org -d mail.recolic.org --dns dns_cf
+./acme.sh --issue -d recolic.net -d www.recolic.net -d dl.recolic.net -d mail.recolic.net -d recolic.org -d www.recolic.org -d dl.recolic.org -d mail.recolic.org --dns dns_cf --keylength ec-384
+
+# For mail.recolic.net container, it runs imap/smtp/pop3...
+./acme.sh --issue -d mail.recolic.net -d imap.recolic.net -d pop3.recolic.net -d smtp.recolic.net -d mail.recolic.org -d imap.recolic.org -d pop3.recolic.org -d smtp.recolic.org --dns dns_cf
+```
+
+
+## tm.recolic.net
+
+build docker image
+```
+docker build -f Dockerfile --tag tm --build-arg GIT_REPO_TM_WEB="https://path/to/your/tm.git" .
+docker tag tm 600163736385.dkr.ecr.us-west-2.amazonaws.com/tm
+```
+
+deploy (using /srv as datadir)
+```
+docker run --log-opt max-size=10M -tid -v /srv/tm/log:/app/log -v /srv/tm/keys:/app/keys -p 3080:80 --name rtm --restart=always 600163736385.dkr.ecr.us-west-2.amazonaws.com/tm
+# Then use nginx to proxy_pass port 3080.
+```
+
+exec
+```
+docker exec -ti rtm /bin/bash
+```
+
+## push-to-markdown agent [closed, no data]
+
+** DEPRECATED! Use a better recolic.net/go **
+
+I use this tool to send testing result from GitlabCI-runner to markdown.
+
+GitlabCI runner performs http request from its own docker container: `https://api.recolic.net/kv-store/set/my_project_test_result|http://img4me.com/6qtJ6Qw.png`
+
+Then I use this link in my markdown: `Testing result is ![](https://api.recolic.net/kv-store/redirect_to_val/my_project_test_result|https://api.recolic.net/echo.php?Error_Occurred)`
+
+Get image from img4me.com: `curl 'http://api.img4me.com/?text=Testing%20result%20not%20available...&font=firacode&fcolor=000000&size=10&bcolor=FFFFFF&type=png'`
+
+Run docker image:
+
+```
+# YOU SHOULD ALWAYS LIMIT ITS MEMORY TO PREVENT ATTACK!!!!!
+docker run --log-opt max-size=10M -d --restart=always --name rmd-agent -m 100m -p 8080:8080 recolic/push-to-markdown-agent
+```
+
+## rocket chat [closed, data on drive machine]
+
+datadir: /srv/mongo
+
+with `/srv/mongo/mongod.conf`:
+
+```
+replication:
+  replSetName: "rs01"
+```
+
+```
+docker run --log-opt max-size=10M --name rdb --restart=always -v /srv/mongo:/data/db -v /srv/mongo/mongod.conf:/etc/mongod.conf -d mongo:latest --smallfiles --config /etc/mongod.conf
+docker run --log-opt max-size=10M --name rocketchat --link rdb:db --restart=always -p 3000:3000 --env ROOT_URL=http://localhost --env 'MONGO_OPLOG_URL=mongodb://db:27017/local?replSet=rs01' -d rocket.chat
+```
+
+> Note: old command maybe missing ` -v /srv/rocket:/app/uploads`
+
+- [ROCKET.CHAT new version: use docker-compose](https://rocket.chat/docs/installation/docker-containers/docker-compose/)
+
+fresh deploy:
+
+```
+mkdir /srv/rocket && cd /srv/rocket
+curl -L https://raw.githubusercontent.com/RocketChat/Rocket.Chat/develop/docker-compose.yml -o docker-compose.yml
+docker-compose up -d mongo
+#wait
+docker-compose up -d mongo-init-replica
+#wait
+docker-compose up -d rocketchat
+```
+
+## EFB telegram bot [closed, unstable]
+
+FROM: https://github.com/tinyRatP/Docker-Hub.git , also archived at drive machine.
+
+```
+docker-compose up -d
+```
+
+## Zulip [closed, unstable]
+
+nginx conf and docker-compose conf archived at tw1 machine. Zulip eats massive RAM of the server. Not recommended.
+
+docker-compose conf is basing on https://github.com/zulip/docker-zulip.git , and changes vol path, ports (3004:443).
+
+- fresh deploy
+
+```
+docker-compose up -d
+```
+
+However, you still need to run docker-exec to set the following commands:
+
+1. Initial admin account (create initial organization). `manage.py generate_realm_creation_link`
+
+2. TEST the email service, https://zulip.readthedocs.io/en/latest/production/email.html#troubleshooting
+
+3. Mobile notification, https://zulip.readthedocs.io/en/latest/production/mobile-push-notifications.html
+
+All data backed up in tw1 machine.
+
+## Virtualbox server at HMS (deprecated, use webvirtmgr+KVM)
+
+- setup
+
+```
+useradd vbox ; mkdir /home/vbox ; chown vbox:vbox /home/vbox ; usermod -a -G vboxusers vbox ; usermod -g vboxusers vbox
+passwd vbox # vbox
+
+docker run --log-opt max-size=10M --name vbox_http --restart=always -p 9399:80 \
+    -e ID_HOSTPORT=10.100.100.101:18083 -e ID_NAME=hms.recolic -e ID_USER=vbox -e ID_PW='vbox' -e CONF_browserRestrictFolders="/mnt/fsdisk/nfs/rpc_downloads,/home" \
+    -d joweisberg/phpvirtualbox
+    # version 6.1.x
+```
+
+- daemon (on every boot)
+
+```
+nohup sudo -u vbox /usr/bin/vboxwebsrv --host 0.0.0.0 & disown
+```
+
+## onlyoffice server for nextcloud online office
+
+```
+# The server is stateful, but no need to save it at all.
+docker run --log-opt max-size=10M -tid --restart=always --name roffice -p 3008:80 onlyoffice/documentserver
+```
+
+
+
+
--- a/ovpn-over-obfs.md
+++ b/ovpn-over-obfs.md