From 75a6895d145362b55b3917c24ac9ac64959d9c80 Mon Sep 17 00:00:00 2001
From: Recolic K <bensl@microsoft.com>
Date: Tue, 24 Aug 2021 17:07:55 +0800
Subject: [PATCH] archive
---
README.md | 168 +++---------------
archived/README.md | 147 +++++++++++++++
.../ovpn-over-obfs.md | 0
3 files changed, 168 insertions(+), 147 deletions(-)
create mode 100644 archived/README.md
rename ovpn-over-obfs.md => archived/ovpn-over-obfs.md (100%)
diff --git a/README.md b/README.md
index a7af3d8..ff2c08c 100644
--- a/README.md
+++ b/README.md
@@ -20,16 +20,24 @@ do not use docker attach.
docker exec -ti rweb /bin/bash
```
-**acme.sh and nginx**: Add nginx-reload to crontab to refresh certificate.
+Every server saves `acme.sh`, `nginx.conf`, `crontab.log`, `cert.sh`, `startup.sh` into `/srv/conf`. Every server has an nginx, which redirects
+all HTTPS traffic to `http://localhost:xxxx`.
-```
-2 0 * * * /srv/conf/acme-sh/acme.sh --cron --home "/srv/conf/acme-sh" > /dev/null
+## docker-ipv6 support
-# nginx reload certificate once a month, at 6 AM UTC+8, means 22:00 UTC.
-0 22 1 * * systemctl restart nginx
+Requires docker > 20.10.2, edit `/etc/docker/daemon.json`:
-# If necessary:
-10 22 1 * * docker restart rmail
+```json
+{
+ "experimental": true,
+ "ip6tables": true,
+ "ipv6": true,
+ "fixed-cidr-v6": "2400:8902::f03c:92ff:febe:6c0d/64",
+ "log-driver": "json-file",
+ "log-opts": {
+ "max-size": "100m"
+ }
+}
```
# DO NOT FORGET WRITING DOCKER-START INTO rc.local
@@ -90,13 +98,13 @@ docker exec -ti rweb /bin/bash
|31000-31499|Virtualbox dynamic ports (Other use)|
|30400-30499|Generic dynamic ports (Other use)|
-## tw1 migration (gcp)
+--------
-run `ssh-keygen -A` by serial after setup the new machine.
+# Services
---------
+> doc for closed services are archived into archived/README.md
-## recolic.net
+## www.recolic.net
fresh deploy:
201905 update: move all /var out.
@@ -109,16 +117,7 @@ Put the website into /srv/html, and make sure `/srv/html/.config/nginx.conf` exi
docker run --log-opt max-size=10M -tid -p 3091:80 -v /srv/html:/var/www/html --name rwww --restart=always recolic/php-nginx /entry.sh
```
-The docker image contains no config or certificate since 20210630.
-
-cert issue: (note that currently mail and www are on same machine. )
-```
-./acme.sh --issue -d recolic.net -d www.recolic.net -d dl.recolic.net -d mail.recolic.net -d recolic.org -d www.recolic.org -d dl.recolic.org -d mail.recolic.org --dns dns_cf
-./acme.sh --issue -d recolic.net -d www.recolic.net -d dl.recolic.net -d mail.recolic.net -d recolic.org -d www.recolic.org -d dl.recolic.org -d mail.recolic.org --dns dns_cf --keylength ec-384
-
-# For mail.recolic.net container, it runs imap/smtp/pop3...
-./acme.sh --issue -d mail.recolic.net -d imap.recolic.net -d pop3.recolic.net -d smtp.recolic.net -d mail.recolic.org -d imap.recolic.org -d pop3.recolic.org -d smtp.recolic.org --dns dns_cf
-```
+The docker image is HTTP-only and contains no certificate since 20210630.
## mail.recolic.net
@@ -187,25 +186,6 @@ docker commit rvpn 600163736385.dkr.ecr.us-west-2.amazonaws.com/openvpn-server
docker push 600163736385.dkr.ecr.us-west-2.amazonaws.com/openvpn-server
```
-## tm.recolic.net
-
-build docker image
-```
-docker build -f Dockerfile --tag tm --build-arg GIT_REPO_TM_WEB="https://path/to/your/tm.git" .
-docker tag tm 600163736385.dkr.ecr.us-west-2.amazonaws.com/tm
-```
-
-deploy (using /srv as datadir)
-```
-docker run --log-opt max-size=10M -tid -v /srv/tm/log:/app/log -v /srv/tm/keys:/app/keys -p 3080:80 --name rtm --restart=always 600163736385.dkr.ecr.us-west-2.amazonaws.com/tm
-# Then use nginx to proxy_pass port 3080.
-```
-
-exec
-```
-docker exec -ti rtm /bin/bash
-```
-
## git.recolic.net
deploy (using /srv as datadir)
@@ -231,25 +211,6 @@ frontend cert issue:
./acme.sh --issue -d git.recolic.net -d tm.recolic.net -d hustdb.recolic.net -d git.recolic.org -d tm.recolic.org -d hustdb.recolic.org --dns dns_cf
```
-## push-to-markdown agent [closed, no data]
-
-** DEPRECATED! Use a better recolic.net/go **
-
-I use this tool to send testing result from GitlabCI-runner to markdown.
-
-GitlabCI runner performs http request from its own docker container: `https://api.recolic.net/kv-store/set/my_project_test_result|http://img4me.com/6qtJ6Qw.png`
-
-Then I use this link in my markdown: `Testing result is `
-
-Get image from img4me.com: `curl 'http://api.img4me.com/?text=Testing%20result%20not%20available...&font=firacode&fcolor=000000&size=10&bcolor=FFFFFF&type=png'`
-
-Run docker image:
-
-```
-# YOU SHOULD ALWAYS LIMIT ITS MEMORY TO PREVENT ATTACK!!!!!
-docker run --log-opt max-size=10M -d --restart=always --name rmd-agent -m 100m -p 8080:8080 recolic/push-to-markdown-agent
-```
-
## drive.recolic.net
data dir: `/srv/nextcloud`.
@@ -269,69 +230,7 @@ touch /srv/html/status.html
docker run --log-opt max-size=10M -d --name rmon --restart=always -v /srv/html/status.html:/app/status.html recolic/rserver-status
```
-## rocket chat [closed, data on drive machine]
-
-datadir: /srv/mongo
-
-with `/srv/mongo/mongod.conf`:
-
-```
-replication:
- replSetName: "rs01"
-```
-
-```
-docker run --log-opt max-size=10M --name rdb --restart=always -v /srv/mongo:/data/db -v /srv/mongo/mongod.conf:/etc/mongod.conf -d mongo:latest --smallfiles --config /etc/mongod.conf
-docker run --log-opt max-size=10M --name rocketchat --link rdb:db --restart=always -p 3000:3000 --env ROOT_URL=http://localhost --env 'MONGO_OPLOG_URL=mongodb://db:27017/local?replSet=rs01' -d rocket.chat
-```
-
-> Note: old command maybe missing ` -v /srv/rocket:/app/uploads`
-
-- [ROCKET.CHAT new version: use docker-compose](https://rocket.chat/docs/installation/docker-containers/docker-compose/)
-
-fresh deploy:
-
-```
-mkdir /srv/rocket && cd /srv/rocket
-curl -L https://raw.githubusercontent.com/RocketChat/Rocket.Chat/develop/docker-compose.yml -o docker-compose.yml
-docker-compose up -d mongo
-#wait
-docker-compose up -d mongo-init-replica
-#wait
-docker-compose up -d rocketchat
-```
-
-## EFB telegram bot [closed, unstable]
-
-FROM: https://github.com/tinyRatP/Docker-Hub.git , also archived at drive machine.
-
-```
-docker-compose up -d
-```
-
-## Zulip [closed, unstable]
-
-nginx conf and docker-compose conf archived at tw1 machine. Zulip eats massive RAM of the server. Not recommended.
-
-docker-compose conf is basing on https://github.com/zulip/docker-zulip.git , and changes vol path, ports (3004:443).
-
-- fresh deploy
-
-```
-docker-compose up -d
-```
-
-However, you still need to run docker-exec to set the following commands:
-
-1. Initial admin account (create initial organization). `manage.py generate_realm_creation_link`
-
-2. TEST the email service, https://zulip.readthedocs.io/en/latest/production/email.html#troubleshooting
-
-3. Mobile notification, https://zulip.readthedocs.io/en/latest/production/mobile-push-notifications.html
-
-All data backed up in tw1 machine.
-
-## Matrix + Riot.im (closed)
+## Matrix + Riot.im (TODO: it's outdated)
> https://git.recolic.net/root/matrix-riot-docker
@@ -350,26 +249,6 @@ nohup /root/go/bin/go-shadowsocks2 -s 'ss://chacha20-ietf-poly1305:>>>>>>>>>>>>>
gen url: https://zhiyuan-l.github.io/SS-Config-Generator/
-## Virtualbox server at HMS (deprecated, use webvirtmgr+KVM)
-
-- setup
-
-```
-useradd vbox ; mkdir /home/vbox ; chown vbox:vbox /home/vbox ; usermod -a -G vboxusers vbox ; usermod -g vboxusers vbox
-passwd vbox # vbox
-
-docker run --log-opt max-size=10M --name vbox_http --restart=always -p 9399:80 \
- -e ID_HOSTPORT=10.100.100.101:18083 -e ID_NAME=hms.recolic -e ID_USER=vbox -e ID_PW='vbox' -e CONF_browserRestrictFolders="/mnt/fsdisk/nfs/rpc_downloads,/home" \
- -d joweisberg/phpvirtualbox
- # version 6.1.x
-```
-
-- daemon (on every boot)
-
-```
-nohup sudo -u vbox /usr/bin/vboxwebsrv --host 0.0.0.0 & disown
-```
-
## blog (htmly), included in www.recolic.net docker image
- fresh deploy
@@ -565,9 +444,4 @@ Clone the repo and setup crontab.
follow the guide at source=<https://git.recolic.net/root/scripts/-/tree/one/storage-server-backup-sh>
-## onlyoffice server for nextcloud online office
-```
-# The server is stateful, but no need to save it at all.
-docker run --log-opt max-size=10M -tid --restart=always --name roffice -p 3008:80 onlyoffice/documentserver
-```
diff --git a/archived/README.md b/archived/README.md
new file mode 100644
index 0000000..2f49c74
--- /dev/null
+++ b/archived/README.md
@@ -0,0 +1,147 @@
+
+## tw1 migration (gcp)
+
+run `ssh-keygen -A` by serial after setup the new machine.
+
+## www.recolic.net
+
+cert issue: (note that currently mail and www are on same machine. )
+```
+./acme.sh --issue -d recolic.net -d www.recolic.net -d dl.recolic.net -d mail.recolic.net -d recolic.org -d www.recolic.org -d dl.recolic.org -d mail.recolic.org --dns dns_cf
+./acme.sh --issue -d recolic.net -d www.recolic.net -d dl.recolic.net -d mail.recolic.net -d recolic.org -d www.recolic.org -d dl.recolic.org -d mail.recolic.org --dns dns_cf --keylength ec-384
+
+# For mail.recolic.net container, it runs imap/smtp/pop3...
+./acme.sh --issue -d mail.recolic.net -d imap.recolic.net -d pop3.recolic.net -d smtp.recolic.net -d mail.recolic.org -d imap.recolic.org -d pop3.recolic.org -d smtp.recolic.org --dns dns_cf
+```
+
+
+## tm.recolic.net
+
+build docker image
+```
+docker build -f Dockerfile --tag tm --build-arg GIT_REPO_TM_WEB="https://path/to/your/tm.git" .
+docker tag tm 600163736385.dkr.ecr.us-west-2.amazonaws.com/tm
+```
+
+deploy (using /srv as datadir)
+```
+docker run --log-opt max-size=10M -tid -v /srv/tm/log:/app/log -v /srv/tm/keys:/app/keys -p 3080:80 --name rtm --restart=always 600163736385.dkr.ecr.us-west-2.amazonaws.com/tm
+# Then use nginx to proxy_pass port 3080.
+```
+
+exec
+```
+docker exec -ti rtm /bin/bash
+```
+
+## push-to-markdown agent [closed, no data]
+
+** DEPRECATED! Use a better recolic.net/go **
+
+I use this tool to send testing result from GitlabCI-runner to markdown.
+
+GitlabCI runner performs http request from its own docker container: `https://api.recolic.net/kv-store/set/my_project_test_result|http://img4me.com/6qtJ6Qw.png`
+
+Then I use this link in my markdown: `Testing result is `
+
+Get image from img4me.com: `curl 'http://api.img4me.com/?text=Testing%20result%20not%20available...&font=firacode&fcolor=000000&size=10&bcolor=FFFFFF&type=png'`
+
+Run docker image:
+
+```
+# YOU SHOULD ALWAYS LIMIT ITS MEMORY TO PREVENT ATTACK!!!!!
+docker run --log-opt max-size=10M -d --restart=always --name rmd-agent -m 100m -p 8080:8080 recolic/push-to-markdown-agent
+```
+
+## rocket chat [closed, data on drive machine]
+
+datadir: /srv/mongo
+
+with `/srv/mongo/mongod.conf`:
+
+```
+replication:
+ replSetName: "rs01"
+```
+
+```
+docker run --log-opt max-size=10M --name rdb --restart=always -v /srv/mongo:/data/db -v /srv/mongo/mongod.conf:/etc/mongod.conf -d mongo:latest --smallfiles --config /etc/mongod.conf
+docker run --log-opt max-size=10M --name rocketchat --link rdb:db --restart=always -p 3000:3000 --env ROOT_URL=http://localhost --env 'MONGO_OPLOG_URL=mongodb://db:27017/local?replSet=rs01' -d rocket.chat
+```
+
+> Note: old command maybe missing ` -v /srv/rocket:/app/uploads`
+
+- [ROCKET.CHAT new version: use docker-compose](https://rocket.chat/docs/installation/docker-containers/docker-compose/)
+
+fresh deploy:
+
+```
+mkdir /srv/rocket && cd /srv/rocket
+curl -L https://raw.githubusercontent.com/RocketChat/Rocket.Chat/develop/docker-compose.yml -o docker-compose.yml
+docker-compose up -d mongo
+#wait
+docker-compose up -d mongo-init-replica
+#wait
+docker-compose up -d rocketchat
+```
+
+## EFB telegram bot [closed, unstable]
+
+FROM: https://github.com/tinyRatP/Docker-Hub.git , also archived at drive machine.
+
+```
+docker-compose up -d
+```
+
+## Zulip [closed, unstable]
+
+nginx conf and docker-compose conf archived at tw1 machine. Zulip eats massive RAM of the server. Not recommended.
+
+docker-compose conf is basing on https://github.com/zulip/docker-zulip.git , and changes vol path, ports (3004:443).
+
+- fresh deploy
+
+```
+docker-compose up -d
+```
+
+However, you still need to run docker-exec to set the following commands:
+
+1. Initial admin account (create initial organization). `manage.py generate_realm_creation_link`
+
+2. TEST the email service, https://zulip.readthedocs.io/en/latest/production/email.html#troubleshooting
+
+3. Mobile notification, https://zulip.readthedocs.io/en/latest/production/mobile-push-notifications.html
+
+All data backed up in tw1 machine.
+
+## Virtualbox server at HMS (deprecated, use webvirtmgr+KVM)
+
+- setup
+
+```
+useradd vbox ; mkdir /home/vbox ; chown vbox:vbox /home/vbox ; usermod -a -G vboxusers vbox ; usermod -g vboxusers vbox
+passwd vbox # vbox
+
+docker run --log-opt max-size=10M --name vbox_http --restart=always -p 9399:80 \
+ -e ID_HOSTPORT=10.100.100.101:18083 -e ID_NAME=hms.recolic -e ID_USER=vbox -e ID_PW='vbox' -e CONF_browserRestrictFolders="/mnt/fsdisk/nfs/rpc_downloads,/home" \
+ -d joweisberg/phpvirtualbox
+ # version 6.1.x
+```
+
+- daemon (on every boot)
+
+```
+nohup sudo -u vbox /usr/bin/vboxwebsrv --host 0.0.0.0 & disown
+```
+
+## onlyoffice server for nextcloud online office
+
+```
+# The server is stateful, but no need to save it at all.
+docker run --log-opt max-size=10M -tid --restart=always --name roffice -p 3008:80 onlyoffice/documentserver
+```
+
+
+
+
diff --git a/ovpn-over-obfs.md b/archived/ovpn-over-obfs.md
similarity index 100%
rename from ovpn-over-obfs.md
rename to archived/ovpn-over-obfs.md
--
GitLab