radin/my-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rework Dirs

Browse Source
This commit is contained in:
RadinPirouz
2024-09-01 18:34:55 +03:30
parent 84196c3034
commit 8c9be226a5
51 changed files with 0 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

169
Web Servers & Reverse Proxies/NextCloud/NextCloud.md Normal file
View File

@@ -0,0 +1,169 @@
# Setting up Nextcloud with Nginx
## Step 1: Update Repositories and Packages
```bash
apt update && apt upgrade -y
```
## Step 2: Install Nginx and MariaDB Server
```bash
apt install nginx mariadb-server
```
## Step 3: Install and Enable Dependencies and Certbot
```bash
apt install imagemagick php-imagick php-common php-mysql php-fpm php-gd php-json php-curl php-zip php-xml php-mbstring php-bz2 php-intl php-bcmath php-gmp php-zip libmagickcore-6.q16-6-extra
apt install certbot python3-certbot-nginx
systemctl start php8.1-fpm && systemctl enable php8.1-fpm
```
## Step 4: Get and Install Nextcloud
```bash
wget https://download.nextcloud.com/server/releases/nextcloud-28.0.4.zip && mkdir -p /sites/nextcloud && unzip nextcloud-*.zip -d /sites/nextcloud
```
## Step 5: Configure SQL
```bash
mysql -u root -p
```
```sql
CREATE DATABASE nextcloud_db;
CREATE USER 'admin2'@'localhost' IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nextcloud_db.* TO 'admin2'@'localhost' IDENTIFIED BY '123';
FLUSH PRIVILEGES;
EXIT;
```
## Step 6: Configure Nginx
```bash
vim /etc/nginx/sites-enabled/default
```
**Nginx Configuration**
```conf
upstream php-handler {
server unix:/var/run/php/php8.1-fpm.sock;
}
server {
listen 80;
server_name _;
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /sites/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/remote.php/dav;
}
# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# Uncomment if your server is built with the ngx_pagespeed module
# This module is currently not supported.
# pagespeed off;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTP on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js, css and map files
# Make sure it is BELOW the PHP block
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add
_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "none" always;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
# Optional: Don't log access to other assets
access_log off;
}
}
```
## Step 7: Nginx Check
```bash
nginx -t # Check if configuration has errors
nginx -s reload
```

206
Web Servers & Reverse Proxies/nginx/django.md Normal file
View File

@@ -0,0 +1,206 @@
### Installing Packages from Ubuntu Repositories
1. Update your Ubuntu system:
```bash
sudo apt update
```
2. Install necessary packages:
```bash
sudo apt install python3-venv python3-dev libpq-dev postgresql postgresql-contrib nginx curl
```
### Creating the PostgreSQL Database and User
3. Log into an interactive Postgres session:
```bash
sudo -u postgres psql
```
4. Inside the PostgreSQL prompt, create a database for your project:
```sql
CREATE DATABASE myproject;
```
5. Create a database user for your project with a secure password:
```sql
CREATE USER myprojectuser WITH PASSWORD 'password';
```
6. Modify connection parameters for the user:
```sql
ALTER ROLE myprojectuser SET client_encoding TO 'utf8';
ALTER ROLE myprojectuser SET default_transaction_isolation TO 'read committed';
ALTER ROLE myprojectuser SET timezone TO 'UTC';
```
7. Grant the new user access to administer the new database:
```sql
GRANT ALL PRIVILEGES ON DATABASE myproject TO myprojectuser;
```
8. Exit the PostgreSQL prompt:
```sql
\q
```
### Creating a Python Virtual Environment for Your Project
9. Create a directory for your project files:
```bash
mkdir ~/myprojectdir
cd ~/myprojectdir
```
10. Create a Python virtual environment:
```bash
python3 -m venv myprojectenv
```
11. Activate the virtual environment:
```bash
source myprojectenv/bin/activate
```
12. Install Django, Gunicorn, and psycopg2:
```bash
pip install django gunicorn psycopg2-binary
```
### Creating and Configuring a New Django Project
13. Create a new Django project with a defined directory:
```bash
django-admin startproject myproject ~/myprojectdir
```
14. Adjust settings in the `settings.py` file:
- Set `ALLOWED_HOSTS` to `['*']`
- Configure `DATABASES` with PostgreSQL details
15. Add static root configuration to `settings.py`:
```python
import os
STATIC_ROOT = os.path.join(BASE_DIR, 'static/')
```
16. Migrate initial database schema:
```bash
~/myprojectdir/manage.py makemigrations
~/myprojectdir/manage.py migrate
```
17. Create an administrative user:
```bash
~/myprojectdir/manage.py createsuperuser
```
18. Collect static content:
```bash
~/myprojectdir/manage.py collectstatic
```
19. Allow port 8000:
```bash
sudo ufw allow 8000
```
20. Start Django development server:
```bash
~/myprojectdir/manage.py runserver 0.0.0.0:8000
```
21. Access your application in a web browser.
22. Stop Apache2 service:
```bash
sudo /etc/init.d/apache2 restart
```
### Testing Gunicorn
23. Test Gunicorn to ensure it can serve the application:
```bash
cd ~/myprojectdir
gunicorn --bind 0.0.0.0:8000 myproject.wsgi
```
24. Stop Gunicorn:
- Press `CTRL-C`
### Creating systemd Socket and Service Files for Gunicorn
25. Create a systemd socket file for Gunicorn:
```bash
sudo nano /etc/systemd/system/gunicorn.socket
```
26. Create and open a systemd service file for Gunicorn:
```bash
sudo nano /etc/systemd/system/gunicorn.service
```
27. Configure the service file with appropriate details.
### Checking for the Gunicorn Socket File
28. Check the status of the Gunicorn socket:
```bash
sudo systemctl status gunicorn.socket
```
29. Check for the existence of the Gunicorn socket file:
```bash
file /run/gunicorn.sock
```
30. Check Gunicorn socket logs:
```bash
sudo journalctl -u gunicorn.socket
```
### Testing Socket Activation
31. Test the socket activation mechanism:
```bash
sudo systemctl status gunicorn
```
32. Send a connection to the socket through curl:
```bash
curl --unix-socket /run/gunicorn.sock localhost
```
### Configuring Nginx to Proxy Pass to Gunicorn
33. Create and open a new server block in Nginx's sites-available directory:
```bash
sudo nano /etc/nginx/sites-available/myproject
```
34. Configure the server block with appropriate settings.
35. Enable the server block:
```bash
sudo ln -s /etc/nginx/sites-available/myproject /etc/nginx/sites-enabled
```
36. Test Nginx configuration for syntax errors:
```bash
sudo nginx -t
```
37. Restart Nginx:
```bash
sudo systemctl restart nginx
```
38. Open firewall to normal traffic on port 80:
```bash
sudo ufw delete allow 8000
sudo ufw allow 'Nginx Full'
```
### Conclusion
You should now be able to access your Django application via your server's domain or IP address.

113
Web Servers & Reverse Proxies/nginx/dotnet.md Normal file
View File

@@ -0,0 +1,113 @@
# Deploying .NET on Linux
This tutorial has been tested only on .NET 7 and Ubuntu 22.04.
## Getting the Output
First, let's install .NET:
```bash
sudo apt install dotnet-sdk-7.0
```
*Note: You can create a .NET project using `dotnet new mvc` command.*
Then, we need to publish our project:
```bash
dotnet publish
```
The location of the output file will be displayed after the command finishes. Typically, the project output will be placed in:
**bin/Debug/net7.0/publish**
## Installing Nginx
**Nginx** is a high-performance web server with low resource usage, distributed under the terms of the BSD license. It runs on Unix-like operating systems and is widely used, currently powering 12.07% of the internet's domains.
To install **Nginx** via `apt`, use the following command:
```bash
sudo apt install nginx
```
Then, disable the firewall with:
```bash
sudo ufw disable
```
If you encounter an error with this command, it means you don't have a firewall. In that case, skip this part.
If the installation is successful, you should see "Welcome to Nginx" when typing `localhost` in your browser.
## Configuring Nginx
Create a directory for your site:
```bash
sudo mkdir /var/www/app1
```
Copy the contents of the `publish` directory to the newly created directory:
```bash
sudo cp yourprojectFolder/bin/Debug/net7.0/publish /var/www/app1
```
Then, navigate to the Nginx configuration:
```bash
sudo vim /etc/nginx/sites-available/default
```
Replace the contents of the file with the following:
```nginx
server {
listen 80;
server_name example.com *.example.com;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
*Note: Replace `example.com` with your site address.*
Check the configuration file syntax:
```bash
sudo nginx -t
```
If no errors are reported, reload Nginx to apply the changes:
```bash
sudo nginx -s reload
```
## Adding the Site as a Service
Create a service file for your site:
```bash
sudo vim /etc/systemd/system/app1.service
```
Copy the following code into the file:
```plaintext
[Unit]
Description=dotnet webapp
[Service]
WorkingDirectory=/var/www/app1
ExecStart=/usr/bin/dotnet /var/www/app/projectname.dll
Restart=always
RestartSec=10
SyslogIdentifier=projectname
Environment=ASPNETCORE_ENVIRONMENT=Production
[Install]
WantedBy=multi-user.target
```
*Note: Replace `projectname` with your project's name.*
Enable and start the site, and check its status:
```bash
sudo systemctl enable app1.service
sudo systemctl start app1.service
sudo systemctl status app1.service
```