Obsidian-MBPM4
26ce03c6bc
Affected files: .obsidian/plugins/text-extractor/cache/e43841d46b66e6b5f5c8c4667078b649.json .obsidian/workspace.json 99 Work/0 OneSec/OneSecNotes/10 Projects/OneSecServer/OneSec Server.md Attachments/Pasted image 20250922115441.png
745 lines
25 KiB
Markdown
745 lines
25 KiB
Markdown
We host the server at [netcup - Germany](https://www.netcup.eu/), a company that offers VPS. The IP address of our server is 37.120.177.0.
|
||
|
||
# Organisation
|
||
## Access
|
||
The following is the access data to access the server through ssh (part of my `~/.ssh/config` file):
|
||
```bash
|
||
Host netcup
|
||
HostName v2202204173997187481.hotsrv.de
|
||
User root
|
||
IdentityFile ~/.ssh/netcup_osd_claudio
|
||
```
|
||
## Setup
|
||
Vinnie, Dannick's Friend, helped me with the setup. I leave the bash history and the zsh history files here as a reference.
|
||
![[bash_history_netcup]]
|
||
|
||
![[zsh_history_netcup]]
|
||
|
||
I have installed `zsh` and `oh-my-zsh` to make the interaction easier
|
||
|
||
in the cli-history files above you can see how the project got updated, but basically update the project files on a local machine, test everything, push it to gitlab. Then access the server, pull the changes, checkout to the correct version and restart the docker container:
|
||
```zsh
|
||
docker compose -f docker-compose.dev.yml down docker compose -f docker-compose.dev.yml up -d --build --force-recreate
|
||
```
|
||
## Structure
|
||
The main folder is called osd_apps, which hosts the web-apps that we're running.
|
||
We use [[nginx]] as a reverse proxy to serve the different web-apps and [[Docker]] to run the apps in an appropriate container.
|
||
|
||
We also use certbot (installed through snap) to keep the certifiates up to date.
|
||
|
||
The [[OneSec - FlightReview|flight review app]] is hosted at the website [testlogs.onesec.com](testlogs.onesec.com). The authentication is done through a nginx configuration. The credentials can be found on the specified article.
|
||
|
||
### 6tunnel
|
||
[6Tunnel](https://github.com/wojtekka/6tunnel) is used to create a translation service for Dannicks NAS. Basically the server (which has a static IPV4 address) forwards requests to a IPV6-address (Dannicks NAS). See history files above for the commands. And make sure that the firewall (`ufw`) allows the correct ports (32400 in Dannicks case).
|
||
|
||
### Nginx
|
||
Nginx is used as a reverse proxy server, that checks incoming traffic and routes it to the correct interface on the server. We can configure it, such that any traffic coming from a certain URI (e.g. testlogs.onesec.com) is rerouted to the localhost:5006. And on this interface we are running a docker container, which hosts the web-app. This means that any traffic coming from testlogs.onesec.com is directed towards the web-app and any other traffic (from the IP for instance) is routed to `/var/www/http` and a static content is served (default nginx stuff). If another app is added we can have an additional port for that as explained in [this article](https://www.digitalocean.com/community/questions/how-to-host-multiple-docker-containers-on-a-single-droplet-with-nginx-reverse-proxy).
|
||
|
||
### Certbot
|
||
Certbot is a tool that manages certificates for our webserver. It has a really good integration with nginx. Some more info can be found [here](https://sirfitz.medium.com/setting-up-an-nginx-instance-with-certbot-and-configuring-it-for-wildcard-subdomains-on-ubuntu-96e413281a99). Especially the cron-job for the autorenewal is handy. But cerbot also has a automated way of handling this, as can be seen in the [instruction set by digital ocean](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04). Compared to the instructions on the blog article, on our server we've used the following command:
|
||
```bash
|
||
sudo certbot --nginx -d testlogs.onesec.com
|
||
```
|
||
|
||
|
||
### Docker
|
||
[[Docker]] is used to isolate multiple web-apps that are running. A few important things are listed here:
|
||
- use the `-d` or `--detach` option to let it run in the background even if the terminal is disconnected. This ensures that the webapp is running when the setup process is finished.
|
||
# WebApps
|
||
## PX4 - Flight Review
|
||
A [customized version](https://gitlab.com/onesecdelivery/flight_review_osd) of the official PX4 [flight review](https://github.com/PX4/flight_review) app is hosted there.
|
||
|
||
|
||
# How to add a new WebApp?
|
||
1. Go to namecheap.com, login and [add a new A-record.](https://www.namecheap.com/support/knowledgebase/article.aspx/319/2237/how-can-i-set-up-an-a-address-record-for-my-domain/)![[Pasted image 20240123183014.png]]Here you can see that for the subdomain foxglove and testlogs we have an A-Record [^1] to forward to our VPS server (37.120.177.0). Once this is done all traffic gets forwarded to our VPS server where we need to handle it.
|
||
2. Access the servers command line through SSH (see instructions above).
|
||
3.
|
||
|
||
## Migrate from Nginx to Caddy
|
||
|
||
|
||
> [!Info] Nginx Config
|
||
```
|
||
❯ sudo nginx -T | tee ~/nginx-full.conf
|
||
grep -R "server_name" /etc/nginx/sites-enabled -n || true
|
||
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
||
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
||
# configuration file /etc/nginx/nginx.conf:
|
||
user www-data;
|
||
worker_processes auto;
|
||
pid /run/nginx.pid;
|
||
include /etc/nginx/modules-enabled/*.conf;
|
||
|
||
events {
|
||
worker_connections 768;
|
||
# multi_accept on;
|
||
}
|
||
|
||
http {
|
||
|
||
##
|
||
# Basic Settings
|
||
##
|
||
|
||
sendfile on;
|
||
tcp_nopush on;
|
||
tcp_nodelay on;
|
||
keepalive_timeout 65;
|
||
types_hash_max_size 2048;
|
||
# server_tokens off;
|
||
|
||
# server_names_hash_bucket_size 64;
|
||
# server_name_in_redirect off;
|
||
|
||
include /etc/nginx/mime.types;
|
||
default_type application/octet-stream;
|
||
|
||
##
|
||
# SSL Settings
|
||
##
|
||
|
||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||
ssl_prefer_server_ciphers on;
|
||
|
||
##
|
||
# Logging Settings
|
||
##
|
||
|
||
access_log /var/log/nginx/access.log;
|
||
error_log /var/log/nginx/error.log;
|
||
|
||
##
|
||
# Gzip Settings
|
||
##
|
||
|
||
gzip on;
|
||
|
||
# gzip_vary on;
|
||
# gzip_proxied any;
|
||
# gzip_comp_level 6;
|
||
# gzip_buffers 16 8k;
|
||
# gzip_http_version 1.1;
|
||
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||
|
||
##
|
||
# Virtual Host Configs
|
||
##
|
||
|
||
include /etc/nginx/conf.d/*.conf;
|
||
include /etc/nginx/sites-enabled/*;
|
||
}
|
||
|
||
|
||
#mail {
|
||
# # See sample authentication script at:
|
||
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||
#
|
||
# # auth_http localhost/auth.php;
|
||
# # pop3_capabilities "TOP" "USER";
|
||
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||
#
|
||
# server {
|
||
# listen localhost:110;
|
||
# protocol pop3;
|
||
# proxy on;
|
||
# }
|
||
#
|
||
# server {
|
||
# listen localhost:143;
|
||
# protocol imap;
|
||
# proxy on;
|
||
# }
|
||
#}
|
||
|
||
# configuration file /etc/nginx/modules-enabled/50-mod-http-auth-pam.conf:
|
||
load_module modules/ngx_http_auth_pam_module.so;
|
||
|
||
# configuration file /etc/nginx/modules-enabled/50-mod-http-dav-ext.conf:
|
||
load_module modules/ngx_http_dav_ext_module.so;
|
||
|
||
# configuration file /etc/nginx/modules-enabled/50-mod-http-echo.conf:
|
||
load_module modules/ngx_http_echo_module.so;
|
||
|
||
# configuration file /etc/nginx/modules-enabled/50-mod-http-geoip.conf:
|
||
load_module modules/ngx_http_geoip_module.so;
|
||
|
||
# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
|
||
load_module modules/ngx_http_image_filter_module.so;
|
||
|
||
# configuration file /etc/nginx/modules-enabled/50-mod-http-subs-filter.conf:
|
||
load_module modules/ngx_http_subs_filter_module.so;
|
||
|
||
# configuration file /etc/nginx/modules-enabled/50-mod-http-upstream-fair.conf:
|
||
load_module modules/ngx_http_upstream_fair_module.so;
|
||
|
||
# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
|
||
load_module modules/ngx_http_xslt_filter_module.so;
|
||
|
||
# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
|
||
load_module modules/ngx_mail_module.so;
|
||
|
||
# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
|
||
load_module modules/ngx_stream_module.so;
|
||
|
||
# configuration file /etc/nginx/mime.types:
|
||
|
||
types {
|
||
text/html html htm shtml;
|
||
text/css css;
|
||
text/xml xml;
|
||
image/gif gif;
|
||
image/jpeg jpeg jpg;
|
||
application/javascript js;
|
||
application/atom+xml atom;
|
||
application/rss+xml rss;
|
||
|
||
text/mathml mml;
|
||
text/plain txt;
|
||
text/vnd.sun.j2me.app-descriptor jad;
|
||
text/vnd.wap.wml wml;
|
||
text/x-component htc;
|
||
|
||
image/png png;
|
||
image/tiff tif tiff;
|
||
image/vnd.wap.wbmp wbmp;
|
||
image/x-icon ico;
|
||
image/x-jng jng;
|
||
image/x-ms-bmp bmp;
|
||
image/svg+xml svg svgz;
|
||
image/webp webp;
|
||
|
||
application/font-woff woff;
|
||
application/java-archive jar war ear;
|
||
application/json json;
|
||
application/mac-binhex40 hqx;
|
||
application/msword doc;
|
||
application/pdf pdf;
|
||
application/postscript ps eps ai;
|
||
application/rtf rtf;
|
||
application/vnd.apple.mpegurl m3u8;
|
||
application/vnd.ms-excel xls;
|
||
application/vnd.ms-fontobject eot;
|
||
application/vnd.ms-powerpoint ppt;
|
||
application/vnd.wap.wmlc wmlc;
|
||
application/vnd.google-earth.kml+xml kml;
|
||
application/vnd.google-earth.kmz kmz;
|
||
application/x-7z-compressed 7z;
|
||
application/x-cocoa cco;
|
||
application/x-java-archive-diff jardiff;
|
||
application/x-java-jnlp-file jnlp;
|
||
application/x-makeself run;
|
||
application/x-perl pl pm;
|
||
application/x-pilot prc pdb;
|
||
application/x-rar-compressed rar;
|
||
application/x-redhat-package-manager rpm;
|
||
application/x-sea sea;
|
||
application/x-shockwave-flash swf;
|
||
application/x-stuffit sit;
|
||
application/x-tcl tcl tk;
|
||
application/x-x509-ca-cert der pem crt;
|
||
application/x-xpinstall xpi;
|
||
application/xhtml+xml xhtml;
|
||
application/xspf+xml xspf;
|
||
application/zip zip;
|
||
|
||
application/octet-stream bin exe dll;
|
||
application/octet-stream deb;
|
||
application/octet-stream dmg;
|
||
application/octet-stream iso img;
|
||
application/octet-stream msi msp msm;
|
||
|
||
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
|
||
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
|
||
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
|
||
|
||
audio/midi mid midi kar;
|
||
audio/mpeg mp3;
|
||
audio/ogg ogg;
|
||
audio/x-m4a m4a;
|
||
audio/x-realaudio ra;
|
||
|
||
video/3gpp 3gpp 3gp;
|
||
video/mp2t ts;
|
||
video/mp4 mp4;
|
||
video/mpeg mpeg mpg;
|
||
video/quicktime mov;
|
||
video/webm webm;
|
||
video/x-flv flv;
|
||
video/x-m4v m4v;
|
||
video/x-mng mng;
|
||
video/x-ms-asf asx asf;
|
||
video/x-ms-wmv wmv;
|
||
video/x-msvideo avi;
|
||
}
|
||
|
||
# configuration file /etc/nginx/sites-enabled/default:
|
||
##
|
||
# You should look at the following URL's in order to grasp a solid understanding
|
||
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
||
# https://www.nginx.com/resources/wiki/start/
|
||
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
|
||
# https://wiki.debian.org/Nginx/DirectoryStructure
|
||
#
|
||
# In most cases, administrators will remove this file from sites-enabled/ and
|
||
# leave it as reference inside of sites-available where it will continue to be
|
||
# updated by the nginx packaging team.
|
||
#
|
||
# This file will automatically load configuration files provided by other
|
||
# applications, such as Drupal or Wordpress. These applications will be made
|
||
# available underneath a path with that package name, such as /drupal8.
|
||
#
|
||
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
|
||
##
|
||
|
||
# Default server configuration
|
||
#
|
||
server {
|
||
listen 80 default_server;
|
||
listen [::]:80 default_server;
|
||
|
||
# SSL configuration
|
||
#
|
||
# listen 443 ssl default_server;
|
||
# listen [::]:443 ssl default_server;
|
||
#
|
||
# Note: You should disable gzip for SSL traffic.
|
||
# See: https://bugs.debian.org/773332
|
||
#
|
||
# Read up on ssl_ciphers to ensure a secure configuration.
|
||
# See: https://bugs.debian.org/765782
|
||
#
|
||
# Self signed certs generated by the ssl-cert package
|
||
# Don't use them in a production server!
|
||
#
|
||
# include snippets/snakeoil.conf;
|
||
|
||
#root /var/www/html;
|
||
|
||
# Add index.php to the list if you are using PHP
|
||
#index index.html index.htm index.nginx-debian.html;
|
||
|
||
server_name _;
|
||
|
||
# auth_basic "Restricted Content";
|
||
# auth_basic_user_file /etc/nginx/.htpasswd;
|
||
|
||
|
||
#location / {
|
||
# First attempt to serve request as file, then
|
||
# as directory, then fall back to displaying a 404.
|
||
# try_files $uri $uri/ =404;
|
||
#}
|
||
#
|
||
|
||
# pass PHP scripts to FastCGI server
|
||
#
|
||
#location ~ \.php$ {
|
||
# include snippets/fastcgi-php.conf;
|
||
#
|
||
# # With php-fpm (or other unix sockets):
|
||
# fastcgi_pass unix:/run/php/php7.3-fpm.sock;
|
||
# # With php-cgi (or other tcp sockets):
|
||
# fastcgi_pass 127.0.0.1:9000;
|
||
#}
|
||
|
||
# deny access to .htaccess files, if Apache's document root
|
||
# concurs with nginx's one
|
||
#
|
||
#location ~ /\.ht {
|
||
# deny all;
|
||
#}
|
||
return 444;
|
||
}
|
||
|
||
|
||
# Virtual Host configuration for example.com
|
||
#
|
||
# You can move that to a different file under sites-available/ and symlink that
|
||
# to sites-enabled/ to enable it.
|
||
#
|
||
#server {
|
||
# listen 80;
|
||
# listen [::]:80;
|
||
#
|
||
# server_name example.com;
|
||
#
|
||
# root /var/www/example.com;
|
||
# index index.html;
|
||
#
|
||
# location / {
|
||
# try_files $uri $uri/ =404;
|
||
# }
|
||
#}
|
||
|
||
#server {
|
||
|
||
# SSL configuration
|
||
#
|
||
# listen 443 ssl default_server;
|
||
# listen [::]:443 ssl default_server;
|
||
#
|
||
# Note: You should disable gzip for SSL traffic.
|
||
# See: https://bugs.debian.org/773332
|
||
#
|
||
# Read up on ssl_ciphers to ensure a secure configuration.
|
||
# See: https://bugs.debian.org/765782
|
||
#
|
||
# Self signed certs generated by the ssl-cert package
|
||
# Don't use them in a production server!
|
||
#
|
||
# include snippets/snakeoil.conf;
|
||
|
||
#root /var/www/html;
|
||
|
||
# Add index.php to the list if you are using PHP
|
||
#index index.html index.htm index.nginx-debian.html;
|
||
# server_name flightlogs.onesec.com; # managed by Certbot
|
||
|
||
# auth_basic "Restricted Content";
|
||
# auth_basic_user_file /etc/nginx/.htpasswd;
|
||
|
||
|
||
#location / {
|
||
# First attempt to serve request as file, then
|
||
# as directory, then fall back to displaying a 404.
|
||
# try_files $uri $uri/ =404;
|
||
#}
|
||
#
|
||
|
||
# pass PHP scripts to FastCGI server
|
||
#
|
||
#location ~ \.php$ {
|
||
# include snippets/fastcgi-php.conf;
|
||
#
|
||
# # With php-fpm (or other unix sockets):
|
||
# fastcgi_pass unix:/run/php/php7.3-fpm.sock;
|
||
# # With php-cgi (or other tcp sockets):
|
||
# fastcgi_pass 127.0.0.1:9000;
|
||
#}
|
||
|
||
# deny access to .htaccess files, if Apache's document root
|
||
# concurs with nginx's one
|
||
#
|
||
#location ~ /\.ht {
|
||
# deny all;
|
||
#}
|
||
# return 444;
|
||
|
||
|
||
# listen [::]:443 ssl; # managed by Certbot
|
||
# listen 443 ssl; # managed by Certbot
|
||
# ssl_certificate /etc/letsencrypt/live/flightlogs.onesec.com/fullchain.pem; # managed by Certbot
|
||
# ssl_certificate_key /etc/letsencrypt/live/flightlogs.onesec.com/privkey.pem; # managed by Certbot
|
||
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||
|
||
#}
|
||
#server {
|
||
# if ($host = flightlogs.onesec.com) {
|
||
# return 301 https://$host$request_uri;
|
||
# } # managed by Certbot
|
||
|
||
|
||
# listen 80 ;
|
||
# listen [::]:80 ;
|
||
# server_name flightlogs.onesec.com;
|
||
# return 404; # managed by Certbot
|
||
|
||
|
||
#}
|
||
|
||
# configuration file /etc/nginx/sites-enabled/dev.onesecdelivery.com:
|
||
server {
|
||
|
||
server_name dev.onesecdelivery.com;
|
||
|
||
root /var/www/dev;
|
||
index index.html;
|
||
location / {
|
||
try_files $uri $uri/ =404;
|
||
|
||
}
|
||
|
||
|
||
|
||
listen 443 ssl; # managed by Certbot
|
||
ssl_certificate /etc/letsencrypt/live/dev.onesecdelivery.com/fullchain.pem; # managed by Certbot
|
||
ssl_certificate_key /etc/letsencrypt/live/dev.onesecdelivery.com/privkey.pem; # managed by Certbot
|
||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||
|
||
|
||
}
|
||
|
||
server {
|
||
if ($host = dev.onesecdelivery.com) {
|
||
return 301 https://$host$request_uri;
|
||
} # managed by Certbot
|
||
|
||
|
||
|
||
server_name dev.onesecdelivery.com;
|
||
listen 80;
|
||
return 404; # managed by Certbot
|
||
|
||
|
||
}
|
||
|
||
# configuration file /etc/letsencrypt/options-ssl-nginx.conf:
|
||
# This file contains important security parameters. If you modify this file
|
||
# manually, Certbot will be unable to automatically provide future security
|
||
# updates. Instead, Certbot will print and log an error message with a path to
|
||
# the up-to-date file that you will need to refer to when manually updating
|
||
# this file. Contents are based on https://ssl-config.mozilla.org
|
||
|
||
ssl_session_cache shared:le_nginx_SSL:10m;
|
||
ssl_session_timeout 1440m;
|
||
ssl_session_tickets off;
|
||
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
ssl_prefer_server_ciphers off;
|
||
|
||
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
|
||
|
||
# configuration file /etc/nginx/sites-enabled/flight_review:
|
||
#server {
|
||
# listen 80 default_server;
|
||
# return 403;
|
||
#}
|
||
|
||
#server {
|
||
# listen 443 default_server;
|
||
# return 403;
|
||
#}
|
||
|
||
server {
|
||
|
||
server_name testlogs.onesec.com;
|
||
|
||
proxy_connect_timeout 180s;
|
||
proxy_read_timeout 180s;
|
||
proxy_send_timeout 180s;
|
||
charset utf-8;
|
||
|
||
client_max_body_size 100M;
|
||
|
||
location / {
|
||
proxy_request_buffering off;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade"; proxy_http_version 1.1;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header Host $host; #:$server_port;
|
||
proxy_set_header Host $host;
|
||
proxy_pass http://127.0.0.1:5006;
|
||
|
||
auth_basic "Restricted Content";
|
||
auth_basic_user_file /etc/nginx/.htpasswd;
|
||
}
|
||
|
||
listen [::]:443 ssl ipv6only=on; # managed by Certbot
|
||
listen 443 ssl; # managed by Certbot
|
||
ssl_certificate /etc/letsencrypt/live/testlogs.onesec.com/fullchain.pem; # managed by Certbot
|
||
ssl_certificate_key /etc/letsencrypt/live/testlogs.onesec.com/privkey.pem; # managed by Certbot
|
||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||
|
||
}
|
||
server {
|
||
if ($host = testlogs.onesec.com) {
|
||
return 301 https://$host$request_uri;
|
||
} # managed by Certbot
|
||
|
||
|
||
listen 80;
|
||
listen [::]:80;
|
||
|
||
server_name testlogs.onesec.com;
|
||
return 404; # managed by Certbot
|
||
|
||
|
||
}
|
||
|
||
#server {
|
||
# if ($host = testlogs.onesec.com) {
|
||
# return 301 https://$host$request_uri;
|
||
# } # managed by Certbot
|
||
|
||
|
||
# listen 80;
|
||
# listen [::]:80;
|
||
|
||
# server_name 37.120.177.0;
|
||
# return 404; # managed by Certbot
|
||
|
||
|
||
#}
|
||
|
||
# server { listen 37.120.177.0:5006; return 301 https://testlogs.onesec.com; }
|
||
# server { listen 37.120.177.0:5006; return 301 https://testlogs.onesec.com; }
|
||
|
||
# server {
|
||
# listen 5006 default_server;
|
||
# listen [::]:5006 default_server;
|
||
#
|
||
# return 444;
|
||
# }
|
||
|
||
# configuration file /etc/nginx/sites-enabled/flight_review_test:
|
||
server {
|
||
|
||
server_name flightlogs.onesec.com;
|
||
|
||
proxy_connect_timeout 180s;
|
||
proxy_read_timeout 180s;
|
||
proxy_send_timeout 180s;
|
||
charset utf-8;
|
||
|
||
client_max_body_size 150M;
|
||
|
||
location / {
|
||
proxy_pass http://localhost:5007/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_set_header X-Forwarded-Protocol $scheme;
|
||
proxy_set_header X-Forwarded-Host $http_host;
|
||
|
||
auth_basic "Restricted Content";
|
||
auth_basic_user_file /etc/nginx/.htpasswd;
|
||
}
|
||
|
||
listen 443 ssl; # managed by Certbot
|
||
ssl_certificate /etc/letsencrypt/live/flightlogs.onesec.com/fullchain.pem; # managed by Certbot
|
||
ssl_certificate_key /etc/letsencrypt/live/flightlogs.onesec.com/privkey.pem; # managed by Certbot
|
||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||
|
||
}
|
||
|
||
server {
|
||
if ($host = flightlogs.onesec.com) {
|
||
return 301 https://$host$request_uri;
|
||
} # managed by Certbot
|
||
|
||
|
||
|
||
server_name flightlogs.onesec.com;
|
||
listen 80;
|
||
return 404; # managed by Certbot
|
||
|
||
|
||
}
|
||
|
||
# configuration file /etc/nginx/sites-enabled/foxglove:
|
||
server {
|
||
|
||
server_name foxglove.onesec.com;
|
||
|
||
location / {
|
||
proxy_pass http://localhost:8080/;
|
||
proxy_http_version 1.1;
|
||
proxy_set_header Upgrade $http_upgrade;
|
||
proxy_set_header Connection "upgrade";
|
||
proxy_set_header Host $host;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Forwarded-Proto $scheme;
|
||
proxy_set_header X-Forwarded-Protocol $scheme;
|
||
proxy_set_header X-Forwarded-Host $http_host;
|
||
|
||
auth_basic "Restricted Content";
|
||
auth_basic_user_file /etc/nginx/.htpasswd;
|
||
}
|
||
|
||
listen 443 ssl; # managed by Certbot
|
||
ssl_certificate /etc/letsencrypt/live/foxglove.onesec.com/fullchain.pem; # managed by Certbot
|
||
ssl_certificate_key /etc/letsencrypt/live/foxglove.onesec.com/privkey.pem; # managed by Certbot
|
||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||
|
||
}
|
||
|
||
server {
|
||
if ($host = foxglove.onesec.com) {
|
||
return 301 https://$host$request_uri;
|
||
} # managed by Certbot
|
||
|
||
|
||
|
||
server_name foxglove.onesec.com;
|
||
listen 80;
|
||
return 404; # managed by Certbot
|
||
|
||
|
||
}
|
||
|
||
/etc/nginx/sites-enabled/flight_review_test:3: server_name flightlogs.onesec.com;
|
||
/etc/nginx/sites-enabled/flight_review_test:43: server_name flightlogs.onesec.com;
|
||
/etc/nginx/sites-enabled/flight_review:13: server_name testlogs.onesec.com;
|
||
/etc/nginx/sites-enabled/flight_review:52: server_name testlogs.onesec.com;
|
||
/etc/nginx/sites-enabled/flight_review:67:# server_name 37.120.177.0;
|
||
/etc/nginx/sites-enabled/dev.onesecdelivery.com:3: server_name dev.onesecdelivery.com;
|
||
/etc/nginx/sites-enabled/dev.onesecdelivery.com:30: server_name dev.onesecdelivery.com;
|
||
/etc/nginx/sites-enabled/foxglove:3: server_name foxglove.onesec.com;
|
||
/etc/nginx/sites-enabled/foxglove:36: server_name foxglove.onesec.com;
|
||
/etc/nginx/sites-enabled/default:46: server_name _;
|
||
/etc/nginx/sites-enabled/default:89:# server_name example.com;
|
||
/etc/nginx/sites-enabled/default:121: # server_name flightlogs.onesec.com; # managed by Certbot
|
||
/etc/nginx/sites-enabled/default:170: # server_name flightlogs.onesec.com;
|
||
```
|
||
|
||
|
||
```
|
||
|
||
Configuration file '/etc/systemd/resolved.conf'
|
||
==> Modified (by you or by a script) since installation.
|
||
==> Package distributor has shipped an updated version.
|
||
What would you like to do about it ? Your options are:
|
||
Y or I : install the package maintainer's version
|
||
N or O : keep your currently-installed version
|
||
D : show the differences between the versions
|
||
Z : start a shell to examine the situation
|
||
The default action is to keep your current version.
|
||
*** resolved.conf (Y/I/N/O/D/Z) [default=N] ? d
|
||
--- /etc/systemd/resolved.conf 2022-04-19 08:55:09.981114632 +0200
|
||
+++ /etc/systemd/resolved.conf.dpkg-new 2025-06-26 02:44:53.000000000 +0200
|
||
@@ -12,13 +12,19 @@
|
||
# See resolved.conf(5) for details
|
||
|
||
[Resolve]
|
||
-DNS=46.38.225.230 46.38.252.230 2a03:4000:8000::fce6 2a03:4000:0:1::e1e6
|
||
+# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
|
||
+# Cloudflare: 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
|
||
+# Google: 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
|
||
+# Quad9: 9.9.9.9 2620:fe::fe
|
||
+#DNS=
|
||
#FallbackDNS=
|
||
#Domains=
|
||
-LLMNR=no
|
||
-MulticastDNS=no
|
||
-DNSSEC=allow-downgrade
|
||
-DNSOverTLS=no
|
||
-Cache=yes
|
||
-DNSStubListener=yes
|
||
-ReadEtcHosts=yes
|
||
+#DNSSEC=no
|
||
+#DNSOverTLS=no
|
||
+#MulticastDNS=yes
|
||
+#LLMNR=yes
|
||
+#Cache=yes
|
||
+#DNSStubListener=yes
|
||
+#DNSStubListenerExtra=
|
||
+#ReadEtcHosts=yes
|
||
+#ResolveUnicastSingleLabel=no
|
||
|
||
Configuration file '/etc/systemd/resolved.conf'
|
||
```
|
||
|
||
|
||
![[Pasted image 20250922115441.png]]
|
||
# Footnotes
|
||
[^1]: An A record **maps a domain name to the IP address (Version 4) of the computer hosting the domain**. An A record uses a domain name to find the IP address of a computer connected to the internet. The A in A record stands for Address. |