sysadmin
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédenteDernière révisionLes deux révisions suivantes | ||
sysadmin [2020/01/31 17:36] – lpieri | sysadmin [2020/12/08 15:05] – lpieri | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
====== Administration système ====== | ====== Administration système ====== | ||
+ | |||
+ | ===== Configuration du serveur ===== | ||
+ | |||
+ | ==== SSH ==== | ||
+ | |||
+ | < | ||
+ | vim / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | PermitRootLogin prohibit-password # Empêche l' | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | systemctl restart sshd.service | ||
+ | </ | ||
+ | |||
+ | ==== Timezone ==== | ||
+ | |||
+ | < | ||
+ | dpkg-reconfigure tzdata | ||
+ | </ | ||
+ | |||
+ | ==== Updates ==== | ||
+ | |||
+ | < | ||
+ | apt update && apt upgrade -y | ||
+ | </ | ||
+ | |||
+ | Si demandé, conserver le fichier source. | ||
+ | |||
+ | ==== MySQL ==== | ||
+ | |||
+ | < | ||
+ | apt install mysql-server | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | mysql_secure_installation | ||
+ | |||
+ | VALIDATE PASSWORD PLUGIN No | ||
+ | |||
+ | Please set the password for root here. | ||
+ | |||
+ | New password: | ||
+ | |||
+ | Re-enter new password: | ||
+ | |||
+ | Yes pour chacune des étapes suivantes | ||
+ | </ | ||
+ | |||
+ | **Connexion à mysql par mot de passe** | ||
+ | |||
+ | < | ||
+ | mysql | ||
+ | </ | ||
+ | |||
+ | > En prenant soin de changer <hi # | ||
+ | |||
+ | < | ||
+ | mysql> ALTER USER ' | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | mysql> FLUSH PRIVILEGES; | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | mysql> exit | ||
+ | </ | ||
+ | |||
+ | ==== PHP ==== | ||
+ | |||
+ | < | ||
+ | apt install php-fpm php-mysql php-ctype php-iconv php-intl php-gd php-xml php-zip php-mbstring | ||
+ | </ | ||
+ | |||
+ | === Composer === | ||
+ | |||
+ | < | ||
+ | php -r " | ||
+ | php -r "if (hash_file(' | ||
+ | php composer-setup.php && \ | ||
+ | php -r " | ||
+ | mv composer.phar / | ||
+ | composer -v | ||
+ | </ | ||
+ | |||
+ | ==== Symfony ==== | ||
+ | |||
+ | < | ||
+ | wget https:// | ||
+ | mv ~/ | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | cp .env .env.local | ||
+ | </ | ||
+ | |||
+ | > Remplir .env.local avec les valeurs de productions | ||
+ | |||
+ | < | ||
+ | symfony composer install --no-dev --optimize-autoloader | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | symfony check: | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | symfony console doctrine: | ||
+ | symfony console doctrine: | ||
+ | symfony console doctrine: | ||
+ | </ | ||
+ | |||
+ | ==== Nginx ==== | ||
+ | |||
+ | < | ||
+ | apt install nginx | ||
+ | </ | ||
+ | |||
+ | === Virtual host === | ||
+ | |||
+ | < | ||
+ | vim / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | server { | ||
+ | server_name mybusiness.betterb.fr; | ||
+ | root / | ||
+ | |||
+ | location / { | ||
+ | try_files $uri / | ||
+ | } | ||
+ | |||
+ | location ~ ^/ | ||
+ | fastcgi_pass unix:/ | ||
+ | fastcgi_split_path_info ^(.+\.php)(/ | ||
+ | include fastcgi_params; | ||
+ | fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; | ||
+ | fastcgi_param DOCUMENT_ROOT $realpath_root; | ||
+ | internal; | ||
+ | } | ||
+ | |||
+ | location ~ \.php$ { | ||
+ | return 404; | ||
+ | } | ||
+ | |||
+ | error_log / | ||
+ | access_log / | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | unlink / | ||
+ | ln -s / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | nginx -t | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | systemctl reload nginx | ||
+ | </ | ||
===== Ajouter un nouvel utilisateur sur un serveur ===== | ===== Ajouter un nouvel utilisateur sur un serveur ===== | ||
Ligne 109: | Ligne 275: | ||
[[https:// | [[https:// | ||
- | Le fichier de configuration global d' | + | Le fichier de configuration global d' |
* les informations de connexions au serveur smtp | * les informations de connexions au serveur smtp | ||
* la liste des destinataires des alertes | * la liste des destinataires des alertes | ||
Ligne 135: | Ligne 301: | ||
* relancer prometheus avec **sudo systemctl restart prometheus** | * relancer prometheus avec **sudo systemctl restart prometheus** | ||
+ | ===== Monitorer CouchDB ===== | ||
+ | |||
+ | Exporter Prometheus pour CouchDB : [[https:// | ||
+ | |||
+ | Cet exporter fonctionne exclusivement avec Docker il faut donc l' | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | Il faut ajouter l' | ||
+ | |||
+ | < | ||
+ | |||
+ | Puis se reconnecter. | ||
+ | |||
+ | L' | ||
+ | |||
+ | < | ||
+ | docker run -d --restart always -p 9984:9984 gesellix/ | ||
+ | </ | ||
+ | |||
+ | Ajouter l' | ||
+ | |||
+ | < | ||
+ | - job_name: ' | ||
+ | scrape_interval: | ||
+ | static_configs: | ||
+ | - targets: [' | ||
+ | </ | ||
+ | |||
+ | Ajouter une rêgle d' | ||
+ | |||
+ | < | ||
+ | dev@ubuntu1804-betterb-dev: | ||
+ | groups: | ||
+ | - name: couchdb.rules | ||
+ | rules: | ||
+ | - alert: CouchDbDownAlert | ||
+ | expr: absent(couchdb_httpd_up) or couchdb_https_up < 1 | ||
+ | for: 1m | ||
+ | annotations: | ||
+ | summary: CouchDB Node Down | ||
+ | </ | ||