既存サーバ(Ubuntu 16.04 LTS)からの移行を行ったときのメモ
- 設定する構成:network port mapping
| ext | in | service |
|---|---|---|
| 80 | 80 | docker:gitlab |
| 443 | 443 | docker:gitlab |
| 30080 | 80 | docker:kerberos |
| 40443 | 443 | docker:nextcloud |
| 40080 | 80 | docker:nextcloud |
| 50000 | - | webmin |
Server Nmae: [Hogehoge.com]
まずは環境設定
Let's Encrypt Setting
-
インストール
$> apt install certbot $> apt update $> apt upgrade -
BackupとRestore
$>tar cvzf letsencrypt_backup.tar.gz /etc/letsencrypt -
更新する
$> certbot renew --standalone
Webmin Setting
-
インストール
$> apt -y install python apt-show-versions libapt-pkg-perl libauthen-pam-perl libio-pty-perl libnet-ssleay-perl unzip $> curl -L -O http://www.webmin.com/download/deb/webmin-current.deb $> systemctl restart smbd $> dpkg -i webmin-current.deb $> systemctl restart webmin -
Let's Encrypt設定
Webmin -> Webmin Configuration -> SSL Encryption -> SSL Setings -> Private Key file : /etc/letsencrypt/live/Hogehoge.com/privkey.pem Certificate file : /etc/letsencrypt/live/Hogehoge.com/fullchain.pem -
ポート変更
Webmin -> Webmin Configuration -> Ports and Addresses -> Listen on port : 10000 -> 50000 アクセスして確認
https://Hogehoge.com:50000/
Docker Setting
前提:インストールオプションでDockerはインストール済み
-
Create directory
$> mkdir docker $> mkdir docker/gitlab $> mkdir docker/nextcloud $> mkdir docker/kerberos_usb -
CUI 管理ツール : Lazydocker インストール
$> curl https://raw.githubusercontent.com/jesseduffield/lazydocker/master/scripts/install_update_linux.sh | bash -
アクセスして確認
$> lazydocker
Gitlab Setting @ docker
-
ディレクトリ作成と認証ファイルのシンボリックリンク
$> cd gitlab $> ln -s /etc/letsencrypt letsencrypt -
docker-compose.yaml
version: '3' services: gitlab: container_name: gitlabC0 image: 'gitlab/gitlab-ce:12.5.3-ce.0' restart: always hostname: 'hogehoge.com' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://hogehoge.com' gitlab_rails['time_zone'] = 'Asia/Tokyo' nginx['ssl_certificate'] = "/etc/letsencrypt/live/hogehoge.com/cert.pem" nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/hogehoge.com/privkey.pem" ports: - "80:80" - "443:443" volumes: - ${PWD}/letsencrypt:/etc/letsencrypt - ${PWD}/config:/etc/gitlab - ${PWD}/logs:/var/log/gitlab - ${PWD}/data:/var/opt/gitlab
original環境のBackup。original環境とrestore先は同じバージョンにする必要がある
$> docker exec -it gitlabC0 bash
$> gitlab-rake gitlab:backup:create
-> /var/opt/gitlab/backup
日付_gitlab_backup.tar
-
設定ファイルのBackup
$> tar -zcvf ~/$(date "+%s_%Y_%m_%d_etc_gitlab.tar.gz") -C /etc gitlab -> 日付_etc_gitlab.tar.gz -
dockerのマウントしているVolumeにコピー
$> cp 1593628898_2020_07_02_12.5.3_gitlab_backup.tar docker/gitlab/data/backups/ -
Restore
一度新規でGitlabを立ち上げる。初期化まで多少の時間がかかる。
gitlabは止めずに実行する。
$> docker exec -it gitlabC0 bash
docker/configの内容を設定ファイルで保存した内容で上書き
$> gitlab-rake gitlab:backup:restore BACKUP=1593628898_2020_07_02_12.5.3
Unpacking backup ... done
Before restoring the database, we will remove all existing
tables to avoid future upgrade problems. Be aware that if you have
custom tables in the GitLab database these tables and all data will be
removed.
::
Do you want to continue (yes/no)? yes
Removing all tables. Press Ctrl-C within 5 seconds to abort
2020-07-24 02:03:52 +0000 -- Cleaning the database ...
::
This task will now rebuild the authorized_keys file.
You will lose any data stored in the authorized_keys file.
Do you want to continue (yes/no)? yes
- 再構築と再起動
$> gitlab-ctl reconfigure $> gitlab-ctl restart
Nextcloud Setting @ docker
-
ディレクトリ作成と認証ファイルのシンボリックリンク
$> cd nextcloud $> docker network create lb_web $> ln -s /etc/letsencrypt letsencrypt $> touch docker-compose.yaml $> touch nginx.conf -
docker-compose.yaml
version: '2' networks: lb_web: external: true back: driver: bridge services: web: image: nginx volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./letsencrypt:/etc/letsencrypt:ro links: - app volumes_from: - app environment: - VIRTUAL_HOST networks: - back - lb_web ports: - 40080:80 - 40443:443 app: image: nextcloud:fpm links: - db volumes: - ./data/apps:/var/www/html/apps - ./data/config:/var/www/html/config - ./data/data:/var/www/html/data networks: - back db: image: mysql volumes: - ./mysql/runtime:/var/lib/mysql environment: MYSQL_ROOT_PASSWORD: fmrx98v networks: - back cron: image: nextcloud:fpm links: - db volumes_from: - app user: www-data entrypoint: | bash -c 'bash -s <<EOF trap "break;exit" SIGHUP SIGINT SIGTERM while /bin/true; do /usr/local/bin/php /var/www/html/cron.php sleep 900 done EOF' networks: - back
-
nginx.conf
user www-data; events { worker_connections 768; } http { upstream backend { server app:9000; } include /etc/nginx/mime.types; default_type application/octet-stream; server { listen 80; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/hogehoge.com/cert.pem; ssl_certificate_key /etc/letsencrypt/live/hogehoge.com/privkey.pem; Add headers to serve security related headers add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; root /var/www/html; location = /robots.txt { allow all; log_not_found off; access_log off; } location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } client_max_body_size 1G; fastcgi_buffers 64 4K; gzip off; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34]).php(?:$|/) { include fastcgi_params; fastcgi_split_path_info ^(.+.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass backend; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } Adding the cache control header for js and css files Make sure it is BELOW the PHP block location ~* .(?:css|js)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers (It is intended to # have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into # this topic first. # add_header Strict-Transport-Security "max-age=15768000; # includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~* .(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } } } -
アクセスして確認
https://hogehoge.com:40443/- ユーザ名: 任意のユーザ名
- パスワード: 任意のパスワード
- データベースを設定してください: MySQL/MariaDBを選択
- データベースのユーザ名:root
- データベースのパスワード: docker-compose.yamlに記入したもの
- データベース名: nextcloud
- データベースのホスト名: db
Timeoutになっても問題ない。十分待つこと。PC Spec次第であるが、完了まで多少の時間がかかる。
完了前にアクセスすると初期画面のままなので、そのまま進めると多重処理でエラーとなる。
- refer: https://denor.jp/docker-for-windows%E3%81%A7nextcloud%E3%82%B5%E3%83%BC%E3%83%90%E6%A7%8B%E7%AF%89
Kerberos.io Setting @ docker
-
ディレクトリ作成と認証ファイルのシンボリックリンク
$> cd kerberos_usb $> touch docker-compose.yaml -
docker-compose.yaml
version: '2' services: app_krb: image: kerberos/kerberos devices: - /dev/video0:/dev/video0:mwr environment: - VIRTUAL_HOST - TZ=Asia/Tokyo ports: - 30080:80 - 8889:8889 volumes: - ./kerberosio:/etc/opt/kerberosio アクセスして確認
http://hogehoge.com:3380/USB UVCカメラ設定
LoginしてConfiguration->Machinery->Advanced設定->Capture->USBcamera