既存サーバ(Ubuntu 16.04 LTS)からの移行を行ったときのメモ
- 設定する構成:network port mapping
| ext | in | service |
|---|---|---|
| 80 | 80 | docker:gitlab |
| 443 | 443 | docker:gitlab |
| 30080 | 80 | docker:kerberos |
| 40443 | 443 | docker:nextcloud |
| 40080 | 80 | docker:nextcloud |
| 50000 | - | webmin |
Server Nmae: [Hogehoge.com]
まずは環境設定
Let's Encrypt Setting
- インストール
$> apt install certbot
$> apt update
$> apt upgrade
- BackupとRestore
$>tar cvzf letsencrypt_backup.tar.gz /etc/letsencrypt
- 更新する
$> certbot renew --standalone
Webmin Setting
- インストール
$> apt -y install python apt-show-versions libapt-pkg-perl libauthen-pam-perl libio-pty-perl libnet-ssleay-perl unzip
$> curl -L -O http://www.webmin.com/download/deb/webmin-current.deb
$> systemctl restart smbd
$> dpkg -i webmin-current.deb
$> systemctl restart webmin
- Let's Encrypt設定
Webmin -> Webmin Configuration -> SSL Encryption -> SSL Setings ->
Private Key file : /etc/letsencrypt/live/Hogehoge.com/privkey.pem
Certificate file : /etc/letsencrypt/live/Hogehoge.com/fullchain.pem
- ポート変更
Webmin -> Webmin Configuration -> Ports and Addresses ->
Listen on port : 10000 -> 50000
- アクセスして確認
https://Hogehoge.com:50000/
Docker Setting
前提:インストールオプションでDockerはインストール済み
- Create directory
$> mkdir docker
$> mkdir docker/gitlab
$> mkdir docker/nextcloud
$> mkdir docker/kerberos_usb
- CUI 管理ツール : Lazydocker インストール
$> curl https://raw.githubusercontent.com/jesseduffield/lazydocker/master/scripts/install_update_linux.sh | bash
- アクセスして確認
$> lazydocker
Gitlab Setting @ docker
- ディレクトリ作成と認証ファイルのシンボリックリンク
$> cd gitlab
$> ln -s /etc/letsencrypt letsencrypt
- docker-compose.yaml
version: '3'
services:
gitlab:
container_name: gitlabC0
image: 'gitlab/gitlab-ce:12.5.3-ce.0'
restart: always
hostname: 'hogehoge.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://hogehoge.com'
gitlab_rails['time_zone'] = 'Asia/Tokyo'
nginx['ssl_certificate'] = "/etc/letsencrypt/live/hogehoge.com/cert.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/hogehoge.com/privkey.pem"
ports:
\- "80:80"
\- "443:443"
volumes:
\- ${PWD}/letsencrypt:/etc/letsencrypt
\- ${PWD}/config:/etc/gitlab
\- ${PWD}/logs:/var/log/gitlab
\- ${PWD}/data:/var/opt/gitlab
original環境のBackup。original環境とrestore先は同じバージョンにする必要がある
$> docker exec -it gitlabC0 bash
$> gitlab-rake gitlab:backup:create
-> /var/opt/gitlab/backup
日付_gitlab_backup.tar
- 設定ファイルのBackup
$> tar -zcvf ~/$(date "+%s_%Y_%m_%d_etc_gitlab.tar.gz") -C /etc gitlab
-> 日付_etc_gitlab.tar.gz
- dockerのマウントしているVolumeにコピー
$> cp 1593628898_2020_07_02_12.5.3_gitlab_backup.tar docker/gitlab/data/backups/
- Restore
一度新規でGitlabを立ち上げる。初期化まで多少の時間がかかる。
gitlabは止めずに実行する。
$> docker exec -it gitlabC0 bash
docker/configの内容を設定ファイルで保存した内容で上書き
$> gitlab-rake gitlab:backup:restore BACKUP=1593628898_2020_07_02_12.5.3
Unpacking backup ... done
Before restoring the database, we will remove all existing
tables to avoid future upgrade problems. Be aware that if you have
custom tables in the GitLab database these tables and all data will be
removed.
::
Do you want to continue (yes/no)? yes
Removing all tables. Press `Ctrl-C` within 5 seconds to abort
2020-07-24 02:03:52 +0000 -- Cleaning the database ...
::
This task will now rebuild the authorized_keys file.
You will lose any data stored in the authorized_keys file.
Do you want to continue (yes/no)? yes
- 再構築と再起動
$> gitlab-ctl reconfigure
$> gitlab-ctl restart
Nextcloud Setting @ docker
- ディレクトリ作成と認証ファイルのシンボリックリンク
$> cd nextcloud
$> docker network create lb_web
$> ln -s /etc/letsencrypt letsencrypt
$> touch docker-compose.yaml
$> touch nginx.conf
- docker-compose.yaml
version: '2'
networks:
lb_web:
external: true
back:
driver: bridge
services:
web:
image: nginx
volumes:
\- ./nginx.conf:/etc/nginx/nginx.conf:ro
\- ./letsencrypt:/etc/letsencrypt:ro
links:
\- app
volumes_from:
\- app
environment:
\- VIRTUAL_HOST
networks:
\- back
\- lb_web
ports:
\- 40080:80
\- 40443:443
app:
image: nextcloud:fpm
links:
\- db
volumes:
\- ./data/apps:/var/www/html/apps
\- ./data/config:/var/www/html/config
\- ./data/data:/var/www/html/data
networks:
\- back
db:
image: mysql
volumes:
\- ./mysql/runtime:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: fmrx98v
networks:
\- back
cron:
image: nextcloud:fpm
links:
\- db
volumes_from:
\- app
user: www-data
entrypoint: |
bash -c 'bash -s <
nginx.conf
user www-data;
events {
worker_connections 768;
}
http {
upstream backend {
server app:9000;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/hogehoge.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/hogehoge.com/privkey.pem;
# Add headers to serve security related headers
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
client_max_body_size 1G;
fastcgi_buffers 64 4K;
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location / {
rewrite ^ /index.php$uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
#Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass backend;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to
# have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into
# this topic first.
# add_header Strict-Transport-Security "max-age=15768000;
# includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}
}
アクセスして確認
https://hogehoge.com:40443/
ユーザ名: 任意のユーザ名
パスワード: 任意のパスワード
データベースを設定してください: MySQL/MariaDBを選択
データベースのユーザ名:root
データベースのパスワード: docker-compose.yamlに記入したもの
データベース名: nextcloud
データベースのホスト名: db
Timeoutになっても問題ない。十分待つこと。PC Spec次第であるが、完了まで多少の時間がかかる。
完了前にアクセスすると初期画面のままなので、そのまま進めると多重処理でエラーとなる。
refer:
https://denor.jp/docker-for-windows%E3%81%A7nextcloud%E3%82%B5%E3%83%BC%E3%83%90%E6%A7%8B%E7%AF%89
Kerberos.io Setting @ docker
ディレクトリ作成と認証ファイルのシンボリックリンク
$> cd kerberos_usb
$> touch docker-compose.yaml
docker-compose.yaml
version: '2'
services:
app_krb:
image: kerberos/kerberos
devices:
\- /dev/video0:/dev/video0:mwr
environment:
\- VIRTUAL_HOST
\- TZ=Asia/Tokyo
ports:
\- 30080:80
\- 8889:8889
volumes:
\- ./kerberosio:/etc/opt/kerberosio
アクセスして確認
http://hogehoge.com:3380/
USB UVCカメラ設定
LoginしてConfiguration->Machinery->Advanced設定->Capture->USBcamera
ストリーム確認
http://user:pass@hogehoge.com:8889/mjpeg