diff --git a/how-to/How-To-Setup-Nc-Env-In-Ubuntu-Desktop.md b/how-to/How-To-Setup-Nc-Env-In-Ubuntu-Desktop.md index baf8f0b..f78c689 100644 --- a/how-to/How-To-Setup-Nc-Env-In-Ubuntu-Desktop.md +++ b/how-to/How-To-Setup-Nc-Env-In-Ubuntu-Desktop.md @@ -151,26 +151,15 @@ Download from [the official repository](https://github.com/FiloSottile/mkcert/releases) the latest released binary of mkcert, an utility that makes it easy to create locally trusted TLS certificates: ``` -$ pwd -/home/fedora_usr/Documents/nc-env/ -$ mkdir my-local-env -$ cd my-local-env $ wget https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64 ``` -Install a needed dependency for mkcert: - -``` -$ sudo dnf install nss-tools -``` - Rename the mkcert binary by stripping the version: ``` $ mv mkcert-v1.4.4-linux-amd64 mkcert ``` - Make it executable: ``` @@ -181,8 +170,8 @@ ``` $ ./mkcert -install -The local CA is already installed in the system trust store! 👍 -The local CA is now installed in the Firefox and/or Chrome/Chromium trust store (requires browser restart)! 🦊 +Created a new local CA 💥 +The local CA is now installed in the system trust store! ⚡️ ``` Check the local CAROOT folder by issuing the following command. We will need to make the files in that folder available to the containers as well: @@ -197,7 +186,7 @@ ``` $ wget https://codeberg.org/pmarini/nc-env/archive/v20220421.tar.gz -$ tar -xzf v20220421.tar +$ tar -xzf v20220421.tar.gz $ cd nc-env/ ``` diff --git a/templates/template06-nextcloud-db-standalone/provision.sh b/templates/template06-nextcloud-db-standalone/provision.sh index e51a170..d540eff 100644 --- a/templates/template06-nextcloud-db-standalone/provision.sh +++ b/templates/template06-nextcloud-db-standalone/provision.sh @@ -4,9 +4,19 @@ start_time=`date` +echo "provisioning started: ${start_time}" + echo "provisioning started: ${start_time}" -MACHINE_HOSTNAME=nc21-database.localenv.com +#### The user must fill these variables - START + +# Fully Qualified Name: ex. "nc.localenv.com" +MACHINE_HOSTNAME= + +# Nextcloud Installer name (format tar.bz2): ex. "nextcloud-21.0.7.tar.bz2" +NEXTCLOUD_INSTALLER_ARCHIVE= + +#### The user must fill these variables - END SYSTEM_USER=usrv @@ -20,8 +30,6 @@ NETWORK_INTERFACE=eth0 -NEXTCLOUD_INSTALLER_ARCHIVE=nextcloud-21.0.4.tar.bz2 - PHP_INI=/etc/php/7.4/apache2/php.ini hostnamectl set-hostname ${MACHINE_HOSTNAME} diff --git a/templates/template08-haproxy-server/artifacts/haproxy.cfg b/templates/template08-haproxy-server/artifacts/haproxy.cfg index 39c8324..6657558 100644 --- a/templates/template08-haproxy-server/artifacts/haproxy.cfg +++ b/templates/template08-haproxy-server/artifacts/haproxy.cfg @@ -1,46 +1,91 @@ global + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners + stats timeout 30s + user haproxy + group haproxy + daemon # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate + ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 + ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 + ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets + defaults + log global + mode http + option httplog + option dontlognull + timeout connect 5000 + timeout client 50000 + timeout server 50000 + errorfile 400 /etc/haproxy/errors/400.http + errorfile 403 /etc/haproxy/errors/403.http + errorfile 408 /etc/haproxy/errors/408.http + errorfile 500 /etc/haproxy/errors/500.http + errorfile 502 /etc/haproxy/errors/502.http + errorfile 503 /etc/haproxy/errors/503.http + errorfile 504 /etc/haproxy/errors/504.http + frontend nc-frontend + bind *:443 ssl crt /etc/ssl/private/haproxy-server.localenv.com-full.pem + mode http + default_backend nc-webservers + + # Nextcloud Reverse Proxy Configuraiton + # REF: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#haproxy + + acl url_discovery path /.well-known/caldav /.well-known/carddav + + http-request redirect location /remote.php/dav/ code 301 if url_discovery + backend nc-webservers + mode http + balance roundrobin + cookie SERVERID insert + server webserver-node01 #WEBSERVER_NODE01_HOSTNAME#:80 cookie ck_node01 check + server webserver-node02 #WEBSERVER_NODE02_HOSTNAME#:80 cookie ck_node02 check diff --git a/templates/template08-haproxy-server/provision.sh b/templates/template08-haproxy-server/provision.sh index 035fc14..0ee39b5 100644 --- a/templates/template08-haproxy-server/provision.sh +++ b/templates/template08-haproxy-server/provision.sh @@ -4,23 +4,25 @@ start_time=`date` -echo "provisioning started: ${start_time}" +echo "provisioning started: ${start_time}" -MACHINE_HOSTNAME=haproxy-server.localenv.com +#### The user must fill these variables - START + +# Fully Qualified Name +MACHINE_HOSTNAME= + +# Hostname of the first node of the webserver farm +WEBSERVER_NODE01_HOSTNAME= + +# Hostname of the first node of the webserver farm +WEBSERVER_NODE02_HOSTNAME= + +#### The user must fill these variables - END SYSTEM_USER=usrv NETWORK_INTERFACE=eth0 -########################## -## Hostname of the first node of the webserver farm -########################## -WEBSERVER_NODE01_HOSTNAME= - -########################## -## Hostname of the first node of the webserver farm -########################## -WEBSERVER_NODE02_HOSTNAME= hostnamectl set-hostname ${MACHINE_HOSTNAME} @@ -69,6 +71,8 @@ ## Replace the HAproxy configuration file cp /vagrant/artifacts/haproxy.cfg /etc/haproxy/haproxy.cfg +sed -i "s|#WEBSERVER_NODE01_HOSTNAME#|${WEBSERVER_NODE01_HOSTNAME}|g" /etc/haproxy/haproxy.cfg + sed -i "s|#WEBSERVER_NODE02_HOSTNAME#|${WEBSERVER_NODE02_HOSTNAME}|g" /etc/haproxy/haproxy.cfg systemctl status haproxy diff --git a/templates/template09-web-server-node/Vagrantfile b/templates/template09-web-server-node/Vagrantfile index 5a5a280..428d542 100644 --- a/templates/template09-web-server-node/Vagrantfile +++ b/templates/template09-web-server-node/Vagrantfile @@ -14,7 +14,7 @@ config.vm.provider 'lxd' do |lxd| lxd.api_endpoint = 'https://127.0.0.1:8443' lxd.timeout = 10 - lxd.name = 'web.server-XX' + lxd.name = 'your-container-name' # lxd.nesting = nil # lxd.privileged = nil # lxd.ephemeral = false diff --git a/templates/template09-web-server-node/provision.sh b/templates/template09-web-server-node/provision.sh index b59bca5..1b1374f 100644 --- a/templates/template09-web-server-node/provision.sh +++ b/templates/template09-web-server-node/provision.sh @@ -6,48 +6,39 @@ echo "provisioning started: ${start_time}" -MACHINE_HOSTNAME=web-server-XX.localenv.com +#### The user must fill these variables - START + +# Fully Qualified Name +MACHINE_HOSTNAME= + +# Add the installer archive name here +NEXTCLOUD_INSTALLER_ARCHIVE= + +# Database Host +DATABASE_MACHINE_HOSTNAME= + +# If the database already exists, set to 1 (this has no effect momentarily) +DATABASE_ALREADY_EXIST=1 + +# Redis Host +REDIS_MACHINE_HOSTNAME= + +# Redis Port (default is generally 6379) +REDIS_MACHINE_PORT= + +# GlusterFs Host +GLUSTERFS_MACHINE_HOSTNAME= + +# GlusterFs Volume +GLUSTERFS_VOLUME= + +#### The user must fill these variables - END + NEXTCLOUD_USER=usrv NETWORK_INTERFACE=eth0 -############################ -## Add the installer archive name here -############################ -NEXTCLOUD_INSTALLER_ARCHIVE= - -############################ -## Database Host -############################ -DATABASE_MACHINE_HOSTNAME= - -############################ -## If the database already exists, set to 1 (this has no effect momentarily) -############################ -DATABASE_ALREADY_EXIST=1 - -############################ -## Redis Host -############################ -REDIS_MACHINE_HOSTNAME= - -############################ -## Redis Port -############################ -REDIS_MACHINE_PORT=6379 - -############################ -## GlusterFs Host -############################ -GLUSTERFS_MACHINE_HOSTNAME= - -############################ -## GlusterFs Volume -############################ -GLUSTERFS_VOLUME= - - PHP_INI=/etc/php/7.4/apache2/php.ini hostnamectl set-hostname ${MACHINE_HOSTNAME} @@ -162,8 +153,6 @@ echo "START - Mounting GlusterFS filesystem" -cp /vagrant/artifacts/data.mount /etc/systemd/system - mkdir -p /data/nextcloud chown www-data.www-data /data/nextcloud @@ -268,7 +257,7 @@ echo " You can connect with user ${NEXTCLOUD_USER} via ssh (password ${NEXTCLOUD_USER}): ssh ${NEXTCLOUD_USER}@${MACHINE_HOSTNAME}" -echo " You can connect to this Nextcloud instance with the following URL: http://${MACHINE_HOSTNAME}/nextcloud. Login with ${admin_usr}/$admin_usr}" +echo " You can connect to this Nextcloud instance with the following URL: http://${MACHINE_HOSTNAME}. Login with ${admin_usr}/$admin_usr}" echo "provisioning started: ${start_time}" diff --git a/templates/template10-redis-server/provision.sh b/templates/template10-redis-server/provision.sh index c40e61f..07e8296 100644 --- a/templates/template10-redis-server/provision.sh +++ b/templates/template10-redis-server/provision.sh @@ -6,7 +6,12 @@ echo "provisioning started: ${start_time}" -MACHINE_HOSTNAME=redis-server.localenv.com +#### The user must fill these variables - START + +# Fully Qualified Name: ex. "redis.localenv.com" +MACHINE_HOSTNAME= + +#### The user must fill these variables - END SYSTEM_USER=usrv