======= Service wiki.chapril.org =======
Redirection vers le projet Chapril dans le wiki de l'April.
===== Déploiement =====
==== DNS ====
Configuration du fichier DNS :
=(^-^)=root@dns:/etc/bind/zones/masters# git diff
diff --git a/bind/zones/masters/chapril.org b/bind/zones/masters/chapril.org
index a5368c5..cb20fcd 100644
--- a/bind/zones/masters/chapril.org
+++ b/bind/zones/masters/chapril.org
@@ -3,7 +3,7 @@
$TTL 1h
@ IN SOA fip.chapril.org. hostmaster.chapril.org. (
- 2019110400 ; Serial - YYYYMMDDnn
+ 2020010801 ; Serial - YYYYMMDDnn
4h ; Refresh
1h ; Retry
1w ; Expire
@@ -50,6 +50,10 @@ icinga2 CNAME galanga.april.org.
backup CNAME icinga2
myip CNAME icinga2
+; redirections
+wiki CNAME fip
+
; XMPP (old)
muc.xmpp CNAME xmpp
echo.xmpp CNAME xmpp
Activation :
rndc reload chapril.org in external
==== Bastion ====
Configuration du certificat SSL :
=(^-^)=root@bastion:/etc# git diff dehydrated/domains.txt
diff --git a/dehydrated/domains.txt b/dehydrated/domains.txt
index b53ff9c..662eb8a 100644
--- a/dehydrated/domains.txt
+++ b/dehydrated/domains.txt
@@ -15,3 +15,5 @@ pad.chapril.org
valise.chapril.org
xmpp.chapril.org upload-xmpp.chapril.org
drop.chapril.org
+wiki.chapril.org
Activation :
dehydrated -c
Configuration du serveur web sur la vm bastion :
=(^-^)=root@bastion:/etc/nginx/sites-available# cat wiki.chapril.org
server {
listen 80;
listen [::]:80;
server_name wiki.chapril.org;
access_log /var/log/nginx/wiki.chapril.org/wiki.chapril.org.access_log;
error_log /var/log/nginx/wiki.chapril.org/wiki.chapril.org.error_log;
# include /etc/nginx/custom_50x;
include /etc/nginx/acme-challenge;
include /etc/nginx/sexy-chapril;
include /etc/nginx/force-ssl.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl on;
server_name wiki.chapril.org;
access_log /var/log/nginx/wiki.chapril.org/wiki.chapril.org.access_log;
error_log /var/log/nginx/wiki.chapril.org/wiki.chapril.org.error_log;
# include /etc/nginx/custom_50x;
ssl_certificate /var/lib/dehydrated/certs/wiki.chapril.org/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/wiki.chapril.org/privkey.pem;
include /etc/nginx/acme-challenge;
include /etc/nginx/sexy-chapril;
return 301 https://wiki.april.org/w/Chapril;
}
Création du dossier de logs :
mkdir /var/log/nginx/wiki.chapril.org/
ln -sf /etc/nginx/sites-available/wiki.chapril.org /etc/nginx/sites-enabled/
Activation :
nginx -t
systemctl reload nginx
==== Supervision ====
Monitoring ajouté :
=(^-^)=root@admin:/etc/icinga2/zones.d/master/cluster# git diff
diff --git a/icinga2/zones.d/master/cluster/bastion.conf b/icinga2/zones.d/master/cluster/bastion.conf
index da31c6c..53127e4 100644
--- a/icinga2/zones.d/master/cluster/bastion.conf
+++ b/icinga2/zones.d/master/cluster/bastion.conf
@@ -25,6 +25,20 @@ object Host "bastion.cluster.chapril.org" {
disk_partitions = "/tmp"
}
+ vars.http_vhosts["wiki.chapril.org redirection"] = {
+ http_vhost = "wiki.chapril.org"
+ http_ssl = true
+ http_uri = "/"
+ http_expect = "HTTP/1.1 301 Moved Permanently,Location: https://wiki.april.org/w/Chapril"
+ }
+
/* Define notification mail attributes for notification apply rules in `notifications.conf`. */
vars.notification["mail"] = {
/* The UserGroup `icingaadmins` is defined in `users.conf`. */