Nouveau kimsufi On passe d’un atom à 4 Go de RAM à un Xeon de 8 Threads et 32 Go On change un peu la stack technique avec incus et/ou podman en fonction des services. Les arborescences sont identiques et on déplace tout les services : mail (postfix, dovecot, rspamd, opendkim) xmpp (prosody) web (rss,static,tooling) db (postgresql) ci/cd (gitea, drone) backup (restic, minio)
Source : https://github.com/NoiseByNorthwest/php-spx Installation apt-get install zlib1g-dev Replace X by your PHP version : apt install phpX.X-dev git clone https://github.com/NoiseByNorthwest/php-spx.git cd php-spx git checkout release/latest phpize ./configure make make install Configuration create /etc/php/X.X/mod-available/spx.ini extension=spx.so process.dumpable = yes spx.http_enabled=1 spx.http_key="password" spx.http_ip_whitelist="127.0.0.1" Replace password and your ip 127.0.0.1 ln -s /etc/php/X.X/mod-available/spx.ini /etc/php/X.X/fpm/conf.d/20-spx.ini go to http://example.com/?SPX_KEY=password&SPX_UI_URI=/ Enjoy !
verbose Simple echo: echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control nmcli import nmcli connection import type wireguard file /etc/wireguard/wg0.conf
Le PAAS: objectif Platform as a service, son but est de déployer son application simplement en ayant une abstraction de l’hébergement. On branche son environnement à un VCS comme github, gitlab … puis on définit son environnement et les étapes pour déployer son code. Tout ça sans interruption de service … sur le papier Le dimensionnement de l’environnement n’est limité que par le plafond de votre carte de crédit. La promesse Environnement haute disponibilité Environnement élastique dans ses performances Facilité de déploiement Un environnement par branche. Construction reproductible Zero downtime Moins d’administration système et plus de développement Des templates d’intégration de CMS : Wordpress, Magento, Prestashop … Un support technique dévoué La réalité Attention, c’est à charge. ...
Prochainement Pour la gestion des mots de passe en équipe ! https://github.com/dani-garcia/vaultwarden docker-compose.yml version: '3.3' services: server: restart: always container_name: vaultwarden environment: WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications. SIGNUPS_ALLOWED=: "true" ADMIN_TOKEN: "super_secret_token_api" DATABASE_URL: "postgresql://vault:StrongPassword@postgres:5432/vaultwarden" ORG_GROUPS_ENABLED: "true" INVITATIONS_ALLOWED: "false" ORG_CREATION_USERS: "test@test.com" DOMAIN: "https://test.com" volumes: - '/home/docker/vaultwarden/data:/data/' ports: - '8000:80' - '3012:3012' image: vaultwarden/server:latest postgres: restart: always image: 'postgres:latest' ports: - '5432:5432' environment: POSTGRES_USER: vault POSTGRES_PASSWORD: StrongPassword POSTGRES_DB: vaultwarden volumes: - '/home/docker/vaultwarden/db/:/var/lib/postgresql/data/' Jusqu’ici tout va bien.
On ne touche qu’à la configuration de nginx. La doc : https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html block http Dans le block http on a : fastcgi_cache_path /home/cache levels=1:2 keys_zone=MyCMS:100m max_size=10g inactive=60m use_temp_path=off; fastcgi_cache_key "$scheme$request_method$host$request_uri"; block server Un exemple pour wordpress : server { listen 80; server_name mycms.net; root /var/www/mycms; set $skip_cache 0; if ($request_method = POST) { set $skip_cache 1; } if ($query_string != "") { set $skip_cache 1; } if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-..php|^/feed/|/tag/./feed/|/.sitemap..(xml|xsl)") { set $skip_cache 1; } if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $skip_cache 1; } location ~ \.php$ { fastcgi_cache MyCMS; fastcgi_cache_valid 200 301 302 60m; fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503; fastcgi_cache_min_uses 1; # fastcgi_cache_lock on; fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; add_header X-FastCGI-Cache $upstream_cache_status; try_files $uri $uri/ /index.php; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/run/php/php8.1-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; add_header X-Frame-Options "SAMEORIGIN"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; } location / { index index.php; try_files $uri $uri/ /index.php?$args; } location ~* \.(js|png|jpg|jpeg|gif|ico|css|woff2|svg|ttf|woff)$ { access_log off;expires 365d;log_not_found off; } location ~ /\.well-known/acme-challenge { allow all;} location ~* /(uploads|files)/.*\.php$ { deny all; } location = /favicon.ico { log_not_found off; access_log off; } location ~ /\. { deny all; } location = /robots.txt { allow all; log_not_found off; access_log off; } }
Remplacer your_database par le nom de votre base de données : SELECT CONCAT('ALTER TABLE ',CONCAT(TABLE_SCHEMA,'.',TABLE_NAME),' ENGINE=InnoDB;') FROM INFORMATION_SCHEMA.TABLES WHERE ENGINE='MyISAM' AND TABLE_SCHEMA = 'your_database' INTO OUTFILE '/tmp/mysql.conversions'; Vérifier le contenu de /tmp/mysql.conversions et on le joue : SOURCE /tmp/mysql.conversions;
curl http://localhost:9200/*/_settings \ -X PUT -H 'Content-Type: application/json' \ -d '{ "index.blocks.read_only_allow_delete": null }'
link https://build.prestashop.com/news/major-security-vulnerability-on-prestashop-websites/ todo Delete from config/smarty.config.inc.php if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php'; $smarty->caching_type = 'mysql'; }
requirement : redis nginx lua snippets nginx access_by_lua_block { local redis = require "resty.redis" local red = redis:new() red:set_timeout(1000) -- 1 sec local ok, err = red:connect("127.0.0.1", 6379,"pool_size=128") if not ok then ngx.exit(503) return end local key = ngx.var.uri local method = ngx.var.request_method if method == "POST" or method == "PUT" then -- local set value = ngx ngx.req.read_body() local data = ngx.req.get_body_data() red:set(key,data) ngx.say("ok") return end if method == "GET" then local res, err = red:get(key) if res ~= ngx.null then -- ngx.redirect(res, 301) ngx.header["Content-type"] = "text/plain; charset=UTF-8" ngx.say(res) return end end if method == "DELETE" then red:del(key) ngx.say("deleted") -- return end } location nginx location / { include /etc/nginx/snippets/api.lua; try_files $uri $uri/ =404; } redis.lua from https://github.com/openresty/lua-resty-redis/releases ...