Posts
-
Migrate mongodb native to docker
At first you need Backup of your Database.
You can do that with mongodump:
mongodump --db nodebb -u nodebb -p password --gzip --archive=/root/nodebb-backup/mongodb-nodebb-`date +"%d-%m-%y"`.gz
than we create a folder and copy yml to file
mkdir mongodb nodebb-backup vi /root/mongodb/docker-compose.yml services: mongo: image: 'mongo:4.4' restart: unless-stopped ports: - '27017:27017' # environment: # MONGO_INITDB_ROOT_USERNAME: nodebb # MONGO_INITDB_ROOT_PASSWORD: password # MONGO_INITDB_DATABASE: nodebb volumes: - mongo-data:/data/db - /root/nodebb-backup:/root volumes: mongo-data:
Then we start docker Container with your already installed docker and docker-compose file.
docker-compose up -d
Then we have mongo container running without authentication.
We can now import the database backup you made earlier with:docker exec -ti $(docker ps -qf name=mongodb-mongo-1) mongorestore --db nodebb --gzip --archive=/root/mongodb-nodebb-02-04-25_v4-4.gz
Now you can live with no authentication or you need to add root and user to the Database
you need add following to mongodb
docker exec -ti $(docker ps -qf name=mongodb-mongo-1) bash mongo use admin db.getSiblingDB('admin').createUser( { user:"root", pwd:"password", roles: ["root"] }) use nodebb db.createUser( { user: "nodebb2", pwd: "password", // or cleartext password roles: [ { role: "readWrite", db:"nodebb" } ] } ) exit
Now you can enable authentication with enabling it in yml file
services: mongo: image: 'mongo:4.4' restart: unless-stopped ports: - '27018:27017' environment: MONGO_INITDB_ROOT_USERNAME: nodebb MONGO_INITDB_ROOT_PASSWORD: password MONGO_INITDB_DATABASE: nodebb volumes: - mongo-data:/data/db - /root/nodebb-backup:/root volumes: mongo-data:
Then do docker-compose up -d
docker exec -ti $(docker ps -qf name=mongodb-mongo-1) bash mongo use nodebb db.auth('nodebb2','password');
If everything is working correctly you see an ok statement here.
Greetings
-
Fail2Ban for nginx proxy manager
I wan to write an Articlle about this Topic because I havent found one what is including all I want and have to Figure it Out by myself.
At first wen need a Folder and get our Docker Compose File running
mkdir fail2ban cd fail2ban vi docker-compose.yml
Paste the following text into the editor:
version: "3" services: fail2ban: container_name: fail2ban hostname: fail2ban cap_add: - NET_ADMIN - NET_RAW environment: - TZ=Europe/Berlin - F2B_DB_PURGE_AGE=14d - SSMTP_HOST=<your-mail-server> - SSMTP_PORT=25 - SSMTP_HOSTNAME=<hostname-of-your-container> image: crazymax/fail2ban:latest network_mode: host restart: unless-stopped volumes: - /root/fail2ban/data:/data - /root/ngix-proxy-manager/data/logs:/var/log/npm - /var/log:/var/log/varlog
Save the file and start the Container with
docker-compose up -d
The Fail2ban Container will be loaded and is starting. There should be a data dir now with 4 folders
action.d db filter.d jail.d
The db Folder can be ignored, now we need to create a jail.local in jail.d
vi jail.d/jail.local
Paste the following in there.:
[DEFAULT] # "bantime.increment" allows to use database for searching of previously banned ip's to increase a # default ban time using special formula, default it is banTime * 1, 2, 4, 8, 16, 32... bantime.increment = true # "bantime.rndtime" is the max number of seconds using for mixing with random time # to prevent "clever" botnets calculate exact time IP can be unbanned again: bantime.rndtime = 2048 # following example can be used for small initial ban time (bantime=60) - it grows more aggressive at begin, # for bantime=60 the multipliers are minutes and equal: 1 min, 5 min, 30 min, 1 hour, 5 hour, 12 hour, 1 day, 2 day bantime.multipliers = 1 5 30 60 300 720 1440 2880 #Ban without sending E-Mail #action = %(action_)s #Ban and send E-Mail action = %(action_mw)s destemail = <dest email> sender = <from email> mta = sendmail [npm] # bots that trigger too many 403 or 404 # logs are comming from reverse proxy "nginx proxy manager" enabled = true ignoreip = 127.0.0.0/8 10.0.0.0/8 172.0.0.0/8 192.168.0.0/16 filter = npm-filter chain = DOCKER-USER logpath = /var/log/npm/proxy-host-*_access.log maxretry = 5 findtime = 60 bantime = 600 [sshd] enabled = true port = ssh filter = sshd ignoreip = 127.0.0.0/8 10.0.0.0/8 172.27.0.0/16 192.168.0.0/16 chain = INPUT logpath = /var/log/varlog/auth.log findtime = 10m maxretry = 5 bantime = -1
we Monitor the NPM and the Systems sshd here, thats why we mapped the Volume from local logs into the fail2ban container.
Next Step is to add filter Rules in filter.d for our NPM
vi filter.d/npm-filter.conf
[INCLUDES] [Definition] failregex = ^.+ (405|404|403|401|\-) (405|404|403|401) - .+ [Client <HOST>] [Length .+] .+ [Sent-to <F-CONTAINER>.+</F-CONTAINER>] <F-USERAGENT>".+"</F-USERAGENT> .+$ ignoreregex = ^.+ (404|\-) (404) - .+".+(\.png|\.txt|\.jpg|\.ico|\.js|\.css)[/]" [Client <HOST>] [Length .+] ".+" .+$
Now we have everything set up and we can restart the container with
docker-compose restart
Now we want to see what fail2ban is doing. We can check the logs by doing docker ps to show the running containers and docker logs <container-id> --follow
Thats it, feel Free to ask if you have problems with this Setup
-
Weitere Blog Benutzer
Hi,
wer das Forum auch als Blog benutzen möchte, kann sich gerne bei mir melden. Würde dann eine eigene Kategorie anlegen.
Viele Grüße
-
DRBD Split Brain
Wenn der DRBD mal im Split Brain hängen bleibt muss mana uf dem Secondary forgende Befehle ausführen.
drbdadm disconnect squid drbdadm secondary squid drbdadm connect --discard-my-data squid
-
NodeBB Linux Start Script
Hier ein Start Script was auch funktioniert, muss unter Ubuntu in die
/lib/systemd/system[Unit] Description=ITS-Forum After=mongodb.service [Service] User=root Group=root Environment=NODE_ENV=production WorkingDirectory=/root/nodebb ExecStart=/root/.nvm/versions/node/v17.9.0/bin/node loader.js --no-daemon --no-silent Restart=always [Install] WantedBy=multi-user.target Alias=nodebb.service
-
RE: NodeBB update auf 1.19.5
v1.19.5 Latest
Release build (patch) of NodeBB @ 2022-03-16T21:05:47.855Zv1.19.5 (2022-03-16)
Chores
incrementing version number - v1.19.5 (48d6eb4)
update changelog for v1.19.4 (0e6e49b)
deps:
bump less from 3.13.1 to 4.1.2 in /install (#9856) (d33485f)
bump autoprefixer from 10.4.2 to 10.4.4 in /install (#10403) (9009493)
update dependency lint-staged to v12.3.6 (0a4522a)
update commitlint monorepo to v16.2.3 (0a97015)
bump nodebb-plugin-spam-be-gone in /install (#10387) (445e3d7)
bump connect-redis from 6.1.1 to 6.1.2 in /install (#10391) (145621f)
update dependency eslint to v8.11.0 (feaf306)
update dependency mocha to v9.2.2 (#10383) (4ffbd78)
i18n:
fallback strings for new resources: nodebb.admin-manage-users (2f09c22)
fallback strings for new resources: nodebb.admin-manage-privileges, nodebb.admin-manage-users, nodebb.error, nodebb.user (15508ba)
fallback strings for new resources: nodebb.admin-settings-reputation, nodebb.error (5274a6a)
New Features
collect hook logs in order to reduce console noise, flush on ajaxify loadScript completion (935704a)
add support for PATCH method in api module (4b79dfd)
on online users page override timeago cutoff to 24 hours (7c94657)
ability to mute users (be6bbab)
min:rep:upvote, and other limits similar to downvotes (3414a23)
post-queue hooks, closes #10381 (2056ac0)
Bug Fixes
topic events if there is a blocked user in topic (3935a86)
topic events disappearing if there are queued posts (2808c95)
#10393, move 'Create User' control to overflow menu (cd687cf)
don't append to history on refresh or ajaxify to same url (c83987b)
global privs (7d063d7)
#10384 -- mixed up sizes for fallback touch icons (cb11320)
#10377, remove logging of env vars (997ab7d)
deps:
update dependency postcss to v8.4.12 (#10396) (bdbc168)
update dependency sharp to v0.30.3 (#10389) (b421385)
Refactors
closes #10301 (c8e986d)
Tests
skip i18n tests if the github event is a pull request (e578c60)
fix middleware test (24c1f87)
fix category tests (6344c3b)
fix one more test (a551142) -
NodeBB update auf 1.19.5
cp -r nodeebb nodebb-update cd nodebb-update git fetch git reset --hard origin/v1.19.x ./nodebb upgrade cd .. mv nodebb nodebb-1.19.4 mv nodebb-update nodebb cd nodebb ./nodebb start
-
RE: Observium Unix Agent
Hier das Installscript das den Unix agent installiert und Basics konfiguriert
sudo apt-get install xinetd wget tar telnet yum install xinetd wget tar telnet mkdir /opt/obs-agent/ cd /opt/obs-agent/ wget https://www.observium.org/observium-community-latest.tar.gz --no-check-certificate tar zxvf observium-community-latest.tar.gz observium/scripts/ scp /opt/obs-agent/observium/scripts/observium_agent_xinetd /etc/xinetd.d/observium_agent_xinetd scp /opt/obs-agent/observium/scripts/observium_agent /usr/bin/observium_agent chmod 700 /etc/xinetd.d/observium_agent_xinetd scp /opt/obs-agent/observium/scripts/observium_agent /usr/bin/observium_agent echo Type IP of your Monitoring Server: read serverip sed -i "s/127.0.0.1/$serverip/g" /etc/xinetd.d/observium_agent_xinetd service xinetd restart mkdir -p /usr/lib/observium_agent /usr/lib/observium_agent/local mkdir /usr/lib/observium_agent/scripts-available /usr/lib/observium_agent/scripts-enabled scp -r /opt/obs-agent/observium/scripts/agent-local/* /usr/lib/observium_agent/scripts-available cp /usr/lib/observium_agent/scripts-available/dmi /usr/lib/observium_agent/local cp /usr/lib/observium_agent/scripts-available/rpm /usr/lib/observium_agent/local service xinetd restart rm -rf /opt/obs-agent
-
Observium Unix Agent
Zunächst brauchen wir xinetd:
apt-get install xinetd oder yum install xinetd
Config anlegen
vi /etc/xinetd.d/observium_agent_xinetd
service observium_agent { type = UNLISTED port = 36602 socket_type = stream protocol = tcp wait = no user = root server = /usr/bin/observium_agent # configure the IPv[4|6] address(es) of your Observium server here: only_from = 127.0.0.1 ::1 # Don't be too verbose. Don't log every check. This might be # commented out for debugging. If this option is commented out # the default options will be used for this service. log_on_success = disable = no }
Jetzt müssen wir noch eine Reihe Ordner anlegen und Scripte kopieren aus dem Observium Verzeichnes.
service xinetd restart scp /opt/observium/scripts/observium_agent /usr/bin/observium_agent mkdir -p /usr/lib/observium_agent mkdir /usr/lib/observium_agent/scripts-available /usr/lib/observium_agent/scripts-enabled scp -r /opt/observium/scripts/agent-local/* /usr/lib/observium_agent/scripts-available sudo ln -s /usr/lib/observium_agent/scripts-available/os /usr/lib/observium_agent/scripts-enabled sudo ln -s /usr/lib/observium_agent/scripts-available/dmi /usr/lib/observium_agent/scripts-enabled sudo ln -s /usr/lib/observium_agent/scripts-available/apache /usr/lib/observium_agent/scripts-enabled mkdir /usr/lib/observium_agent/local vi /usr/lib/observium_agent/local/docker_info #!/bin/bash echo "<<<app-docker>>>" info=$(docker info 2> /dev/null | grep "Containers:\|Running:\|Paused:\|Stopped:\|Images:") echo $info | awk '{print $2}' echo $info | awk '{print $4}' echo $info | awk '{print $6}' echo $info | awk '{print $8}' echo $info | awk '{print $10}' chmod 777 /usr/lib/observium_agent/local/docker_info service xinetd restart
-
NodeBB update auf 1.19.4
cp -r nodeebb nodebb-update cd nodebb-update git fetch git reset --hard origin/v1.19.x ./nodebb upgrade cd .. mv nodebb nodebb-1.19.3 mv nodebb-update nodebb cd nodebb ./nodebb start