aguia-pescadora-bravo (#16), mvp-userdir (#35), lb-round-robin-dns (#40…

…): adiconado nginx confs para alguns usuarios; e os respectivos subdominios
fititnt · May 24, 2019 · 652d7bc · 652d7bc
1 parent faf34c2
commit 652d7bc
Show file tree

Hide file tree

Showing 4 changed files with 252 additions and 8 deletions.
diff --git a/logbook/aguia-pescadora-bravo.sh b/logbook/aguia-pescadora-bravo.sh
@@ -338,27 +338,35 @@ sudo mkdir /home2
 
 #### Usuarios adicionados ______________________________________________________
 
-## cdiegosr
+### cdiegosr -------------------------------------------------------------------
 sudo adduser cdiegosr
 sudo passwd -e cdiegosr
 sudo chsh -s /usr/bin/fish cdiegosr
 
-## fcomarcosmabreu
+### fcomarcosmabreu ------------------------------------------------------------
 sudo adduser fcomarcosmabreu
 sudo passwd -e fcomarcosmabreu
 
-## fititnt
+### fititnt --------------------------------------------------------------------
 sudo adduser fititnt
 sudo passwd -e fititnt
 sudo chsh -s /usr/bin/fish fititnt
 sudo usermod -aG sudo fititnt
 
-## loopchaves
+## Dominios customizados de fititnt (já adicionados na CloudFlare)
+curl http://fititnt.apb.etica.ai
+curl http://fititnt.lb-ap.etica.ai
+
+### loopchaves -----------------------------------------------------------------
 sudo adduser loopchaves
 sudo passwd -e loopchaves
 sudo usermod -aG sudo loopchaves
 
-## usuariodeteste
+## Dominios customizados de loopchaves (já adicionados na CloudFlare)
+curl http://loopchaves.apb.etica.ai
+curl http://loopchaves.lb-ap.etica.ai
+
+### usuariodeteste -------------------------------------------------------------
 # Usuario sem senha, criado para permitir testes. Usuarios com poder de sudo
 # poderão acessar esta conta
 sudo useradd -r -s /bin/false usuariodeteste
@@ -379,6 +387,17 @@ sudo mkdir /home2/usuariodeteste/web/public_api
 
 echo "usuariodeteste" > /home2/usuariodeteste/web/public_html/index.html
 
+vim /etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf
+# Adicione todas as customizacoes deste usuario no arquivo acima...
+
+sudo ln -s /etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf /etc/nginx/sites-enabled/
+
+sudo nginx -t
+# Se o comando acima falhar:
+#    sudo rm /etc/nginx/sites-enabled/usuarioteste.apb.etica.ai.conf
+# Se ele não falhou, de reload no NGinx
+sudo systemctl reload nginx
+
 #------------------------------------------------------------------------------#
 # SEÇÃO 1.1: USUÁRIOS DO SISTEMA - MENSAGENS INFORMATIVAS                      #
 #                                                                              #
@@ -859,15 +878,14 @@ sudo certbot --nginx -d aguia-pescadora-bravo.etica.ai -d apb.etica.ai
 
 ### Userdir
 # @see https://github.com/fititnt/cplp-aiops/issues/35
-sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/userdir.conf
 
-vim /etc/nginx/sites-available/userdir.conf
+vim /etc/nginx/sites-available/usuario.apb.etica.ai.conf
 # Adicione as configurações desejadas neste servidor no arquivo acima...
 
 # Depois de o arquivo estar minimamente ok, use o comando a seguir
 # para criar um link simbolico dele para diretório em que o NGinx realmente
 # irá ler o arquivo
-sudo ln -s /etc/nginx/sites-available/userdir.conf /etc/nginx/sites-enabled/
+sudo ln -s /etc/nginx/sites-available/usuario.apb.etica.ai.conf /etc/nginx/sites-enabled/
 
 # Antes de efetivamente habilitar, use o comando a seguir para testar se
 # configurações estão ok.
@@ -879,6 +897,15 @@ sudo nginx -t
 #       - rm /etc/nginx/sites-enabled/userdir.conf
 #    Então teste nomamente com 'sudo nginx -t' para ver se não daria problemas
 
+# reload nginx: Aplicar alterações nas configurações sem reiniciar o NGinx
+sudo systemctl reload nginx
+
+# PROTIP: acompanhe os arquivos a seguir para debugar
+#             tail -f /var/log/nginx/access.log
+#             tail -f /var/log/nginx/error.log
+#         Em geral o principal motivo de erro serão permissões de arquivo e de
+#         diretório até o respectivo arquivo
+
 #------------------------------------------------------------------------------#
 # SEÇÃO: ADMINISTRAÇÃO DO DIA A DIA                                            #
 # TL;DR: Atalhos para algumas rotinas comuns do dia a dia de administrador de  #

diff --git a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/default b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/default
@@ -0,0 +1,161 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	# SSL configuration
+	#
+	# listen 443 ssl default_server;
+	# listen [::]:443 ssl default_server;
+	#
+	# Note: You should disable gzip for SSL traffic.
+	# See: https://bugs.debian.org/773332
+	#
+	# Read up on ssl_ciphers to ensure a secure configuration.
+	# See: https://bugs.debian.org/765782
+	#
+	# Self signed certs generated by the ssl-cert package
+	# Don't use them in a production server!
+	#
+	# include snippets/snakeoil.conf;
+
+	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+	index index.html index.htm index.nginx-debian.html;
+
+	server_name _;
+
+	# Inclui nossa funcionalidade de diretorios de usuarios
+	# disponibilizada em /etc/nginx/snippets/userdir.conf
+	include snippets/userdir.conf;
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		try_files $uri $uri/ =404;
+	}
+
+	# pass PHP scripts to FastCGI server
+	#
+	#location ~ \.php$ {
+	#	include snippets/fastcgi-php.conf;
+	#
+	#	# With php-fpm (or other unix sockets):
+	#	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+	#	# With php-cgi (or other tcp sockets):
+	#	fastcgi_pass 127.0.0.1:9000;
+	#}
+
+	# deny access to .htaccess files, if Apache's document root
+	# concurs with nginx's one
+	#
+	#location ~ /\.ht {
+	#	deny all;
+	#}
+}
+
+
+# Virtual Host configuration for example.com
+#
+# You can move that to a different file under sites-available/ and symlink that
+# to sites-enabled/ to enable it.
+#
+#server {
+#	listen 80;
+#	listen [::]:80;
+#
+#	server_name example.com;
+#
+#	root /var/www/example.com;
+#	index index.html;
+#
+#	location / {
+#		try_files $uri $uri/ =404;
+#	}
+#}
+
+server {
+	listen 80 ;
+	listen [::]:80 ;
+
+	# SSL configuration
+	#
+	# listen 443 ssl default_server;
+	# listen [::]:443 ssl default_server;
+	#
+	# Note: You should disable gzip for SSL traffic.
+	# See: https://bugs.debian.org/773332
+	#
+	# Read up on ssl_ciphers to ensure a secure configuration.
+	# See: https://bugs.debian.org/765782
+	#
+	# Self signed certs generated by the ssl-cert package
+	# Don't use them in a production server!
+	#
+	# include snippets/snakeoil.conf;
+
+	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+	index index.html index.htm index.nginx-debian.html;
+    server_name apb.etica.ai aguia-pescadora-bravo.etica.ai; # managed by Certbot
+
+	# Inclui nossa funcionalidade de diretorios de usuarios
+	# disponibilizada em /etc/nginx/snippets/userdir.conf
+	include snippets/userdir.conf;
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		try_files $uri $uri/ =404;
+	}
+
+	# pass PHP scripts to FastCGI server
+	#
+	#location ~ \.php$ {
+	#	include snippets/fastcgi-php.conf;
+	#
+	#	# With php-fpm (or other unix sockets):
+	#	fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
+	#	# With php-cgi (or other tcp sockets):
+	#	fastcgi_pass 127.0.0.1:9000;
+	#}
+
+	# deny access to .htaccess files, if Apache's document root
+	# concurs with nginx's one
+	#
+	#location ~ /\.ht {
+	#	deny all;
+	#}
+
+
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/aguia-pescadora-bravo.etica.ai/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/aguia-pescadora-bravo.etica.ai/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+
+}
diff --git a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/usuario.apb.etica.ai.conf b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/usuario.apb.etica.ai.conf
@@ -0,0 +1,40 @@
+# FILE:         /etc/nginx/sites-available/usuario.apb.etica.ai.conf
+#
+# DESCRIPTION:  Do NGinx para servir conte�do padr�o para todos os usuarios
+#               do servidor. Isto �, n�o inclui dominios customizados.
+#               � usado para os dominios:
+#                   - usuario.apb.etica.ai
+#                   - usuario.lb-ap.etica.ai
+#               Veja tamb�m:
+#                   - https://github.com/fititnt/cplp-aiops/issues/35
+#                   - https://github.com/fititnt/cplp-aiops/issues/40
+#
+# DATE:         2019-05-24
+# ORGANIZATION: Etica.AI
+# AUTHORS:      Emerson Rocha <rocha at ieee.org>
+# LICENSE:      Public Domain
+
+server {
+
+    listen 80;
+    listen [::]:80;
+    root /var/www/html;
+
+    index index.html;
+
+    server_name usuario.apb.etica.ai usuario.lb-ap.etica.ai;
+
+    #location / {
+    #    try_files $uri $uri/ =404;
+    #}
+
+    # Serve conteudo de, por exemplo,
+    #    http://usuario.apb.etica.ai/~usuariodeteste
+    # para conte�do de
+    #    /home2/usuariodeteste/web/public_html
+    location ~ ^/~(.+?)(/.*)?$ {
+        alias /home2/$1/web/public_html$2;
+        index  index.html index.htm;
+        autoindex on;
+    }
+}
diff --git a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf
@@ -0,0 +1,16 @@
+# FILE:         /etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf
+
+server {
+
+    listen 80;
+    listen [::]:80;
+    root /home2/usuariodeteste/web/public_html;
+
+    index index.html;
+
+    server_name usuarioteste.apb.etica.ai usuarioteste.lb-ap.etica.ai;
+
+    location / {
+       try_files $uri $uri/ =404;
+    }
+}