changeset 1632:0344a535b1db

add doc
author fffilimonov
date Tue, 14 Dec 2021 07:41:01 +0000
parents 35c626c06dd5
children 665049cffc02
files host/addStartupScripts.sh host/addStartupScriptsPostgres.sh host/doc/autostart.txt host/doc/backup.txt host/doc/install.txt host/https.luan host/removeStartupScripts.sh host/renewSsl.sh host/startup/macos/limit.maxfiles.plist host/startup/macos/limit.maxproc.plist host/startup/macos/renewSsl.plist host/startup/macos/startLuanhost.plist host/startup/macos/startLuanhost.sh host/startup/nginx/mime.types host/startup/nginx/nginx.conf.luan host/startup/nginx/nginx.default.conf.luan host/startup/nginx/nginx.ssl.conf.luan host/startup/postgres/macos/luanhost.postgresql.plist host/startupScripts.sh host/update.sh
diffstat 20 files changed, 433 insertions(+), 28 deletions(-) [+]
line wrap: on
line diff
--- a/host/addStartupScripts.sh	Mon Dec 13 09:14:52 2021 +0000
+++ b/host/addStartupScripts.sh	Tue Dec 14 07:41:01 2021 +0000
@@ -3,9 +3,6 @@
 . startupScripts.sh;
 
 mkdir -p $localStartup 2>/dev/null;
-mkdir -p $localStartup/postgres 2>/dev/null;
-
-cleanUp;
 
 cd $startup;
 for file in *.plist; do
@@ -16,19 +13,6 @@
 	     s~ROOT~${ROOTPWD}~g" $file > ${localStartup}/${file};
 done;
 
-cp postgres/postgresql.conf ${localStartup}/postgres/postgresql.conf;
-mv /usr/local/var/postgresql@9.5/postgresql.conf /usr/local/var/postgresql@9.5/postgresql.conf.bak;
-ln -sf  ${localStartup}/postgres/postgresql.conf /usr/local/var/postgresql@9.5/postgresql.conf;
-
-sed "s/SLAVE_IP/${SLAVE_IP}/g" postgres/pg_hba.conf > ${localStartup}/postgres/pg_hba.conf;
-mv /usr/local/var/postgresql@9.5/pg_hba.conf /usr/local/var/postgresql@9.5/pg_hba.conf.bak;
-ln -sf  ${localStartup}/postgres/pg_hba.conf /usr/local/var/postgresql@9.5/pg_hba.conf;
-
-cd $localStartup;
-for file in *.plist; do
-	sudo ln -sf ${localStartup}/${file} ${systemStarup}/${file};
-	sudo chown root:wheel ${localStartup}/${file};
-done;
-
+addStartup;
 
 cd $ROOTPWD;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/addStartupScriptsPostgres.sh	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+SLAVE_IP=$1;
+
+mkdir -p $localStartup/postgres 2>/dev/null;
+. startupScripts.sh;
+
+cd $startupPostgres;
+for file in *.plist; do
+    log=${ROOTPWD}"/logs/startup.${file}.log";
+	sed "s~PWD~${startup}~g;\
+	     s~LOG~${log}~g;\
+	     s~USER~${user}~g;\
+	     s~ROOT~${ROOTPWD}~g" $file > ${localStartup}/${file};
+done;
+
+cd ../;
+
+cp postgres/postgresql.conf ${localStartup}/postgres/postgresql.conf;
+mv /usr/local/var/postgresql@9.5/postgresql.conf /usr/local/var/postgresql@9.5/postgresql.conf.bak;
+ln -sf ${localStartup}/postgres/postgresql.conf /usr/local/var/postgresql@9.5/postgresql.conf;
+
+sed "s/SLAVE_IP/${SLAVE_IP}/g" postgres/pg_hba.conf > ${localStartup}/postgres/pg_hba.conf;
+mv /usr/local/var/postgresql@9.5/pg_hba.conf /usr/local/var/postgresql@9.5/pg_hba.conf.bak;
+ln -sf ${localStartup}/postgres/pg_hba.conf /usr/local/var/postgresql@9.5/pg_hba.conf;
+
+addStartup;
+
+cd $ROOTPWD;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/doc/autostart.txt	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,14 @@
+Autostart macOS:
+
+1) Disable Mac OS SIP
+  https://developer.apple.com/library/content/documentation/Security/Conceptual/System_Integrity_Protection_Guide/ConfiguringSystemIntegrityProtection/ConfiguringSystemIntegrityProtection.html
+  Ask hosting support.
+
+2) Disable buit-in firewall
+  sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.pfctl.plist
+
+3) Add plists (need sudo password)
+  ./addStartupScripts.sh
+
+If you need to remove plists use
+  ./removeStartupScripts.sh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/doc/backup.txt	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,17 @@
+s1.luan.software - master db
+test.luan.software - slave db
+
+install:
+
+brew tap caskroom/versions
+brew install postgresql@9.5
+
+./addStartupScriptsPostgres.sh
+
+create replica
+
+1) mkdir /Users/administrator/replica/s1 (must be empty)
+
+2) pg_basebackup -h s1.luan.software -D /Users/administrator/replica/s1 -R -P -U administrator --xlog-method=stream
+
+replace configs with files *.slave from startup/postgres
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/doc/install.txt	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,41 @@
+Install on local machine:
+
+1) install mercurial
+  brew install hg
+
+2) install java
+  brew tap caskroom/versions
+  brew install caskroom/cask/java8
+
+3) clone repo
+  hg clone https://hg.luan.software/luan
+
+4) Install nginx
+  brew tap denji/nginx
+  brew install nginx-full
+
+5) Make sudo nginx without password
+  add string to /etc/sudoers
+  %admin ALL=(ALL) NOPASSWD: /usr/local/bin/nginx
+
+6) compile
+  ./update.sh
+
+7) open in browser http://me.luan.software:8080
+
+Install on production/test machine:
+1 - 6 same
+
+7) Add startup (macOS)
+  look at autostart.txt
+
+8) Configure ssh for working monitoring and backups (example for s1)
+  create ssh key: ssh-keygen -t rsa -b 4096 -C "administrator@s1.luan.software" (for s1)
+  add ssh key at test.luan.software: edit file /Users/administrator/.ssh/authorized_keys
+
+9) Reboot the machine
+  sudo reboot
+
+10) Fix PS1 (for s1 example)
+  echo "PS1='lh-s1:\W\$ '" >> ~/.bash_profile
+
--- a/host/https.luan	Mon Dec 13 09:14:52 2021 +0000
+++ b/host/https.luan	Tue Dec 14 07:41:01 2021 +0000
@@ -137,7 +137,7 @@
 			end
 			if key_file.exists() and local_cer_file.exists() then
 				changed = true
-				local conf = load_file "file:startup/nginx.ssl.conf.luan"
+				local conf = load_file "file:startup/nginx/nginx.ssl.conf.luan"
 				local nginx = output_of( function() conf(top_dir,domain) end )
 				nginx_file.write(nginx)
 			end
--- a/host/removeStartupScripts.sh	Mon Dec 13 09:14:52 2021 +0000
+++ b/host/removeStartupScripts.sh	Tue Dec 14 07:41:01 2021 +0000
@@ -6,6 +6,5 @@
 
 for file in *.plist; do
 	sudo rm ${systemStarup}/${file};
+	rm $file;
 done;
-
-cleanUp;
\ No newline at end of file
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/renewSsl.sh	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+cd "$1";
+
+ROOTPWD=$(pwd);
+
+./acme.sh --renew-all --cert-home "$ROOTPWD"/sites --config-home "$ROOTPWD"/local/letsencrypt/config;
+
+sudo $(which nginx) -s reload;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/startup/macos/limit.maxfiles.plist	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>Label</key>
+        <string>limit.maxfiles</string>
+        <key>ProgramArguments</key>
+        <array>
+            <string>launchctl</string>
+            <string>limit</string>
+            <string>maxfiles</string>
+            <string>65536</string>
+            <string>65536</string>
+        </array>
+        <key>RunAtLoad</key>
+        <true/>
+        <key>ServiceIPC</key>
+        <false/>
+    </dict>
+</plist>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/startup/macos/limit.maxproc.plist	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>Label</key>
+        <string>limit.maxproc</string>
+        <key>ProgramArguments</key>
+        <array>
+            <string>launchctl</string>
+            <string>limit</string>
+            <string>maxproc</string>
+            <string>2048</string>
+            <string>2048</string>
+        </array>
+        <key>RunAtLoad</key>
+        <true />
+        <key>ServiceIPC</key>
+        <false />
+    </dict>
+</plist>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/startup/macos/renewSsl.plist	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>Label</key>
+            <string>com.luanhost.renewSsl</string>
+        <key>ProgramArguments</key>
+        <array>
+            <string>ROOT/renewSsl.sh</string>
+            <string>ROOT</string>
+        </array>
+        <key>StartCalendarInterval</key>
+        <array>
+            <dict>
+                <key>Hour</key>
+                <integer>00</integer>
+                <key>Minute</key>
+                <integer>00</integer>
+            </dict>
+        </array>
+        <key>AbandonProcessGroup</key>
+            <true/>
+        <key>UserName</key>
+            <string>USER</string>
+        <key>StandardErrorPath</key>
+            <string>LOG</string>
+        <key>StandardOutPath</key>
+            <string>LOG</string>
+        <key>RunAtLoad</key><false/>
+        <key>KeepAlive</key><false/>
+    </dict>
+</plist>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/startup/macos/startLuanhost.plist	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple Computer/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>Label</key>
+        <string>com.luanhost.startLuanhost</string>
+        <key>ProgramArguments</key>
+        <array>
+            <string>PWD/startLuanhost.sh</string>
+            <string>ROOT</string>
+        </array>
+        <key>UserName</key>
+        <string>USER</string>
+        <key>RunAtLoad</key>
+        <true/>
+        <key>StandardErrorPath</key>
+        <string>LOG</string>
+        <key>StandardOutPath</key>
+        <string>LOG</string>
+    </dict>
+</plist>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/startup/macos/startLuanhost.sh	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -eu
+
+cd "$1";
+
+#can't determine if network is available at startup
+sleep 60;
+
+./start.sh "launchd";
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/startup/nginx/mime.types	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,95 @@
+
+types {
+    text/html                                        html htm shtml;
+    text/css                                         css;
+    text/xml                                         xml;
+    image/gif                                        gif;
+    image/jpeg                                       jpeg jpg;
+    application/javascript                           js;
+    application/atom+xml                             atom;
+    application/rss+xml                              rss;
+
+    text/mathml                                      mml;
+    text/plain                                       txt luan log;
+    text/vnd.sun.j2me.app-descriptor                 jad;
+    text/vnd.wap.wml                                 wml;
+    text/x-component                                 htc;
+
+    image/png                                        png;
+    image/svg+xml                                    svg svgz;
+    image/tiff                                       tif tiff;
+    image/vnd.wap.wbmp                               wbmp;
+    image/webp                                       webp;
+    image/x-icon                                     ico;
+    image/x-jng                                      jng;
+    image/x-ms-bmp                                   bmp;
+
+    application/font-woff                            woff;
+    application/java-archive                         jar war ear;
+    application/json                                 json;
+    application/mac-binhex40                         hqx;
+    application/msword                               doc;
+    application/pdf                                  pdf;
+    application/postscript                           ps eps ai;
+    application/rtf                                  rtf;
+    application/vnd.apple.mpegurl                    m3u8;
+    application/vnd.google-earth.kml+xml             kml;
+    application/vnd.google-earth.kmz                 kmz;
+    application/vnd.ms-excel                         xls;
+    application/vnd.ms-fontobject                    eot;
+    application/vnd.ms-powerpoint                    ppt;
+    application/vnd.oasis.opendocument.graphics      odg;
+    application/vnd.oasis.opendocument.presentation  odp;
+    application/vnd.oasis.opendocument.spreadsheet   ods;
+    application/vnd.oasis.opendocument.text          odt;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation
+                                                     pptx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+                                                     xlsx;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document
+                                                     docx;
+    application/vnd.wap.wmlc                         wmlc;
+    application/x-7z-compressed                      7z;
+    application/x-cocoa                              cco;
+    application/x-java-archive-diff                  jardiff;
+    application/x-java-jnlp-file                     jnlp;
+    application/x-makeself                           run;
+    application/x-perl                               pl pm;
+    application/x-pilot                              prc pdb;
+    application/x-rar-compressed                     rar;
+    application/x-redhat-package-manager             rpm;
+    application/x-sea                                sea;
+    application/x-shockwave-flash                    swf;
+    application/x-stuffit                            sit;
+    application/x-tcl                                tcl tk;
+    application/x-x509-ca-cert                       der pem crt;
+    application/x-xpinstall                          xpi;
+    application/xhtml+xml                            xhtml;
+    application/xspf+xml                             xspf;
+    application/zip                                  zip;
+
+    application/octet-stream                         bin exe dll;
+    application/octet-stream                         deb;
+    application/octet-stream                         dmg;
+    application/octet-stream                         iso img;
+    application/octet-stream                         msi msp msm;
+
+    audio/midi                                       mid midi kar;
+    audio/mpeg                                       mp3;
+    audio/ogg                                        ogg;
+    audio/x-m4a                                      m4a;
+    audio/x-realaudio                                ra;
+
+    video/3gpp                                       3gpp 3gp;
+    video/mp2t                                       ts;
+    video/mp4                                        mp4;
+    video/mpeg                                       mpeg mpg;
+    video/quicktime                                  mov;
+    video/webm                                       webm;
+    video/x-flv                                      flv;
+    video/x-m4v                                      m4v;
+    video/x-mng                                      mng;
+    video/x-ms-asf                                   asx asf;
+    video/x-ms-wmv                                   wmv;
+    video/x-msvideo                                  avi;
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/startup/nginx/nginx.conf.luan	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,30 @@
+local rootDir, user, group = ...
+
+%>
+worker_processes  4;
+user <%=user%> <%=group%>;
+
+events {
+	worker_connections  4096;
+}
+
+http { 
+	include mime.types;
+	default_type application/octet-stream;
+	sendfile on;
+	keepalive_timeout 65;
+
+	proxy_cache_path <%=rootDir%>/local/nginx_cache levels=1:2 keys_zone=nginx_cache:60m max_size=10g inactive=60m use_temp_path=off;
+
+	upstream luan {
+		server 127.0.0.1:8080;
+	}
+
+	server {
+		listen 80 default_server;
+		include nginx.default.conf;
+	}
+
+	include <%=rootDir%>/sites/*/nginx.ssl.conf;
+}
+<%
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/startup/nginx/nginx.default.conf.luan	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,31 @@
+local rootDir, leKey  = ...
+
+%>
+	client_max_body_size 32m;
+
+	proxy_http_version 1.1;
+	proxy_set_header Host $http_host;
+	error_log <%=rootDir%>/logs/nginx_error.log;
+
+	proxy_set_header X-Forwarded-Proto $scheme;
+	proxy_set_header X-Real-IP $remote_addr;
+
+	charset utf-8;
+
+	location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" {
+		default_type text/plain;
+		return 200 "$1.<%=leKey%>";
+	}
+
+	location ~ /(?<path>.*) {
+		proxy_cache_key $scheme$host$request_uri;
+		proxy_cache nginx_cache;
+		proxy_cache_revalidate on;
+		proxy_cache_min_uses 1;
+		proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+		proxy_cache_background_update on;
+		proxy_cache_lock on;
+		add_header X-Cache-Status $upstream_cache_status;
+		proxy_pass http://luan;
+	}
+<%
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/startup/nginx/nginx.ssl.conf.luan	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,22 @@
+local rootDir, domain = ...
+
+%>
+	server {
+		server_name <%=domain%>;
+		listen 80;
+		return 301 https://$http_host$request_uri;
+	}
+
+	server {
+		server_name <%=domain%>;
+		listen 443 ssl;
+
+		if ($host != $server_name) {
+			return 301 http://$http_host$request_uri;
+		}
+
+		ssl_certificate <%=rootDir%>/sites/<%=domain%>/fullchain.cer;
+		ssl_certificate_key <%=rootDir%>/sites/<%=domain%>/<%=domain%>.key;
+		include <%=rootDir%>/local/nginx.default.conf;
+	}
+<%
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/host/startup/postgres/macos/luanhost.postgresql.plist	Tue Dec 14 07:41:01 2021 +0000
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+    <dict>
+        <key>KeepAlive</key>
+        <true/>
+        <key>Label</key>
+        <string>luanhost.postgresql</string>
+        <key>ProgramArguments</key>
+        <array>
+            <string>/usr/local/opt/postgresql@9.5/bin/postgres</string>
+            <string>-D</string>
+            <string>/usr/local/var/postgresql@9.5</string>
+        </array>
+        <key>RunAtLoad</key>
+        <true/>
+        <key>WorkingDirectory</key>
+        <string>/usr/local</string>
+        <key>UserName</key>
+        <string>USER</string>
+        <key>StandardErrorPath</key>
+        <string>LOG</string>
+        <key>StandardOutPath</key>
+        <string>LOG</string>
+    </dict>
+</plist>
\ No newline at end of file
--- a/host/startupScripts.sh	Mon Dec 13 09:14:52 2021 +0000
+++ b/host/startupScripts.sh	Tue Dec 14 07:41:01 2021 +0000
@@ -5,10 +5,13 @@
 
 systemStarup='/Library/LaunchDaemons';
 localStartup=${ROOTPWD}'/local/startup';
-startup=${ROOTPWD}'/startup';
-
-SLAVE_IP=$(dig +short "test.luan.software");
+startup=${ROOTPWD}'/startup/macos';
+startupPostgres=${ROOTPWD}'/startup/postgres/macos';
 
-function cleanUp() {
-  find $localStartup -type f \( -name "*.plist" \) -delete;
+function addStartup() {
+  cd $localStartup;
+  for file in *.plist; do
+    sudo ln -sf ${localStartup}/${file} ${systemStarup}/${file};
+    sudo chown root:wheel ${localStartup}/${file};
+  done;
 }
--- a/host/update.sh	Mon Dec 13 09:14:52 2021 +0000
+++ b/host/update.sh	Tue Dec 14 07:41:01 2021 +0000
@@ -19,9 +19,9 @@
   ./acme.sh --register-account --cert-home ./sites --config-home local/letsencrypt/config 2>&1 | grep 'ACCOUNT_THUMBPRINT' | awk -F "'" '{print $2}' > local/leKey.txt;
 fi;
 
-cp startup/mime.types local/mime.types;
-luan startup/nginx.conf.luan $(pwd) $(whoami) $(id -gn) > local/nginx.conf
-luan startup/nginx.default.conf.luan $(pwd) $(cat local/leKey.txt) > local/nginx.default.conf
+cp startup/nginx/mime.types local/mime.types;
+luan startup/nginx/nginx.conf.luan $(pwd) $(whoami) $(id -gn) > local/nginx.conf
+luan startup/nginx/nginx.default.conf.luan $(pwd) $(cat local/leKey.txt) > local/nginx.default.conf
 
 echo Starting...
 ./start.sh