Skip to content

Instantly share code, notes, and snippets.

@doevelopper

doevelopper/0000-ALM.md

Last active August 22, 2022 11:38
Show Gist options
  • Save doevelopper/bc993988fcf08357f99d507ef9b93b2b to your computer and use it in GitHub Desktop.
Save doevelopper/bc993988fcf08357f99d507ef9b93b2b to your computer and use it in GitHub Desktop.
Download ZIP
Application Lifecycle Management Suite
Raw
0000-ALM.md

devops-101

                                        Nginx

Definitions:

Frameworks:

  • DevOps Bookmarks - There are new awesome tools and frameworks being released everyday. This is an open and transparent attempt at aggregating all those.

Lists

Misc:

Raw
0001-atlassians-crowd.service
[Unit]
Description=Crowd Identity Management Service
After=network.target syslog.target network-online.target
Wants=network-online.target
[Service]
Type=forking
User=crowd
Environment=CROWD_HOME=/home/crowd
ExecStart=/opt/atlassian-crowd-3.0.1/start_crowd.sh
ExecStop=/opt/atlassian-crowd-3.0.1/stop_crowd.sh
ExecReload=/opt/atlassian-crowd-3.0.1/start_crowd.sh | sleep 60 | /opt/atlassian-crowd-3.0.1/stop_crowd.sh
[Install]
WantedBy=multi-user.target
Raw
0002-sonarqube.service
[Unit]
Description=SonarQube 6 Continuous Code Quality
After=network.target syslog.target network-online.target
Wants=network-online.target
[Service]
ExecStart=/opt/sonarqube-6.5/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube-6.5/bin/linux-x86-64/sonar.sh stop
ExecReload=/opt/sonarqube-6.5/bin/linux-x86-64/sonar.sh restart
PIDFile=/opt/sonarqube-6.5/bin/linux-x86-64/./SonarQube.pid
Type=forking
User=sonarqube
[Install]
WantedBy=multi-user.target
Raw
0003-crowd.nginx.conf
#/etc/nginx/conf.d/crowd.nginx.conf
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name identity.devsecops.acme www.identity.devsecops.acme;
ssl_certificate /etc/nginx/ssl/certs/www.devsecops.acme.crt;
ssl_certificate_key /etc/nginx/ssl/private/www.devsecops.acme.key;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_dhparam /etc/nginx/ssl/dhparams.www.devsecops.acme.pem
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
resolver 8.8.8.8 8.8.4.4 192.168.72.128;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/certs/www.devsecops.acme.crt;
access_log /var/log/nginx/identity.devsecops.acme-access.log;
error_log /var/log/nginx/identity.devsecops.acme-error.log;
# NGINX usually only allows 1M per request. Increase this to JIRA's maximum attachment size (10M by default)
client_max_body_size 10M;
location / {
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect https://www.identity.devsecops.acme:8095 https://www.identity.devsecops.acme;
proxy_redirect https://identity.devsecops.acme:8095 https://identity.devsecops.acme;
proxy_pass http://192.168.72.128:8095;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
```txt
Would get a loop while running this vhost conf with nginx + crowd because of proxy_redirect parameter
see:
https://confluence.atlassian.com/crowdkb/setting-up-crowd-behind-nginx-causes-a-redirect-loop-724404195.html
```
Raw
0004-Atlassian Nginx.conf
#/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
gzip on;
gzip_disable "msie6";
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;
open_file_cache max=10000 inactive=10m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
ignore_invalid_headers on;
client_max_body_size 20m;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
include /etc/nginx/conf.d/*.conf;
# include /etc/nginx/sites-enabled/*;
server {
listen 80;
server_name identity.devsecops.acme;
#rewrite ^ https://$server_name$request_uri? permanent;
return 301 https://$host$request_uri;
}
}
Raw
0005-atlassian-jira-software.service
#/etc/systemd/system/jira.service
[Unit]
Description=Business project management
After=network.target syslog.target network-online.target
Wants=network-online.target
[Service]
Type=forking
SuccessExitStatus=143
User=jira
Group=devsecops
Restart=on-failure
RestartSec=5
Environment=JIRA_HOME=/home/jira-software
PIDFile=/opt/atlassian-jira-software-7.5.0/work/catalina.pid
ExecStart=/opt/atlassian-jira-software-7.5.0/bin/start-jira.sh
ExecStop=/opt/atlassian-jira-software-7.5.0/bin/stop-jira.sh
ExecReload=/opt/atlassian-jira-software-7.5.0/bin/stop-jira.sh | sleep 60 | /opt/atlassian-jira-software-7.5.0/bin/start-jira.sh
[Install]
WantedBy=multi-user.target
Alias=crowd.service
Raw
0006-Devops-Atlassians-stack.sh
#Process of inallation of set of tools so as to have a home made a devops server. From scratch
#Installation is done on ubuntu server
#Prereq: git, ruby, python, tcl ,java jdk, nginx , postgresql
# Unleash the dev potential....
BAMBOO_VERSION=6.1.1
BITBUCKET_VERSION=5.3.0
CONFLUENCE_VERSION=6.3.3
JIRA_VERSION=7.4.2
CROWD_VERSION=2.12.0
CRUCIBLE_VERSION=4.4.2
SONAR_QUBE_VERSION=6.5
ARTIFACTORY_VERSON=5.4.6
wget https://www.atlassian.com/software/bamboo/downloads/binary/atlassian-bamboo-${BAMBOO_VERSION}.tar.gz
wget https://www.atlassian.com/software/stash/downloads/binary/atlassian-bitbucket-${BITBUCKET_VERSION}.tar.gz
wget https://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz
wget https://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-software-${JIRA_VERSION}.tar.gz
wget https://www.atlassian.com/software/crowd/downloads/binary/atlassian-crowd-${CROWD_VERSION}.tar.gz
wget https://www.atlassian.com/software/crucible/downloads/binary/crucible-${CRUCIBLE_VERSION}.zip
wget https://bintray.com/jfrog/artifactory-pro/download_file?file_path=org%2Fartifactory%2Fpro%2Fjfrog-artifactory-\
pro%2F5.4.6%2Fjfrog-artifactory-pro-${ARTIFACTORY_VERSON}.zip
wget https://sonarsource.bintray.com/Distribution/sonarqube/sonarqube-${SONAR_QUBE_VERSION}.zip
jdkmajor=8
jdkminor=144
arch=x64
rpm -i jdk-${jdkmajor}u${jdkminor}-linux-${arch}.rpm
or
cd /opt && tar -xvzf /home/${USER}/Downloads/jdk-8u144-linux-x64.tar.gz && sudo su
then
update-alternatives --install /usr/bin/java java /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/java 1551
update-alternatives --install /usr/bin/javadoc javadoc /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/javadoc 1551
update-alternatives --install /usr/bin/jar jar /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/jar 1551
update-alternatives --install /usr/bin/javap javap /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/javap 1551
update-alternatives --install /usr/bin/javac javac /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/javac 1551
update-alternatives --install /usr/bin/javaws javaws /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/javaws 1551
update-alternatives --install /usr/bin/javah javah /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/javah 1551
update-alternatives --install /usr/bin/jarsigner jarsigner /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/jarsigner 1551
update-alternatives --install /usr/bin/keytool keytool /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/keytool 1551
groupadd devops
useradd -g devops --create-home --comment "Devsecops Defects Management" --password "${PWD}" --shell /bin/bash jirasw
useradd -g devops --create-home --comment "Devsecops Service Management" --password "${PWD}" --shell /bin/bash jirasd
useradd -g devops --create-home --comment "Devsecops wiki and documentation" --password "${PWD}" --shell /bin/bash confluence
useradd -g devops --create-home --comment "Devsecops CICD" --password "${PWD}" --shell /bin/bash bamboo
useradd -g devops --create-home --comment "Devsecops DVCS SCM " --password "${PWD}" --shell /bin/bash bitbucket
useradd -g devops --create-home --comment "Devsecops SCM Visualize and report on activity..." --password "${PWD}" \
--shell /bin/bash fisheye
useradd -g devops --create-home --comment "Devsecops SCM code review" --password "${PWD}" --shell /bin/bash crucibe
useradd -g devops --create-home --comment "Devsecops Users Directories and App Auth" --password "${PWD}" --shell \
/bin/bash crowd
sudo cp -v /etc/apt/sources.list /etc/apt/sources.list.bak
sudo echo "deb http://nginx.org/packages/mainline/ubuntu/ zesty nginx" | sudo tee -a /etc/apt/sources.list
sudo add-apt-repository ppa:git-core/ppa
sudo apt-get update
sudo apt-get install nginx
sudo apt-get install git
sudo mkdir -p /etc/nginx/ssl
#https://www.madboa.com/geek/openssl/
# For SSL
[openssl req -x509 -nodes -days 365 -sha256 -subj '/C=FR/ST=Yvelines/L=Versailles/CN=www.devsecops.acme' \
-newkey rsa:2048 -keyout devops.pem -out devops.pem]
sudo openssl req -x509 -nodes -days 730 -subj '/serialNumber=0100000/subjectAltName=devsecops.acme/emailAddress=\
[email protected]/DC=acme/C=FR/ST=Yvelines/L=Versailles/O=Acme systems, Inc./OU=Dev Security \
Operation Labs/CN=www.devsecops.acme' -newkey rsa:4096 -keyout /etc/nginx/ssl/www.devsecops.acme.key -out \
/etc/nginx/ssl/www.devsecops.acme.crt
openssl dhparam -check -out /etc/nginx/ssl/dhparams.www.devsecops.acme.pem 4096
sudo service nginx restart
WORK IN PROGRESS
Raw
0007-Ubuntu-Oracle-JDK-Installing.sh
jdkmajor=8
jdkminor=144
arch=x64
rpm -i jdk-${jdkmajor}u${jdkminor}-linux-${arch}.rpm
or
sudo tar xvzf jdk-8u144-linux-x64.tar.gz /opt/
#Make the OracleJDK default system JDK.
sudo update-alternatives --install /usr/bin/java java /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/java 1551
sudo update-alternatives --install /usr/bin/javadoc javadoc /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/javadoc 1551
sudo update-alternatives --install /usr/bin/jar jar /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/jar 1551
sudo update-alternatives --install /usr/bin/javap javap /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/javap 1551
sudo update-alternatives --install /usr/bin/javac javac /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/javac 1551
sudo update-alternatives --install /usr/bin/javaws javaws /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/javaws 1551
sudo update-alternatives --install /usr/bin/javah javah /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/javah 1551
sudo update-alternatives --install /usr/bin/jarsigner jarsigner /opt/jdk1.${jdkmajor}.0_${jdkminor}/bin/jarsigner 1551
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment