$ sudo yum check-update
$ sudo yum repolist
$ sudo yum clean all
$ sudo yum updateDetails
#############################################
# How to check certbot status (letsencrypt) #
#############################################
$ certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: rolroralra.com
Serial Number: 403f20e6223c393d8fe16dd8b3f89514315
Domains: cockpit.rolroralra.com plex.rolroralra.com transmission.rolroralra.com
Expiry Date: 2020-09-14 15:25:13+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/rolroralra.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/rolroralra.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
####################################
# How to use certbot (letsencrypt) #
####################################
$ systemctl stop nginx.service
$ sudo certbot certonly --standalone --cert-name rolroralra.com -d cockpit.rolroralra.com,plex.rolroralra.com,transmission.rolroralra.com,registry.rolroralra.com,gitlab.rolroralra.com,blog.rolroralra.com
...
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/rolroralra.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/rolroralra.com/privkey.pem
Your cert will expire on 2020-09-29. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
###################################################
# How to renew certbot certificates (letsencrypt) #
###################################################
$ sudo certbot renew
Details
***** Plugin bind_ports (92.2 confidence) suggests ************************
If you want to allow systemd to bind to network port 5090
Then you need to modify the port type.
Do ***** Plugin bind_ports (92.2 confidence) suggests ************************
If you want to allow systemd to bind to network port 5090
Then you need to modify the port type.
Do
# semanage port -a -t websm_port_t -p tcp 5090
***** Plugin catchall_boolean (7.83 confidence) suggests ******************
If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
Do
setsebool -P nis_enabled 1
***** Plugin catchall (1.41 confidence) suggests **************************
If you believe that systemd should be allowed name_bind access on the port 5090 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd' --raw | audit2allow -M my-systemd
# semodule -X 300 -i my-systemd.pp
# semanage port -a -t websm_port_t -p tcp 5090
***** Plugin catchall_boolean (7.83 confidence) suggests ******************
If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.
Do
setsebool -P nis_enabled 1
***** Plugin catchall (1.41 confidence) suggests **************************
If you believe that systemd should be allowed name_bind access on the port 5090 tcp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'systemd' --raw | audit2allow -M my-systemd
# semodule -X 300 -i my-systemd.pphttps://www.tecmint.com/install-a-kubernetes-cluster-on-centos-8/
Details
$ gcloud init --console-only
Welcome! This command will take you through the configuration of gcloud.
Settings from your current configuration [default] are:
core:
account: [email protected]
disable_usage_reporting: 'True'
Pick configuration to use:
[1] Re-initialize this configuration [default] with new settings
[2] Create a new configuration
Please enter your numeric choice: 1
Your current configuration has been set to: [default]
You can skip diagnostics next time by using the following flag:
gcloud init --skip-diagnostics
Network diagnostic detects and fixes local network connection issues.
Checking network connection...done.
Reachability Check passed.
Network diagnostic passed (1/1 checks passed).
Choose the account you would like to use to perform operations for
this configuration:
[1] [email protected]
[2] Log in with a new account
Please enter your numeric choice: 1
You are logged in as: [[email protected]].
API [cloudresourcemanager.googleapis.com] not enabled on project
[8437735853]. Would you like to enable and retry (this will take a few
minutes)? (y/N)? y
Enabling service [cloudresourcemanager.googleapis.com] on project [8437735853]...
Operation "operations/acf.a4f38e57-3fb3-4993-bcb7-05ef28c70bd6" finished successfully.
Pick cloud project to use:
[1] beaming-talent-265001
[2] Create a new project
Please enter numeric choice or text value (must exactly match list
item): 1
Your current project has been set to: [beaming-talent-265001].
Do you want to configure a default Compute Region and Zone? (Y/n)? y
Which Google Compute Engine zone would you like to use as project
default?
If you do not specify a zone via a command line flag while working
with Compute Engine resources, the default is assumed.
[1] us-east1-b
[2] us-east1-c
[3] us-east1-d
[4] us-east4-c
[5] us-east4-b
[6] us-east4-a
[7] us-central1-c
[8] us-central1-a
[9] us-central1-f
[10] us-central1-b
[11] us-west1-b
[12] us-west1-c
[13] us-west1-a
[14] europe-west4-a
[15] europe-west4-b
[16] europe-west4-c
[17] europe-west1-b
[18] europe-west1-d
[19] europe-west1-c
[20] europe-west3-c
[21] europe-west3-a
[22] europe-west3-b
[23] europe-west2-c
[24] europe-west2-b
[25] europe-west2-a
[26] asia-east1-b
[27] asia-east1-a
[28] asia-east1-c
[29] asia-southeast1-b
[30] asia-southeast1-a
[31] asia-southeast1-c
[32] asia-northeast1-b
[33] asia-northeast1-c
[34] asia-northeast1-a
[35] asia-south1-c
[36] asia-south1-b
[37] asia-south1-a
[38] australia-southeast1-b
[39] australia-southeast1-c
[40] australia-southeast1-a
[41] southamerica-east1-b
[42] southamerica-east1-c
[43] southamerica-east1-a
[44] asia-east2-a
[45] asia-east2-b
[46] asia-east2-c
[47] asia-northeast2-a
[48] asia-northeast2-b
[49] asia-northeast2-c
[50] asia-northeast3-a
Did not print [24] options.
Too many options [74]. Enter "list" at prompt to print choices fully.
Please enter numeric choice or text value (must exactly match list
item): 34
Your project default Compute Engine zone has been set to [asia-northeast1-a].
You can change it by running [gcloud config set compute/zone NAME].
Your project default Compute Engine region has been set to [asia-northeast1].
You can change it by running [gcloud config set compute/region NAME].
Created a default .boto configuration file at [/home/rolroralra/.boto]. See this file and
[https://cloud.google.com/storage/docs/gsutil/commands/config] for more
information about configuring Google Cloud Storage.
Your Google Cloud SDK is configured and ready to use!
* Commands that require authentication will use [email protected] by default
* Commands will reference project `beaming-talent-265001` by default
* Compute Engine commands will use region `asia-northeast1` by default
* Compute Engine commands will use zone `asia-northeast1-a` by default
Run `gcloud help config` to learn how to change individual settings
This gcloud configuration is called [default]. You can create additional configurations if you work with multiple accounts and/or projects.
Run `gcloud topic configurations` to learn more.
Some things to try next:
* Run `gcloud --help` to see the Cloud Platform services you can interact with. And run `gcloud help COMMAND` to get help on any gcloud command.
* Run `gcloud topic --help` to learn about advanced features of the SDK like arg files and output formattingDetails
$ wget https://repo.anaconda.com/archive/Anaconda3-2020.07-Linux-x86_64.sh
$ bash Anaconda3-2020.07-Linux-x86_64.sh
$ source ~/anaconda3/bin/activate
$ conda init
$ conda info
- https://towshif.github.io/site/tutorials/Python/setup-Jupyter/
- https://program-error-review.tistory.com/14
- https://goodtogreate.tistory.com/entry/IPython-Notebook-%EC%84%A4%EC%B9%98%EB%B0%A9%EB%B2%95
- nginx reverse proxy setting
https://jupyterhub.readthedocs.io/en/stable/reference/config-proxy.html
- allow remote host setting in Jupyter
- jupyter, tornado version conflict
Details
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name jupyter.rolroralra.com;
#root /usr/share/nginx/html;
# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;
include /etc/nginx/default.d/certbot_ssl.conf; # managed by Certbot
add_header Strict-Transport-Security max-age=15768000;
# Managing literal requests to the JupyterHub front end
location / {
proxy_pass http://localhost:8888;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# websocket headers
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_buffering off;
}
#Managing requests to verify letsencrypt host
location ~ /.well-known {
allow all;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
$ cat /proc/cpuinfo
$ cat /proc/meminfo
$ sudo dmidecode -t processor
$ sudo dmidecode -t memory Details
$ sudo su
$ systemctl status firewalld
$ systemctl start firewalld
$ systemctl enable firewalld
$ cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<service name="cockpit"/>
</zone>
# list all in current firewalld settings
$ firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp2s0
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
# list all services in current firewalld setting
$ firewall-cmd --list-services
cockpit dhcpv6-client ssh
# list all zones
$ firewall-cmd --get-zones
block dmz drop external home internal public trusted work
# get active zones in current firewalld setting
$ firewall-cmd --get-active-zones
public
interfaces: enp2s0
# list all services
$ firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client amqp amqps apcupsd audit bacula bacula-client bb bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc bittorrent-lsd ceph ceph-mon cfengine cockpit condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git grafana gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-apiserver ldap ldaps libvirt libvirt-tls lightning-network llmnr managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus proxy-dhcp ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tentacle tftp tftp-client tile38 tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http wbem-https wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server
# Add Service in current firewalld setting
$ firewall-cmd --permanent --zone=public --add-service=http
$ firewall-cmd --permanent --zone=public --add-service=https
# Add Rich Rule in current firewalld setting
$ firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.219.0/24" accept'
$ firewall-cmd --reloadDetails
- Install Nexus by Docker Container
#!/bin/bash
NEXUS_CONTAINER_NAME=${NEXUS_CONTAINER_NAME:-"nexus"}
NEXUS_IMAGE_TAG=${NEXUS_IMAGE_TAG:-"sonatype/nexus3"}
NEXUS_SERVICE_PORT=${NEXUS_SERVICE_PORT:-"5000"}
NEXUS_WEB_PORT=${NEXUS_WEB_PORT:-"8081"}
NEXUS_DATA_VOLUME_PATH=${NEXUS_DATA_VOLUME_PATH:="/home/nexus/data"}
NEXUS_USER=${NEXUS_USER:-"nexus"}
NEXUS_UID=${NEXUS_UID:-"200"}
NEXUS_GID=${NEXUS_GID:-"200"}
DOCKER_CMD=${DOCKER_CMD:-"docker"}
# check for nexus's uid, gid in server.
if id ${NEXUS_UID} &>/dev/null
then
CURRENT_UID=$(id -u ${NEXUS_UID})
CURRENT_GID=$(id -g ${NEXUS_UID})
if [ ${CURRENT_GID} -ne ${NEXUS_GID} ]
then
#sudo groupmod -g ${NEXUS_GID} nexus
echo "ERROR: GID ${CURRENT_GID} is not equal to ${NEXUS_GID}."
exit 1
fi
else
#sudo useradd -u ${NEXUS_UID} ${NEXUS_USER}
echo "ERROR: UID ${NEXUS_UID} does not exists."
exit 1
fi
# check for nexus's data volume in server.
if [ ! -d "${NEXUS_DATA_VOLUME_PATH}" ]
then
#sudo mkdir -p ${NEXUS_DATA_VOLUME_PATH}
echo "ERROR: Directory ${NEXUS_DATA_VOLUME_PATH} does not exists."
exit 1
fi
NEXUS_CONTAINER_CURRNET_COUNT=$(${DOCKER_CMD} ps -a --filter name=${NEXUS_CONTAINER_NAME} | grep ${NEXUS_CONTAINER_NAME} | wc -l)
if [ ${NEXUS_CONTAINER_CURRNET_COUNT} -gt 0 ]
then
${DOCKER_CMD} rm ${NEXUS_CONTAINER_NAME}
fi
${DOCKER_CMD} run --name ${NEXUS_CONTAINER_NAME} -d \
-u ${NEXUS_USER} \
-p ${NEXUS_SERVICE_PORT}:5000 \
-p ${NEXUS_WEB_PORT}:8081 \
-v "${NEXUS_DATA_VOLUME_PATH}":/nexus-data \
${NEXUS_IMAGE_TAG}- Install Nexus with reverse proxy by nginx
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name nexus.rolroralra.com;
#root /usr/share/nginx/html;
# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;
include /etc/nginx/default.d/certbot_ssl.conf; # managed by Certbot
client_max_body_size 1G;
#proxy_max_temp_file_size 2G;
location / {
# redirect to docker registry
if ($http_user_agent ~ docker ) {
proxy_pass http://localhost:5000;
}
if ($http_user_agent ~ maven ) {
proxy_pass http://localhost:5000;
}
proxy_pass http://localhost:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}