diff --git a/logbook/aguia-pescadora-bravo.sh b/logbook/aguia-pescadora-bravo.sh index 0b91501..bb512fb 100644 --- a/logbook/aguia-pescadora-bravo.sh +++ b/logbook/aguia-pescadora-bravo.sh @@ -338,27 +338,35 @@ sudo mkdir /home2 #### Usuarios adicionados ______________________________________________________ -## cdiegosr +### cdiegosr ------------------------------------------------------------------- sudo adduser cdiegosr sudo passwd -e cdiegosr sudo chsh -s /usr/bin/fish cdiegosr -## fcomarcosmabreu +### fcomarcosmabreu ------------------------------------------------------------ sudo adduser fcomarcosmabreu sudo passwd -e fcomarcosmabreu -## fititnt +### fititnt -------------------------------------------------------------------- sudo adduser fititnt sudo passwd -e fititnt sudo chsh -s /usr/bin/fish fititnt sudo usermod -aG sudo fititnt -## loopchaves +## Dominios customizados de fititnt (já adicionados na CloudFlare) +curl http://fititnt.apb.etica.ai +curl http://fititnt.lb-ap.etica.ai + +### loopchaves ----------------------------------------------------------------- sudo adduser loopchaves sudo passwd -e loopchaves sudo usermod -aG sudo loopchaves -## usuariodeteste +## Dominios customizados de loopchaves (já adicionados na CloudFlare) +curl http://loopchaves.apb.etica.ai +curl http://loopchaves.lb-ap.etica.ai + +### usuariodeteste ------------------------------------------------------------- # Usuario sem senha, criado para permitir testes. Usuarios com poder de sudo # poderão acessar esta conta sudo useradd -r -s /bin/false usuariodeteste @@ -379,6 +387,17 @@ sudo mkdir /home2/usuariodeteste/web/public_api echo "usuariodeteste" > /home2/usuariodeteste/web/public_html/index.html +vim /etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf +# Adicione todas as customizacoes deste usuario no arquivo acima... + +sudo ln -s /etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf /etc/nginx/sites-enabled/ + +sudo nginx -t +# Se o comando acima falhar: +# sudo rm /etc/nginx/sites-enabled/usuarioteste.apb.etica.ai.conf +# Se ele não falhou, de reload no NGinx +sudo systemctl reload nginx + #------------------------------------------------------------------------------# # SEÇÃO 1.1: USUÁRIOS DO SISTEMA - MENSAGENS INFORMATIVAS # # # @@ -859,15 +878,14 @@ sudo certbot --nginx -d aguia-pescadora-bravo.etica.ai -d apb.etica.ai ### Userdir # @see https://github.com/fititnt/cplp-aiops/issues/35 -sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/userdir.conf -vim /etc/nginx/sites-available/userdir.conf +vim /etc/nginx/sites-available/usuario.apb.etica.ai.conf # Adicione as configurações desejadas neste servidor no arquivo acima... # Depois de o arquivo estar minimamente ok, use o comando a seguir # para criar um link simbolico dele para diretório em que o NGinx realmente # irá ler o arquivo -sudo ln -s /etc/nginx/sites-available/userdir.conf /etc/nginx/sites-enabled/ +sudo ln -s /etc/nginx/sites-available/usuario.apb.etica.ai.conf /etc/nginx/sites-enabled/ # Antes de efetivamente habilitar, use o comando a seguir para testar se # configurações estão ok. @@ -879,6 +897,15 @@ sudo nginx -t # - rm /etc/nginx/sites-enabled/userdir.conf # Então teste nomamente com 'sudo nginx -t' para ver se não daria problemas +# reload nginx: Aplicar alterações nas configurações sem reiniciar o NGinx +sudo systemctl reload nginx + +# PROTIP: acompanhe os arquivos a seguir para debugar +# tail -f /var/log/nginx/access.log +# tail -f /var/log/nginx/error.log +# Em geral o principal motivo de erro serão permissões de arquivo e de +# diretório até o respectivo arquivo + #------------------------------------------------------------------------------# # SEÇÃO: ADMINISTRAÇÃO DO DIA A DIA # # TL;DR: Atalhos para algumas rotinas comuns do dia a dia de administrador de # diff --git a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/default b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/default new file mode 100644 index 0000000..5d32ff1 --- /dev/null +++ b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/default @@ -0,0 +1,161 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + # Inclui nossa funcionalidade de diretorios de usuarios + # disponibilizada em /etc/nginx/snippets/userdir.conf + include snippets/userdir.conf; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} + +server { + listen 80 ; + listen [::]:80 ; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + server_name apb.etica.ai aguia-pescadora-bravo.etica.ai; # managed by Certbot + + # Inclui nossa funcionalidade de diretorios de usuarios + # disponibilizada em /etc/nginx/snippets/userdir.conf + include snippets/userdir.conf; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + + + listen [::]:443 ssl ipv6only=on; # managed by Certbot + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/aguia-pescadora-bravo.etica.ai/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/aguia-pescadora-bravo.etica.ai/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + + + +} \ No newline at end of file diff --git a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/usuario.apb.etica.ai.conf b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/usuario.apb.etica.ai.conf new file mode 100644 index 0000000..565515b --- /dev/null +++ b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/usuario.apb.etica.ai.conf @@ -0,0 +1,40 @@ +# FILE: /etc/nginx/sites-available/usuario.apb.etica.ai.conf +# +# DESCRIPTION: Do NGinx para servir contedo padro para todos os usuarios +# do servidor. Isto , no inclui dominios customizados. +# usado para os dominios: +# - usuario.apb.etica.ai +# - usuario.lb-ap.etica.ai +# Veja tambm: +# - https://github.com/fititnt/cplp-aiops/issues/35 +# - https://github.com/fititnt/cplp-aiops/issues/40 +# +# DATE: 2019-05-24 +# ORGANIZATION: Etica.AI +# AUTHORS: Emerson Rocha +# LICENSE: Public Domain + +server { + + listen 80; + listen [::]:80; + root /var/www/html; + + index index.html; + + server_name usuario.apb.etica.ai usuario.lb-ap.etica.ai; + + #location / { + # try_files $uri $uri/ =404; + #} + + # Serve conteudo de, por exemplo, + # http://usuario.apb.etica.ai/~usuariodeteste + # para contedo de + # /home2/usuariodeteste/web/public_html + location ~ ^/~(.+?)(/.*)?$ { + alias /home2/$1/web/public_html$2; + index index.html index.htm; + autoindex on; + } +} \ No newline at end of file diff --git a/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf new file mode 100644 index 0000000..9e0474c --- /dev/null +++ b/logbook/aguia-pescadora-bravo/etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf @@ -0,0 +1,16 @@ +# FILE: /etc/nginx/sites-available/usuarioteste.apb.etica.ai.conf + +server { + + listen 80; + listen [::]:80; + root /home2/usuariodeteste/web/public_html; + + index index.html; + + server_name usuarioteste.apb.etica.ai usuarioteste.lb-ap.etica.ai; + + location / { + try_files $uri $uri/ =404; + } +} \ No newline at end of file