Differences between revisions 7 and 8
Revision 7 as of 2016-10-07 22:00:07
Size: 4119
Editor: crudo
Comment:
Revision 8 as of 2016-10-07 22:25:48
Size: 4192
Editor: crudo
Comment: Formatting
Deletions are marked like this. Additions are marked like this.
Line 9: Line 9:
La wiki è gestita da MoinMoin 1.9.8 in esecuzione su FreeBSD. La wiki è gestita da MoinMoin 1.9.8 in esecuzione su FreeBSD 10.2.
Line 71: Line 71:
{{{ {{{#!highlight bash
Line 77: Line 77:
{{{ {{{#!highlight makefile
Line 101: Line 101:
{{{ {{{#!highlight nginx
Line 157: Line 157:
{{{ {{{#!highlight ini

Wiki

Installazione

La wiki è gestita da MoinMoin 1.9.8 in esecuzione su FreeBSD 10.2. La seguente documentazione fa riferimento a tale configurazione, ciononostante il setup è facilmente riproducibile.

Si danno per scontati:

  • un sistema host già in esecuzione;
  • un filesystem pronto ad ospitare jail;
  • una instanza di Nginx all'interno di una jail configurato e in esecuzione.

È consigliato avere uno snapshot aggiornato dell'archivio dei ports prima di procedere.

Installazione della jail

   1 zfs create /usr/local/jails/unit_moinmoin
   2 cd /usr/local/jails/unit_moinmoin
   3 fetch -q -o - ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/10.2-RELEASE/base.txz | tar xpf -
   4 mkdir -p usr/ports var/ports/packages var/ports/distfiles var/ports/obj
   5 echo "nameserver 10.1.1.1" > etc/resolv.conf

/etc/jail.conf 

exec.start = "/bin/sh /etc/rc";
exec.stop  = "/bin/sh /etc/rc.shutdown";
exec.clean;

host.hostname = "$host.oikia.unit.macaomilano.org";

path = "/usr/local/jails/$host";
mount.fstab = "/etc/jail.fstab.d/$host.fstab";

http-proxy {
  interface = "re0";
  ip4.addr  = "re0|10.1.1.3/24";
  $host = "http-proxy";
  allow.mount.devfs;
  allow.mount.procfs;
  mount.devfs;
  mount.procfs;
  enforce_statfs = 1;
}

unit_moinmoin {
  interface = "re0";
  ip4.addr  = "re0|10.1.1.9/24";
  $host = "unit_moinmoin";
  allow.mount.devfs;
  allow.mount.procfs;
  mount.devfs;
  mount.procfs;
  enforce_statfs = 1;
}

/etc/jail.fstab.d/unit_moinmoin.fstab 

/usr/ports /usr/local/jails/unit_moinmoin/usr/ports nullfs ro 0 0

/usr/local/jails/unit_moinmoin/etc/rc.conf 

   1 uwsgi_enable="YES"
   2 uwsgi_flags="-T --ini /usr/local/etc/uwsgi.ini"

/usr/local/jails/unit_moinmoin/etc/make.conf 

   1 CFLAGS = -O2 -pipe
   2 MAKE_JOBS_NUMBER = 4
   3 
   4 WRKDIRPREFIX=   /var/ports/obj
   5 DISTDIR=        /var/ports/distfiles
   6 PACKAGES=       /var/ports/packages
   7 
   8 DEFAULT_VERSIONS=python=2.7 ssl=libressl
   9 
  10 OPTIONS_UNSET+= DEBUG DOCS EXAMPLES TESTS NLS IPV6
  11 
  12 lang_perl5.20_UNSET += PERL_64BITINT

Configurazione del reverse proxy nginx

/usr/local/jails/http-proxy/var/www/robots.txt 

User-agent: *
Disallow: /

/usr/local/jails/http-proxy/usr/local/etc/nginx/sites-available/wiki.unit.macaomilano.org.conf 

   1 server {
   2   listen      80;
   3   server_name wiki.unit.macaomilano.org;
   4   return      301 https://$server_name$request_uri;
   5 }
   6 
   7 server {
   8   listen 443 ssl;
   9   server_name wiki.unit.macaomilano.org;
  10 
  11   access_log /var/log/nginx/wiki.unit.macaomilano.org-access.log;
  12   error_log  /var/log/nginx/wiki.unit.macaomilano.org-error.log error;
  13 
  14   ssl on;
  15   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  16   ssl_prefer_server_ciphers on;
  17   ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  18   ssl_session_cache shared:SSL:5m;
  19   ssl_session_timeout 5m;
  20   ssl_dhparam /path/to/dhparam.pem;
  21   ssl_certificate /path/to/unit.macaomilano.org-bundle.pem;
  22   ssl_certificate_key /path/to/unit.macaomilano.org.key;
  23 
  24   location / {
  25     uwsgi_pass 10.1.1.9:9000;
  26     include uwsgi_params;
  27   }
  28 
  29   location = /robots.txt {
  30     alias /var/www/robots.txt;
  31   }
  32 }


   1 jexec http-proxy "ln -s /usr/local/etc/nginx/sites-available/wiki.unit.macaomilano.org.conf /usr/local/etc/nginx/sites-enabled/
   2 jexec http-proxy service nginx reload
   3

Installazione di moinmoin

   1 jail -c unit_moinmoin
   2 jexec unit_moinmoin csh
   3 cd /usr/ports/www/uwsgi
   4 make config-recursive
   5 make install clean
   6 cd /usr/ports/www/moinmoin
   7 make config-recursive
   8 make install
   9 make MOINTYPE=WSGI MOINDEST=/usr/local/www/unit instance
  10 exit

/usr/local/jails/unit_moinmoin/usr/local/etc/uwsgi.ini 

   1 [uwsgi]
   2 socket = 10.1.1.9:9000
   3 chmod-socket = 660
   4 
   5 chdir = /usr/local/www/unit
   6 wsgi-file = moin.wsgi
   7 
   8 master
   9 workers = 2
  10 max-requests = 200
  11 harakiri = 30
  12 die-on-term


   1 jexec unit_moinmoin "service uwsgi start"

WikiGuideLines (last edited 2017-09-15 09:35:52 by crudo)