From e9302905f97801e029112643df915fc5adb2af22 Mon Sep 17 00:00:00 2001 From: Alex Denes Date: Fri, 25 Jun 2021 18:28:09 +0000 Subject: [PATCH] Enable syslog for services and reformat a few configs --- config/dovecot/APKBUILD | 6 +- config/dovecot/dovecot.conf | 2 +- config/grafana/APKBUILD | 4 +- config/grafana/main.ini | 6 + config/haproxy/APKBUILD | 4 +- config/haproxy/main.cfg | 190 ++++++++++++++++-------------- config/nginx/APKBUILD | 4 +- config/nginx/main.conf | 2 + config/postgresql/APKBUILD | 2 +- config/postgresql/postgresql.conf | 2 +- config/redis/APKBUILD | 4 +- config/redis/redxen.conf | 5 +- config/rspamd/logging.conf | 10 +- 13 files changed, 127 insertions(+), 114 deletions(-) diff --git a/config/dovecot/APKBUILD b/config/dovecot/APKBUILD index cef4703..ec59490 100644 --- a/config/dovecot/APKBUILD +++ b/config/dovecot/APKBUILD @@ -3,8 +3,8 @@ . ../APKBUILD-config.template -pkgver=2021.06.01.03 -pkgrel=1 +pkgver=2021.06.25.02 +pkgrel=0 depends="dovecot-lmtpd dovecot-pgsql redxen-secret-letsencrypt-chain redxen-secret-letsencrypt-private" _rx_dovecot_base_src=" dovecot.conf @@ -39,7 +39,7 @@ package() { } sha512sums=" -fdd1fa6072c77e297766582ef119da55b8d0bea435bfe7c890ca1ea2853a43936edd05ae0a08f001a335930276dcc0f7e160aa8d31ff3d8f4872e36cba37b48b dovecot.conf +f9b8dcc6e90a359e16dcfe388b20595a7e5821b13801dfffa6c77a617802128733095029e90b0a81d437a4819c11ccdc30951a81b6ac708597731c5d2e41ee6c dovecot.conf 3b28fdfdafaffe19e038b8fd3d3dfdeea51b68c68a148054a1daf618a5ed6e18bdfc58154f9fd32ce982eae9d03e50b3a63ea3a21f9a358e26e4d77164530151 secret 5ed93cd8326a1fe604a91acb38da6864ee002877a069fa8f5b67fa10b7213d21966d7500b460cb14cedc063470b346002daf3031fc6be0d25d3bd864ff4b2f2f pgsql.conf " diff --git a/config/dovecot/dovecot.conf b/config/dovecot/dovecot.conf index 3f3b3df..3f4e867 100644 --- a/config/dovecot/dovecot.conf +++ b/config/dovecot/dovecot.conf @@ -3,7 +3,7 @@ listen = *, :: base_dir = /run/dovecot/ -instance_name = redxen-production +instance_name = dovecot login_greeting = RedXen Mail ready. DO NOT MESS WITH US OR WE WILL CUT YOUR BALLS OFF! protocols = imap lmtp diff --git a/config/grafana/APKBUILD b/config/grafana/APKBUILD index d60e1b7..34c1230 100644 --- a/config/grafana/APKBUILD +++ b/config/grafana/APKBUILD @@ -3,7 +3,7 @@ . ../APKBUILD-config.template -pkgver=2021.06.01.03 +pkgver=2021.06.25.01 pkgrel=0 source=" secret @@ -26,5 +26,5 @@ package() { sha512sums=" 9a0dee0934034685c2aba7ebb21283ee73fd240c4cee2aa1cfcec66ba5afc3ed3759b2c79e1facba3e3e0a38fe75f11a7f382d968798ba212c36072238c59190 secret -8206984e9fb01cef0b06b366bd6af1cc74227d07404c68d50b0d59fadf409b2868fece46cf7931c78f2315d47385b85f4741cfb9eb397be8fbf4f0c75cb94242 main.ini +3bca6bfd458bed43b9b82aaf47d1521bc9557740b50c00e30449aa9674277afee805d784935875693062262f37e88fb6874b20fe3c5dcf5a3a31c7d9bfcec554 main.ini " diff --git a/config/grafana/main.ini b/config/grafana/main.ini index 03195b0..ca5c798 100644 --- a/config/grafana/main.ini +++ b/config/grafana/main.ini @@ -65,3 +65,9 @@ user = 'grafana' password = 'SMTP_AUTH_PASSWORD' from_address = 'grafana@redxen.eu' startTLS_policy = 'MandatoryStartTLS' + +[log] +mode = 'syslog' + +[log.syslog] +tag = 'grafana' diff --git a/config/haproxy/APKBUILD b/config/haproxy/APKBUILD index 7c9da67..57c6e93 100644 --- a/config/haproxy/APKBUILD +++ b/config/haproxy/APKBUILD @@ -3,7 +3,7 @@ . ../APKBUILD-config.template -pkgver=2021.06.02.01 +pkgver=2021.06.25.01 pkgrel=0 depends="redxen-secret-letsencrypt-full redxen-data-haproxy-errorpages" checkdepends="haproxy" @@ -15,5 +15,5 @@ check() { } sha512sums=" -e61aaeb10d902749e8b650392f55fdb35999208dabc99d319c01db9ccba979ad1da825c5fbda24aeef1f7145a334df0170bd3ea2cfd0101d1b0ca885ec5f912c main.cfg +fdcf917875b7b04ed4bdffe8712d826aa2b85b17531295915062125be838008c79f6cf4ddb76fe20b87a5d66e2c8d506963f17c1581ffa1b0581bd35e51451fa main.cfg " diff --git a/config/haproxy/main.cfg b/config/haproxy/main.cfg index 9f9ab6f..4962b02 100644 --- a/config/haproxy/main.cfg +++ b/config/haproxy/main.cfg @@ -1,110 +1,124 @@ global - maxconn 2048 - maxconnrate 40 - stats socket /run/haproxy.sock mode 600 user telegraf - stats timeout 2m + maxconn 2048 + maxconnrate 40 + + log 127.0.0.1:514 local0 info + + stats socket /run/haproxy.sock mode 600 user telegraf + stats timeout 2m defaults - mode http - retries 3 - option forwardfor - option http-keep-alive - option tcp-smart-connect - option tcpka - option abortonclose - balance roundrobin - compression algo gzip - timeout http-request 10s - timeout connect 10s - timeout client 60s - timeout server 240s - timeout http-keep-alive 240s - default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check + mode http - errorfile 400 /etc/redxen/haproxy/errorpages/400.http - errorfile 403 /etc/redxen/haproxy/errorpages/403.http - errorfile 408 /etc/redxen/haproxy/errorpages/408.http - errorfile 500 /etc/redxen/haproxy/errorpages/500.http - errorfile 502 /etc/redxen/haproxy/errorpages/502.http - errorfile 503 /etc/redxen/haproxy/errorpages/503.http - errorfile 504 /etc/redxen/haproxy/errorpages/504.http + log global + + retries 3 + + option forwardfor + option http-keep-alive + option httplog + option tcp-smart-connect + option tcpka + option abortonclose + + balance roundrobin + + compression algo gzip + + timeout http-request 10s + timeout connect 10s + timeout client 60s + timeout server 240s + timeout http-keep-alive 240s + + default-server resolvers local init-addr libc,none resolve-opts prevent-dup-ip check + + errorfile 400 /etc/redxen/haproxy/errorpages/400.http + errorfile 403 /etc/redxen/haproxy/errorpages/403.http + errorfile 408 /etc/redxen/haproxy/errorpages/408.http + errorfile 500 /etc/redxen/haproxy/errorpages/500.http + errorfile 502 /etc/redxen/haproxy/errorpages/502.http + errorfile 503 /etc/redxen/haproxy/errorpages/503.http + errorfile 504 /etc/redxen/haproxy/errorpages/504.http resolvers local - nameserver unbound 127.0.0.1:53 - resolve_retries 2 - timeout retry 300ms - hold other 100ms - hold refused 100ms - hold nx 100ms - hold timeout 3s - hold valid 60s + nameserver unbound 127.0.0.1:53 + + resolve_retries 2 + + timeout retry 300ms + + hold other 100ms + hold refused 100ms + hold nx 100ms + hold timeout 3s + hold valid 60s listen git-gitea - mode tcp - bind ipv4@*:2442,ipv6@*:2442 - option tcp-check - server-template gitssh 1 _gitssh._tcp.routinginfo.internal + mode tcp + bind ipv4@*:2442,ipv6@*:2442 + option tcp-check + server-template gitssh 1 _gitssh._tcp.routinginfo.internal frontend http - mode http - bind ipv4@:443,ipv6@:443 ssl crt /etc/redxen/letsencrypt/full.crt alpn h2,http/1.1 - bind ipv4@:80,ipv6@:80 + mode http + bind ipv4@:443,ipv6@:443 ssl crt /etc/redxen/letsencrypt/full.crt alpn h2,http/1.1 + bind ipv4@:80,ipv6@:80 - acl root path / - acl seedbox hdr_beg(host) -i seed.redxen + acl root path / + acl seedbox hdr_beg(host) -i seed.redxen - redirect prefix /web code 302 if seedbox root + redirect prefix /web code 302 if seedbox root - http-response set-header X-Forwarded-Proto https - http-response set-header X-XSS-Protection 1;\ mode=block - http-response set-header X-Content-Type-Options nosniff - http-response set-header Referrer-Policy no-referrer-when-downgrade - http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload + http-response set-header X-Forwarded-Proto https + http-response set-header X-XSS-Protection 1;\ mode=block + http-response set-header X-Content-Type-Options nosniff + http-response set-header Referrer-Policy no-referrer-when-downgrade + http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload - use_backend backend-transmission if seedbox + use_backend backend-transmission if seedbox + use_backend backend-root if { hdr_beg(host) -i redxen } + use_backend backend-grafana if { hdr_beg(host) -i stats.redxen } + #use_backend backend-pleroma if { hdr_beg(host) -i social.redxen } + use_backend backend-gitea if { hdr_beg(host) -i git.redxen } + use_backend backend-seedown if { hdr_beg(host) -i sd.redxen } + use_backend backend-packages if { hdr_beg(host) -i packages.redxen } + #use_backend backend-monerod if { hdr_beg(host) -i monerod.redxen } - use_backend backend-root if { hdr_beg(host) -i redxen } - use_backend backend-grafana if { hdr_beg(host) -i stats.redxen } -# use_backend backend-pleroma if { hdr_beg(host) -i social.redxen } - use_backend backend-gitea if { hdr_beg(host) -i git.redxen } - use_backend backend-seedown if { hdr_beg(host) -i sd.redxen } - use_backend backend-packages if { hdr_beg(host) -i packages.redxen } -# use_backend backend-monerod if { hdr_beg(host) -i monerod.redxen } +backend backend-root + server-template root 1 _root._tcp.routinginfo.internal + option httpchk HEAD / HTTP/1.1 + http-check send hdr Host redxen.eu - backend backend-root - server-template root 1 _root._tcp.routinginfo.internal - option httpchk HEAD / HTTP/1.1 - http-check send hdr Host redxen.eu +backend backend-transmission + server-template transmission 1 _transmission._tcp.routinginfo.internal - backend backend-transmission - server-template transmission 1 _transmission._tcp.routinginfo.internal +backend backend-grafana + server-template grafana 1 _grafana._tcp.routinginfo.internal + option httpchk HEAD / HTTP/1.1 + http-check send hdr Host stats.redxen.eu - backend backend-grafana - server-template grafana 1 _grafana._tcp.routinginfo.internal - option httpchk HEAD / HTTP/1.1 - http-check send hdr Host stats.redxen.eu +backend backend-seedown + server-template seedown 1 _seedown._tcp.routinginfo.internal + option httpchk HEAD / HTTP/1.1 + http-check send hdr Host sd.redxen.eu - backend backend-seedown - server-template seedown 1 _seedown._tcp.routinginfo.internal - option httpchk HEAD / HTTP/1.1 - http-check send hdr Host sd.redxen.eu +backend backend-packages + server-template packages 1 _packages._tcp.routinginfo.internal + option httpchk HEAD / HTTP/1.1 + http-check send hdr Host packages.redxen.eu - backend backend-packages - server-template packages 1 _packages._tcp.routinginfo.internal - option httpchk HEAD / HTTP/1.1 - http-check send hdr Host packages.redxen.eu +#backend backend-pleroma +# server-template pleroma 1 _pleroma._tcp.routinginfo.internal +# option httpchk HEAD / HTTP/1.1 +# http-check send hdr Host social.redxen.eu -# backend backend-pleroma -# server-template pleroma 1 _pleroma._tcp.routinginfo.internal -# option httpchk HEAD / HTTP/1.1 -# http-check send hdr Host social.redxen.eu +backend backend-gitea + server-template gitea 1 _gitea._tcp.routinginfo.internal + option httpchk HEAD / HTTP/1.1 + http-check send hdr Host gitea.redxen.eu - backend backend-gitea - server-template gitea 1 _gitea._tcp.routinginfo.internal - option httpchk HEAD / HTTP/1.1 - http-check send hdr Host gitea.redxen.eu - -# backend backend-monerod -# server-template monerod 1 _monerod._tcp.routinginfo.internal -# option httpchk POST /json_rpc HTTP/1.1 -# http-check send body \{\"method\"\:\"get_version\"\} hdr Content-Type application/json +#backend backend-monerod +# server-template monerod 1 _monerod._tcp.routinginfo.internal +# option httpchk POST /json_rpc HTTP/1.1 +# http-check send body \{\"method\"\:\"get_version\"\} hdr Content-Type application/json diff --git a/config/nginx/APKBUILD b/config/nginx/APKBUILD index 17c3d3c..bac3072 100644 --- a/config/nginx/APKBUILD +++ b/config/nginx/APKBUILD @@ -3,7 +3,7 @@ . ../APKBUILD-config.template -pkgver=2021.06.02.01 +pkgver=2021.06.25.02 pkgrel=0 depends="nginx-mod-http-zip" checkdepends="nginx" @@ -39,7 +39,7 @@ check() { } sha512sums=" -15708a8662984cbfc3d78c3337aa35a0e82586e2e7ba1430c2b99b5b584468e63899b40b5c15f29d892af2901135d9dc5dfdf2ea7469dd7382e7f25a797253e2 main.conf +7f5ab9650a84e073d2ae9916c0223ca4f3e3815fe4e46f83a1300423c7f541d62bda627d103804dd875555a7c132736903b7f75ac564354b90dee1f138cdae4a main.conf 1a330386c6119487a338d78a23a4e116983c333f82373faaa527e22518d71959a0f330968da764ca884dd4dea227c3cf4d2f6252b1dd7f3488ef08543712788d seedbox.conf 5ae68165edab56f41e51ad5b608a29121db878aed0309882927207d4ea9ec5e505a78b194bc8df8f943259130300edd4aa49b2e23a4ee705fa9ea761533fd133 alpine.conf 2657b0bdfc001f94159a8cddc928e666cb20055b3df42dd0ec48146c6952c3c7b3957af52612d35d38199fde76ee0c96cb0ea39ed38e13bcc608088c88dc3a88 homepage.conf diff --git a/config/nginx/main.conf b/config/nginx/main.conf index 6e5b100..5e179a4 100644 --- a/config/nginx/main.conf +++ b/config/nginx/main.conf @@ -5,6 +5,8 @@ events { } http { + access_log syslog:server=127.0.0.1; + error_log syslog:server=127.0.0.1; gzip on; gzip_vary on; tcp_nopush on; diff --git a/config/postgresql/APKBUILD b/config/postgresql/APKBUILD index 35ff5b0..cdd1f74 100644 --- a/config/postgresql/APKBUILD +++ b/config/postgresql/APKBUILD @@ -18,7 +18,7 @@ package() { } sha512sums=" -ee33ef1dd1e2afaea8336e94fd754c3ed5eff7d312de233fbbbf8371d736b1bec03d8c436d8b9360e04048b4548c3d3d488ca940c63b8e5645d143298b9fce18 postgresql.conf +f99d965fe866efdec56cf2ceba632b6a22093de49b707eb41fbfdd41656e58a934d266a6b165089e9d4a1958814bb936313ecab478f1dbf23c9149950a9f7973 postgresql.conf 5fbe3051fd563b1afbbd00e64a7923c415206522984790345cb161e0f3a96c24c46126fc0ad0ac0a28e1047b9d2cef6bfc5446abf5b1d42534a44e99a71a416e pg_hba.conf cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e pg_ident.conf " diff --git a/config/postgresql/postgresql.conf b/config/postgresql/postgresql.conf index 764c135..6fad00d 100644 --- a/config/postgresql/postgresql.conf +++ b/config/postgresql/postgresql.conf @@ -63,7 +63,7 @@ min_wal_size = 80MB #------------------------------------------------------------------------------ log_line_prefix = '%m [%p] %q%u@%d ' -log_timezone = 'Europe/Berlin' +log_destination = syslog #------------------------------------------------------------------------------ # PROCESS TITLE diff --git a/config/redis/APKBUILD b/config/redis/APKBUILD index 6414e87..c48213b 100644 --- a/config/redis/APKBUILD +++ b/config/redis/APKBUILD @@ -3,7 +3,7 @@ . ../APKBUILD-config.template -pkgver=2021.06.01.03 +pkgver=2021.06.25.01 pkgrel=0 source="redxen.conf" @@ -13,5 +13,5 @@ package() { } sha512sums=" -35f292d3de4c7dfc9340ded312c4550431599c2704b5f036e62a758bd0a11bd8d3f5bad38680b0b7f54ccba725d3749232821d3c08cd954529ae1b2c2fccbd61 redxen.conf +ab965b3ce221bf15e8d9e37704db58969a6e6aa057f9ca5584eb9dc5540f935c26fd360da1547a7dd831836db97a4953f0803ebd5dca6502418e0a37245b63e5 redxen.conf " diff --git a/config/redis/redxen.conf b/config/redis/redxen.conf index 5bef003..9e9c55c 100644 --- a/config/redis/redxen.conf +++ b/config/redis/redxen.conf @@ -15,10 +15,9 @@ tcp-keepalive 300 supervised no loglevel notice -logfile /var/log/redis/redis.log syslog-enabled yes -# syslog-ident redis -# syslog-facility local0 +syslog-ident redis +syslog-facility local0 databases 16 always-show-logo no diff --git a/config/rspamd/logging.conf b/config/rspamd/logging.conf index 98627bd..d076965 100644 --- a/config/rspamd/logging.conf +++ b/config/rspamd/logging.conf @@ -1,16 +1,8 @@ logging { type = "syslog"; + facility = "rspamd"; level = "info"; - - # Show statistics for regular expressions - log_re_cache = true; - - # Can be used for console logging color = false; - - # Log with microseconds resolution log_usec = false; - - # Enable debug for specific modules (e.g. `debug_modules = ["dkim", "re_cache"];`) debug_modules = [] }