diff --git a/Debezium/LICENSE b/Debezium/LICENSE new file mode 100644 index 00000000..58a1d1b3 --- /dev/null +++ b/Debezium/LICENSE @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/Debezium/README.md b/Debezium/README.md new file mode 100644 index 00000000..66ec204a --- /dev/null +++ b/Debezium/README.md @@ -0,0 +1,38 @@ +## Debezium Postgres CDC + +This module provides a Debezium connector for Postgres. It is based on the [Debezium Postgres connector](https://debezium.io/documentation/reference/1.0/connectors/postgresql.html) +and uses confluent zookeeper, broker, schema registry and rest proxy. + +### Prerequisites +- Docker +- Docker Compose + + +### Running the Stack +- Run `docker-compose up` to start the connector +- Run `docker-compose down` to stop the connector +- Run `docker-compose logs -f` to view the logs +- Run `docker-compose exec postgres bash` to access the postgres container +- Run `docker-compose exec broker bash` to access the kafka container + + +### Registering the connector +- Run `curl -X POST -H "Content-Type: application/json" -d @connector.json http://localhost:8083/connectors` + +### Testing the connector +- Run `docker-compose exec postgres bash` to access the postgres container +- Run `psql -U postgres` to access the postgres database + +### Viewing the data +- Run `docker-compose exec broker bash` to access the kafka container +- Run `kafka-console-consumer --bootstrap-server broker:9092 --topic postgres.public.movies --from-beginning` + + +## Schema Registry + +### Viewing the schema +- Run `curl -X GET http://localhost:8081/subjects/postgres.public.movies/versions/1` + + +### Registering the schema +- Run `curl -X POST -H "Content-Type: application/json" -d @schema.json http://localhost:8081/subjects/postgres.public.movies/versions` diff --git a/Debezium/connector.json b/Debezium/connector.json new file mode 100644 index 00000000..2eabf7da --- /dev/null +++ b/Debezium/connector.json @@ -0,0 +1,23 @@ +{ + "name": "movies-db-connector", + "config": { + "connector.class": "io.debezium.connector.postgresql.PostgresConnector", + "plugin.name": "pgoutput", + "tasks.max": "1", + "database.hostname": "postgres", + "database.port": "5432", + "database.user": "postgres", + "database.password": "postgres", + "database.dbname": "movies_db", + "database.server.name": "postgres", + "table.include.list": "public.movies", + "database.history.kafka.bootstrap.servers": "kafka:9092", + "database.history.kafka.topic": "schema-changes.movies", + "topic.prefix": "postgres", + "topic.creation.enable": "true", + "topic.creation.default.replication.factor": "1", + "topic.creation.default.partitions": "1", + "topic.creation.default.cleanup.policy": "delete", + "topic.creation.default.retention.ms": "604800000" + } +} \ No newline at end of file diff --git a/Debezium/docker-compose.yml b/Debezium/docker-compose.yml new file mode 100644 index 00000000..ee9431fa --- /dev/null +++ b/Debezium/docker-compose.yml @@ -0,0 +1,141 @@ +version: "3.9" + +services: + zookeeper: + image: confluentinc/cp-zookeeper:7.3.1 + hostname: zookeeper + container_name: zookeeper + ports: + - "2181:2181" + environment: + ZOOKEEPER_CLIENT_PORT: 2181 + ZOOKEEPER_TICK_TIME: 2000 + healthcheck: + test: echo srvr | nc zookeeper 2181 || exit 1 + start_period: 10s + retries: 20 + interval: 10s + broker: + image: confluentinc/cp-kafka:7.3.1 + hostname: broker + container_name: broker + depends_on: + zookeeper: + condition: service_healthy + ports: + - "29092:29092" + - "9092:9092" + - "9101:9101" + environment: + KAFKA_BROKER_ID: 1 + KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181' + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT + KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker:29092,PLAINTEXT_HOST://localhost:9092 + KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 + KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1 + KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1 + KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0 + KAFKA_AUTO_CREATE_TOPICS_ENABLE: "true" + KAFKA_JMX_PORT: 9101 + KAFKA_JMX_HOSTNAME: localhost + healthcheck: + test: nc -z localhost 9092 || exit -1 + start_period: 15s + interval: 5s + timeout: 10s + retries: 10 + debezium: + image: debezium/connect:latest + restart: always + container_name: debezium + hostname: debezium + depends_on: + postgres: + condition: service_healthy + broker: + condition: service_healthy + ports: + - "8083:8083" + environment: + BOOTSTRAP_SERVERS: broker:29092 + GROUP_ID: 1 + CONFIG_STORAGE_TOPIC: connect_configs + STATUS_STORAGE_TOPIC: connect_statuses + OFFSET_STORAGE_TOPIC: connect_offsets + KEY_CONVERTER: org.apache.kafka.connect.json.JsonConverter + VALUE_CONVERTER: org.apache.kafka.connect.json.JsonConverter + ENABLE_DEBEZIUM_SCRIPTING: "true" + healthcheck: + test: ["CMD", "curl", "--silent", "--fail", "-X", "GET", "http://localhost:8083/connectors"] + start_period: 10s + interval: 10s + timeout: 5s + retries: 5 + + schema-registry: + image: confluentinc/cp-schema-registry:7.3.1 + hostname: schema-registry + container_name: schema-registry + depends_on: + broker: + condition: service_healthy + ports: + - "8081:8081" + environment: + SCHEMA_REGISTRY_HOST_NAME: schema-registry + SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: broker:29092 + SCHEMA_REGISTRY_LISTENERS: http://0.0.0.0:8081 + + healthcheck: + start_period: 10s + interval: 10s + retries: 20 + test: curl --user superUser:superUser --fail --silent --insecure http://localhost:8081/subjects --output /dev/null || exit 1 + + rest-proxy: + image: confluentinc/cp-kafka-rest:7.3.1 + depends_on: + broker: + condition: service_healthy + ports: + - "8082:8082" + hostname: rest-proxy + container_name: rest-proxy + environment: + KAFKA_REST_HOST_NAME: rest-proxy + KAFKA_REST_BOOTSTRAP_SERVERS: 'broker:29092' + KAFKA_REST_LISTENERS: "http://0.0.0.0:8082" + + debezium-ui: + image: debezium/debezium-ui:latest + restart: always + container_name: debezium-ui + hostname: debezium-ui + depends_on: + debezium: + condition: service_healthy + ports: + - "8080:8080" + environment: + KAFKA_CONNECT_URIS: http://debezium:8083 + + + postgres: + image: postgres:latest + restart: always + container_name: postgres + hostname: postgres + ports: + - "5432:5432" + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_DB: movies_db + command: ["postgres", "-c", "wal_level=logical"] + healthcheck: + test: ["CMD", "psql", "-U", "postgres", "-c", "SELECT 1"] + interval: 10s + timeout: 5s + retries: 5 + volumes: + - ./scripts:/docker-entrypoint-initdb.d diff --git a/Debezium/scripts/data.sql b/Debezium/scripts/data.sql new file mode 100644 index 00000000..51633a1b --- /dev/null +++ b/Debezium/scripts/data.sql @@ -0,0 +1,15 @@ + +CREATE TABLE IF NOT EXISTS movies ( + id bigint PRIMARY KEY, + title VARCHAR(255) NOT NULL, + year INTEGER NOT NULL, + director VARCHAR(255) NOT NULL, + rating DECIMAL NOT NULL +); + +INSERT INTO movies (id, title, year, director, rating) VALUES (1, 'The Shawshank Redemption', 1994, 'Frank Darabont', 9.3); +INSERT INTO movies (id, title, year, director, rating) VALUES (2, 'The Godfather', 1972, 'Francis Ford Coppola', 9.2); +INSERT INTO movies (id, title, year, director, rating) VALUES (3, 'The Godfather: Part II', 1974, 'Francis Ford Coppola', 9.0); +INSERT INTO movies (id, title, year, director, rating) VALUES (4, 'The Dark Knight', 2008, 'Christopher Nolan', 9.0); +INSERT INTO movies (id, title, year, director, rating) VALUES (5, 'Interstellar', 2014, 'Christopher Nolan', 10); + diff --git a/Graylog/LICENSE b/Graylog/LICENSE new file mode 100644 index 00000000..0c97efd2 --- /dev/null +++ b/Graylog/LICENSE @@ -0,0 +1,235 @@ +GNU AFFERO GENERAL PUBLIC LICENSE +Version 3, 19 November 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + + Preamble + +The GNU Affero General Public License is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, our General Public Licenses are intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License which gives you legal permission to copy, distribute and/or modify the software. + +A secondary benefit of defending all users' freedom is that improvements made in alternate versions of the program, if they receive widespread use, become available for other developers to incorporate. Many developers of free software are heartened and encouraged by the resulting cooperation. However, in the case of software used on network servers, this result may fail to come about. The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public. + +The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version. + +An older license, called the Affero General Public License and published by Affero, was designed to accomplish similar goals. This is a different license, not a version of the Affero GPL, but Affero has released a new version of the Affero GPL which permits relicensing under this license. + +The precise terms and conditions for copying, distribution and modification follow. + + TERMS AND CONDITIONS + +0. Definitions. + +"This License" refers to version 3 of the GNU Affero General Public License. + +"Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based on the Program. + +To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. + +1. Source Code. +The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. + +A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same work. + +2. Basic Permissions. +All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. +No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. + +When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. + +4. Conveying Verbatim Copies. +You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. +You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". + + c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. + +A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. + +6. Conveying Non-Source Forms. +You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: + + a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. + + d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. + +"Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. + +If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). + +The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. + +7. Additional Terms. +"Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or authors of the material; or + + e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. + +All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. + +8. Termination. + +You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). + +However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + +Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. + +9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. + +11. Patents. + +A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. + +If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. + +A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. + +13. Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph. + +Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU General Public License. + +14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions of the GNU Affero General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU Affero General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU Affero General Public License, you may choose any version ever published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions of the GNU Affero General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. + +Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. + +15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If your software can interact with users remotely through a computer network, you should also make sure that it provides a way for users to get its source. For example, if your program is a web application, its interface could display a "Source" link that leads users to an archive of the code. There are many ways you could offer source, and different solutions will be better for different programs; see section 13 for the specific requirements. + +You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see . diff --git a/Graylog/README.md b/Graylog/README.md new file mode 100644 index 00000000..44ce6d80 --- /dev/null +++ b/Graylog/README.md @@ -0,0 +1,19 @@ +# Titre + +image + +description. +https://go2docs.graylog.org/5-0/downloading_and_installing_graylog/docker_installation.htm +https://github.com/Graylog2/docker-compose/blob/main/open-core/docker-compose.yml + +## Installation + +#### Find Pi-Hole token + +## Usage + +## More info +- more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/) + +## Buy me a coffe +Buy Me a Coffee at ko-fi.com \ No newline at end of file diff --git a/Graylog/config/graylog/graylog.conf b/Graylog/config/graylog/graylog.conf new file mode 100644 index 00000000..d42d09ff --- /dev/null +++ b/Graylog/config/graylog/graylog.conf @@ -0,0 +1,399 @@ +# If you are running more than one instances of Graylog server you have to select one of these +# instances as master. The master will perform some periodical tasks that non-masters won't perform. +is_master = true + +# The auto-generated node ID will be stored in this file and read after restarts. It is a good idea +# to use an absolute file path here if you are starting Graylog server from init scripts or similar. +node_id_file = /usr/share/graylog/data/config/node-id + +root_username = admin +root_timezone = UTC +bin_dir = /usr/share/graylog/bin +data_dir = /usr/share/graylog/data +plugin_dir = /usr/share/graylog/plugin + + +# List of Elasticsearch hosts Graylog should connect to. +# Need to be specified as a comma-separated list of valid URIs for the http ports of your elasticsearch nodes. +# If one or more of your elasticsearch hosts require authentication, include the credentials in each node URI that +# requires authentication. + +# Maximum number of retries to connect to elasticsearch on boot for the version probe. +# +# Default: 0, retry indefinitely with the given delay until a connection could be established +elasticsearch_version_probe_attempts = 5 + +# Waiting time in between connection attempts for elasticsearch_version_probe_attempts +# +# Default: 5s +elasticsearch_version_probe_delay = 5s + +# Maximum amount of time to wait for successful connection to Elasticsearch HTTP port. +# +# Default: 10 Seconds +elasticsearch_connect_timeout = 10s + +# Maximum amount of time to wait for reading back a response from an Elasticsearch server. +# (e. g. during search, index creation, or index time-range calculations) +# +# Default: 60 seconds +elasticsearch_socket_timeout = 60s + +# Maximum idle time for an Elasticsearch connection. If this is exceeded, this connection will +# be tore down. +# +# Default: inf +#elasticsearch_idle_timeout = -1s + +# Maximum number of total connections to Elasticsearch. +# +# Default: 200 +#elasticsearch_max_total_connections = 200 + +# Maximum number of total connections per Elasticsearch route (normally this means per +# elasticsearch server). +# +# Default: 20 +#elasticsearch_max_total_connections_per_route = 20 + +# Maximum number of times Graylog will retry failed requests to Elasticsearch. +# +# Default: 2 +#elasticsearch_max_retries = 2 + +# Enable automatic Elasticsearch node discovery through Nodes Info, +# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster-nodes-info.html +# +# WARNING: Automatic node discovery does not work if Elasticsearch requires authentication, e. g. with Shield. +# +# Default: false +#elasticsearch_discovery_enabled = true + +# Filter for including/excluding Elasticsearch nodes in discovery according to their custom attributes, +# see https://www.elastic.co/guide/en/elasticsearch/reference/5.4/cluster.html#cluster-nodes +# +# Default: empty +#elasticsearch_discovery_filter = rack:42 + +# Frequency of the Elasticsearch node discovery. +# +# Default: 30s +# elasticsearch_discovery_frequency = 30s + +# Set the default scheme when connecting to Elasticsearch discovered nodes +# +# Default: http (available options: http, https) +#elasticsearch_discovery_default_scheme = http + +# Enable payload compression for Elasticsearch requests. +# +# Default: false +#elasticsearch_compression_enabled = true + +# Enable use of "Expect: 100-continue" Header for Elasticsearch index requests. +# If this is disabled, Graylog cannot properly handle HTTP 413 Request Entity Too Large errors. +# +# Default: true +#elasticsearch_use_expect_continue = true + +# Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine +# when to rotate the currently active write index. +# It supports multiple rotation strategies: +# - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure +# - "size" per index, use elasticsearch_max_size_per_index below to configure +# valid values are "count", "size" and "time", default is "count" +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! +# This configuration setting is only used on the first start of Graylog. After that, +# index related settings can be changed in the Graylog web interface on the 'System / Indices' page. +# Also see https://docs.graylog.org/docs/index-model#index-set-configuration +rotation_strategy = count + +# (Approximate) maximum number of documents in an Elasticsearch index before a new index +# is being created, also see no_retention and elasticsearch_max_number_of_indices. +# Configure this if you used 'rotation_strategy = count' above. +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! +# This configuration setting is only used on the first start of Graylog. After that, +# index related settings can be changed in the Graylog web interface on the 'System / Indices' page. +# Also see https://docs.graylog.org/docs/index-model#index-set-configuration +elasticsearch_max_docs_per_index = 20000000 + +# (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see +# no_retention and elasticsearch_max_number_of_indices. Default is 1GB. +# Configure this if you used 'rotation_strategy = size' above. +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! +# This configuration setting is only used on the first start of Graylog. After that, +# index related settings can be changed in the Graylog web interface on the 'System / Indices' page. +# Also see https://docs.graylog.org/docs/index-model#index-set-configuration +#elasticsearch_max_size_per_index = 1073741824 + +# (Approximate) maximum time before a new Elasticsearch index is being created, also see +# no_retention and elasticsearch_max_number_of_indices. Default is 1 day. +# Configure this if you used 'rotation_strategy = time' above. +# Please note that this rotation period does not look at the time specified in the received messages, but is +# using the real clock value to decide when to rotate the index! +# Specify the time using a duration and a suffix indicating which unit you want: +# 1w = 1 week +# 1d = 1 day +# 12h = 12 hours +# Permitted suffixes are: d for day, h for hour, m for minute, s for second. +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! +# This configuration setting is only used on the first start of Graylog. After that, +# index related settings can be changed in the Graylog web interface on the 'System / Indices' page. +# Also see https://docs.graylog.org/docs/index-model#index-set-configuration +#elasticsearch_max_time_per_index = 1d + +# Disable checking the version of Elasticsearch for being compatible with this Graylog release. +# WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss! +#elasticsearch_disable_version_check = true + +# Disable message retention on this node, i. e. disable Elasticsearch index rotation. +#no_retention = false + +# How many indices do you want to keep? +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! +# This configuration setting is only used on the first start of Graylog. After that, +# index related settings can be changed in the Graylog web interface on the 'System / Indices' page. +# Also see https://docs.graylog.org/docs/index-model#index-set-configuration +elasticsearch_max_number_of_indices = 20 + +# Decide what happens with the oldest indices when the maximum number of indices is reached. +# The following strategies are availble: +# - delete # Deletes the index completely (Default) +# - close # Closes the index and hides it from the system. Can be re-opened later. +# +# ATTENTION: These settings have been moved to the database in 2.0. When you upgrade, make sure to set these +# to your previous 1.x settings so they will be migrated to the database! +# This configuration setting is only used on the first start of Graylog. After that, +# index related settings can be changed in the Graylog web interface on the 'System / Indices' page. +# Also see https://docs.graylog.org/docs/index-model#index-set-configuration +retention_strategy = delete + +# How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices. +# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these +# to your previous settings so they will be migrated to the database! +# This configuration setting is only used on the first start of Graylog. After that, +# index related settings can be changed in the Graylog web interface on the 'System / Indices' page. +# Also see https://docs.graylog.org/docs/index-model#index-set-configuration +elasticsearch_shards = 4 +elasticsearch_replicas = 0 + +# Prefix for all Elasticsearch indices and index aliases managed by Graylog. +# +# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these +# to your previous settings so they will be migrated to the database! +# This configuration setting is only used on the first start of Graylog. After that, +# index related settings can be changed in the Graylog web interface on the 'System / Indices' page. +# Also see https://docs.graylog.org/docs/index-model#index-set-configuration +elasticsearch_index_prefix = graylog + +# Name of the Elasticsearch index template used by Graylog to apply the mandatory index mapping. +# Default: graylog-internal +# +# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these +# to your previous settings so they will be migrated to the database! +# This configuration setting is only used on the first start of Graylog. After that, +# index related settings can be changed in the Graylog web interface on the 'System / Indices' page. +# Also see https://docs.graylog.org/docs/index-model#index-set-configuration +#elasticsearch_template_name = graylog-internal + +# Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only +# be enabled with care. See also: https://docs.graylog.org/docs/query-language +allow_leading_wildcard_searches = false + +# Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and +# should only be enabled after making sure your Elasticsearch cluster has enough memory. +allow_highlighting = false + +# Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea. +# All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom +# Elasticsearch documentation: https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html +# Note that this setting only takes effect on newly created indices. +# +# ATTENTION: These settings have been moved to the database in Graylog 2.2.0. When you upgrade, make sure to set these +# to your previous settings so they will be migrated to the database! +# This configuration setting is only used on the first start of Graylog. After that, +# index related settings can be changed in the Graylog web interface on the 'System / Indices' page. +# Also see https://docs.graylog.org/docs/index-model#index-set-configuration +elasticsearch_analyzer = standard + +# Global timeout for index optimization (force merge) requests. +# Default: 1h +#elasticsearch_index_optimization_timeout = 1h + +# Maximum number of concurrently running index optimization (force merge) jobs. +# If you are using lots of different index sets, you might want to increase that number. +# Default: 20 +#elasticsearch_index_optimization_jobs = 20 + +# Mute the logging-output of ES deprecation warnings during REST calls in the ES RestClient +#elasticsearch_mute_deprecation_warnings = true + +# Time interval for index range information cleanups. This setting defines how often stale index range information +# is being purged from the database. +# Default: 1h +#index_ranges_cleanup_interval = 1h + +# Time interval for the job that runs index field type maintenance tasks like cleaning up stale entries. This doesn't +# need to run very often. +# Default: 1h +#index_field_type_periodical_interval = 1h + +# Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output +# module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been +# reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember +# that every outputbuffer processor manages its own batch and performs its own batch write calls. +# ("outputbuffer_processors" variable) +output_batch_size = 500 + +# Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two +# batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages +# for this time period is less than output_batch_size * outputbuffer_processors. +output_flush_interval = 1 + +# As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and +# over again. To prevent this, the following configuration options define after how many faults an output will +# not be tried again for an also configurable amount of seconds. +output_fault_count_threshold = 5 +output_fault_penalty_seconds = 30 + +# The number of parallel running processors. +# Raise this number if your buffers are filling up. +processbuffer_processors = 5 +outputbuffer_processors = 3 + +# The following settings (outputbuffer_processor_*) configure the thread pools backing each output buffer processor. +# See https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/ThreadPoolExecutor.html for technical details + +# When the number of threads is greater than the core (see outputbuffer_processor_threads_core_pool_size), +# this is the maximum time in milliseconds that excess idle threads will wait for new tasks before terminating. +# Default: 5000 +#outputbuffer_processor_keep_alive_time = 5000 + +# The number of threads to keep in the pool, even if they are idle, unless allowCoreThreadTimeOut is set +# Default: 3 +#outputbuffer_processor_threads_core_pool_size = 3 + +# The maximum number of threads to allow in the pool +# Default: 30 +#outputbuffer_processor_threads_max_pool_size = 30 + +# UDP receive buffer size for all message inputs (e. g. SyslogUDPInput). +#udp_recvbuffer_sizes = 1048576 + +# Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping) +# Possible types: +# - yielding +# Compromise between performance and CPU usage. +# - sleeping +# Compromise between performance and CPU usage. Latency spikes can occur after quiet periods. +# - blocking +# High throughput, low latency, higher CPU usage. +# - busy_spinning +# Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores. +processor_wait_strategy = blocking + +# Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore. +# For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache. +# Must be a power of 2. (512, 1024, 2048, ...) +ring_size = 65536 + +inputbuffer_ring_size = 65536 +inputbuffer_processors = 2 +inputbuffer_wait_strategy = blocking + +# Enable the message journal. +message_journal_enabled = true + +# The directory which will be used to store the message journal. The directory must be exclusively used by Graylog and +# must not contain any other files than the ones created by Graylog itself. +# +# ATTENTION: +# If you create a seperate partition for the journal files and use a file system creating directories like 'lost+found' +# in the root directory, you need to create a sub directory for your journal. +# Otherwise Graylog will log an error message that the journal is corrupt and Graylog will not start. +message_journal_dir = data/journal + +# Journal hold messages before they could be written to Elasticsearch. +# For a maximum of 12 hours or 5 GB whichever happens first. +# During normal operation the journal will be smaller. +#message_journal_max_age = 12h +#message_journal_max_size = 5gb + +#message_journal_flush_age = 1m +#message_journal_flush_interval = 1000000 +#message_journal_segment_age = 1h +#message_journal_segment_size = 100mb + +# Number of threads used exclusively for dispatching internal events. Default is 2. +#async_eventbus_processors = 2 + +# How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual +# shutdown process. Set to 0 if you have no status checking load balancers in front. +lb_recognition_period_seconds = 3 + +# MongoDB connection string +# See https://docs.mongodb.com/manual/reference/connection-string/ for details +#mongodb_uri = mongodb://localhost/graylog +mongodb_uri = mongodb://mongodb/graylog + +# Authenticate against the MongoDB server +# '+'-signs in the username or password need to be replaced by '%2B' +#mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog + +# Use a replica set instead of a single host +#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog?replicaSet=rs01 + +# DNS Seedlist https://docs.mongodb.com/manual/reference/connection-string/#dns-seedlist-connection-format +#mongodb_uri = mongodb+srv://server.example.org/graylog + +# Increase this value according to the maximum connections your MongoDB server can handle from a single client +# if you encounter MongoDB connection problems. +mongodb_max_connections = 1000 + +# Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5 +# If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5, +# then 500 threads can block. More than that and an exception will be thrown. +# http://api.mongodb.com/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier +mongodb_threads_allowed_to_block_multiplier = 5 + +# For some cluster-related REST requests, the node must query all other nodes in the cluster. This is the maximum number +# of threads available for this. Increase it, if '/cluster/*' requests take long to complete. +# Should be http_thread_pool_size * average_cluster_size if you have a high number of concurrent users. +proxied_requests_thread_pool_size = 32 + +# The allowed TLS protocols for system wide TLS enabled servers. (e.g. message inputs, http interface) +# Setting this to an empty value, leaves it up to system libraries and the used JDK to chose a default. +# Default: TLSv1.2,TLSv1.3 (might be automatically adjusted to protocols supported by the JDK) +enabled_tls_protocols= TLSv1.2,TLSv1.3 + +# Enable Prometheus exporter HTTP server. +# Default: false +prometheus_exporter_enabled = true + +# IP address and port for the Prometheus exporter HTTP server. +# Default: 127.0.0.1:9833 +prometheus_exporter_bind_address = 127.0.0.1:9833 + +#Email Settings +transport_email_enabled = true +transport_email_hostname = outbound.mailhop.org +transport_email_port = 587 +transport_email_use_auth = true +transport_email_use_tls = true +transport_email_use_ssl = false +transport_email_auth_username = xxxxx +transport_email_auth_password = xxxxxx +transport_email_subject_prefix = [graylog] +transport_email_from_email = graylog@example.com +transport_email_web_interface_url = https://graylog.example.com + diff --git a/Graylog/docker-compose.yml b/Graylog/docker-compose.yml new file mode 100644 index 00000000..1d225248 --- /dev/null +++ b/Graylog/docker-compose.yml @@ -0,0 +1,97 @@ +version: '3' + +networks: + graynet: + driver: bridge + +# This is how you persist data between container restarts +volumes: + mongo_data: + driver: local + log_data: + driver: local + graylog_data: + driver: local + +services: + # Graylog stores configuration in MongoDB + mongo: + image: mongo:6.0.5-jammy + container_name: mongodb + volumes: + - "mongo_data:/data/db" + networks: + - graynet + restart: unless-stopped + + # The logs themselves are stored in Opensearch + opensearch: + image: opensearchproject/opensearch:2 + container_name: opensearch + environment: + - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" + - "bootstrap.memory_lock=true" + - "discovery.type=single-node" + - "action.auto_create_index=false" + - "plugins.security.ssl.http.enabled=false" + - "plugins.security.disabled=true" + volumes: + - "log_data:/usr/share/opensearch/data" + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + ports: + - 9200:9200/tcp + networks: + - graynet + restart: unless-stopped + + graylog: + image: graylog/graylog:5.1 + container_name: graylog + environment: + # CHANGE ME (must be at least 16 characters)! + GRAYLOG_PASSWORD_SECRET: "somepasswordpepper" + # Password: admin + GRAYLOG_ROOT_PASSWORD_SHA2: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" + GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000" + GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/" + GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200" + GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog" + GRAYLOG_TIMEZONE: "Europe/Paris" + TZ: "Europe/Paris" + GRAYLOG_TRANSPORT_EMAIL_PROTOCOL: "smtp" + GRAYLOG_TRANSPORT_EMAIL_WEB_INTERFACE_URL: "http://192.168.3.233:9000/" + GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: "webmail.tips-of-mine.fr" + GRAYLOG_TRANSPORT_EMAIL_ENABLED: "true" + GRAYLOG_TRANSPORT_EMAIL_PORT: "587" + GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: "true" + GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME: "xxxxx" + GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD: "xxxxx" + GRAYLOG_TRANSPORT_EMAIL_USE_TLS: "true" + GRAYLOG_TRANSPORT_EMAIL_USE_SSL: "false" + GRAYLOG_TRANSPORT_FROM_EMAIL: "graylog@tips-of-mine.fr" + GRAYLOG_TRANSPORT_SUBJECT_PREFIX: "[graylog]" + + entrypoint: /usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh + volumes: + - "${PWD}/config/graylog/graylog.conf:/usr/share/graylog/config/graylog.conf" + - "graylog_data:/usr/share/graylog/data" + networks: + - graynet + restart: always + depends_on: + opensearch: + condition: "service_started" + mongo: + condition: "service_started" + ports: + - 9000:9000/tcp # Graylog web interface and REST API + - 1514:1514/tcp # Syslog + - 1514:1514/udp # Syslog + - 12201:12201/tcp # GELF + - 12201:12201/udp # GELF diff --git a/Guacamole/LICENSE b/Guacamole/LICENSE new file mode 100644 index 00000000..d41c0bd9 --- /dev/null +++ b/Guacamole/LICENSE @@ -0,0 +1,232 @@ +GNU GENERAL PUBLIC LICENSE +Version 3, 29 June 2007 + +Copyright © 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The GNU General Public License is a free, copyleft license for software and other kinds of works. + +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. + +To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. + +For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. + +Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. + +Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS + +0. Definitions. + +“This License†refers to version 3 of the GNU General Public License. + +“Copyright†also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. + +“The Program†refers to any copyrightable work licensed under this License. Each licensee is addressed as “youâ€. “Licensees†and “recipients†may be individuals or organizations. + +To “modify†a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a “modified version†of the earlier work or a work “based on†the earlier work. + +A “covered work†means either the unmodified Program or a work based on the Program. + +To “propagate†a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. + +To “convey†a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays “Appropriate Legal Notices†to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. + +1. Source Code. +The “source code†for a work means the preferred form of the work for making modifications to it. “Object code†means any non-source form of a work. + +A “Standard Interface†means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. + +The “System Libraries†of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A “Major Componentâ€, in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. + +The “Corresponding Source†for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same work. + +2. Basic Permissions. +All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. +No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. + +When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. + +4. Conveying Verbatim Copies. +You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. +You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to “keep intact all noticesâ€. + + c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. + +A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate†if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. + +6. Conveying Non-Source Forms. +You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: + + a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. + + d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. + +A “User Product†is either (1) a “consumer productâ€, which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, “normally used†refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. + +“Installation Information†for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. + +If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). + +The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. + +7. Additional Terms. +“Additional permissions†are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or authors of the material; or + + e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. + +All other non-permissive additional terms are considered “further restrictions†within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. + +8. Termination. +You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). + +However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + +Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. + +9. Acceptance Not Required for Having Copies. +You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. +Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. + +An “entity transaction†is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. + +11. Patents. +A “contributor†is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's “contributor versionâ€. + +A contributor's “essential patent claims†are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, “control†includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. + +In the following three paragraphs, a “patent license†is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To “grant†such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. + +If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. “Knowingly relying†means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. + +A patent license is “discriminatory†if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. +If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. + +13. Use with the GNU Affero General Public License. +Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. + +14. Revised Versions of this License. +The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License “or any later version†applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. + +Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. + +15. Disclaimer of Warranty. +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS†WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the “copyright†line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an “about boxâ€. + +You should also get your employer (if you work as a programmer) or school, if any, to sign a “copyright disclaimer†for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . + +The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . diff --git a/Guacamole/README.md b/Guacamole/README.md new file mode 100644 index 00000000..f0e0b922 --- /dev/null +++ b/Guacamole/README.md @@ -0,0 +1,155 @@ +# Guacamole avec docker-compose +Ceci est une petite documentation sur la façon de faire fonctionner une instance **Apache Guacamole** avec docker (docker-compose). +Le but de ce projet est de faciliter le test de Guacamole. + +## A propos de Guacamole +Apache Guacamole est une passerelle de bureau à distance sans client. +Elle supporte les protocoles standards tels que VNC, RDP et SSH. +Il est appelé "sans client" car aucun plugin ou logiciel client n'est nécessaire. +Grâce à HTML5, une fois Guacamole installé sur un serveur, tout ce dont vous avez besoin pour accéder à vos bureaux est un navigateur web. + +## Prérequis +Vous avez besoin d'une installation **docker** fonctionnelle et de **docker-compose** sur votre machine. + +## Démarrage rapide +Clonez le dépôt GIT et démarrez guacamole : + +~~~bash + git clone https://git.tips-of-mine.fr/Tips-Of-Mine/Docker-Guacamole-Nginx.git + cd Docker-Guacamole-Nginx + ./prepare.sh + docker-compose up -d +~~~ + +Votre serveur guacamole devrait maintenant être disponible à `https://ip of your server:8443/`. +Le nom d'utilisateur par défaut est `guacadmin` avec le mot de passe `guacadmin`. + +## Détails +Pour comprendre certains détails, regardons de plus près certaines parties du fichier `docker-compose.yml` + +### Mise en réseau +La partie suivante de docker-compose.yml créera un réseau avec le nom `guacnetwork_compose` en mode `bridged`. +~~~python +... +networks : + guacnetwork_compose : + driver : bridge +... +~~~ + +### Services +#### guacd +La partie suivante de docker-compose.yml va créer le service guacd. guacd est le coeur de Guacamole qui charge dynamiquement le support pour les protocoles de bureau à distance (appelés "plugins clients") et les connecte aux bureaux à distance en se basant sur les instructions reçues de l'application web. Le conteneur sera appelé `guacd_compose` basé sur l'image docker `guacamole/guacd` connecté à notre réseau précédemment créé `guacnetwork_compose`. De plus, nous mappons les 2 dossiers locaux `./drive` et `./record` dans le conteneur. Nous pourrons les utiliser plus tard pour mapper les disques des utilisateurs et stocker les enregistrements des sessions. + +~~~python +... +services: + # guacd + guacd: + container_name: guacd_compose + image: guacamole/guacd + networks: + guacnetwork_compose: + restart: always + volumes: + - ./drive:/drive:rw + - ./record:/record:rw +... +~~~ + +#### PostgreSQL +La partie suivante de docker-compose.yml va créer une instance de PostgreSQL en utilisant l'image docker officielle. +Cette image est hautement configurable en utilisant des variables d'environnement. +Elle va par exemple initialiser une base de données si un script d'initialisation est trouvé dans le dossier `/docker-entrypoint-initdb.d` de l'image. +Puisque nous mappons le dossier local `./init` à l'intérieur du conteneur en tant que `docker-entrypoint-initdb.d`, nous pouvons initialiser la base de données pour guacamole en utilisant notre propre script (`./init/initdb.sql`). Vous pouvez lire plus de détails à ce sujet + +~~~python +... + postgres: + container_name: postgres_guacamole_compose + environment: + PGDATA: /var/lib/postgresql/data/guacamole + POSTGRES_DB: guacamole_db + POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234 + POSTGRES_USER: guacamole_user + image: postgres + networks: + guacnetwork_compose: + restart: always + volumes: + - ./init:/docker-entrypoint-initdb.d:ro + - ./data:/var/lib/postgresql/data:rw +... +~~~ + +#### Guacamole +La partie suivante de docker-compose.yml va créer une instance de guacamole en utilisant l'image docker `guacamole` depuis docker hub. +Il est également hautement configurable en utilisant des variables d'environnement. +Dans cette configuration, il est configuré pour se connecter à l'instance postgres précédemment créée en utilisant un nom d'utilisateur et un mot de passe et la base de données `guacamole_db`. +Le port 8080 n'est exposé que localement ! Nous attacherons une instance de nginx pour l'affichage public dans l'étape suivante. + +~~~python +... + guacamole: + container_name: guacamole_compose + depends_on: + - guacd + - postgres + environment: + GUACD_HOSTNAME: guacd + POSTGRES_DATABASE: guacamole_db + POSTGRES_HOSTNAME: postgres + POSTGRES_PASSWORD: ChooseYourOwnPasswordHere1234 + POSTGRES_USER: guacamole_user + image: guacamole/guacamole + links: + - guacd + networks: + guacnetwork_compose: + ports: + - 8080/tcp + restart: always +... +~~~ + +#### nginx +La partie suivante de docker-compose.yml va créer une instance de nginx qui va mapper le port public 8443 au port interne 443. +Le port interne 443 est alors mappé à guacamole en utilisant le fichier `./nginx/templates/guacamole.conf.template`. +Le conteneur utilisera le certificat auto-signé précédemment généré (`prepare.sh`) dans `./nginx/ssl/` avec `./nginx/ssl/self-ssl.key` et `./nginx/ssl/self.cert`. + +~~~python +... + # nginx + nginx: + container_name: nginx_guacamole_compose + restart: always + image: nginx + volumes: + - ./nginx/templates:/etc/nginx/templates:ro + - ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro + - ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro + ports: + - 8443:443 + links: + - guacamole + networks: + guacnetwork_compose: +... +~~~ + +## prepare.sh +`prepare.sh` est un petit script qui crée `./init/initdb.sql` en téléchargeant l'image docker `guacamole/guacamole` et la démarre comme ceci : + +~~~bash +docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > ./init/initdb.sql +~~~ + +Il crée le fichier d'initialisation de la base de données nécessaire pour postgres. + +`prepare.sh` crée également le certificat auto-signé `./nginx/ssl/self.cert` et la clé privée `./nginx/ssl/self-ssl.key` qui sont utilisés par nginx pour https. + +## reset.sh +Pour tout remettre à zéro, il suffit de lancer `./reset.sh`. + +## Buy me a coffe +Buy Me a Coffee at ko-fi.com diff --git a/Guacamole/debug.log b/Guacamole/debug.log new file mode 100644 index 00000000..fe4e3976 --- /dev/null +++ b/Guacamole/debug.log @@ -0,0 +1,3 @@ +[0703/201232.597:ERROR:registration_protocol_win.cc(107)] CreateFile: Le fichier spécifié est introuvable. (0x2) +[0703/201232.968:ERROR:registration_protocol_win.cc(107)] CreateFile: Le fichier spécifié est introuvable. (0x2) +[0703/201233.340:ERROR:registration_protocol_win.cc(107)] CreateFile: Le fichier spécifié est introuvable. (0x2) diff --git a/Guacamole/docker-compose.yml b/Guacamole/docker-compose.yml new file mode 100644 index 00000000..4454306c --- /dev/null +++ b/Guacamole/docker-compose.yml @@ -0,0 +1,72 @@ + +version: '3' + +# networks +# create a network 'guacnetwork_net' in mode 'bridged' +networks: + guacnetwork_net: + driver: bridge + +# services +services: + # guacd + guacd: + container_name: guacamole_guacd + image: guacamole/guacd:latest + networks: + guacnetwork_net: + restart: always + volumes: + - ./drive:/drive:rw + - ./record:/record:rw + # postgres + postgres: + container_name: guacamole_postgres + environment: + PGDATA: /var/lib/postgresql/data/guacamole + POSTGRES_DB: guacamole_db + POSTGRES_PASSWORD: 'PasswordHere123456' + POSTGRES_USER: guacamole_user + image: postgres:15.2-alpine +# networks: +# guacnetwork_net: + restart: always + volumes: + - ./init:/docker-entrypoint-initdb.d:z + - ./data:/var/lib/postgresql/data:Z + + # guacamole + guacamole: + container_name: guacamole_frontend + depends_on: + - guacd + - postgres + environment: + GUACD_HOSTNAME: guacd + POSTGRES_DATABASE: guacamole_db + POSTGRES_HOSTNAME: postgres + POSTGRES_PASSWORD: 'PasswordHere123456' + POSTGRES_USER: guacamole_user + LDAP_HOSTNAME: "10.0.4.2" + LDAP_PORT: 389 + LDAP_ENCRYPTION_METHOD: "none" + LDAP_USER_BASE_DN: "ou=utilisateurs,dc=tips-of-mine,dc=local" + LDAP_USERNAME_ATTRIBUTE: "sAMAccountName" + LDAP_SEARCH_BIND_DN: "cn=service-guacamole,ou=Services,ou=utilisateurs,dc=tips-of-mine,dc=local" + LDAP_SEARCH_BIND_PASSWORD: "some_password" + LDAP_GROUP_BASE_DN: "ou=groupes,dc=tips-of-mine,dc=local" + LDAP_GROUP_NAME_ATTRIBUTE: "cn" + image: guacamole/guacamole:latest + links: + - guacd +# networks: +# guacnetwork_net: + ports: +## enable next line if not using nginx +## - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /. +## enable next line when using nginx + - 8080/tcp + restart: always + volumes: + - ./guacamole-config:/config + diff --git a/Guacamole/guacamole_ssl.conf b/Guacamole/guacamole_ssl.conf new file mode 100644 index 00000000..9594ebb4 --- /dev/null +++ b/Guacamole/guacamole_ssl.conf @@ -0,0 +1,32 @@ +[req] +default_bits = 2048 +default_keyfile = guacamole_ssl.key +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_ca + +[req_distinguished_name] +countryName = Country Name (2 letter code) +countryName_default = FR +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Nord +localityName = Locality Name (eg, city) +localityName_default = Roubaix +organizationName = Organization Name (eg, company) +organizationName_default = IT +organizationalUnitName = organizationalunit +organizationalUnitName_default = RAD +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_default = guacamole.tips-of-mine.fr +commonName_max = 64 + +[req_ext] +subjectAltName = @alt_names + +[v3_ca] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +DNS.2 = 10.0.4.2 +DNS.3 = guacamole.tips-of-mine.fr \ No newline at end of file diff --git a/Guacamole/nginx/templates/guacamole.conf.template b/Guacamole/nginx/templates/guacamole.conf.template new file mode 100644 index 00000000..eb9eada0 --- /dev/null +++ b/Guacamole/nginx/templates/guacamole.conf.template @@ -0,0 +1,41 @@ +### BBB +server { + listen 443 ssl http2; + server_name localhost; + + ssl_certificate /etc/nginx/ssl/self.cert; + ssl_certificate_key /etc/nginx/ssl/self-ssl.key; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + ssl_ecdh_curve secp384r1; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_stapling off; + ssl_stapling_verify off; + + location / { + proxy_pass http://guacamole:8080/guacamole/; + proxy_buffering off; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_cookie_path /guacamole/ /; + access_log off; + # allow large uploads (default=1m) + # 4096m = 4GByte + client_max_body_size 4096m; +} + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +} \ No newline at end of file diff --git a/Guacamole/nginx/templates/nginx.conf b/Guacamole/nginx/templates/nginx.conf new file mode 100644 index 00000000..939da83d --- /dev/null +++ b/Guacamole/nginx/templates/nginx.conf @@ -0,0 +1,32 @@ +### AAA +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} \ No newline at end of file diff --git a/Guacamole/prepare.sh b/Guacamole/prepare.sh new file mode 100644 index 00000000..b806045d --- /dev/null +++ b/Guacamole/prepare.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +if ! (docker ps >/dev/null 2>&1) +then + echo "Le daemon docker n'est pas en cours d'exécution, sortie !" + exit +fi + +echo "Préparation de l'init du dossier et création ./init/initdb.sql" +mkdir ./init >/dev/null 2>&1 +mkdir -p ./nginx/ssl >/dev/null 2>&1 +chmod -R +x ./init +docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --postgres > ./init/initdb.sql + +echo " Ok" +echo "Création de certificats SSL" +openssl req -nodes -newkey rsa:2048 -new -x509 -keyout nginx/ssl/guacamole_ssl.key -out nginx/ssl/guacamole_ssl.cert -config guacamole_ssl.conf + +echo "Vous pouvez utiliser vos propres certificats en plaçant la clé privée dans nginx/ssl/self-ssl.key et le certificat dans nginx/ssl/self.cert." +echo " Ok" \ No newline at end of file diff --git a/Guacamole/reset.sh b/Guacamole/reset.sh new file mode 100644 index 00000000..28f8b420 --- /dev/null +++ b/Guacamole/reset.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +echo "Cette opération supprimera votre base de données existante (./data/)" +echo " supprimer vos enregistrements du dossier (./record/)" +echo " supprimer les fichiers du dossier (./drive/)" +echo " supprimez vos fichiers certs du dossier (./nginx/ssl/)" +echo "" +read -p "Êtes-vous sûr ? " -n 1 -r +echo "" +if [[ $REPLY =~ ^[Yy]$ ]]; then + chmod -R +x -- ./init + sudo rm -r -f ./data/ ./drive/ ./record/ ./nginx/ssl/ +fi \ No newline at end of file diff --git a/Jaeger/.infragenie/infrastructure_model.png b/Jaeger/.infragenie/infrastructure_model.png new file mode 100644 index 00000000..11dd852a Binary files /dev/null and b/Jaeger/.infragenie/infrastructure_model.png differ diff --git a/Jaeger/LICENSE b/Jaeger/LICENSE new file mode 100644 index 00000000..58a1d1b3 --- /dev/null +++ b/Jaeger/LICENSE @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/Jaeger/README.md b/Jaeger/README.md new file mode 100644 index 00000000..cb4938c8 --- /dev/null +++ b/Jaeger/README.md @@ -0,0 +1,27 @@ +# Jaeger + +This docker compose setup starts Jaeger and hotrod services. + +To start the service run: + +```console +docker compose up + +use -d option to start the services in detached mode +``` + +### Ports +Below Ports are exposed by the services, you can always change them according to your need in the yml +[here](https://github.com/ninadingole/docker-images/blob/a423f995b3388320df1c9a3b404694ff7a1aad13/jaeger/docker-compose.yml#L1) + +| Port | Description | +|--------|-------------------| +| 6831 | Jaeger Agent Port | +| 16686 | Jaeger UI Port | +| 8082 | Hotrod UI Port | + +### Infrastructure model + + +![Infrastructure model](.infragenie/infrastructure_model.png) + diff --git a/Jaeger/docker-compose.yml b/Jaeger/docker-compose.yml new file mode 100644 index 00000000..c410da52 --- /dev/null +++ b/Jaeger/docker-compose.yml @@ -0,0 +1,19 @@ +version: '3.8' +services: + jaeger: + image: jaegertracing/all-in-one:latest + ports: + - '6831:6831/udp' + - '16686:16686' + hotrod: + image: jaegertracing/example-hotrod:latest + ports: + - '8082:8080' + command: ['all'] + environment: + - JAEGER_AGENT_HOST=jaeger + # Note: if your application is using Node.js Jaeger Client, you need port 6832, + # unless issue https://github.com/jaegertracing/jaeger/issues/1596 is resolved. + - JAEGER_AGENT_PORT=6831 + depends_on: + - jaeger diff --git a/Kafka/LICENSE b/Kafka/LICENSE new file mode 100644 index 00000000..58a1d1b3 --- /dev/null +++ b/Kafka/LICENSE @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/Kafka/README.md b/Kafka/README.md new file mode 100644 index 00000000..e69de29b diff --git a/Kafka/cluster-zk/README.md b/Kafka/cluster-zk/README.md new file mode 100644 index 00000000..66d78dee --- /dev/null +++ b/Kafka/cluster-zk/README.md @@ -0,0 +1,33 @@ +## Apache Kafka cluster + +This docker compose provides 3 broker nodes and 1 zookeeper node Kafka Cluster. +This helps to test Kafka application on local instead of a real cluster. + +The configurations are bare minimum to start the server and could be changed based on requirement + +There is also a Kafka UI application available at http://localhost:8080 + +![](../../images/multi-broker-kafka-cluster.png) + +### How to start + +```bash +docker-compose up + +use -d to run in detached mode +``` +> If you don't see changes to the cluster after updating the yml, try doing +> `docker compose down` and then start the cluster again. + +### Port Mapping +| Port | Description | +|------|-------------------------| +| 2181 | Zookeeper | +| 9092 | Kafka Broker 1 | +| 9093 | Kafka Broker 2 | +| 9094 | Kafka Broker 3 | +| 8080 | Kafka UI | +| 1099 | JMX PORT on all brokers | + + + diff --git a/Kafka/cluster-zk/docker-compose.yml b/Kafka/cluster-zk/docker-compose.yml new file mode 100644 index 00000000..641d50fc --- /dev/null +++ b/Kafka/cluster-zk/docker-compose.yml @@ -0,0 +1,137 @@ +version: '3' + +services: + zookeeper-kafka: + image: confluentinc/cp-zookeeper:latest + ports: + - '2181:2181' + environment: + ZOOKEEPER_CLIENT_PORT: 2181 + ZOOKEEPER_TICK_TIME: 2000 + healthcheck: + # fake healthcheck just to have one to simplify status check + test: ['CMD', 'date'] + interval: 10s + timeout: 5s + retries: 5 + # docs at: https://registry.hub.docker.com/r/wurstmeister/kafka + kafka-broker-1: + image: wurstmeister/kafka:latest + restart: always + depends_on: + - zookeeper-kafka + ports: + - '9092:9092' + volumes: + # It's the only way to deal with Kafka non-static exposed ports to host + # See: https://github.com/wurstmeister/kafka-docker/blob/master/start-kafka.sh#L65-L76 + - /var/run/docker.sock:/var/run/docker.sock + environment: + KAFKA_BROKER_ID: 1 + KAFKA_ZOOKEEPER_CONNECT: 'zookeeper-kafka:2181' + PORT_COMMAND: 'docker port $$(hostname) 9092/tcp | cut -d: -f2' + KAFKA_LISTENERS: 'LISTENER_INTERNAL://kafka-broker-1:29092,LISTENER_HOST://:9092' + KAFKA_ADVERTISED_LISTENERS: LISTENER_INTERNAL://kafka-broker-1:29092,LISTENER_HOST://localhost:_{PORT_COMMAND} + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_INTERNAL:PLAINTEXT,LISTENER_HOST:PLAINTEXT + KAFKA_INTER_BROKER_LISTENER_NAME: LISTENER_INTERNAL + KAFKA_JMX_OPTS: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=kafka-broker-1 -Dcom.sun.management.jmxremote.rmi.port=1099" + JMX_PORT: 1099 + KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true' + KAFKA_CREATE_TOPICS: 'test:3:3' + healthcheck: + test: + [ + 'CMD', + '/opt/kafka/bin/kafka-topics.sh', + '--list', + '--bootstrap-server', + 'kafka-broker-1:29092', + ] + interval: 10s + timeout: 5s + retries: 5 + + kafka-broker-2: + image: wurstmeister/kafka:latest + restart: always + depends_on: + - zookeeper-kafka + ports: + - '9093:9092' + volumes: + # It's the only way to deal with Kafka non-static exposed ports to host + # See: https://github.com/wurstmeister/kafka-docker/blob/master/start-kafka.sh#L65-L76 + - /var/run/docker.sock:/var/run/docker.sock + environment: + KAFKA_BROKER_ID: 2 + KAFKA_ZOOKEEPER_CONNECT: 'zookeeper-kafka:2181' + PORT_COMMAND: 'docker port $$(hostname) 9092/tcp | cut -d: -f2' + KAFKA_LISTENERS: 'LISTENER_INTERNAL://kafka-broker-2:29092,LISTENER_HOST://:9092' + KAFKA_JMX_OPTS: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=kafka-broker-2 -Dcom.sun.management.jmxremote.rmi.port=1099" + JMX_PORT: 1099 + KAFKA_ADVERTISED_LISTENERS: LISTENER_INTERNAL://kafka-broker-2:29092,LISTENER_HOST://localhost:_{PORT_COMMAND} + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_INTERNAL:PLAINTEXT,LISTENER_HOST:PLAINTEXT + KAFKA_INTER_BROKER_LISTENER_NAME: LISTENER_INTERNAL + KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true' + healthcheck: + test: + [ + 'CMD', + '/opt/kafka/bin/kafka-topics.sh', + '--list', + '--bootstrap-server', + 'kafka-broker-2:29092', + ] + interval: 10s + timeout: 5s + retries: 5 + kafka-broker-3: + image: wurstmeister/kafka:latest + restart: always + depends_on: + - zookeeper-kafka + ports: + - '9094:9092' + volumes: + # It's the only way to deal with Kafka non-static exposed ports to host + # See: https://github.com/wurstmeister/kafka-docker/blob/master/start-kafka.sh#L65-L76 + - /var/run/docker.sock:/var/run/docker.sock + environment: + KAFKA_BROKER_ID: 3 + KAFKA_ZOOKEEPER_CONNECT: 'zookeeper-kafka:2181' + PORT_COMMAND: 'docker port $$(hostname) 9092/tcp | cut -d: -f2' + KAFKA_LISTENERS: 'LISTENER_INTERNAL://kafka-broker-3:29092,LISTENER_HOST://:9092' + KAFKA_JMX_OPTS: "-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=kafka-broker-3 -Dcom.sun.management.jmxremote.rmi.port=1099" + JMX_PORT: 1099 + KAFKA_ADVERTISED_LISTENERS: LISTENER_INTERNAL://kafka-broker-3:29092,LISTENER_HOST://localhost:_{PORT_COMMAND} + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_INTERNAL:PLAINTEXT,LISTENER_HOST:PLAINTEXT + KAFKA_INTER_BROKER_LISTENER_NAME: LISTENER_INTERNAL + KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true' + healthcheck: + test: + [ + 'CMD', + '/opt/kafka/bin/kafka-topics.sh', + '--list', + '--bootstrap-server', + 'kafka-broker-3:29092', + ] + interval: 10s + timeout: 5s + retries: 5 + + kafka-ui: + container_name: kafka-ui + image: provectuslabs/kafka-ui:latest + ports: + - "8080:8080" + depends_on: + - zookeeper-kafka + - kafka-broker-1 + - kafka-broker-2 + - kafka-broker-3 + environment: + KAFKA_CLUSTERS_0_NAME: local + KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: kafka-broker-1:29092, kafka-broker-2:29092, kafka-broker-3:29092 + KAFKA_CLUSTERS_0_ZOOKEEPER: zookeeper-kafka:2181 + KAFKA_CLUSTERS_0_JMXPORT: 1099 diff --git a/Kafka/docker-compose.yml b/Kafka/docker-compose.yml new file mode 100644 index 00000000..f102342d --- /dev/null +++ b/Kafka/docker-compose.yml @@ -0,0 +1,105 @@ +--- +version: '3.9' + +#### NETWORKS +networks: + docker-traefik_front_network: + external: true + back_network: + driver: bridge + attachable: true + +#### SERVICES +services: + +### zookeeper-kafka + zookeeper-kafka: + container_name: zookeeper + hostname: zookeeper + image: confluentinc/cp-zookeeper:latest + ports: + - '2181:2181' + networks: + - back_network + environment: + ZOOKEEPER_CLIENT_PORT: 2181 + ZOOKEEPER_TICK_TIME: 2000 + healthcheck: + # fake healthcheck just to have one to simplify status check + test: ['CMD', 'date'] + interval: 10s + timeout: 5s + retries: 5 + +### kafka +### docs at: https://registry.hub.docker.com/r/wurstmeister/kafka + kafka: + container_name: kafka + hostname: kafka + image: wurstmeister/kafka:latest + restart: always + depends_on: + - zookeeper-kafka + ports: + - '9092:9092' + networks: + - back_network + volumes: + # It's the only way to deal with Kafka non-static exposed ports to host + # See: https://github.com/wurstmeister/kafka-docker/blob/master/start-kafka.sh#L65-L76 + - /var/run/docker.sock:/var/run/docker.sock + environment: + KAFKA_BROKER_ID: 1 + KAFKA_ZOOKEEPER_CONNECT: 'zookeeper-kafka:2181' + PORT_COMMAND: 'docker port $$(hostname) 9092/tcp | cut -d: -f2' + KAFKA_LISTENERS: 'LISTENER_INTERNAL://kafka:29092,LISTENER_HOST://:9092' + KAFKA_ADVERTISED_LISTENERS: LISTENER_INTERNAL://kafka:29092,LISTENER_HOST://localhost:_{PORT_COMMAND} + KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_INTERNAL:PLAINTEXT,LISTENER_HOST:PLAINTEXT + KAFKA_INTER_BROKER_LISTENER_NAME: LISTENER_INTERNAL + KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true' + KAFKA_CREATE_TOPICS: 'test:1:1' + healthcheck: + test: + [ + 'CMD', + '/opt/kafka/bin/kafka-topics.sh', + '--list', + '--bootstrap-server', + 'kafka:29092', + ] + interval: 10s + timeout: 5s + retries: 5 + +### kafka-ui + kafka-ui: + container_name: kafka-ui + hostname: kafka-ui + image: provectuslabs/kafka-ui:latest +# ports: +# - "8080:8080" + networks: + - docker-traefik_front_network + - back_network + depends_on: + - zookeeper-kafka + - kafka + environment: + KAFKA_CLUSTERS_0_NAME: local + KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: kafka:29092 + KAFKA_CLUSTERS_0_ZOOKEEPER: zookeeper-kafka:2181 + KAFKA_CLUSTERS_0_JMXPORT: 9997 + labels: + - "traefik.enable=true" + - "traefik.docker.network=docker-traefik_front_network" +# HTTP + - "traefik.http.routers.kafka-http.rule=Host(`kafka-ui.10.0.4.29.traefik.me`)" + - "traefik.http.routers.kafka-http.entrypoints=http" +# HTTPS + - "traefik.http.routers.kafka-https.rule=Host(`kafka-ui.10.0.4.29.traefik.me`)" + - "traefik.http.routers.kafka-https.entrypoints=https" + - "traefik.http.routers.kafka-https.service=kafka-service" + - "traefik.http.routers.kafka-https.tls=true" +# Middleware +# Service + - "traefik.http.services.kafka-service.loadbalancer.server.port=8080" \ No newline at end of file diff --git a/Kafka/kraft/docker-compose.yml b/Kafka/kraft/docker-compose.yml new file mode 100644 index 00000000..c4b5d0b7 --- /dev/null +++ b/Kafka/kraft/docker-compose.yml @@ -0,0 +1,30 @@ +version: '3' + +services: + broker: + image: docker.io/bitnami/kafka:latest + ports: + - "9092:9092" + - "9094:9094" + environment: + - KAFKA_ENABLE_KRAFT=yes + - KAFKA_CFG_PROCESS_ROLES=broker,controller + - KAFKA_CFG_CONTROLLER_LISTENER_NAMES=CONTROLLER + - KAFKA_CFG_LISTENERS=PLAINTEXT://:9092,CONTROLLER://:9093,EXTERNAL://:9094 + - KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CONTROLLER:PLAINTEXT,PLAINTEXT:PLAINTEXT,EXTERNAL:PLAINTEXT + - KAFKA_CFG_ADVERTISED_LISTENERS=PLAINTEXT://127.0.0.1:9092,EXTERNAL://kafka_b:9094 + - KAFKA_BROKER_ID=1 + - KAFKA_CFG_CONTROLLER_QUORUM_VOTERS=1@127.0.0.1:9093 + - ALLOW_PLAINTEXT_LISTENER=yes + - KAFKA_CFG_NODE_ID=1 + - KAFKA_AUTO_CREATE_TOPICS_ENABLE=true + - BITNAMI_DEBUG=yes + - KAFKA_CFG_NUM_PARTITIONS=2 + healthcheck: + test: ["CMD-SHELL", "kafka-topics.sh --bootstrap-server localhost:9092 --list"] + interval: 10s + timeout: 5s + retries: 3 + start_period: 5s + + diff --git a/Librenms/LICENSE b/Librenms/LICENSE new file mode 100644 index 00000000..58a1d1b3 --- /dev/null +++ b/Librenms/LICENSE @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/Librenms/README.md b/Librenms/README.md new file mode 100644 index 00000000..6a3c890f --- /dev/null +++ b/Librenms/README.md @@ -0,0 +1,3 @@ +# Template + +dépôt Template \ No newline at end of file diff --git a/Librenms/docker-compose.yml b/Librenms/docker-compose.yml new file mode 100644 index 00000000..6c7c0eee --- /dev/null +++ b/Librenms/docker-compose.yml @@ -0,0 +1,31 @@ +version: '2' +services: + phpmyadmin: + build: ./phpmyadmin + image: phpmyadmin + hostname: phpmyadmin + env_file: + - env/config.env + ports: + - "8081:80" + links: + - percona + librenms: + build : ./librenms + image: librenms + hostname: librenms + env_file: + - env/librenms.env + ports: + - "8080:80" + - "8443:443" + links: + - percona + percona: + build: ./percona + image: percona + hostname: percona + env_file: + - env/config.env + expose: + - "3306" \ No newline at end of file diff --git a/Librenms/env/config.env b/Librenms/env/config.env new file mode 100644 index 00000000..a636f7ec --- /dev/null +++ b/Librenms/env/config.env @@ -0,0 +1,8 @@ +MYSQL_ROOT_PASSWORD=root +# MYSQL_DATABASE=testing +# MYSQL_USER=root +# MYSQL_PASSWORD=root +PMA_HOST=percona +PMA_USER=root +PMA_PASSWORD=root + diff --git a/Librenms/env/librenms.env b/Librenms/env/librenms.env new file mode 100644 index 00000000..6c3f96a9 --- /dev/null +++ b/Librenms/env/librenms.env @@ -0,0 +1,6 @@ +DB_HOST=percona +DB_NAME=librenms +DB_USER=root +DB_PASS=root +BASE_URL=http://localhost:8080 +POLLERS=16 \ No newline at end of file diff --git a/Librenms/librenms/Dockerfile b/Librenms/librenms/Dockerfile new file mode 100644 index 00000000..fe7d1a5d --- /dev/null +++ b/Librenms/librenms/Dockerfile @@ -0,0 +1,40 @@ +FROM phusion/baseimage:0.9.19 +MAINTAINER hcornet + +RUN apt-get -y update +RUN apt-get -y upgrade + +RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E5267A6C C300EE8C +RUN echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu xenial main" >> /etc/apt/sources.list.d/ondrej-php7.list +RUN echo "deb http://ppa.launchpad.net/nginx/development/ubuntu xenial main" >> /etc/apt/sources.list.d/nginx.list +RUN apt-get -y update +RUN apt-get -yq purge openssh-.* +RUN apt-get -yq autoremove --purge +#RUN apt-get -yq dist-upgrade +RUN apt-get -yq install --no-install-recommends nginx php7.0-cli php7.0-fpm php7.0-mysql php7.0-gd php7.0-curl php7.0-opcache php7.0-ldap php7.0-memcached php-imagick php-pear php-net-ipv4 php-net-ipv6 snmp graphviz fping imagemagick whois mtr-tiny nagios-plugins nmap python-mysqldb rrdcached rrdtool sendmail smbclient git +RUN rm -rf /etc/nginx/sites-available/* /etc/nginx/sites-enabled/* +RUN sed -i 's/pm.max_children = 5/pm.max_children = 24/g' /etc/php/7.0/fpm/pool.d/www.conf +RUN sed -i 's/pm.start_servers = 2/pm.start_servers = 4/g' /etc/php/7.0/fpm/pool.d/www.conf +RUN sed -i 's/pm.min_spare_servers = 1/pm.min_spare_servers = 4/g' /etc/php/7.0/fpm/pool.d/www.conf +RUN sed -i 's/pm.max_spare_servers = 3/pm.max_spare_servers = 8/g' /etc/php/7.0/fpm/pool.d/www.conf +RUN sed -i 's/;clear_env/clear_env/g' /etc/php/7.0/fpm/pool.d/www.conf +RUN useradd librenms -d /opt/librenms -M -r +RUN usermod -a -G librenms www-data +WORKDIR /tmp + +ADD https://github.com/librenms/librenms/archive/1.24.tar.gz /tmp + +RUN tar zxvf 1.24.tar.gz -C /opt +RUN mv /opt/librenms-1.24 /opt/librenms +RUN chown -R librenms:librenms /opt/librenms +RUN apt-get -yq autoremove --purge +RUN apt-get clean +RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +ADD files / +RUN chmod -R +x /etc/my_init.d /etc/service +RUN chmod 644 /etc/cron.d/librenms + +EXPOSE 80 443 + +VOLUME ["/opt/librenms/logs", "/opt/librenms/rrd", "/etc/nginx/ssl", "/var/log/nginx"] \ No newline at end of file diff --git a/Librenms/librenms/files/etc/cron.d/librenms b/Librenms/librenms/files/etc/cron.d/librenms new file mode 100644 index 00000000..014f512a --- /dev/null +++ b/Librenms/librenms/files/etc/cron.d/librenms @@ -0,0 +1,8 @@ +33 */6 * * * librenms . /etc/librenms_environment; /opt/librenms/discovery.php -h all >> /dev/null 2>&1 +*/5 * * * * librenms . /etc/librenms_environment; /opt/librenms/discovery.php -h new >> /dev/null 2>&1 +*/5 * * * * librenms . /etc/librenms_environment; /opt/librenms/cronic /opt/librenms/poller-wrapper.py 16 +15 0 * * * librenms . /etc/librenms_environment; /opt/librenms/daily.sh >> /dev/null 2>&1 +* * * * * librenms . /etc/librenms_environment; /opt/librenms/alerts.php >> /dev/null 2>&1 +*/5 * * * * librenms . /etc/librenms_environment; /opt/librenms/poll-billing.php >> /dev/null 2>&1 +01 * * * * librenms . /etc/librenms_environment; /opt/librenms/billing-calculate.php >> /dev/null 2>&1 +*/5 * * * * librenms . /etc/librenms_environment; /opt/librenms/check-services.php >> /dev/null 2>&1 diff --git a/Librenms/librenms/files/etc/my_init.d/0_cron b/Librenms/librenms/files/etc/my_init.d/0_cron new file mode 100644 index 00000000..41f2f5eb --- /dev/null +++ b/Librenms/librenms/files/etc/my_init.d/0_cron @@ -0,0 +1,15 @@ +#!/bin/bash -e + +LOCK_FILE=/var/lock/0_cron.lock + +if [ -f "$LOCK_FILE" ]; then + exit 0 +fi + +if [ -z "$POLLERS" ]; then + POLLERS=8 +fi + +sed -i "s/PLACEHOLDER_POLLERS/$POLLERS/g" /etc/cron.d/librenms + +touch "$LOCK_FILE" diff --git a/Librenms/librenms/files/etc/my_init.d/1_ssl b/Librenms/librenms/files/etc/my_init.d/1_ssl new file mode 100644 index 00000000..8c729d6e --- /dev/null +++ b/Librenms/librenms/files/etc/my_init.d/1_ssl @@ -0,0 +1,22 @@ +#!/bin/bash -eu + +LOCK_FILE=/var/lock/1_ssl.lock + +if [ -f "$LOCK_FILE" ]; then + exit 0 +fi + +CONF_FILE=/etc/nginx/sites-available/librenms.https +SSL_CERT=/etc/nginx/ssl/ssl.crt +SSL_KEY=/etc/nginx/ssl/ssl.key +SSL_OCSP=/etc/nginx/ssl/ssl.ocsp.crt + +if [ -f "$SSL_CERT" ] && [ -f "$SSL_KEY" ]; then + if [ -f "$SSL_OCSP" ]; then + sed -i 's/#ssl_trusted_certificate/ssl_trusted_certificate/g' "$CONF_FILE" + fi + + ln -s "$CONF_FILE" /etc/nginx/sites-enabled/librenms.https +fi + +touch "$LOCK_FILE" diff --git a/Librenms/librenms/files/etc/my_init.d/2_ipv6 b/Librenms/librenms/files/etc/my_init.d/2_ipv6 new file mode 100644 index 00000000..36bb8437 --- /dev/null +++ b/Librenms/librenms/files/etc/my_init.d/2_ipv6 @@ -0,0 +1,14 @@ +#!/bin/bash -e + +LOCK_FILE=/var/lock/2_ipv6.lock + +if [ -f "$LOCK_FILE" ]; then + exit 0 +fi + +if [ -n "$DISABLE_IPV6" ]; then + sed -i 's/listen \[::\]:80/#listen [::]:80/g' /etc/nginx/sites-enabled/librenms.http + sed -i 's/listen \[::\]:443/#listen [::]:443/g' /etc/nginx/sites-available/librenms.https +fi + +touch "$LOCK_FILE" diff --git a/Librenms/librenms/files/etc/my_init.d/3_config b/Librenms/librenms/files/etc/my_init.d/3_config new file mode 100644 index 00000000..2f02ac9c --- /dev/null +++ b/Librenms/librenms/files/etc/my_init.d/3_config @@ -0,0 +1,20 @@ +#!/bin/bash -e + +function requireConfig() { + if [ -z ${!1} ]; then + echo "Error: $1 is unset" + exit 1 + fi +} + +requireConfig DB_HOST +requireConfig DB_USER +requireConfig DB_PASS +requireConfig DB_NAME +requireConfig BASE_URL + +cp /opt/librenms/config.docker.php /opt/librenms/config.php + +if [ -f /opt/librenms/config.custom.php ]; then + cat /opt/librenms/config.custom.php >> /opt/librenms/config.php +fi diff --git a/Librenms/librenms/files/etc/my_init.d/4_environment b/Librenms/librenms/files/etc/my_init.d/4_environment new file mode 100644 index 00000000..bb0ba52d --- /dev/null +++ b/Librenms/librenms/files/etc/my_init.d/4_environment @@ -0,0 +1,24 @@ +#!/bin/bash -e + +LOCK_FILE=/var/lock/4_environment.lock + +if [ -f "$LOCK_FILE" ]; then + exit 0 +fi + +function addConfig() { + if [ -n "${!1}" ]; then + echo "export $1=${!1}" >> /etc/librenms_environment + fi +} + +addConfig DB_HOST +addConfig DB_USER +addConfig DB_PASS +addConfig DB_NAME +addConfig BASE_URL +addConfig MEMCACHED_ENABLE +addConfig MEMCACHED_HOST +addConfig MEMCACHED_PORT + +touch "$LOCK_FILE" diff --git a/Librenms/librenms/files/etc/my_init.d/5_permissions b/Librenms/librenms/files/etc/my_init.d/5_permissions new file mode 100644 index 00000000..edad59dd --- /dev/null +++ b/Librenms/librenms/files/etc/my_init.d/5_permissions @@ -0,0 +1,4 @@ +#!/bin/bash -eu + +chown -R librenms:librenms /opt/librenms/logs /opt/librenms/rrd +chmod -R u=rwX,g=rwX,o=rX /opt/librenms/logs /opt/librenms/rrd diff --git a/Librenms/librenms/files/etc/nginx/dhparam.pem b/Librenms/librenms/files/etc/nginx/dhparam.pem new file mode 100644 index 00000000..61232513 --- /dev/null +++ b/Librenms/librenms/files/etc/nginx/dhparam.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEAhJMm2xG4581l9U2dE5pHQdI3HEAj8kkQ6g0pDGKp9U8Lvkt+AZ9Z +PsLCO9//hKN2VAbSAc3goBUnlt4Ej29pBgI80DFTOF5A/BEIuHwXGaWNNPGR1KBs +jzzj0rd1baXCj5nAFsg8PL6bMXZlr00hJQlQToFf3ib2mkuMqrw2hxrpMCvYknbh +ougJa8gqva/zhxZFurHnsOqCor8aXjDzOahxE9MM502lVIv/NZdn6aFgk7Pey/d6 +9bwRNnf33tCdz04jkzprsbe6wU9XUyfZqn2Xc94cTLIg/QkpKrMDgVBzTyn0NXwq +YqsSxYdZQKp1U5/N3/KEnoJbWpH7ucZ8FcTZLq4hpPfz8O/FrgIqxLzSFf8MHOeI +1cPiyXeL7SN2RWRCrh9Zh4gbE4uMt8DQwWX5PqdQ46NetOYgx4GksFmn804RiKU3 +Mmr0dYcoVMODB5goNEVPE0GBEL9rNnERuvM27L+HoFDkdiTtzVpFtSKM4CImatbH +T2lb4+V3vUhFdbER1JPOHNC9H1FqnqYSndfA0PcY0hka2lRf1RK/E0HMZht/QROZ +BpiK80YYgLoB2j/7EIw98SicIHPZrLat7+zg+rUSgzP9YrvcZeLJ1e5Fqgc+xVSF +JLy0GUBfldGxQddwr0X8+8cTBlUrvgWt4v4CeojFWUWgtotRR6mw8csCAQI= +-----END DH PARAMETERS----- diff --git a/Librenms/librenms/files/etc/nginx/nginx.conf b/Librenms/librenms/files/etc/nginx/nginx.conf new file mode 100644 index 00000000..f20e1fee --- /dev/null +++ b/Librenms/librenms/files/etc/nginx/nginx.conf @@ -0,0 +1,47 @@ +user www-data; +worker_processes auto; +pid /var/run/nginx.pid; +daemon off; + +events { + worker_connections 2048; + multi_accept on; +} + +http { + server_tokens off; + server_name_in_redirect on; + index index.html index.htm index.php; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + ssl_protocols TLSv1.2; + ssl_prefer_server_ciphers off; + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256; + ssl_ecdh_curve secp384r1; + ssl_session_cache builtin:1000 shared:SSL:64M; + ssl_session_timeout 10m; + ssl_dhparam /etc/nginx/dhparam.pem; + resolver 8.8.8.8 8.8.4.4 valid=300s; + resolver_timeout 5s; + ssl_stapling on; + ssl_stapling_verify on; + + types_hash_max_size 2048; + + charset utf-8; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + gzip on; + gzip_vary on; + gzip_types text/plain text/css text/javascript text/xml application/json application/x-javascript application/xml application/xml+rss application/x-font-ttf; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} diff --git a/Librenms/librenms/files/etc/nginx/sites-available/librenms.https b/Librenms/librenms/files/etc/nginx/sites-available/librenms.https new file mode 100644 index 00000000..52633c53 --- /dev/null +++ b/Librenms/librenms/files/etc/nginx/sites-available/librenms.https @@ -0,0 +1,31 @@ +server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + server_name _; + root /opt/librenms/html; + + ssl_certificate /etc/nginx/ssl/ssl.crt; + ssl_certificate_key /etc/nginx/ssl/ssl.key; + #ssl_trusted_certificate /etc/nginx/ssl/ssl.ocsp.crt; + + location / { + try_files $uri $uri/ @librenms; + } + + location ~ \.php { + fastcgi_param PATH_INFO $fastcgi_path_info; + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + location ~ /\.ht { + deny all; + } + + location @librenms { + rewrite api/v0(.*)$ /api_v0.php/$1 last; + rewrite ^(.+)$ /index.php/$1 last; + } +} diff --git a/Librenms/librenms/files/etc/nginx/sites-enabled/librenms.http b/Librenms/librenms/files/etc/nginx/sites-enabled/librenms.http new file mode 100644 index 00000000..85115209 --- /dev/null +++ b/Librenms/librenms/files/etc/nginx/sites-enabled/librenms.http @@ -0,0 +1,27 @@ +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + root /opt/librenms/html; + + location / { + try_files $uri $uri/ @librenms; + } + + location ~ \.php { + fastcgi_param PATH_INFO $fastcgi_path_info; + include fastcgi_params; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + + location ~ /\.ht { + deny all; + } + + location @librenms { + rewrite api/v0(.*)$ /api_v0.php/$1 last; + rewrite ^(.+)$ /index.php/$1 last; + } +} diff --git a/Librenms/librenms/files/etc/php/7.0/cli/conf.d/90-include-path.ini b/Librenms/librenms/files/etc/php/7.0/cli/conf.d/90-include-path.ini new file mode 100644 index 00000000..83dba720 --- /dev/null +++ b/Librenms/librenms/files/etc/php/7.0/cli/conf.d/90-include-path.ini @@ -0,0 +1 @@ +include_path = ".:/usr/share/php:/usr/lib/php/pear" diff --git a/Librenms/librenms/files/etc/php/7.0/fpm/conf.d/90-include-path.ini b/Librenms/librenms/files/etc/php/7.0/fpm/conf.d/90-include-path.ini new file mode 100644 index 00000000..83dba720 --- /dev/null +++ b/Librenms/librenms/files/etc/php/7.0/fpm/conf.d/90-include-path.ini @@ -0,0 +1 @@ +include_path = ".:/usr/share/php:/usr/lib/php/pear" diff --git a/Librenms/librenms/files/etc/php/7.0/fpm/conf.d/91-opcache.ini b/Librenms/librenms/files/etc/php/7.0/fpm/conf.d/91-opcache.ini new file mode 100644 index 00000000..08e1dfc8 --- /dev/null +++ b/Librenms/librenms/files/etc/php/7.0/fpm/conf.d/91-opcache.ini @@ -0,0 +1,7 @@ +opcache.enable = 1 +opcache.fast_shutdown = 1 +opcache.enable_file_override = 1 +opcache.revalidate_path = 1 +opcache.load_comments = 0 +opcache.save_comments = 0 +opcache.revalidate_freq = 60 diff --git a/Librenms/librenms/files/etc/php/7.0/fpm/conf.d/99-no-memory-limit.ini b/Librenms/librenms/files/etc/php/7.0/fpm/conf.d/99-no-memory-limit.ini new file mode 100644 index 00000000..16f0313a --- /dev/null +++ b/Librenms/librenms/files/etc/php/7.0/fpm/conf.d/99-no-memory-limit.ini @@ -0,0 +1,2 @@ +; no memory limit for php +memory_limit = -1 diff --git a/Librenms/librenms/files/etc/service/nginx/run b/Librenms/librenms/files/etc/service/nginx/run new file mode 100644 index 00000000..4cc7ac08 --- /dev/null +++ b/Librenms/librenms/files/etc/service/nginx/run @@ -0,0 +1,3 @@ +#!/bin/bash -eu + +exec /usr/sbin/nginx diff --git a/Librenms/librenms/files/etc/service/php-fpm/run b/Librenms/librenms/files/etc/service/php-fpm/run new file mode 100644 index 00000000..c77c579d --- /dev/null +++ b/Librenms/librenms/files/etc/service/php-fpm/run @@ -0,0 +1,7 @@ +#!/bin/bash -eu + +if [ ! -d /run/php ]; then + mkdir /run/php +fi + +exec /usr/sbin/php-fpm7.0 --nodaemonize --fpm-config /etc/php/7.0/fpm/php-fpm.conf diff --git a/Librenms/librenms/files/etc/service/rrdcached/run b/Librenms/librenms/files/etc/service/rrdcached/run new file mode 100644 index 00000000..b918c761 --- /dev/null +++ b/Librenms/librenms/files/etc/service/rrdcached/run @@ -0,0 +1,5 @@ +#!/bin/bash -eu + +rm -rf /var/run/rrdcached.pid + +exec rrdcached -g -w 1800 -z 1800 -f 3600 -s librenms -U librenms -G librenms -B -R -j /var/tmp -l unix:/var/run/rrdcached/rrdcached.sock -t 4 -F -b /opt/librenms/rrd diff --git a/Librenms/librenms/files/opt/librenms/config.docker.php b/Librenms/librenms/files/opt/librenms/config.docker.php new file mode 100644 index 00000000..58f1dcde --- /dev/null +++ b/Librenms/librenms/files/opt/librenms/config.docker.php @@ -0,0 +1,26 @@ + + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + + Preamble + +The GNU Affero General Public License is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, our General Public Licenses are intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License which gives you legal permission to copy, distribute and/or modify the software. + +A secondary benefit of defending all users' freedom is that improvements made in alternate versions of the program, if they receive widespread use, become available for other developers to incorporate. Many developers of free software are heartened and encouraged by the resulting cooperation. However, in the case of software used on network servers, this result may fail to come about. The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public. + +The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version. + +An older license, called the Affero General Public License and published by Affero, was designed to accomplish similar goals. This is a different license, not a version of the Affero GPL, but Affero has released a new version of the Affero GPL which permits relicensing under this license. + +The precise terms and conditions for copying, distribution and modification follow. + + TERMS AND CONDITIONS + +0. Definitions. + +"This License" refers to version 3 of the GNU Affero General Public License. + +"Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based on the Program. + +To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. + +1. Source Code. +The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. + +A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same work. + +2. Basic Permissions. +All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. +No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. + +When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. + +4. Conveying Verbatim Copies. +You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. +You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". + + c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. + +A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. + +6. Conveying Non-Source Forms. +You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: + + a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. + + d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. + +"Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. + +If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). + +The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. + +7. Additional Terms. +"Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or authors of the material; or + + e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. + +All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. + +8. Termination. + +You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). + +However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + +Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. + +9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. + +11. Patents. + +A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. + +If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. + +A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. + +13. Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph. + +Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU General Public License. + +14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions of the GNU Affero General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU Affero General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU Affero General Public License, you may choose any version ever published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions of the GNU Affero General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. + +Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. + +15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If your software can interact with users remotely through a computer network, you should also make sure that it provides a way for users to get its source. For example, if your program is a web application, its interface could display a "Source" link that leads users to an archive of the code. There are many ways you could offer source, and different solutions will be better for different programs; see section 13 for the specific requirements. + +You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see . diff --git a/Nginx/README.md b/Nginx/README.md new file mode 100644 index 00000000..fbf0cd7e --- /dev/null +++ b/Nginx/README.md @@ -0,0 +1,17 @@ +# Titre + +image + +description. + +## Installation + +#### titre + +## Usage + +## More info +- more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/) + +## Buy me a coffe +Buy Me a Coffee at ko-fi.com \ No newline at end of file diff --git a/Nginx/debug.log b/Nginx/debug.log new file mode 100644 index 00000000..5c4c35b7 --- /dev/null +++ b/Nginx/debug.log @@ -0,0 +1,3 @@ +[0703/201232.534:ERROR:registration_protocol_win.cc(107)] CreateFile: Le fichier spécifié est introuvable. (0x2) +[0703/201232.863:ERROR:registration_protocol_win.cc(107)] CreateFile: Le fichier spécifié est introuvable. (0x2) +[0703/201233.226:ERROR:registration_protocol_win.cc(107)] CreateFile: Le fichier spécifié est introuvable. (0x2) diff --git a/Nginx/docker-compose.yaml b/Nginx/docker-compose.yaml new file mode 100644 index 00000000..4ddc9786 --- /dev/null +++ b/Nginx/docker-compose.yaml @@ -0,0 +1,24 @@ +# networks +#networks: +# nginx_net: +# driver: bridge + +# services +services: +# nginx + nginx: + restart: unless-stopped + image: nginx:latest + container_name: nginx + volumes: + - ./nginx/templates:/etc/nginx/templates:ro + - ./nginx/conf.d/nginx.conf:/etc/nginx/nginx.conf:ro + - ./nginx/ssl/:/etc/nginx/ssl:ro + ports: + - 443:443 + - 80:80 +# networks: +# nginx_net: +# volumes +#volumes: +# nginx: diff --git a/Nginx/nginx/conf.d/nginx.conf b/Nginx/nginx/conf.d/nginx.conf new file mode 100644 index 00000000..6685b917 --- /dev/null +++ b/Nginx/nginx/conf.d/nginx.conf @@ -0,0 +1,43 @@ +### AAA +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + server_tokens off; + gzip on; + + keepalive_timeout 65; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + error_log /var/log/nginx/error.log; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + include /etc/nginx/templates/*.conf; + +} \ No newline at end of file diff --git a/Nginx/nginx/ssl/readme.md b/Nginx/nginx/ssl/readme.md new file mode 100644 index 00000000..e69de29b diff --git a/Nginx/nginx/templates/guacamole.conf b/Nginx/nginx/templates/guacamole.conf new file mode 100644 index 00000000..a8ca55a2 --- /dev/null +++ b/Nginx/nginx/templates/guacamole.conf @@ -0,0 +1,41 @@ +### BBB +server { + listen 443 ssl http2; + server_name localhost; + + ssl_certificate /etc/nginx/ssl/guacamole_ssl.cert; + ssl_certificate_key /etc/nginx/ssl/guacamole_ssl.key; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; + ssl_ecdh_curve secp384r1; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_stapling off; + ssl_stapling_verify off; + + location / { + proxy_pass http://guacamole:8080/guacamole/; + proxy_buffering off; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_cookie_path /guacamole/ /; + access_log off; + # allow large uploads (default=1m) + # 4096m = 4GByte + client_max_body_size 4096m; +} + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +} \ No newline at end of file diff --git a/Nginx/nginx/templates/semaphore.conf b/Nginx/nginx/templates/semaphore.conf new file mode 100644 index 00000000..eaf5a584 --- /dev/null +++ b/Nginx/nginx/templates/semaphore.conf @@ -0,0 +1,63 @@ +### BBB +upstream semaphore { + server semaphore-app:3000; + } + +server { + listen 80; + + server_name semaphore.tips-of-mine.local; + server_tokens off; + + if ($host = semaphore.example.com) { + return 301 https://$host$request_uri; + } + + return 404; +} + +server { + listen 443 ssl; + + server_name semaphore.tips-of-mine.local; + client_max_body_size 0; + chunked_transfer_encoding on; + server_tokens off; + + ssl_certificate /etc/nginx/ssl/semaphore_ssl.cert; + ssl_certificate_key /etc/nginx/ssl/semaphore_ssl.key; + + location / { + proxy_pass http://semaphore/; + + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 30; + proxy_send_timeout 30; + + proxy_buffering off; + proxy_request_buffering off; + } + + location /api/ws { + proxy_pass http://semaphore/api/ws; + + proxy_http_version 1.1; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Origin ""; + } + + error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } +} diff --git a/PostgreSQL/LICENSE b/PostgreSQL/LICENSE new file mode 100644 index 00000000..58a1d1b3 --- /dev/null +++ b/PostgreSQL/LICENSE @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/PostgreSQL/README.md b/PostgreSQL/README.md new file mode 100644 index 00000000..6a3c890f --- /dev/null +++ b/PostgreSQL/README.md @@ -0,0 +1,3 @@ +# Template + +dépôt Template \ No newline at end of file diff --git a/PostgreSQL/replication/docker-compose-replication.yml b/PostgreSQL/replication/docker-compose-replication.yml new file mode 100644 index 00000000..37d12ee6 --- /dev/null +++ b/PostgreSQL/replication/docker-compose-replication.yml @@ -0,0 +1,36 @@ +version: "3.9" + +services: + master: + image: postgres:13.3 + restart: always + environment: + POSTGRES_PASSWORD: password + POSTGRES_DB: data_service + volumes: + - ./master.conf:/etc/postgresql/postgresql.conf + - ./pg_hba.conf:/etc/postgresql/pg_hba.conf + - ./setup-master.sh:/docker-entrypoint-initdb.d/init-user-db.sh + ports: + - "5432:5432" + command: + - "postgres" + - "-c" + - "config_file=/etc/postgresql/postgresql.conf" + + slave: + image: postgres:13.3 + restart: always + environment: + POSTGRES_PASSWORD: password + POSTGRES_DB: data_service + volumes: + - ./slave.conf:/etc/postgresql/postgresql.conf + - ./pg_hba.conf:/etc/postgresql/pg_hba.conf + - ./setup-slave.sh:/docker-entrypoint-initdb.d/init-user-db.sh + ports: + - "54321:5432" + command: + - "postgres" + - "-c" + - "config_file=/etc/postgresql/postgresql.conf" diff --git a/PostgreSQL/replication/master.conf b/PostgreSQL/replication/master.conf new file mode 100644 index 00000000..d7173d17 --- /dev/null +++ b/PostgreSQL/replication/master.conf @@ -0,0 +1,798 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: B = bytes Time units: us = microseconds +# kB = kilobytes ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +#max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +#unix_socket_directories = '/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - TCP settings - +# see "man tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default +#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + +#client_connection_check_interval = 0 # time between checks for client + # disconnection while running queries; + # 0 for never + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = scram-sha-256 # scram-sha-256 or md5 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab' +#krb_caseins_users = off + +# - SSL - + +#ssl = off +#ssl_ca_file = '' +#ssl_cert_file = 'server.crt' +#ssl_crl_file = '' +#ssl_crl_dir = '' +#ssl_key_file = 'server.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_min_protocol_version = 'TLSv1.2' +#ssl_max_protocol_version = '' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +#shared_buffers = 32MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#huge_page_size = 0 # zero for system default + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#logical_decoding_work_mem = 64MB # min 64kB +#max_stack_depth = 2MB # min 100kB +#shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) +#dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) +#min_dynamic_shared_memory = 0MB # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kilobytes, or -1 for no limit + +# - Kernel Resources - + +#max_files_per_process = 1000 # min 64 + # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 2 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 0 # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#backend_flush_after = 0 # measured in pages, 0 disables +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#parallel_leader_participation = on +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = logical # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux and FreeBSD) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_compression = off # enable compression of full-page writes +#wal_init_zero = on # zero-fill new WAL files +#wal_recycle = on # recycle WAL files +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables +#wal_skip_threshold = 2MB + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 0 # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables +#max_wal_size = 1GB +#min_wal_size = 80MB + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + +# - Archive Recovery - + +# These are only used in recovery mode. + +#restore_command = '' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' +#archive_cleanup_command = '' # command to execute at every restartpoint +#recovery_end_command = '' # command to execute at completion of recovery + +# - Recovery Target - + +# Set these only when performing a targeted recovery. + +#recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) +#recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) +#recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) +#recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) +#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) +#recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) +#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) +#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Servers - + +# Set these on the primary and on any standby that will send replication data. + +max_wal_senders = 2 # max number of walsender processes + # (change requires restart) +#max_replication_slots = 10 # max number of replication slots + # (change requires restart) +#wal_keep_size = 0 # in megabytes; 0 disables +#max_slot_wal_keep_size = -1 # in megabytes; -1 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Primary Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a primary server. + +#primary_conninfo = '' # connection string to sending server +#primary_slot_name = '' # replication slot on sending server +#promote_trigger_file = '' # file name whose presence ends recovery +hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name + # is not set +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from primary + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt +#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_async_append = on +#enable_bitmapscan = on +#enable_gathermerge = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_incremental_sort = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_memoize = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_parallel_append = on +#enable_parallel_hash = on +#enable_partition_pruning = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#jit = on # allow JIT compilation +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (Windows): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + +#log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements + # and their durations, > 0 logs only a sample of + # statements running at least this number + # of milliseconds; + # sample fraction is determined by log_statement_sample_rate + +#log_statement_sample_rate = 1.0 # fraction of logged statements exceeding + # log_min_duration_sample to be logged; + # 1.0 logs all such statements, 0.0 never logs + + +#log_transaction_sample_rate = 0.0 # fraction of transactions whose statements + # are logged regardless of their duration; 1.0 logs all + # statements from all transactions, 0.0 never logs + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_autovacuum_min_duration = -1 # log autovacuum activity; + # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +#log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %b = backend type + # %p = process ID + # %P = process ID of parallel group leader + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %Q = query ID (0 if none or not computed) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_recovery_conflict_waits = off # log standby recovery conflict waits + # >= deadlock_timeout +#log_parameter_max_length = -1 # when logging statements, limit logged + # bind-parameter values to N bytes; + # -1 means print in full, 0 disables +#log_parameter_max_length_on_error = 0 # when logging an error, limit logged + # bind-parameter values to N bytes; + # -1 means print in full, 0 disables +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +#log_timezone = 'GMT' + + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_activity_query_size = 1024 # (change requires restart) +#track_counts = on +#track_io_timing = off +#track_wal_io_timing = off +#track_functions = none # none, pl, all +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#compute_query_id = auto +#log_statement_stats = off +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts + # before vacuum; -1 disables insert + # vacuums +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table + # size before insert vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_table_access_method = 'heap' +#default_tablespace = '' # a tablespace name, '' uses the default +#default_toast_compression = 'pglz' # 'pglz' or 'lz4' +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#idle_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_table_age = 150000000 +#vacuum_freeze_min_age = 50000000 +#vacuum_failsafe_age = 1600000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_failsafe_age = 1600000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +#datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +#timezone = 'GMT' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +#lc_messages = 'C' # locale for system error message + # strings +#lc_monetary = 'C' # locale for monetary formatting +#lc_numeric = 'C' # locale for number formatting +#lc_time = 'C' # locale for time formatting + +# default configuration for text search +#default_text_search_config = 'pg_catalog.simple' + +# - Shared Library Preloading - + +#local_preload_libraries = '' +#session_preload_libraries = '' +#shared_preload_libraries = '' # (change requires restart) +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#extension_destdir = '' # prepend path when loading extensions + # and shared objects (added by Debian) +#gin_fuzzy_search_limit = 0 + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) +#recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/PostgreSQL/replication/pg_hba.conf b/PostgreSQL/replication/pg_hba.conf new file mode 100644 index 00000000..a01293b6 --- /dev/null +++ b/PostgreSQL/replication/pg_hba.conf @@ -0,0 +1,15 @@ +# TYPE DATABASE USER ADDRESS METHOD# "local" is for Unix domain socket connections only +local all all trust +# IPv4 local connections: +host all all 127.0.0.1/32 trust +# IPv6 local connections: +host all all ::1/128 trust +host all all 0.0.0.0/0 trust +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all trust +host replication all 127.0.0.1/32 trust +host replication all ::1/128 trust +host replication replicator 0.0.0.0/0 trust + +host all all all md5 diff --git a/PostgreSQL/replication/setup-master.sh b/PostgreSQL/replication/setup-master.sh new file mode 100644 index 00000000..65dd7b38 --- /dev/null +++ b/PostgreSQL/replication/setup-master.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE USER replicator WITH REPLICATION ENCRYPTED PASSWORD 'my_replicator_password'; + + CREATE TABLE test_replication (id INT PRIMARY KEY, name VARCHAR(30)); + INSERT INTO test_replication (id, name) VALUES (1, 'test'); + INSERT INTO test_replication (id, name) VALUES (2, 'test'); + INSERT INTO test_replication (id, name) VALUES (3, 'test'); + INSERT INTO test_replication (id, name) VALUES (4, 'test'); + + GRANT ALL ON test_replication TO replicator; + + CREATE PUBLICATION pub FOR ALL TABLES; +EOSQL diff --git a/PostgreSQL/replication/setup-slave.sh b/PostgreSQL/replication/setup-slave.sh new file mode 100644 index 00000000..9245d01a --- /dev/null +++ b/PostgreSQL/replication/setup-slave.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -e + +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + + CREATE TABLE test_replication (id INT PRIMARY KEY, name VARCHAR(30)); + + CREATE SUBSCRIPTION my_subscription + CONNECTION 'host=postgres-master-1 port=5432 dbname=data_service password=my_replicator_password user=replicator' PUBLICATION pub; + +EOSQL diff --git a/PostgreSQL/replication/slave.conf b/PostgreSQL/replication/slave.conf new file mode 100644 index 00000000..b6b937dc --- /dev/null +++ b/PostgreSQL/replication/slave.conf @@ -0,0 +1,798 @@ +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- +# +# This file consists of lines of the form: +# +# name = value +# +# (The "=" is optional.) Whitespace may be used. Comments are introduced with +# "#" anywhere on a line. The complete list of parameter names and allowed +# values can be found in the PostgreSQL documentation. +# +# The commented-out settings shown in this file represent the default values. +# Re-commenting a setting is NOT sufficient to revert it to the default value; +# you need to reload the server. +# +# This file is read on server startup and when the server receives a SIGHUP +# signal. If you edit the file on a running system, you have to SIGHUP the +# server for the changes to take effect, run "pg_ctl reload", or execute +# "SELECT pg_reload_conf()". Some parameters, which are marked below, +# require a server shutdown and restart to take effect. +# +# Any parameter can also be given as a command-line option to the server, e.g., +# "postgres -c log_connections=on". Some parameters can be changed at run time +# with the "SET" SQL command. +# +# Memory units: B = bytes Time units: us = microseconds +# kB = kilobytes ms = milliseconds +# MB = megabytes s = seconds +# GB = gigabytes min = minutes +# TB = terabytes h = hours +# d = days + + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +# The default values of these variables are driven from the -D command-line +# option or PGDATA environment variable, represented here as ConfigDir. + +#data_directory = 'ConfigDir' # use data in another directory + # (change requires restart) +#hba_file = 'ConfigDir/pg_hba.conf' # host-based authentication file + # (change requires restart) +#ident_file = 'ConfigDir/pg_ident.conf' # ident configuration file + # (change requires restart) + +# If external_pid_file is not explicitly set, no extra PID file is written. +#external_pid_file = '' # write an extra PID file + # (change requires restart) + + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' + # comma-separated list of addresses; + # defaults to 'localhost'; use '*' for all + # (change requires restart) +#port = 5432 # (change requires restart) +#max_connections = 100 # (change requires restart) +#superuser_reserved_connections = 3 # (change requires restart) +#unix_socket_directories = '/tmp' # comma-separated list of directories + # (change requires restart) +#unix_socket_group = '' # (change requires restart) +#unix_socket_permissions = 0777 # begin with 0 to use octal notation + # (change requires restart) +#bonjour = off # advertise server via Bonjour + # (change requires restart) +#bonjour_name = '' # defaults to the computer name + # (change requires restart) + +# - TCP settings - +# see "man tcp" for details + +#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; + # 0 selects the system default +#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; + # 0 selects the system default +#tcp_keepalives_count = 0 # TCP_KEEPCNT; + # 0 selects the system default +#tcp_user_timeout = 0 # TCP_USER_TIMEOUT, in milliseconds; + # 0 selects the system default + +#client_connection_check_interval = 0 # time between checks for client + # disconnection while running queries; + # 0 for never + +# - Authentication - + +#authentication_timeout = 1min # 1s-600s +#password_encryption = scram-sha-256 # scram-sha-256 or md5 +#db_user_namespace = off + +# GSSAPI using Kerberos +#krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab' +#krb_caseins_users = off + +# - SSL - + +#ssl = off +#ssl_ca_file = '' +#ssl_cert_file = 'server.crt' +#ssl_crl_file = '' +#ssl_crl_dir = '' +#ssl_key_file = 'server.key' +#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers +#ssl_prefer_server_ciphers = on +#ssl_ecdh_curve = 'prime256v1' +#ssl_min_protocol_version = 'TLSv1.2' +#ssl_max_protocol_version = '' +#ssl_dh_params_file = '' +#ssl_passphrase_command = '' +#ssl_passphrase_command_supports_reload = off + + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +# - Memory - + +#shared_buffers = 32MB # min 128kB + # (change requires restart) +#huge_pages = try # on, off, or try + # (change requires restart) +#huge_page_size = 0 # zero for system default + # (change requires restart) +#temp_buffers = 8MB # min 800kB +#max_prepared_transactions = 0 # zero disables the feature + # (change requires restart) +# Caution: it is not advisable to set max_prepared_transactions nonzero unless +# you actively intend to use prepared transactions. +#work_mem = 4MB # min 64kB +#hash_mem_multiplier = 1.0 # 1-1000.0 multiplier on hash table work_mem +#maintenance_work_mem = 64MB # min 1MB +#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem +#logical_decoding_work_mem = 64MB # min 64kB +#max_stack_depth = 2MB # min 100kB +#shared_memory_type = mmap # the default is the first option + # supported by the operating system: + # mmap + # sysv + # windows + # (change requires restart) +#dynamic_shared_memory_type = posix # the default is the first option + # supported by the operating system: + # posix + # sysv + # windows + # mmap + # (change requires restart) +#min_dynamic_shared_memory = 0MB # (change requires restart) + +# - Disk - + +#temp_file_limit = -1 # limits per-process temp file space + # in kilobytes, or -1 for no limit + +# - Kernel Resources - + +#max_files_per_process = 1000 # min 64 + # (change requires restart) + +# - Cost-Based Vacuum Delay - + +#vacuum_cost_delay = 0 # 0-100 milliseconds (0 disables) +#vacuum_cost_page_hit = 1 # 0-10000 credits +#vacuum_cost_page_miss = 2 # 0-10000 credits +#vacuum_cost_page_dirty = 20 # 0-10000 credits +#vacuum_cost_limit = 200 # 1-10000 credits + +# - Background Writer - + +#bgwriter_delay = 200ms # 10-10000ms between rounds +#bgwriter_lru_maxpages = 100 # max buffers written/round, 0 disables +#bgwriter_lru_multiplier = 2.0 # 0-10.0 multiplier on buffers scanned/round +#bgwriter_flush_after = 0 # measured in pages, 0 disables + +# - Asynchronous Behavior - + +#backend_flush_after = 0 # measured in pages, 0 disables +#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching +#maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching +#max_worker_processes = 8 # (change requires restart) +#max_parallel_workers_per_gather = 2 # taken from max_parallel_workers +#max_parallel_maintenance_workers = 2 # taken from max_parallel_workers +#max_parallel_workers = 8 # maximum number of max_worker_processes that + # can be used in parallel operations +#parallel_leader_participation = on +#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate + # (change requires restart) + + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +# - Settings - + +wal_level = logical # minimal, replica, or logical + # (change requires restart) +#fsync = on # flush data to disk for crash safety + # (turning this off can cause + # unrecoverable data corruption) +#synchronous_commit = on # synchronization level; + # off, local, remote_write, remote_apply, or on +#wal_sync_method = fsync # the default is the first option + # supported by the operating system: + # open_datasync + # fdatasync (default on Linux and FreeBSD) + # fsync + # fsync_writethrough + # open_sync +#full_page_writes = on # recover from partial page writes +#wal_log_hints = off # also do full page writes of non-critical updates + # (change requires restart) +#wal_compression = off # enable compression of full-page writes +#wal_init_zero = on # zero-fill new WAL files +#wal_recycle = on # recycle WAL files +#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers + # (change requires restart) +#wal_writer_delay = 200ms # 1-10000 milliseconds +#wal_writer_flush_after = 1MB # measured in pages, 0 disables +#wal_skip_threshold = 2MB + +#commit_delay = 0 # range 0-100000, in microseconds +#commit_siblings = 5 # range 1-1000 + +# - Checkpoints - + +#checkpoint_timeout = 5min # range 30s-1d +#checkpoint_completion_target = 0.9 # checkpoint target duration, 0.0 - 1.0 +#checkpoint_flush_after = 0 # measured in pages, 0 disables +#checkpoint_warning = 30s # 0 disables +#max_wal_size = 1GB +#min_wal_size = 80MB + +# - Archiving - + +#archive_mode = off # enables archiving; off, on, or always + # (change requires restart) +#archive_command = '' # command to use to archive a logfile segment + # placeholders: %p = path of file to archive + # %f = file name only + # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' +#archive_timeout = 0 # force a logfile segment switch after this + # number of seconds; 0 disables + +# - Archive Recovery - + +# These are only used in recovery mode. + +restore_command = 'cp /var/lib/postgresql/data/pg_wal/%f "%p"' # command to use to restore an archived logfile segment + # placeholders: %p = path of file to restore + # %f = file name only + # e.g. 'cp /mnt/server/archivedir/%f %p' +#archive_cleanup_command = '' # command to execute at every restartpoint +#recovery_end_command = '' # command to execute at completion of recovery + +# - Recovery Target - + +# Set these only when performing a targeted recovery. + +#recovery_target = '' # 'immediate' to end recovery as soon as a + # consistent state is reached + # (change requires restart) +#recovery_target_name = '' # the named restore point to which recovery will proceed + # (change requires restart) +#recovery_target_time = '' # the time stamp up to which recovery will proceed + # (change requires restart) +#recovery_target_xid = '' # the transaction ID up to which recovery will proceed + # (change requires restart) +#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed + # (change requires restart) +#recovery_target_inclusive = on # Specifies whether to stop: + # just after the specified recovery target (on) + # just before the recovery target (off) + # (change requires restart) +#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID + # (change requires restart) +#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown' + # (change requires restart) + + +#------------------------------------------------------------------------------ +# REPLICATION +#------------------------------------------------------------------------------ + +# - Sending Servers - + +# Set these on the primary and on any standby that will send replication data. + +max_wal_senders = 2 # max number of walsender processes + # (change requires restart) +#max_replication_slots = 10 # max number of replication slots + # (change requires restart) +#wal_keep_size = 0 # in megabytes; 0 disables +#max_slot_wal_keep_size = -1 # in megabytes; -1 disables +#wal_sender_timeout = 60s # in milliseconds; 0 disables +#track_commit_timestamp = off # collect timestamp of transaction commit + # (change requires restart) + +# - Primary Server - + +# These settings are ignored on a standby server. + +#synchronous_standby_names = '' # standby servers that provide sync rep + # method to choose sync standbys, number of sync standbys, + # and comma-separated list of application_name + # from standby(s); '*' = all +#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed + +# - Standby Servers - + +# These settings are ignored on a primary server. + +# primary_conninfo = 'host=customer-plans-service-customer-plans-service-db-master-1 port=5432 user=replicator password=my_replicator_password' # connection string to sending server +#primary_slot_name = '' # replication slot on sending server +#promote_trigger_file = '' # file name whose presence ends recovery +hot_standby = on # "off" disallows queries during recovery + # (change requires restart) +#max_standby_archive_delay = 30s # max delay before canceling queries + # when reading WAL from archive; + # -1 allows indefinite delay +#max_standby_streaming_delay = 30s # max delay before canceling queries + # when reading streaming WAL; + # -1 allows indefinite delay +#wal_receiver_create_temp_slot = off # create temp slot if primary_slot_name + # is not set +#wal_receiver_status_interval = 10s # send replies at least this often + # 0 disables +#hot_standby_feedback = off # send info from standby to prevent + # query conflicts +#wal_receiver_timeout = 60s # time that receiver waits for + # communication from primary + # in milliseconds; 0 disables +#wal_retrieve_retry_interval = 5s # time to wait before retrying to + # retrieve WAL after a failed attempt +#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery + +# - Subscribers - + +# These settings are ignored on a publisher. + +max_logical_replication_workers = 4 # taken from max_worker_processes + # (change requires restart) +max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers + + +#------------------------------------------------------------------------------ +# QUERY TUNING +#------------------------------------------------------------------------------ + +# - Planner Method Configuration - + +#enable_async_append = on +#enable_bitmapscan = on +#enable_gathermerge = on +#enable_hashagg = on +#enable_hashjoin = on +#enable_incremental_sort = on +#enable_indexscan = on +#enable_indexonlyscan = on +#enable_material = on +#enable_memoize = on +#enable_mergejoin = on +#enable_nestloop = on +#enable_parallel_append = on +#enable_parallel_hash = on +#enable_partition_pruning = on +#enable_partitionwise_join = off +#enable_partitionwise_aggregate = off +#enable_seqscan = on +#enable_sort = on +#enable_tidscan = on + +# - Planner Cost Constants - + +#seq_page_cost = 1.0 # measured on an arbitrary scale +#random_page_cost = 4.0 # same scale as above +#cpu_tuple_cost = 0.01 # same scale as above +#cpu_index_tuple_cost = 0.005 # same scale as above +#cpu_operator_cost = 0.0025 # same scale as above +#parallel_setup_cost = 1000.0 # same scale as above +#parallel_tuple_cost = 0.1 # same scale as above +#min_parallel_table_scan_size = 8MB +#min_parallel_index_scan_size = 512kB +#effective_cache_size = 4GB + +#jit_above_cost = 100000 # perform JIT compilation if available + # and query more expensive than this; + # -1 disables +#jit_inline_above_cost = 500000 # inline small functions if query is + # more expensive than this; -1 disables +#jit_optimize_above_cost = 500000 # use expensive JIT optimizations if + # query is more expensive than this; + # -1 disables + +# - Genetic Query Optimizer - + +#geqo = on +#geqo_threshold = 12 +#geqo_effort = 5 # range 1-10 +#geqo_pool_size = 0 # selects default based on effort +#geqo_generations = 0 # selects default based on effort +#geqo_selection_bias = 2.0 # range 1.5-2.0 +#geqo_seed = 0.0 # range 0.0-1.0 + +# - Other Planner Options - + +#default_statistics_target = 100 # range 1-10000 +#constraint_exclusion = partition # on, off, or partition +#cursor_tuple_fraction = 0.1 # range 0.0-1.0 +#from_collapse_limit = 8 +#jit = on # allow JIT compilation +#join_collapse_limit = 8 # 1 disables collapsing of explicit + # JOIN clauses +#plan_cache_mode = auto # auto, force_generic_plan or + # force_custom_plan + + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - Where to Log - + +#log_destination = 'stderr' # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + +# This is used when logging to stderr: +#logging_collector = off # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + +# These are only used if logging_collector is on: +#log_directory = 'log' # directory where log files are written, + # can be absolute or relative to PGDATA +#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, + # can include strftime() escapes +#log_file_mode = 0600 # creation mode for log files, + # begin with 0 to use octal notation +#log_rotation_age = 1d # Automatic rotation of logfiles will + # happen after that time. 0 disables. +#log_rotation_size = 10MB # Automatic rotation of logfiles will + # happen after that much log output. + # 0 disables. +#log_truncate_on_rotation = off # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + +# These are relevant when logging to syslog: +#syslog_facility = 'LOCAL0' +#syslog_ident = 'postgres' +#syslog_sequence_numbers = on +#syslog_split_messages = on + +# This is only relevant when logging to eventlog (Windows): +# (change requires restart) +#event_source = 'PostgreSQL' + +# - When to Log - + +#log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + +#log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + +#log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + +#log_min_duration_sample = -1 # -1 is disabled, 0 logs a sample of statements + # and their durations, > 0 logs only a sample of + # statements running at least this number + # of milliseconds; + # sample fraction is determined by log_statement_sample_rate + +#log_statement_sample_rate = 1.0 # fraction of logged statements exceeding + # log_min_duration_sample to be logged; + # 1.0 logs all such statements, 0.0 never logs + + +#log_transaction_sample_rate = 0.0 # fraction of transactions whose statements + # are logged regardless of their duration; 1.0 logs all + # statements from all transactions, 0.0 never logs + +# - What to Log - + +#debug_print_parse = off +#debug_print_rewritten = off +#debug_print_plan = off +#debug_pretty_print = on +#log_autovacuum_min_duration = -1 # log autovacuum activity; + # -1 disables, 0 logs all actions and + # their durations, > 0 logs only + # actions running at least this number + # of milliseconds. +#log_checkpoints = off +#log_connections = off +#log_disconnections = off +#log_duration = off +#log_error_verbosity = default # terse, default, or verbose messages +#log_hostname = off +#log_line_prefix = '%m [%p] ' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %b = backend type + # %p = process ID + # %P = process ID of parallel group leader + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %n = timestamp with milliseconds (as a Unix epoch) + # %Q = query ID (0 if none or not computed) + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' +#log_lock_waits = off # log lock waits >= deadlock_timeout +#log_recovery_conflict_waits = off # log standby recovery conflict waits + # >= deadlock_timeout +#log_parameter_max_length = -1 # when logging statements, limit logged + # bind-parameter values to N bytes; + # -1 means print in full, 0 disables +#log_parameter_max_length_on_error = 0 # when logging an error, limit logged + # bind-parameter values to N bytes; + # -1 means print in full, 0 disables +#log_statement = 'none' # none, ddl, mod, all +#log_replication_commands = off +#log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes; + # -1 disables, 0 logs all temp files +#log_timezone = 'GMT' + + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +#cluster_name = '' # added to process titles if nonempty + # (change requires restart) +#update_process_title = on + + +#------------------------------------------------------------------------------ +# STATISTICS +#------------------------------------------------------------------------------ + +# - Query and Index Statistics Collector - + +#track_activities = on +#track_activity_query_size = 1024 # (change requires restart) +#track_counts = on +#track_io_timing = off +#track_wal_io_timing = off +#track_functions = none # none, pl, all +#stats_temp_directory = 'pg_stat_tmp' + + +# - Monitoring - + +#compute_query_id = auto +#log_statement_stats = off +#log_parser_stats = off +#log_planner_stats = off +#log_executor_stats = off + + +#------------------------------------------------------------------------------ +# AUTOVACUUM +#------------------------------------------------------------------------------ + +#autovacuum = on # Enable autovacuum subprocess? 'on' + # requires track_counts to also be on. +#autovacuum_max_workers = 3 # max number of autovacuum subprocesses + # (change requires restart) +#autovacuum_naptime = 1min # time between autovacuum runs +#autovacuum_vacuum_threshold = 50 # min number of row updates before + # vacuum +#autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts + # before vacuum; -1 disables insert + # vacuums +#autovacuum_analyze_threshold = 50 # min number of row updates before + # analyze +#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum +#autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table + # size before insert vacuum +#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze +#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum + # (change requires restart) +#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age + # before forced vacuum + # (change requires restart) +#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for + # autovacuum, in milliseconds; + # -1 means use vacuum_cost_delay +#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for + # autovacuum, -1 means use + # vacuum_cost_limit + + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Statement Behavior - + +#client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error +#search_path = '"$user", public' # schema names +#row_security = on +#default_table_access_method = 'heap' +#default_tablespace = '' # a tablespace name, '' uses the default +#default_toast_compression = 'pglz' # 'pglz' or 'lz4' +#temp_tablespaces = '' # a list of tablespace names, '' uses + # only default tablespace +#check_function_bodies = on +#default_transaction_isolation = 'read committed' +#default_transaction_read_only = off +#default_transaction_deferrable = off +#session_replication_role = 'origin' +#statement_timeout = 0 # in milliseconds, 0 is disabled +#lock_timeout = 0 # in milliseconds, 0 is disabled +#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled +#idle_session_timeout = 0 # in milliseconds, 0 is disabled +#vacuum_freeze_table_age = 150000000 +#vacuum_freeze_min_age = 50000000 +#vacuum_failsafe_age = 1600000000 +#vacuum_multixact_freeze_table_age = 150000000 +#vacuum_multixact_freeze_min_age = 5000000 +#vacuum_multixact_failsafe_age = 1600000000 +#bytea_output = 'hex' # hex, escape +#xmlbinary = 'base64' +#xmloption = 'content' +#gin_pending_list_limit = 4MB + +# - Locale and Formatting - + +#datestyle = 'iso, mdy' +#intervalstyle = 'postgres' +#timezone = 'GMT' +#timezone_abbreviations = 'Default' # Select the set of available time zone + # abbreviations. Currently, there are + # Default + # Australia (historical usage) + # India + # You can create your own file in + # share/timezonesets/. +#extra_float_digits = 1 # min -15, max 3; any value >0 actually + # selects precise output mode +#client_encoding = sql_ascii # actually, defaults to database + # encoding + +# These settings are initialized by initdb, but they can be changed. +#lc_messages = 'C' # locale for system error message + # strings +#lc_monetary = 'C' # locale for monetary formatting +#lc_numeric = 'C' # locale for number formatting +#lc_time = 'C' # locale for time formatting + +# default configuration for text search +#default_text_search_config = 'pg_catalog.simple' + +# - Shared Library Preloading - + +#local_preload_libraries = '' +#session_preload_libraries = '' +#shared_preload_libraries = '' # (change requires restart) +#jit_provider = 'llvmjit' # JIT library to use + +# - Other Defaults - + +#dynamic_library_path = '$libdir' +#extension_destdir = '' # prepend path when loading extensions + # and shared objects (added by Debian) +#gin_fuzzy_search_limit = 0 + + +#------------------------------------------------------------------------------ +# LOCK MANAGEMENT +#------------------------------------------------------------------------------ + +#deadlock_timeout = 1s +#max_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_transaction = 64 # min 10 + # (change requires restart) +#max_pred_locks_per_relation = -2 # negative values mean + # (max_pred_locks_per_transaction + # / -max_pred_locks_per_relation) - 1 +#max_pred_locks_per_page = 2 # min 0 + + +#------------------------------------------------------------------------------ +# VERSION AND PLATFORM COMPATIBILITY +#------------------------------------------------------------------------------ + +# - Previous PostgreSQL Versions - + +#array_nulls = on +#backslash_quote = safe_encoding # on, off, or safe_encoding +#escape_string_warning = on +#lo_compat_privileges = off +#quote_all_identifiers = off +#standard_conforming_strings = on +#synchronize_seqscans = on + +# - Other Platforms and Clients - + +#transform_null_equals = off + + +#------------------------------------------------------------------------------ +# ERROR HANDLING +#------------------------------------------------------------------------------ + +#exit_on_error = off # terminate session on any error? +#restart_after_crash = on # reinitialize after backend crash? +#data_sync_retry = off # retry or panic on failure to fsync + # data? + # (change requires restart) +#recovery_init_sync_method = fsync # fsync, syncfs (Linux 5.8+) + + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +# These options allow settings to be loaded from files other than the +# default postgresql.conf. Note that these are directives, not variable +# assignments, so they can usefully be given more than once. + +#include_dir = '...' # include files ending in '.conf' from + # a directory, e.g., 'conf.d' +#include_if_exists = '...' # include file only if it exists +#include = '...' # include file + + +#------------------------------------------------------------------------------ +# CUSTOMIZED OPTIONS +#------------------------------------------------------------------------------ + +# Add settings for extensions here diff --git a/PostgreSQL/single/docker-compose.yml b/PostgreSQL/single/docker-compose.yml new file mode 100644 index 00000000..dbb0af6c --- /dev/null +++ b/PostgreSQL/single/docker-compose.yml @@ -0,0 +1,13 @@ +version: "3.9" + +services: + master: + image: postgres:15 + restart: always + environment: + POSTGRES_PASSWORD: password + POSTGRES_DB: data_service + POSTGRES_USER: postgres + ports: + - "5432:5432" + diff --git a/Prometheus-Grafana/LICENSE b/Prometheus-Grafana/LICENSE new file mode 100644 index 00000000..58a1d1b3 --- /dev/null +++ b/Prometheus-Grafana/LICENSE @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/Prometheus-Grafana/README.md b/Prometheus-Grafana/README.md new file mode 100644 index 00000000..6a3c890f --- /dev/null +++ b/Prometheus-Grafana/README.md @@ -0,0 +1,3 @@ +# Template + +dépôt Template \ No newline at end of file diff --git a/Prometheus-Grafana/alertmanager/config.yml b/Prometheus-Grafana/alertmanager/config.yml new file mode 100644 index 00000000..85e5ac90 --- /dev/null +++ b/Prometheus-Grafana/alertmanager/config.yml @@ -0,0 +1,10 @@ +route: + receiver: 'slack' + +receivers: + - name: 'slack' +# slack_configs: +# - send_resolved: true +# username: '' +# channel: '#' +# api_url: '' diff --git a/Prometheus-Grafana/docker-compose.yml b/Prometheus-Grafana/docker-compose.yml new file mode 100644 index 00000000..56ec5f57 --- /dev/null +++ b/Prometheus-Grafana/docker-compose.yml @@ -0,0 +1,138 @@ +version: '3.8' + +#### NETWORKS +networks: + docker-traefik_front_network: + external: true + back_network: + driver: bridge + attachable: true + +#### SERVICES +services: + +### prometheus + prometheus: + image: prom/prometheus + restart: always + volumes: + - ./prometheus:/etc/prometheus/ + - prometheus_data:/prometheus + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/usr/share/prometheus/console_libraries' + - '--web.console.templates=/usr/share/prometheus/consoles' +# ports: +# - 9090:9090 + networks: + - docker-traefik_front_network + - back_network + links: + - cadvisor:cadvisor + - alertmanager:alertmanager + depends_on: + - cadvisor + labels: + - "traefik.enable=true" + - "traefik.docker.network=docker-traefik_front_network" +## HTTP + - "traefik.http.routers.prometheus-http.rule=Host(`prometheus.10.0.4.29.traefik.me`)" + - "traefik.http.routers.prometheus-http.entrypoints=http" +## HTTPS + - "traefik.http.routers.prometheus-https.rule=Host(`prometheus.10.0.4.29.traefik.me`)" + - "traefik.http.routers.prometheus-https.entrypoints=https" + - "traefik.http.routers.prometheus-https.tls=true" + - "traefik.http.routers.prometheus-https.service=prometheus-service" +## Middleware +## Service + - "traefik.http.services.prometheus-service.loadbalancer.server.port=9090" + +### node-exporter + node-exporter: + image: prom/node-exporter + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + command: + - '--path.procfs=/host/proc' + - '--path.sysfs=/host/sys' + - --collector.filesystem.ignored-mount-points + - '^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)' + ports: + - 9100:9100 + networks: + - back_network + restart: always + deploy: + mode: global + +### alertmanager + alertmanager: + image: prom/alertmanager + restart: always + ports: + - 9093:9093 + networks: + - back_network + volumes: + - ./alertmanager/:/etc/alertmanager/ + command: + - '--config.file=/etc/alertmanager/config.yml' + - '--storage.path=/alertmanager' + +### cadvisor + cadvisor: + image: gcr.io/cadvisor/cadvisor + volumes: + - /:/rootfs:ro + - /var/run:/var/run:rw + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + ports: + - 8080:8080 + networks: + - back_network + restart: always + deploy: + mode: global + +### grafana + grafana: + image: grafana/grafana + user: '472' + restart: always + environment: + GF_INSTALL_PLUGINS: 'grafana-clock-panel,grafana-simple-json-datasource' + volumes: + - grafana_data:/var/lib/grafana + - ./grafana/provisioning/:/etc/grafana/provisioning/ + env_file: + - ./grafana/config.monitoring +# ports: +# - 3000:3000 + networks: + - docker-traefik_front_network + - back_network + depends_on: + - prometheus + labels: + - "traefik.enable=true" + - "traefik.docker.network=interne" +## HTTP + - "traefik.http.routers.grafana-http.rule=Host(`grafana.10.0.4.29.traefik.me`)" + - "traefik.http.routers.grafana-http.entrypoints=http" +## HTTPS + - "traefik.http.routers.grafana-https.rule=Host(`grafana.10.0.4.29.traefik.me`)" + - "traefik.http.routers.grafana-https.entrypoints=https" + - "traefik.http.routers.grafana-https.tls=true" + - "traefik.http.routers.grafana-https.service=grafana-service" +## Middleware +## Service + - "traefik.http.services.grafana-service.loadbalancer.server.port=3000" + +#### VOLUMES +volumes: + prometheus_data: {} + grafana_data: {} \ No newline at end of file diff --git a/Prometheus-Grafana/grafana/config.monitoring b/Prometheus-Grafana/grafana/config.monitoring new file mode 100644 index 00000000..a4a54c87 --- /dev/null +++ b/Prometheus-Grafana/grafana/config.monitoring @@ -0,0 +1,3 @@ +GF_SECURITY_ADMIN_USER=admin +GF_SECURITY_ADMIN_PASSWORD=foobar +GF_USERS_ALLOW_SIGN_UP=false diff --git a/Prometheus-Grafana/grafana/provisioning/dashboards/authentik.json b/Prometheus-Grafana/grafana/provisioning/dashboards/authentik.json new file mode 100644 index 00000000..d0383d0b --- /dev/null +++ b/Prometheus-Grafana/grafana/provisioning/dashboards/authentik.json @@ -0,0 +1,1388 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__requires": [ + { + "type": "panel", + "id": "bargauge", + "name": "Bar gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "8.1.4" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "text", + "name": "Text", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Grafana Dashboard for Prometheus metrics exposed by authentik.", + "editable": true, + "gnetId": 14837, + "graphTooltip": 1, + "id": null, + "iteration": 1631795206449, + "links": [], + "panels": [ + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 23, + "panels": [], + "title": "authentik Core", + "type": "row" + }, + { + "datasource": "${DS_PROMETHEUS}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "hue", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 17, + "x": 0, + "y": 1 + }, + "id": 8, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "exemplar": true, + "expr": "avg by (flow_slug) (rate(authentik_flows_plan_time_sum{namespace=~\"$namespace\"}[5m]) / rate(authentik_flows_plan_time_count{namespace=~\"$namespace\"}[5m]))", + "interval": "", + "legendFormat": "{{ flow_slug }}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "FlowPlanner time by flow", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": "${DS_PROMETHEUS}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Successful" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Failed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 17, + "y": 1 + }, + "id": 10, + "options": { + "displayLabels": [], + "legend": { + "displayMode": "list", + "placement": "bottom", + "values": [] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "7.5.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(authentik_system_tasks{namespace=~\"$namespace\",status=\"TaskResultStatus.ERROR\"})", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "Failed", + "refId": "A" + }, + { + "exemplar": true, + "expr": "sum(authentik_system_tasks{namespace=~\"$namespace\",status=\"TaskResultStatus.SUCCESSFUL\"})", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "Successful", + "refId": "B" + } + ], + "title": "Task status", + "transparent": true, + "type": "piechart" + }, + { + "datasource": null, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 1 + }, + "id": 13, + "options": { + "content": "\n\n", + "mode": "html" + }, + "pluginVersion": "8.1.4", + "timeFrom": null, + "timeShift": null, + "transparent": true, + "type": "text" + }, + { + "datasource": "${DS_PROMETHEUS}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "text": "None" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 6 + }, + "id": 4, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.4", + "targets": [ + { + "exemplar": true, + "expr": "max(authentik_admin_workers{namespace=~\"$namespace\"})", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Connected Workers", + "transparent": true, + "type": "stat" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 17, + "y": 7 + }, + "id": 6, + "options": { + "displayLabels": [], + "legend": { + "displayMode": "list", + "placement": "bottom", + "values": [] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "7.5.6", + "targets": [ + { + "exemplar": true, + "expr": "sum(authentik_policies_cached{namespace=~\"$namespace\"})", + "instant": true, + "interval": "", + "legendFormat": "Cached policies", + "refId": "A" + }, + { + "exemplar": true, + "expr": "sum(authentik_models{namespace=~\"$namespace\",app=\"authentik_policies\", model_name=\"policy\"}) - authentik_policies_cached", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "Total policies", + "refId": "B" + } + ], + "title": "Cached policies", + "transparent": true, + "type": "piechart" + }, + { + "datasource": "${DS_PROMETHEUS}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "text": "None" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 20, + "y": 9 + }, + "id": 16, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.4", + "targets": [ + { + "exemplar": true, + "expr": "sum(authentik_outposts_connected{namespace=~\"$namespace\"})", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Connected Outposts", + "transparent": true, + "type": "stat" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 800000 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 4, + "x": 0, + "y": 13 + }, + "id": 15, + "options": { + "displayMode": "lcd", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "text": {} + }, + "pluginVersion": "8.1.4", + "targets": [ + { + "exemplar": true, + "expr": "avg by (task_name) (authentik_system_tasks{namespace=~\"$namespace\"})", + "instant": true, + "interval": "", + "legendFormat": "{{ task_name }}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "System task duration", + "transparent": true, + "type": "bargauge" + }, + { + "datasource": "${DS_PROMETHEUS}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 20, + "x": 4, + "y": 13 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "exemplar": true, + "expr": "topk(5, avg by(binding_target_type) (rate(authentik_policies_execution_time_sum{namespace=~\"$namespace\"}[5m]) / rate(authentik_policies_execution_time_count{namespace=~\"$namespace\"}[5m])))", + "interval": "", + "legendFormat": "{{ binding_target_type }}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "PolicyEngine Execution time by binding type (Top 5)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": "${DS_PROMETHEUS}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "hue", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 20, + "x": 4, + "y": 21 + }, + "id": 11, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "exemplar": true, + "expr": "topk(5, avg by(object_type) (rate(authentik_policies_execution_time_sum{namespace=~\"$namespace\"}[5m]) / rate(authentik_policies_execution_time_count{namespace=~\"$namespace\"}[5m])))", + "interval": "", + "legendFormat": "{{ object_type }}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "PolicyEngine Execution time by binding target (Top 5)", + "transparent": true, + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 18, + "panels": [], + "repeat": "outpost_proxy", + "title": "authentik Proxy Outpost $outpost_proxy", + "type": "row" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 30 + }, + "id": 20, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "sum by (host) (rate(authentik_outpost_proxy_requests_sum{namespace=~\"$namespace\", outpost_name=\"$outpost_proxy\"}[5m]))", + "interval": "", + "legendFormat": "{{ host }}", + "refId": "A" + } + ], + "title": "Outpost requests (per 5 minutes)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": null, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 30 + }, + "id": 21, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "sum by (host) (rate(authentik_outpost_proxy_requests_sum{outpost_name=\"$outpost_proxy\", namespace=~\"$namespace\",user=\"\"}[5m]))", + "interval": "", + "legendFormat": "{{ host }}", + "refId": "A" + } + ], + "title": "Outpost requests (per 5 minutes) (unauthenticated, but allow-listed)", + "transparent": true, + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 38 + }, + "id": 25, + "panels": [], + "repeat": "outpost_ldap", + "title": "authentik LDAP Outpost $outpost_ldap", + "type": "row" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 39 + }, + "id": 27, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "avg by (dn) (rate(authentik_outpost_ldap_requests_bucket{namespace=~\"$namespace\", outpost_name=\"$outpost_ldap\"}[5m]))", + "interval": "", + "legendFormat": "{{ dn }}", + "refId": "A" + } + ], + "title": "LDAP Requests (per 5 minutes)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 39 + }, + "id": 28, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "avg by (reason) (rate(authentik_outpost_ldap_requests_rejected{namespace=~\"$namespace\", outpost_name=\"$outpost_ldap\"}[5m]))", + "interval": "", + "legendFormat": "{{ reason }}", + "refId": "A" + } + ], + "title": "LDAP Rejected Requests (per 5 minutes)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 16, + "x": 0, + "y": 47 + }, + "id": 26, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "avg by (flow) (rate(authentik_outpost_flow_timing_get_bucket{namespace=~\"$namespace\"}[5m]))", + "hide": false, + "interval": "", + "legendFormat": "{{ flow }} GET", + "refId": "A" + }, + { + "exemplar": true, + "expr": "avg by (flow) (rate(authentik_outpost_flow_timing_post_bucket{namespace=~\"$namespace\"}[5m]))", + "hide": false, + "interval": "", + "legendFormat": "{{ flow }} POST", + "refId": "B" + } + ], + "title": "FlowExecutor Timings", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": null, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 16, + "y": 47 + }, + "id": 29, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "group by (type) (authentik_outpost_ldap_requests_sum)", + "hide": false, + "interval": "", + "legendFormat": "{{ type }}", + "refId": "A" + } + ], + "title": "LDAP Requests by type", + "transparent": true, + "type": "piechart" + }, + { + "datasource": null, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 4, + "x": 20, + "y": 47 + }, + "id": 30, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom" + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "exemplar": true, + "expr": "group by (reason) (authentik_outpost_ldap_requests_rejected)", + "hide": false, + "interval": "", + "legendFormat": "{{ reason }}", + "refId": "A" + } + ], + "title": "LDAP Rejected Requests by reason", + "transparent": true, + "type": "piechart" + } + ], + "refresh": false, + "schemaVersion": 30, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": {}, + "datasource": "${DS_PROMETHEUS}", + "definition": "authentik_outpost_connection", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Namespace", + "multi": true, + "name": "namespace", + "options": [], + "query": { + "query": "authentik_outpost_connection", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/.*namespace=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "allValue": null, + "current": {}, + "datasource": "${DS_PROMETHEUS}", + "definition": "authentik_outpost_info{outpost_type=\"proxy\"}", + "description": null, + "error": null, + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "outpost_proxy", + "options": [], + "query": { + "query": "authentik_outpost_info{outpost_type=\"proxy\"}", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/.*outpost_name=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "allValue": null, + "current": {}, + "datasource": "${DS_PROMETHEUS}", + "definition": "authentik_outpost_info{outpost_type=\"ldap\"}", + "description": null, + "error": null, + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "outpost_ldap", + "options": [], + "query": { + "query": "authentik_outpost_info{outpost_type=\"ldap\"}", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/.*outpost_name=\"([^\"]*).*/", + "skipUrlSync": false, + "sort": 0, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "authentik", + "uid": "authentik", + "version": 32 +} diff --git a/Prometheus-Grafana/grafana/provisioning/dashboards/dashboard.yml b/Prometheus-Grafana/grafana/provisioning/dashboards/dashboard.yml new file mode 100644 index 00000000..14716ee1 --- /dev/null +++ b/Prometheus-Grafana/grafana/provisioning/dashboards/dashboard.yml @@ -0,0 +1,11 @@ +apiVersion: 1 + +providers: +- name: 'Prometheus' + orgId: 1 + folder: '' + type: file + disableDeletion: false + editable: true + options: + path: /etc/grafana/provisioning/dashboards diff --git a/Prometheus-Grafana/grafana/provisioning/dashboards/traefik.json b/Prometheus-Grafana/grafana/provisioning/dashboards/traefik.json new file mode 100644 index 00000000..5c3d140e --- /dev/null +++ b/Prometheus-Grafana/grafana/provisioning/dashboards/traefik.json @@ -0,0 +1,1605 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.3.1" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Official dashboard for Standalone Traefik", + "editable": false, + "fiscalYearStartMonth": 0, + "gnetId": 17346, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 9, + "panels": [], + "title": "General", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 5, + "x": 0, + "y": 1 + }, + "id": 13, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "count(traefik_config_reloads_total)", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Traefik Instances", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 7, + "x": 5, + "y": 1 + }, + "id": 7, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(traefik_entrypoint_requests_total{entrypoint=~\"$entrypoint\"}[1m])) by (entrypoint)", + "legendFormat": "{{entrypoint}}", + "range": true, + "refId": "A" + } + ], + "title": "Requests per Entrypoint", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "https://medium.com/@tristan_96324/prometheus-apdex-alerting-d17a065e39d0", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 6, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "(sum(rate(traefik_entrypoint_request_duration_seconds_bucket{le=\"0.3\",code=\"200\",entrypoint=~\"$entrypoint\"}[5m])) by (method) + \n sum(rate(traefik_entrypoint_request_duration_seconds_bucket{le=\"1.2\",code=\"200\",entrypoint=~\"$entrypoint\"}[5m])) by (method)) / 2 / \n sum(rate(traefik_entrypoint_request_duration_seconds_count{code=\"200\",entrypoint=~\"$entrypoint\"}[5m])) by (method)\n", + "legendFormat": "{{method}}", + "range": true, + "refId": "A" + } + ], + "title": "Apdex score", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Mean Distribution", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 5, + "x": 0, + "y": 3 + }, + "id": 14, + "options": { + "legend": { + "displayMode": "list", + "placement": "right", + "showLegend": true, + "values": [ + "percent" + ] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(traefik_service_requests_total{service=~\"$service.*\",protocol=\"http\"}[1m])) by (method, code)", + "legendFormat": "{{method}}[{{code}}]", + "range": true, + "refId": "A" + } + ], + "title": "Http Code ", + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 23, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n traefik_service_request_duration_seconds_sum{service=~\"$service.*\",protocol=\"http\"} / \n traefik_service_request_duration_seconds_count{service=~\"$service.*\",protocol=\"http\"},\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)\n\n", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Top slow services", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 5, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Most requested services", + "type": "timeseries" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 11, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 18 + }, + "id": 3, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "label_replace(\n 1 - (sum by (service)\n (rate(traefik_service_request_duration_seconds_bucket{le=\"1.2\",service=~\"$service.*\"}[5m])) / sum by (service) \n (rate(traefik_service_request_duration_seconds_count{service=~\"$service.*\"}[5m]))\n ) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\"\n)", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Services failing SLO of 1200ms", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 4, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "label_replace(\n 1 - (sum by (service)\n (rate(traefik_service_request_duration_seconds_bucket{le=\"0.3\",service=~\"$service.*\"}[5m])) / sum by (service) \n (rate(traefik_service_request_duration_seconds_count{service=~\"$service.*\"}[5m]))\n ) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\"\n)", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Services failing SLO of 300ms", + "type": "timeseries" + } + ], + "title": "SLO", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 18 + }, + "id": 16, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 0, + "y": 19 + }, + "id": 17, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code=~\"2..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "2xx over 5 min", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 8, + "y": 19 + }, + "id": 18, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code=~\"5..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "5xx over 5 min", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 16, + "y": 19 + }, + "id": 19, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code!~\"2..|5..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Other codes over 5 min", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 31 + }, + "id": 20, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method) \n (rate(traefik_service_requests_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}} on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Requests Size", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 31 + }, + "id": 24, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method) \n (rate(traefik_service_responses_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}} on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Responses Size", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 39 + }, + "id": 2, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "label_replace(\n sum(traefik_service_open_connections{service=~\"$service.*\"}) by (service),\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Connections per Service", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 39 + }, + "id": 21, + "options": { + "legend": { + "calcs": [ + "mean", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(traefik_entrypoint_open_connections{entrypoint=~\"$entrypoint\"}) by (entrypoint)\n", + "legendFormat": "{{entrypoint}}", + "range": true, + "refId": "A" + } + ], + "title": "Connections per Entrypoint", + "type": "timeseries" + } + ], + "title": "HTTP Details", + "type": "row" + } + ], + "refresh": false, + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "DS_PROMETHEUS", + "label": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(traefik_entrypoint_open_connections, entrypoint)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "entrypoint", + "options": [], + "query": { + "query": "label_values(traefik_entrypoint_open_connections, entrypoint)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(traefik_service_open_connections, service)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "service", + "options": [], + "query": { + "query": "label_values(traefik_service_open_connections, service)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Traefik Official Standalone Dashboard", + "uid": "n5bu_kv45", + "version": 6, + "weekStart": "" +} diff --git a/Prometheus-Grafana/grafana/provisioning/datasources/datasource.yml b/Prometheus-Grafana/grafana/provisioning/datasources/datasource.yml new file mode 100644 index 00000000..c02bb38b --- /dev/null +++ b/Prometheus-Grafana/grafana/provisioning/datasources/datasource.yml @@ -0,0 +1,50 @@ +# config file version +apiVersion: 1 + +# list of datasources that should be deleted from the database +deleteDatasources: + - name: Prometheus + orgId: 1 + +# list of datasources to insert/update depending +# whats available in the database +datasources: + # name of the datasource. Required +- name: Prometheus + # datasource type. Required + type: prometheus + # access mode. direct or proxy. Required + access: proxy + # org id. will default to orgId 1 if not specified + orgId: 1 + # url + url: http://prometheus:9090 + # database password, if used + password: + # database user, if used + user: + # database name, if used + database: + # enable/disable basic auth + basicAuth: false + # basic auth username, if used + basicAuthUser: + # basic auth password, if used + basicAuthPassword: + # enable/disable with credentials headers + withCredentials: + # mark as default datasource. Max one per org + isDefault: true + # fields that will be converted to json and stored in json_data + jsonData: + graphiteVersion: "1.1" + tlsAuth: false + tlsAuthWithCACert: false + # json object of data that will be encrypted. + secureJsonData: + tlsCACert: "..." + tlsClientCert: "..." + tlsClientKey: "..." + version: 1 + # allow users to edit datasources from the UI. + editable: true diff --git a/Prometheus-Grafana/prometheus.yml b/Prometheus-Grafana/prometheus.yml new file mode 100644 index 00000000..264416d6 --- /dev/null +++ b/Prometheus-Grafana/prometheus.yml @@ -0,0 +1,16 @@ +global: + scrape_interval: 15s + evaluation_interval: 15s + +rule_files: + # - "first.rules" + # - "second.rules" + +scrape_configs: + - job_name: prometheus + static_configs: + - targets: ['localhost:9090'] + - job_name: app + scrape_interval: 5s + static_configs: + - targets: ['host.docker.internal:10088'] diff --git a/Prometheus-Grafana/prometheus/alert.rules b/Prometheus-Grafana/prometheus/alert.rules new file mode 100644 index 00000000..543bf916 --- /dev/null +++ b/Prometheus-Grafana/prometheus/alert.rules @@ -0,0 +1,22 @@ +groups: +- name: example + rules: + + # Alert for any instance that is unreachable for >2 minutes. + - alert: service_down + expr: up == 0 + for: 2m + labels: + severity: page + annotations: + summary: "Instance {{ $labels.instance }} down" + description: "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 2 minutes." + + - alert: high_load + expr: node_load1 > 0.5 + for: 2m + labels: + severity: page + annotations: + summary: "Instance {{ $labels.instance }} under high load" + description: "{{ $labels.instance }} of job {{ $labels.job }} is under high load." diff --git a/Prometheus-Grafana/prometheus/prometheus.yml b/Prometheus-Grafana/prometheus/prometheus.yml new file mode 100644 index 00000000..b400bfe2 --- /dev/null +++ b/Prometheus-Grafana/prometheus/prometheus.yml @@ -0,0 +1,82 @@ +# my global config +global: + scrape_interval: 15s # By default, scrape targets every 15 seconds. + evaluation_interval: 15s # By default, scrape targets every 15 seconds. + # scrape_timeout is set to the global default (10s). + + # Attach these labels to any time series or alerts when communicating with + # external systems (federation, remote storage, Alertmanager). + external_labels: + monitor: 'my-project' + +# Load and evaluate rules in this file every 'evaluation_interval' seconds. +rule_files: + - 'alert.rules' + # - "first.rules" + # - "second.rules" + +# alert +alerting: + alertmanagers: + - scheme: http + static_configs: + - targets: + - "alertmanager:9093" + +# A scrape configuration containing exactly one endpoint to scrape: +# Here it's Prometheus itself. +scrape_configs: + # The job name is added as a label `job=` to any timeseries scraped from this config. + - job_name: app + scrape_interval: 5s + static_configs: + - targets: ['host.docker.internal:8000'] + + - job_name: 'prometheus' + + # Override the global default and scrape targets from this job every 5 seconds. + scrape_interval: 5s + + static_configs: + - targets: ['localhost:9090'] + + - job_name: 'cadvisor' + + # Override the global default and scrape targets from this job every 5 seconds. + scrape_interval: 5s + + dns_sd_configs: + - names: + - 'tasks.cadvisor' + type: 'A' + port: 8080 + +# static_configs: +# - targets: ['cadvisor:8080'] + + - job_name: 'node-exporter' + + # Override the global default and scrape targets from this job every 5 seconds. + scrape_interval: 5s + + dns_sd_configs: + - names: + - 'tasks.node-exporter' + type: 'A' + port: 9100 + +# - job_name: 'pushgateway' +# scrape_interval: 10s +# dns_sd_configs: +# - names: +# - 'tasks.pushgateway' +# type: 'A' +# port: 9091 + +# static_configs: +# - targets: ['node-exporter:9100'] + + - job_name: 'traefik-app' + scrape_interval: 5s + static_configs: + - targets: ['10.12.1.14:8181'] diff --git a/RabbitMQ/LICENSE b/RabbitMQ/LICENSE new file mode 100644 index 00000000..58a1d1b3 --- /dev/null +++ b/RabbitMQ/LICENSE @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/RabbitMQ/README.md b/RabbitMQ/README.md new file mode 100644 index 00000000..6a3c890f --- /dev/null +++ b/RabbitMQ/README.md @@ -0,0 +1,3 @@ +# Template + +dépôt Template \ No newline at end of file diff --git a/RabbitMQ/docker-compose.yml b/RabbitMQ/docker-compose.yml new file mode 100644 index 00000000..016341c0 --- /dev/null +++ b/RabbitMQ/docker-compose.yml @@ -0,0 +1,16 @@ +version: '3.9' + +services: + rabbitmq: + image: rabbitmq:3.7-management + healthcheck: + test: [ "CMD-SHELL", "rabbitmqctl status" ] + interval: 10s + timeout: 10s + retries: 3 + ports: + - "15672:15672" + - "5672:5672" + environment: + RABBITMQ_DEFAULT_USER: "guest" + RABBITMQ_DEFAULT_PASS: "guest" diff --git a/Redis/LICENSE b/Redis/LICENSE new file mode 100644 index 00000000..58a1d1b3 --- /dev/null +++ b/Redis/LICENSE @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/Redis/README.md b/Redis/README.md new file mode 100644 index 00000000..58174071 --- /dev/null +++ b/Redis/README.md @@ -0,0 +1,43 @@ +![redis](./img/logo.png) + + +# Redis +Redis is a versatile and fast data store that supports strings, hashes, lists, sets, streams, and more. It also offers programmability, extensibility, persistence, clustering, and high availability features, as well as Redis Stack for modern data models and processing engines. + +# Management UI +Redis Commander is a web-based management tool for Redis. It is a simple and intuitive tool that allows you to interact with Redis, monitor key space, and execute commands. + +Navigate to http://localhost:8081 to access the Redis Commander UI. + +![redis-commander](./img/ui.png) + + +## Prerequisites +- Docker +- Docker Compose + +## Running the Stack + +### Standalone + +Inside the `standalone` directory, run `docker-compose up` to start the connector. + +### Port Configurations + +- `6379` - Master Redis port +- `6380` - Slave Redis port + +### Configuration + +All the configurations are available in the `standalone/conf` directory. + +- `redis.conf` - Master Redis configuration file +- `redis-replica.conf` - Replica Redis configuration file +- `redis-commander.json` - Redis Commander configuration file + +### Data Persistence + +- `standalone/data` - Master Redis data directory +- `standalone/data-replica` - Replica Redis data directory + + diff --git a/Redis/img/logo.png b/Redis/img/logo.png new file mode 100644 index 00000000..698bcfb1 Binary files /dev/null and b/Redis/img/logo.png differ diff --git a/Redis/img/ui.png b/Redis/img/ui.png new file mode 100644 index 00000000..206a26da Binary files /dev/null and b/Redis/img/ui.png differ diff --git a/Redis/standalone/.gitignore b/Redis/standalone/.gitignore new file mode 100644 index 00000000..e40beeb6 --- /dev/null +++ b/Redis/standalone/.gitignore @@ -0,0 +1,4 @@ +data +data-replica +.conf + diff --git a/Redis/standalone/conf/redis-commander.json b/Redis/standalone/conf/redis-commander.json new file mode 100644 index 00000000..dddf5745 --- /dev/null +++ b/Redis/standalone/conf/redis-commander.json @@ -0,0 +1,18 @@ +{ + "connections": [ + { + "label": "standalone", + "host": "redis", + "port": 6379, + "password": "password", + "dbIndex": 0 + }, + { + "label": "replica", + "host": "redis-replica", + "port": 6379, + "password": "password", + "dbIndex": 0 + } + ] +} diff --git a/Redis/standalone/conf/redis-replica.conf b/Redis/standalone/conf/redis-replica.conf new file mode 100644 index 00000000..1da0dfa1 --- /dev/null +++ b/Redis/standalone/conf/redis-replica.conf @@ -0,0 +1,30 @@ +# All option are available at https://redis.io/docs/management/config-file/ + +# Bind to all interfaces +bind 0.0.0.0 + +# Specify the port for Redis to listen on +port 6379 + +# Enable slave mode +replicaof redis 6379 + +# Enable persistence +appendonly yes + +# Set the path to the appendonly file +appendfilename "appendonly.aof" + +# Set the path to the directory containing the appendonly file +dir /data-replica + +# Set the path to the dump file +dbfilename "dump.rdb" + +# Set the path to the directory containing the dump file +dir /data-replica + +# Optional: Set a password for authentication +masterauth password +requirepass password + diff --git a/Redis/standalone/conf/redis.conf b/Redis/standalone/conf/redis.conf new file mode 100644 index 00000000..c449e5fd --- /dev/null +++ b/Redis/standalone/conf/redis.conf @@ -0,0 +1,29 @@ +# All option are available at https://redis.io/docs/management/config-file/ +# Bind to all interfaces +bind 0.0.0.0 + +# Specify the port for Redis to listen on +port 6379 + +# Enable master mode +# replica-serve-stale-data no +# replica-read-only yes +replication-mode master + +# Enable persistence +appendonly yes + +# Set the path to the appendonly file +appendfilename "appendonly.aof" + +# Set the path to the directory containing the appendonly file +dir /data + +# Set the path to the dump file +dbfilename "dump.rdb" + +# Set the path to the directory containing the dump file +dir /data + +# Optional: Set a password for authentication +requirepass password diff --git a/Redis/standalone/docker-compose.yml b/Redis/standalone/docker-compose.yml new file mode 100644 index 00000000..668863cf --- /dev/null +++ b/Redis/standalone/docker-compose.yml @@ -0,0 +1,49 @@ +version: '3.9' + +services: + redis: + build: + context: ./docker + dockerfile: redis.Dockerfile + container_name: redis + ports: + - '6379:6379' + volumes: + - ./data:/data + - .conf/redis.conf:/usr/local/etc/redis/redis.conf + command: ["redis-server", "/usr/local/etc/redis/redis.conf"] + healthcheck: + test: redis-cli ping + start_period: 15s + interval: 5s + timeout: 10s + retries: 5 + + redis-replica: + build: + context: ./docker + dockerfile: redis.Dockerfile + container_name: redis-replica + ports: + - '6380:6379' + volumes: + - ./data-replica:/data + - .conf/redis-replica.conf:/usr/local/etc/redis/redis.conf + command: ["redis-server", "/usr/local/etc/redis/redis.conf", "--slaveof", "redis", "6379"] + healthcheck: + test: redis-cli ping + start_period: 15s + interval: 5s + timeout: 10s + retries: 5 + + + redis-commander: + container_name: redis-commander + hostname: redis-commander + image: ghcr.io/joeferner/redis-commander:latest + restart: always + volumes: + - ./conf/redis-commander.json:/redis-commander/config/local-production.json + ports: + - "8081:8081" diff --git a/Redis/standalone/docker/redis.Dockerfile b/Redis/standalone/docker/redis.Dockerfile new file mode 100644 index 00000000..2aa3d5ae --- /dev/null +++ b/Redis/standalone/docker/redis.Dockerfile @@ -0,0 +1 @@ +FROM redis:latest diff --git a/Scylladb/.gitignore b/Scylladb/.gitignore new file mode 100644 index 00000000..800c9d9c --- /dev/null +++ b/Scylladb/.gitignore @@ -0,0 +1,2 @@ +standalone/data +cluster/data-* diff --git a/Scylladb/LICENSE b/Scylladb/LICENSE new file mode 100644 index 00000000..58a1d1b3 --- /dev/null +++ b/Scylladb/LICENSE @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/Scylladb/README.md b/Scylladb/README.md new file mode 100644 index 00000000..bffe3ef0 --- /dev/null +++ b/Scylladb/README.md @@ -0,0 +1,115 @@ +![scylladb](./img/logo.png) + + +# ScyllaDB + +ScyllaDB is a NoSQL database management system that is compatible with Apache Cassandra. +It is designed to scale linearly across multiple commodity servers, while maintaining low latency and high availability. +ScyllaDB is written in C++ and uses the Seastar framework for concurrency and asynchronous I/O. + + +## Prerequisites +- Docker +- Docker Compose + + +## Running the Stack + +### Standalone + +Inside the `standalone` directory, run `docker-compose up` to start the connector. + +### Port Configurations + + - `9042` - ScyllaDB CQL port + - `9160` - ScyllaDB Thrift port + - `7004` - ScyllaDB Inter-node communication (RPC) + - `7005` - ScyllaDB Inter-node communication (SSL) + - `10000` - Scylla REST API + + +### Cluster + +Inside the `cluster` directory, run `docker-compose up` to start the connector. + +#### Port Configurations + +Master + +- `9042` - ScyllaDB CQL port +- `9160` - ScyllaDB Thrift port +- `7004` - ScyllaDB Inter-node communication (RPC) +- `7005` - ScyllaDB Inter-node communication (SSL) +- `10000` - Scylla REST API + +Node 1 + +- `9043` - ScyllaDB CQL port +- `9161` - ScyllaDB Thrift port +- `7006` - ScyllaDB Inter-node communication (RPC) +- `7007` - ScyllaDB Inter-node communication (SSL) +- `10001` - Scylla REST API + +**Cluster Status:** + +run `docker-compose exec scylladb-master nodetool status` to view the cluster status. + +```go +Datacenter: datacenter1 +======================= +Status=Up/Down +|/ State=Normal/Leaving/Joining/Moving +-- Address Load Tokens Owns Host ID Rack +UN 172.27.0.3 2.07 MB 256 ? a899f085-0437-444a-80fe-158958a8796b rack1 +UN 172.27.0.2 2.02 MB 256 ? 2910746d-e5f2-4a28-a63d-a089cdcb0438 rack1 + +Note: Non-system keyspaces don't have the same replication settings, effective ownership information is meaningless +``` + +**Cluster Topology:** + +run `docker-compose exec scylladb-master nodetool describecluster` to view the cluster topology. + +```go +Cluster Information: + Name: Test Cluster + Snitch: org.apache.cassandra.locator.SimpleSnitch + DynamicEndPointSnitch: disabled + Partitioner: org.apache.cassandra.dht.Murmur3Partitioner + Schema versions: + f99fb55d-f298-30d6-bd75-31f9855362c2: [172.29.0.2, 172.29.0.3] +``` + +**Cluster Info:** + +run `docker-compose exec scylladb-master nodetool info` to view the cluster info. + +```go +ID : eb720697-ac71-413c-a843-748527cff616 +Gossip active : true +Thrift active : false +Native Transport active: true +Load : 524 KB +Generation No : 1679584265 +Uptime (seconds) : 139 +Heap Memory (MB) : 14.16 / 247.50 +Off Heap Memory (MB) : 4.65 +Data Center : datacenter1 +Rack : rack1 +Exceptions : 0 +Key Cache : entries 0, size 0 bytes, capacity 0 bytes, 0 hits, 0 requests, 0.000 recent hit rate, 0 save period in seconds +Row Cache : entries 13, size 13 bytes, capacity 154.2 KiB, 271 hits, 271 requests, 1.000 recent hit rate, 0 save period in seconds +Counter Cache : entries 0, size 0 bytes, capacity 0 bytes, 0 hits, 0 requests, 0.000 recent hit rate, 0 save period in seconds +Percent Repaired : 0.0% +Token : (invoke with -T/--tokens to see all 256 tokens) +``` + +## CQLSH + +CQLSH is a command line tool for interacting with ScyllaDB. + +### Usage + +```go +docker-compose exec <> cqlsh +``` diff --git a/Scylladb/cluster/docker-compose.yml b/Scylladb/cluster/docker-compose.yml new file mode 100644 index 00000000..4861e024 --- /dev/null +++ b/Scylladb/cluster/docker-compose.yml @@ -0,0 +1,48 @@ +version: '3.9' + +services: + scylladb-master: + image: scylladb/scylla:latest + container_name: scylladb-master + ports: + - '9042:9042' + - '9160:9160' + - '7004:7000' + - '7005:7001' + - '10000:10000' + volumes: + - ./data-master:/var/lib/scylla + environment: + - SCYLLA_ARGS=--developer-mode 1 + healthcheck: + test: cqlsh -e 'SELECT now() FROM system.local' || exit -1 + start_period: 15s + interval: 5s + timeout: 10s + retries: 10 + + scylladb-node1: + image: scylladb/scylla:latest + container_name: scylladb-node1 + depends_on: + scylladb-master: + condition: service_healthy + ports: + - '9043:9042' + - '9161:9160' + - '7006:7000' + - '7007:7001' + - '10001:10000' + volumes: + - ./data-node1:/var/lib/scylla + environment: + - SCYLLA_ARGS=--developer-mode 1 + command: --seeds=scylladb-master + healthcheck: + test: cqlsh -e 'SELECT now() FROM system.local' || exit -1 + start_period: 15s + interval: 5s + timeout: 10s + retries: 10 + + diff --git a/Scylladb/img/logo.png b/Scylladb/img/logo.png new file mode 100644 index 00000000..258cc676 Binary files /dev/null and b/Scylladb/img/logo.png differ diff --git a/Scylladb/standalone/docker-compose.yml b/Scylladb/standalone/docker-compose.yml new file mode 100644 index 00000000..c81593b0 --- /dev/null +++ b/Scylladb/standalone/docker-compose.yml @@ -0,0 +1,22 @@ +version: '3.9' + +services: + scylladb: + image: scylladb/scylla:latest + container_name: scylladb + ports: + - '9042:9042' + - '9160:9160' + - '7004:7000' + - '7005:7001' + - '10000:10000' + volumes: + - ./data:/var/lib/scylla + environment: + - SCYLLA_ARGS=--developer-mode 1 + healthcheck: + test: cqlsh -e 'SELECT now() FROM system.local' || exit -1 + start_period: 15s + interval: 5s + timeout: 10s + retries: 5 diff --git a/Semaphore/LICENSE b/Semaphore/LICENSE new file mode 100644 index 00000000..0c97efd2 --- /dev/null +++ b/Semaphore/LICENSE @@ -0,0 +1,235 @@ +GNU AFFERO GENERAL PUBLIC LICENSE +Version 3, 19 November 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + + Preamble + +The GNU Affero General Public License is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, our General Public Licenses are intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License which gives you legal permission to copy, distribute and/or modify the software. + +A secondary benefit of defending all users' freedom is that improvements made in alternate versions of the program, if they receive widespread use, become available for other developers to incorporate. Many developers of free software are heartened and encouraged by the resulting cooperation. However, in the case of software used on network servers, this result may fail to come about. The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public. + +The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version. + +An older license, called the Affero General Public License and published by Affero, was designed to accomplish similar goals. This is a different license, not a version of the Affero GPL, but Affero has released a new version of the Affero GPL which permits relicensing under this license. + +The precise terms and conditions for copying, distribution and modification follow. + + TERMS AND CONDITIONS + +0. Definitions. + +"This License" refers to version 3 of the GNU Affero General Public License. + +"Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based on the Program. + +To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. + +1. Source Code. +The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. + +A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same work. + +2. Basic Permissions. +All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. +No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. + +When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. + +4. Conveying Verbatim Copies. +You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. +You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". + + c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. + +A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. + +6. Conveying Non-Source Forms. +You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: + + a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. + + d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. + +"Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. + +If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). + +The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. + +7. Additional Terms. +"Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or authors of the material; or + + e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. + +All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. + +8. Termination. + +You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). + +However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + +Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. + +9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. + +11. Patents. + +A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. + +If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. + +A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. + +13. Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph. + +Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU General Public License. + +14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions of the GNU Affero General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU Affero General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU Affero General Public License, you may choose any version ever published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions of the GNU Affero General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. + +Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. + +15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If your software can interact with users remotely through a computer network, you should also make sure that it provides a way for users to get its source. For example, if your program is a web application, its interface could display a "Source" link that leads users to an archive of the code. There are many ways you could offer source, and different solutions will be better for different programs; see section 13 for the specific requirements. + +You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see . diff --git a/Semaphore/README.md b/Semaphore/README.md new file mode 100644 index 00000000..35573f29 --- /dev/null +++ b/Semaphore/README.md @@ -0,0 +1,17 @@ +# Titre + +image + +description. + +## Installation + +#### Find Pi-Hole token + +## Usage + +## More info +- more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/?p=1837) + +## Buy me a coffe +Buy Me a Coffee at ko-fi.com \ No newline at end of file diff --git a/Semaphore/debug.log b/Semaphore/debug.log new file mode 100644 index 00000000..bd86add2 --- /dev/null +++ b/Semaphore/debug.log @@ -0,0 +1,3 @@ +[0703/201232.463:ERROR:registration_protocol_win.cc(107)] CreateFile: Le fichier spécifié est introuvable. (0x2) +[0703/201232.824:ERROR:registration_protocol_win.cc(107)] CreateFile: Le fichier spécifié est introuvable. (0x2) +[0703/201233.182:ERROR:registration_protocol_win.cc(107)] CreateFile: Le fichier spécifié est introuvable. (0x2) diff --git a/Semaphore/docker-compose.yaml b/Semaphore/docker-compose.yaml new file mode 100644 index 00000000..0fafa98b --- /dev/null +++ b/Semaphore/docker-compose.yaml @@ -0,0 +1,67 @@ +# networks +#networks: +# semaphore_net: +# driver: bridge + +# services +services: +# postgres + postgres: + restart: unless-stopped + ports: + - 5432:5432 + image: postgres:14 + container_name: semaphore-postgres + hostname: semaphore-postgres + volumes: + - ./data/:/var/lib/postgres/data:Z + environment: + POSTGRES_USER: semaphore + POSTGRES_PASSWORD: semaphore + POSTGRES_DB: semaphore +# networks: +# semaphore_net: +# semaphore + semaphore: + restart: unless-stopped + ports: + - 3000:3000 + image: semaphoreui/semaphore:latest + container_name: semaphore-app + environment: + SEMAPHORE_DB_USER: semaphore + SEMAPHORE_DB_PASS: semaphore # changeme + SEMAPHORE_DB_HOST: semaphore-postgres + SEMAPHORE_DB_PORT: 5432 + SEMAPHORE_DB: semaphore + SEMAPHORE_MAIL_ALERT: '' + SEMAPHORE_MAIL_SENDER: '' + SEMAPHORE_MAIL_HOST: '' + SEMAPHORE_MAIL_PORT: '' + SEMAPHORE_DB_DIALECT: postgres + SEMAPHORE_PLAYBOOK_PATH: /tmp/semaphore/ + SEMAPHORE_MAX_PARALLEL: '0' + SEMAPHORE_ADMIN_PASSWORD: semaphore # changeme + SEMAPHORE_ADMIN_NAME: admin + SEMAPHORE_ADMIN_EMAIL: admin@tips-of-mine.fr + SEMAPHORE_ADMIN: admin + SEMAPHORE_ACCESS_KEY_ENCRYPTION: LT8ZJxC53lQ5iN01PxzbMYX68ljJXfkQtqDhH6yZLuU= + ANSIBLE_HOST_KEY_CHECKING: false + SEMAPHORE_LDAP_ACTIVATED: 'no' + SEMAPHORE_LDAP_HOST: SWDCP01.tips-of-mine.local + SEMAPHORE_LDAP_PORT: '389' + SEMAPHORE_LDAP_NEEDTLS: 'yes' + SEMAPHORE_LDAP_DN_BIND: 'uid=bind_user,cn=users,cn=accounts,dc=tips-of-mine,dc=local' + SEMAPHORE_LDAP_PASSWORD: 'ldap_bind_account_password' + SEMAPHORE_LDAP_DN_SEARCH: 'dc=tips-of-mine,dc=local' + SEMAPHORE_LDAP_SEARCH_FILTER: "(\u0026(uid=%s)(memberOf=CN=GS-Semaphore-Utilisateurs,OU=Semaphore,OU=Services,OU=Groupes,OU=Societe,DC=tips-of-mine,DC=local))" + depends_on: + - postgres + volumes: + - ./inventory/:/inventory:ro + - ./authorized-keys/:/authorized-keys:ro +# networks: +# semaphore_net: +# volumes +#volumes: +# semaphore-postgres: diff --git a/Semaphore/playbooks/update-apt-packages.yaml b/Semaphore/playbooks/update-apt-packages.yaml new file mode 100644 index 00000000..31c8002a --- /dev/null +++ b/Semaphore/playbooks/update-apt-packages.yaml @@ -0,0 +1,9 @@ +--- +- hosts: all + + become: true + tasks: + - name: update apt packages + apt: + upgrade: yes + update_cache: yes \ No newline at end of file diff --git a/Semaphore/playbooks/users/create_admin_user.yml b/Semaphore/playbooks/users/create_admin_user.yml new file mode 100644 index 00000000..ade5066b --- /dev/null +++ b/Semaphore/playbooks/users/create_admin_user.yml @@ -0,0 +1,7 @@ +--- +- hosts: all + gather_facts: yes + become: yesbecome_user: root + tasks: + - ansible.builtin.import_role: + name: create_admin_user \ No newline at end of file diff --git a/Semaphore/prepare.sh b/Semaphore/prepare.sh new file mode 100644 index 00000000..10172235 --- /dev/null +++ b/Semaphore/prepare.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +if ! (docker ps >/dev/null 2>&1) +then + echo "Le daemon docker n'est pas en cours d'exécution, sortie !" + exit +fi + +echo " Ok" +echo "Création de certificats SSL" +openssl req -nodes -newkey rsa:2048 -new -x509 -keyout nginx/ssl/semaphore_ssl.key -out nginx/ssl/semaphore_ssl.cert -config semaphore_ssl.conf + +echo "Vous pouvez utiliser vos propres certificats en plaçant la clé privée dans nginx/ssl/semaphore_ssl.key et le certificat dans nginx/ssl/semaphore_ssl.cert." + +echo " Ok" +echo "Remplacement de clé encryption" + +sed "s/LT8ZJxC53lQ5iN01PxzbMYX68ljJXfkQtqDhH6yZLuU=/$(head -c32 /dev/urandom|base64)/g"-i docker-compose.yaml + +echo " Ok" +echo "Vous pouvez lancer la commande : docker compose up -d" \ No newline at end of file diff --git a/Semaphore/reset.sh b/Semaphore/reset.sh new file mode 100644 index 00000000..58d9cf9c --- /dev/null +++ b/Semaphore/reset.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +echo "Cette opération supprimera votre base de données existante (./data/)" +echo " supprimez vos fichiers certs du dossier (./nginx/ssl/)" +echo "" +read -p "Êtes-vous sûr ? " -n 1 -r +echo "" +if [[ $REPLY =~ ^[Yy]$ ]]; then + sudo rm -r -f ./data/ ./nginx/ssl/ +fi \ No newline at end of file diff --git a/Semaphore/semaphore_ssl.conf b/Semaphore/semaphore_ssl.conf new file mode 100644 index 00000000..72b0d2cc --- /dev/null +++ b/Semaphore/semaphore_ssl.conf @@ -0,0 +1,32 @@ +[req] +default_bits = 2048 +default_keyfile = semaphore_ssl.key +distinguished_name = req_distinguished_name +req_extensions = req_ext +x509_extensions = v3_ca + +[req_distinguished_name] +countryName = Country Name (2 letter code) +countryName_default = FR +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Nord +localityName = Locality Name (eg, city) +localityName_default = Roubaix +organizationName = Organization Name (eg, company) +organizationName_default = IT +organizationalUnitName = organizationalunit +organizationalUnitName_default = RAD +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_default = semaphore.tips-of-mine.fr +commonName_max = 64 + +[req_ext] +subjectAltName = @alt_names + +[v3_ca] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +DNS.2 = 10.0.4.2 +DNS.3 = semaphore.tips-of-mine.fr \ No newline at end of file diff --git a/Sonarqube/LICENSE b/Sonarqube/LICENSE new file mode 100644 index 00000000..58a1d1b3 --- /dev/null +++ b/Sonarqube/LICENSE @@ -0,0 +1,3 @@ +Additional permission under GNU GPL version 3 section 7 + +If you modify this Program, or any covered work, by linking or combining it with [name of library] (or a modified version of that library), containing parts covered by the terms of [name of library's license], the licensors of this Program grant you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of [name of library] used as well as that of the covered work. diff --git a/Sonarqube/README.md b/Sonarqube/README.md new file mode 100644 index 00000000..6a3c890f --- /dev/null +++ b/Sonarqube/README.md @@ -0,0 +1,3 @@ +# Template + +dépôt Template \ No newline at end of file diff --git a/Sonarqube/docker-compose.yml b/Sonarqube/docker-compose.yml new file mode 100644 index 00000000..6d2c0318 --- /dev/null +++ b/Sonarqube/docker-compose.yml @@ -0,0 +1,40 @@ +version: '3.8' +services: + db: + image: postgres + environment: + POSTGRES_PASSWORD: admin + POSTGRES_USER: admin + restart: always + volumes: + - "./postgre/data:/var/lib/postgresql/data" + ports: + - "5432:5432" + sonar: + image: sonarqube + depends_on: + - db + environment: + SONAR_JDBC_URL: jdbc:postgresql://db:5432/postgres + SONAR_JDBC_USERNAME: admin + SONAR_JDBC_PASSWORD: admin + restart: always + volumes: + - type: volume + source: "sonarqube_data" + target: "/opt/sonarqube/data" + - type: volume + source: "sonarqube_extensions" + target: "/opt/sonarqube/extensions" + - type: volume + source: "sonarqube_logs" + target: "/opt/sonarqube/logs" + links: + - db:db + ports: + - 9000:9000 + +volumes: + sonarqube_data: + sonarqube_extensions: + sonarqube_logs: diff --git a/Traefik/LICENSE b/Traefik/LICENSE new file mode 100644 index 00000000..0c97efd2 --- /dev/null +++ b/Traefik/LICENSE @@ -0,0 +1,235 @@ +GNU AFFERO GENERAL PUBLIC LICENSE +Version 3, 19 November 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + + Preamble + +The GNU Affero General Public License is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, our General Public Licenses are intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License which gives you legal permission to copy, distribute and/or modify the software. + +A secondary benefit of defending all users' freedom is that improvements made in alternate versions of the program, if they receive widespread use, become available for other developers to incorporate. Many developers of free software are heartened and encouraged by the resulting cooperation. However, in the case of software used on network servers, this result may fail to come about. The GNU General Public License permits making a modified version and letting the public access it on a server without ever releasing its source code to the public. + +The GNU Affero General Public License is designed specifically to ensure that, in such cases, the modified source code becomes available to the community. It requires the operator of a network server to provide the source code of the modified version running there to the users of that server. Therefore, public use of a modified version, on a publicly accessible server, gives the public access to the source code of the modified version. + +An older license, called the Affero General Public License and published by Affero, was designed to accomplish similar goals. This is a different license, not a version of the Affero GPL, but Affero has released a new version of the Affero GPL which permits relicensing under this license. + +The precise terms and conditions for copying, distribution and modification follow. + + TERMS AND CONDITIONS + +0. Definitions. + +"This License" refers to version 3 of the GNU Affero General Public License. + +"Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based on the Program. + +To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. + +An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. + +1. Source Code. +The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. + +A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same work. + +2. Basic Permissions. +All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + +3. Protecting Users' Legal Rights From Anti-Circumvention Law. +No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. + +When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. + +4. Conveying Verbatim Copies. +You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. + +5. Conveying Modified Source Versions. +You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". + + c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. + +A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. + +6. Conveying Non-Source Forms. +You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: + + a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. + + d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. + +"Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. + +If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). + +The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. + +7. Additional Terms. +"Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or authors of the material; or + + e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. + +All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. + +8. Termination. + +You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). + +However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. + +Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. + +9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. + +10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. + +11. Patents. + +A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. + +If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. + +A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. + +12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. + +13. Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph. + +Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU General Public License. + +14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions of the GNU Affero General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU Affero General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU Affero General Public License, you may choose any version ever published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions of the GNU Affero General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. + +Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. + +15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If your software can interact with users remotely through a computer network, you should also make sure that it provides a way for users to get its source. For example, if your program is a web application, its interface could display a "Source" link that leads users to an archive of the code. There are many ways you could offer source, and different solutions will be better for different programs; see section 13 for the specific requirements. + +You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU AGPL, see . diff --git a/Traefik/README.md b/Traefik/README.md new file mode 100644 index 00000000..6cf9e2ff --- /dev/null +++ b/Traefik/README.md @@ -0,0 +1,388 @@ +# Titre + +image + +description. + +## Installation + +#### titre + +## Usage + +## More info +- more information on the website [Tips-Of-Mine](https://www.tips-of-mine.fr/) + +## Buy me a coffe +Buy Me a Coffee at ko-fi.com + + +# Traefik 2 config + + +This is a resuseable traefik config for usage on a virtual server or for local debelopment using docker-compose. +It uses: + - Traefik 2 + - docker-compose + - Let's encrypt + +## Table of content + +- [Traefik 2 config](#traefik-2-config) + - [Table of content](#table-of-content) + - [Production setup](#production-setup) + - [Setting up traefik](#setting-up-traefik) + - [Traefik dashboard](#traefik-dashboard) + - [Connect docker-compose service to reverse-proxy](#connect-docker-compose-service-to-reverse-proxy) + - [SSL configuration](#ssl-configuration) + - [Global middlewares](#global-middlewares) + - [Access Logs](#access-logs) + - [Setup for local development](#setup-for-local-development) + - [Setting up traefik](#setting-up-traefik-1) + - [Traefik dashboard](#traefik-dashboard-1) + - [Connect docker-compose service to reverse-proxy](#connect-docker-compose-service-to-reverse-proxy-1) + - [Enable SSL locally](#enable-ssl-locally) + - [Enable SSL in the docker-compose file](#enable-ssl-in-the-docker-compose-file) + - [Credits](#credits) + - [License](#license) + +## Production setup + +### Setting up traefik + +1. Clone repository + ```bash + git clone https://github.com/korridor/reverse-proxy-docker-traefik.git + cd reverse-proxy-docker-traefik + ``` +2. Copy default config + ```bash + cp docker-compose.prod.yml docker-compose.yml + cp -r configs-prod configs + echo "{}" > certificates/acme.json + chmod 600 certificates/acme.json + ``` +3. Replace domain for dashboard (`reverse-proxy.somedomain.com` in `configs/dynamic/dashboard.yml`) + ```yaml + http: + routers: + traefik: + rule: Host(`reverse-proxy.somedomain.com`) + # ... + traefik-http-redirect: + rule: Host(`reverse-proxy.somedomain.com`) + # ... + ``` +4. Replace password for admin account (in `configs/dynamic/dashboard.yml`) + + ```yaml + htpasswd -nBC 10 admin + + New password: + Re-type new password: + + admin:$2y$10$zi5n43jq9S63gBqSJwHTH.nCai2vB0SW/ABPGg2jSGmJBVRo0A.ni + ``` + + ```yaml + http: + # ... + middlewares: + dashboardauth: + basicAuth: + users: + - "user1:$2y$05$/x10KYbrHtswyR8POT.ny.H4fFd1n.0.IEiYiestWzE1QFkYIEI3m" + ``` + - You can use a website like [this](https://hostingcanada.org/htpasswd-generator/) to generate the hash (use Bcrypt). + - Or generate it with: `echo $(htpasswd -nB user1)` +5. Replace email for Let's encrypt (`mail@somedomain.com` in `configs/traefik.yml`) + ```yaml + certificatesResolvers: + letsencrypt: + acme: + # ... + email: mail@somedomain.com + ``` +6. Start container + ```bash + docker-compose up -d + ``` +7. Check that traefik is running smoothly + ```bash + docker-compose logs + ``` + +### Traefik dashboard + +The traefik dashboard is now available under: +``` +https://reverse-proxy.somedomain.com +``` +The dashboard shows you the configured routers, services, middleware, etc. + +### Connect docker-compose service to reverse-proxy + +```yaml +version: '3.8' +networks: + frontend: + external: + name: reverse-proxy-docker-traefik_routing +services: + someservice: + restart: always + # ... + labels: + - "traefik.enable=true" + - "traefik.docker.network=reverse-proxy-docker-traefik_routing" + # https + - "traefik.http.routers.someservice.rule=Host(`someservice.com`)" + - "traefik.http.routers.someservice.tls=true" + - "traefik.http.routers.someservice.tls.certresolver=letsencrypt" + - "traefik.http.routers.someservice.entrypoints=websecure" + # http (redirect to https) + - "traefik.http.routers.someservice-http.rule=Host(`someservice.com`)" + - "traefik.http.routers.someservice-http.entrypoints=web" + - "traefik.http.routers.someservice-http.middlewares=redirect-to-https@file" + networks: + - frontend + - ... +``` + +**Password protection for service with basic auth** + +```yaml +services: + someservice: + # ... + labels: + # ... + - "traefik.http.routers.someservice.middlewares=someservice-auth" + - "traefik.http.middlewares.someservice-auth.basicauth.users=user1:$2y$05$/x10KYbrHtswyR8POT.ny.H4fFd1n.0.IEiYiestWzE1QFkYIEI3m" +``` + +You can generate the **escaped** hash with the following command: `echo $(htpasswd -nB user1) | sed -e s/\\$/\\$\\$/g` +If you use a website like [this](https://hostingcanada.org/htpasswd-generator/) to generate the hash remember to escape the dollar signs (`$` -> `$$`) and use Bcrypt. + +**Specifying port if service exposes multiple ports** + +If your service exposes multiple ports Traefik does not know which one it should use. +With this line you can select one: + +```yaml +services: + someservice: + # ... + labels: + # ... + - "traefik.http.services.someservice.loadbalancer.server.port=8080" +``` + +### SSL configuration + +Per default the SSL configuration is set so that [SSL Labs](https://www.ssllabs.com/) gives an `A` rating. + +If you want an `A+` rating, you need to use HSTS (HTTP Strict Transport Security). +The setup includes a global middleware called `hsts-minimal@file` that can be used to activate HSTS in a simple setting. +See "Global middlewares" for more information. + +### Global middlewares + +**hsts-minimal@file** + +Adds the HSTS header to the HTTP response without `includeSubDomains` and `preload`. +The `max-age` is set to one year / 31536000 seconds. + +**hsts-standard@file** + +Adds the HSTS header to the HTTP response with `includeSubDomains` and no `preload`. +The `max-age` is set to one year / 31536000 seconds. + +**hsts-full@file** + +Adds the HSTS header to the HTTP response with `includeSubDomains` and `preload`. +The `max-age` is set to one year / 31536000 seconds. + +**redirect-to-https@file** + +Adds a permanent redirect to HTTPS. + +**redirect-non-www-to-www@file** + +Adds a permanent redirect (HTTP 301) from non-www domains to the HTTPS www domain +Examples: +- `https://example.test` -> `https://www.example.test` +- `http://example.test` -> `https://www.example.test` + +**redirect-www-to-non-www@file** + +Adds a permanent redirect (HTTP 301) from www domains to the HTTPS non-www domain +Examples: +- `https://www.example.test` -> `https://example.test` +- `http://www.example.test` -> `https://example.test` + +### Access Logs + +To enable the traefik access logs in the production configuration, open the file `traefik.yml` within the config folder and uncomment the `accessLog` section. + +```yml +# Access logs +accessLog: {} +``` + +## Setup for local development + +### Setting up traefik + +1. Clone repository + ```bash + git clone https://github.com/korridor/reverse-proxy-docker-traefik.git + cd reverse-proxy-docker-traefik + ``` +2. Copy default config + ```bash + ln -s docker-compose.local.yml docker-compose.yml + ln -s configs-local configs + ``` + + If you want to change the configuration copy the configuration instead of creating a symlink. + + ```bash + cp docker-compose.local.yml docker-compose.yml + cp -r configs-local configs + ``` +3. If you want you can change the domain of the traefik dashboard (`reverse-proxy.test` in `configs/dynamic/dashboard.yml`) + ```yaml + http: + routers: + traefik: + rule: Host(`reverse-proxy.test`) + # ... + ``` +4. Start container + ```bash + docker-compose up -d + ``` +5. Check that traefik is running smoothly + ```bash + docker-compose logs + ``` + +### Traefik dashboard + +The traefik dashboard is now available under: +``` +http://reverse-proxy.test +``` +The dashboard shows you the configured routers, services, middlewares, etc. + +### Connect docker-compose service to reverse-proxy + +```yaml +version: '3.8' +networks: + frontend: + external: + name: reverse-proxy-docker-traefik_routing +services: + someservice: + restart: always + # ... + labels: + - "traefik.enable=true" + - "traefik.docker.network=reverse-proxy-docker-traefik_routing" + # http + - "traefik.http.routers.someservice.rule=Host(`someservice.test`)" + - "traefik.http.routers.someservice.entrypoints=web" + networks: + - frontend + - ... +``` + +**Enabling service to send requests to itself (with someservice.test)** + +```yaml +services: + someservice: + # ... + extra_hosts: + - "someservice.test:10.100.100.10" +``` + +**Specifying port if service exposes multiple ports** + +If your service exposes multiple ports traefik does not know which one it should use. +With this config line you can select one: + +```yaml +services: + someservice: + # ... + labels: + # ... + - "traefik.http.services.someservice.loadbalancer.server.port=8080" +``` + +### Enable SSL locally + +1. Install [mkcert](https://github.com/FiloSottile/mkcert) + +For example on macOS: + +```bash +brew install mkcert +brew install nss # if you use Firefox +``` + +Now install the local CA: + +```bash +mkcert -install +``` + +3. Generate certificate + +Replace `someservice` with the domains that you are using for local development. + +```bash +cd certificates +mkcert -key-file local.key.pem -cert-file local.cert.pem "*.local" "*.test" "*.someservice.test" "*.someservice.local" +``` + +### Enable SSL in the docker-compose file + +```yaml +version: '3.8' +networks: + frontend: + external: + name: reverse-proxy-docker-traefik_routing +services: + someservice: + restart: always + # ... + labels: + - ... + # http + - ... + # https + - "traefik.http.routers.someservice-https.rule=Host(`someservice.test`)" + - "traefik.http.routers.someservice-https.entrypoints=websecure" + - "traefik.http.routers.someservice-https.tls=true" + networks: + - frontend + - ... +``` + +## Credits + +I used the following resources to create this setup: + + - [Traefik docs](https://docs.traefik.io) + - [Traefik v2 and Mastodon, a wonderful couple! by Nicolas Inden](https://www.innoq.com/en/blog/traefik-v2-and-mastodon/) + - [GitHub repo traefik-example by jamct](https://github.com/jamct/traefik-example) + +## License + +This configuration is licensed under the MIT License (MIT). Please see [license file](license.md) for more information. + diff --git a/Traefik/configs/dynamic/dashboard.yml b/Traefik/configs/dynamic/dashboard.yml new file mode 100644 index 00000000..542d8f68 --- /dev/null +++ b/Traefik/configs/dynamic/dashboard.yml @@ -0,0 +1,23 @@ +http: + routers: + traefik: + rule: Host(`dashboard.10.0.4.29.traefik.me`) + entryPoints: + - https + service: api@internal + middlewares: + - dashboardauth + tls: + certResolver: letsencrypt + traefik-http-redirect: + rule: Host(`dashboard.10.0.4.29.traefik.me`) + entryPoints: + - http + service: api@internal + middlewares: + - "redirect-to-https" + middlewares: + dashboardauth: + basicAuth: + users: + - "admin:$2y$10$GXOzS6L1s3gwQb8zO90LKOGuvZfurIXCBgJjZ5ib9/p5l3cy1sid6" \ No newline at end of file diff --git a/Traefik/configs/dynamic/global-middlewares.yml b/Traefik/configs/dynamic/global-middlewares.yml new file mode 100644 index 00000000..b2c62eae --- /dev/null +++ b/Traefik/configs/dynamic/global-middlewares.yml @@ -0,0 +1,50 @@ +http: + middlewares: + redirect-to-https: + redirectScheme: + scheme: https + permanent: true + hsts-minimal: + headers: + stsSeconds: 31536000 + stsIncludeSubdomains: false + stsPreload: false + forceSTSHeader: true + hsts-standard: + headers: + stsSeconds: 31536000 + stsIncludeSubdomains: true + stsPreload: false + forceSTSHeader: true + hsts-full: + headers: + stsSeconds: 31536000 + stsIncludeSubdomains: true + stsPreload: true + forceSTSHeader: true + + # Redirect non-www URLs to their www equivalent + # Use with traefik.http.routers.myRouter.middlewares: "redirect-non-www-to-www@file" + # Source: https://www.benjaminrancourt.ca/how-to-redirect-from-non-www-to-www-with-traefik/ + redirect-non-www-to-www: + # Redirect a request from an url to another with regex matching and replacement + redirectregex: + # Apply a permanent redirection (HTTP 301) + permanent: true + # The regular expression to match and capture elements from the request URL + regex: "^https?://(?:www\\.)?(.+)" + # How to modify the URL to have the new target URL + replacement: "https://www.${1}" + + # Redirect www URLs to their non-www equivalent + # Use with traefik.http.routers.myRouter.middlewares: "redirect-www-to-non-www@file" + # Source: https://www.benjaminrancourt.ca/how-to-redirect-from-non-www-to-www-with-traefik/ + redirect-www-to-non-www: + # Redirect a request from an url to another with regex matching and replacement + redirectregex: + # Apply a permanent redirection (HTTP 301) + permanent: true + # The regular expression to match and capture elements from the request URL + regex: "^https?://www\\.(.+)" + # How to modify the URL to have the new target URL + replacement: "https://${1}" diff --git a/Traefik/configs/dynamic/tls.yml b/Traefik/configs/dynamic/tls.yml new file mode 100644 index 00000000..66f9a0c8 --- /dev/null +++ b/Traefik/configs/dynamic/tls.yml @@ -0,0 +1,14 @@ +tls: + stores: + default: + defaultCertificate: + certFile: /etc/traefik/ssl/cert.pem + keyFile: /etc/traefik/ssl/privkey.pem + certificates: + - certFile: /etc/traefik/ssl/cert.pem + keyFile: /etc/traefik/ssl/privkey.pem + options: + default: + minVersion: VersionTLS12 + mintls13: + minVersion: VersionTLS1 \ No newline at end of file diff --git a/Traefik/configs/traefik.yml b/Traefik/configs/traefik.yml new file mode 100644 index 00000000..471031b3 --- /dev/null +++ b/Traefik/configs/traefik.yml @@ -0,0 +1,86 @@ +## static configuration + +global: + # Send anonymous usage data + sendAnonymousUsage: false + checkNewVersion: true + +entryPoints: + http: + address: ":80" + http: + redirections: + entryPoint: + to: "https" + scheme: "https" + https: + address: ":443" + metrics: + address: ":8181" + +# Access logs +# accessLog: fields: +# headers: +# names: +# User-Agent: keep + +providers: + docker: + endpoint: "unix:///var/run/docker.sock" + exposedByDefault: false +<<<<<<< HEAD +<<<<<<< HEAD +# network: "interne" +======= + network: "interne" +>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 +======= +# network: "interne" +>>>>>>> 788e10b187487aabd04ab6b559995c1fa0994cb3 + watch: true + file: + directory: /etc/traefik/dynamic + watch: true + providersThrottleDuration: 10 + +certificatesResolvers: + letsencrypt: + acme: + tlschallenge: true + httpchallenge: + entrypoint: http + email: admin@tips-of-mine.fr + storage: /etc/traefik/acme/acme.json + +api: + insecure: true + dashboard: true + +log: + level: DEBUG + filepath: "/var/log/traefik.log" + format: json +# default: "common" + +accesslog: + filepath: "/var/log/access.log" + format: json + bufferingSize: 100 +# format: common + +# Ajout de la partie métrique qui concerne Prometheus +metrics: + prometheus: + # Nom du point d'entrée défini au dessus + entryPoint: metrics + # On configure la latence des métriques + buckets: + - 0.1 + - 0.3 + - 1.2 + - 5.0 + # Ajout des métriques sur les points d'entrée + addEntryPointsLabels: true + # Ajout des services + addServicesLabels: true + addRoutersLabels: true diff --git a/Traefik/docker-compose.yml b/Traefik/docker-compose.yml new file mode 100644 index 00000000..1f7a3d51 --- /dev/null +++ b/Traefik/docker-compose.yml @@ -0,0 +1,116 @@ +--- +<<<<<<< HEAD +version: '3.7' + +#### NETWORKS +networks: + back_network: + driver: bridge + attachable: true + front_network: + driver: bridge + attachable: true + +#### SERVICES +======= +### networks +networks: + back_network: + driver: bridge + attachable: true + front_network: + driver: bridge + attachable: true + +### services +>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 +services: + +### traefik + traefik: + container_name: traefik-app + hostname: traefik-app + image: traefik:latest + restart: always + ports: + - "80:80" + - "443:443" + - "8181:8181" + volumes: + - "/var/run/docker.sock:/var/run/docker.sock:ro" + - "./configs/traefik.yml:/etc/traefik/traefik.yml" + - "./configs/dynamic:/etc/traefik/dynamic" + - "./certificates/acme.json:/etc/traefik/acme/acme.json" + - "./certificates:/etc/traefik/ssl" +<<<<<<< HEAD +<<<<<<< HEAD + - "./log:/var/log" +======= + - "./traefik/log:/var/log" +>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 +======= + - "./log:/var/log" +>>>>>>> 788e10b187487aabd04ab6b559995c1fa0994cb3 + networks: + - back_network + - front_network + +<<<<<<< HEAD +### Certificats +======= +# Certificats +>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 + reverse-proxy-https-helper: + container_name: traefik-certificat + image: alpine + command: sh -c "cd /etc/traefik/ssl + && wget traefik.me/cert.pem -O cert.pem + && wget traefik.me/privkey.pem -O privkey.pem" + volumes: + - "./certificates:/etc/traefik/ssl" + networks: +<<<<<<< HEAD +# - back-network + - front_network + +### whoami +======= + - front_network + +# whoami +>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 + whoami: + container_name: whoami + hostname: whoami + image: traefik/whoami +<<<<<<< HEAD + restart: always +======= + restart: unless-stopped +>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 + networks: + - front_network + labels: + - "traefik.enable=true" + - "traefik.docker.network=front_network" +<<<<<<< HEAD +## HTTP + - "traefik.http.routers.whoami-http.rule=Host(`whoami.10.0.4.29.traefik.me`)" + - "traefik.http.routers.whoami-http.entrypoints=http" +## HTTPS + - "traefik.http.routers.whoami-https.rule=Host(`whoami.10.0.4.29.traefik.me`)" + - "traefik.http.routers.whoami-https.entrypoints=https" + - "traefik.http.routers.whoami-https.tls=true" +## Middleware +## Service +======= +# HTTP + - "traefik.http.routers.whoami-http.rule=Host(`whoami.10.0.4.29.traefik.me`)" + - "traefik.http.routers.whoami-http.entrypoints=http" +# HTTPS + - "traefik.http.routers.whoami-https.rule=Host(`whoami.10.0.4.29.traefik.me`)" + - "traefik.http.routers.whoami-https.entrypoints=https" + - "traefik.http.routers.whoami-https.tls=true" +# Middleware +# Service +>>>>>>> 8e9a2c2beb8c28880271da161158adf0cb6617e0 diff --git a/Traefik/prepare.sh b/Traefik/prepare.sh new file mode 100644 index 00000000..a21b6718 --- /dev/null +++ b/Traefik/prepare.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +if ! (docker ps >/dev/null 2>&1) +then + echo "Le daemon docker n'est pas en cours d'exécution, sortie !" + exit +fi + +mkdir -p certificates +mkdir -p traefik +echo "{}" > certificates/acme.json +chmod 600 certificates/acme.json + +echo " Ok" +echo "Vous pouvez lancer la commande : docker compose up -d" \ No newline at end of file