Commit 537f1690 authored by Steve Weber's avatar Steve Weber
Browse files

save

parent 76b97410
......@@ -16,13 +16,12 @@ if you want the system to have the interface/ip up after reboot update /etc/rc.l
```
simple script to run on boot
----------------------------
Start the system with the extra IP address read but the interface down. When ready the server nic can default to up
```
<<EOF cat > /etc/rc.local
#!/bin/sh -e
ip link set ens192 down
......@@ -31,40 +30,46 @@ ip route add table 2 default via 129.97.140.1
ip rule add from 129.97.140.101 table 2
EOF
chmod +x /etc/rc.local
```
network test
------------
```
ip address add 129.97.140.9/24 broadcast + dev ens192
ip rule add from 129.97.140.9 table 2
```
Added second disk to VM 40gb
----------------------------
```
# Purposely not creating partition because this makes disk resizes simple.
mkfs.ext4 /dev/sdb
mkdir /fsys1
echo "/dev/sdb /fsys1 ext4 defaults 0 1" >> /etc/fstab
mount -a
```
hostname
--------
```
# add dns record so lookup of student.math returns FQDN student.math.uwaterloo.ca
echo '129.97.140.101 student.math.uwaterloo.ca student.math' >> /etc/hosts
hostnamectl set-hostname student.math
reboot # < not sure reboot needed but good to test things after a reboot
```
network persistent using netplan
--------------------------------
```
Not sure if we need this.. but if we dont like the /etc/rc.local we can try using netplan.
NOTE: change to nic are not persistent! If you want the settings to keep after reboot see: /etc/netplan/01-netcfg.yaml 'man netplan'
......@@ -88,3 +93,4 @@ network:
# - 129.97.2.1
ens224:
dhcp4: yes
```
......@@ -21,10 +21,6 @@ http {
keepalive_timeout 65;
types_hash_max_size 2048;
upstream backend {
server 127.0.0.1:8000;
}
server {
listen 80;
server_name {{vars.server_name}};
......@@ -98,7 +94,7 @@ http {
add_header X-Frame-Options SAMEORIGIN;
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://backend;
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
......
......@@ -97,7 +97,7 @@ http {
{% if vars.get('require_vpn') %}
if ($is_allowed = no) {
return 307 https://checkvpn.uwaterloo.ca/?callback=https://{{vars.server_name}}$request_uri;
# NOTE: nginx does not have a good way to encode_url for the callback
# NOTE: nginx does not have a gbalancer_http_oatood way to encode_url for the callback
# SO: A request like .. ?callback=https://x/?x=1&y=2
# will drop y=2 from the callback!
}
......@@ -126,11 +126,7 @@ http {
proxy_next_upstream error timeout;
proxy_redirect off;
proxy_pass http://balancer_http_oat;
#proxy_pass https://balancer_http_oat;
#proxy_ssl_certificate {{vars.ssl_certificate_pem}};
#proxy_ssl_certificate_key {{vars.ssl_certificate_key}};
#proxy_ssl_verify off;
proxy_pass http://127.0.0.1:8000;
add_header Access-Control-Allow-Origin https://{{vars.server_name}};
add_header Access-Control-Allow-Methods 'GET, POST, DELETE, OPTIONS';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment