Project

General

Profile

Actions

サポート #4

open

もしデモサイトを作るなら

Added by keiji ono about 1 year ago. Updated 7 months ago.

Status:
新規
Priority:
通常
Assignee:
-
Start date:
06/10/2025
Due date:
% Done:

0%

Estimated time:

Description

これは必要そうだな
  1. csv file size 制限 でっけぇtableを作らせない
  2. user account 予め用意したアカウントで、現在使用中ではないアカウントを振り分ける、もしくは時間制限のデモアカウントを作って振り分ける
  3. サーバーに異常が発生した場合に通知する

Related issues 1 (1 open0 closed)

Related to サポート #3: Hosting site info新規04/08/2025

Actions
Actions #1

Updated by keiji ono about 1 year ago

Actions #2

Updated by keiji ono about 1 year ago

  • Related to deleted (機能 #5: ivmの制限)
Actions #3

Updated by keiji ono 12 months ago

とりあえずredmineとデモを兼ねたサイトを作った。
Hostage vps

Contractor login account. / sadatou1aterui0

Root / #Sadatou1Aterui0

Host name (temp) srv904266.hstgr.cloud

Ssh ssh
Scp scp <up file name> jetelina@168....:~/

Users *パスワードは2025/11/7に変更済
onoke / #9K%eiji@!
jetelina / #9J%etelina@!
root / #9K%eiji@!&#9J%etelina@!

Both are able to execute sudo
After login with root, execute ‘su - onoke’ or ‘su - jetelina’

Redmine
http://168.231.125.156/redmine

Local -> remote data transfer
At local
1. sudo -u postgres pg_dump redmine > backupfile.dump
2. scp backupfile.dump root@168….:~/

At remote
1. sudo -u postgres psql redmine < backupfile.dump

 ここでpostgresのアカウントにパスワードが設定されていなかったので追加設定する
1. sudo passed postgres <— passwordは’postgres’にした
2. su - postgres
3. alter role postgres with password ‘postgres’;
4. PostgreSQL restart. sudo systemctl stop postgresql -> sudo systemctl start postgresql
5. redmineのdatabase.ymlも’postgres’ユーザに変更する。何せlocalがそうだったから。
6. Redmine restart. sudo systemctl reload apache2

Actions #4

Updated by keiji ono 12 months ago

redmine&demoはvpsサーバにある。
jetelina.orgとはIPが違うのでサブドメインとしてSSLを使うには別途cerfiticationを用意しないといけないらしい。
jetelina.orgのやつをDLする方法は見つからなかった。
" めんどくさいようならVPSサイトに新たにドメインをふってもいいかな。.jetelina.orgにこだわらなくてもいいよね。
SSLにしなければgoogle検索に引っかからないからむしろ好都合かもしれない。vpsをプライベートにして内々でだけ使うならこの方がいいかも。

webhostingのhpanelにはSecurity -> SSLの設定項目はあるが、vpsにはそれはない。なので手動で入れ込む必要があるらしい。

手動で入れ込む一般的な手順
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu

Hostingerのチャットではこう言っている
Here’s how you can use your SSL certificate for a subdomain on your VPS with Apache:

Upload your SSL certificate files (private key, certificate, and CA bundle if available) to your VPS, usually in the /etc/ssl/ or /etc/apache2/ssl/ directory.
Edit your Apache configuration file for your subdomain (often found in /etc/apache2/sites-available/) and add or update the <VirtualHost *:443> block to include the following lines:
SSLEngine on
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/private.key
SSLCertificateChainFile /path/to/your/ca_bundle.crt # Optional, if you have a CA bundle
Save the file, then run sudo a2enmod ssl and sudo systemctl reload apache2 to enable SSL and apply changes.
If you need more detailed steps or help with a specific part, just let me know!

Actions #5

Updated by keiji ono 12 months ago

mongodb install
ref: https://www.mongodb.com/ja-jp/docs/manual/tutorial/install-mongodb-on-ubuntu/
"デフォルトでは、MongoDB はmongodb ユーザー アカウントを使用して実行されます。MongoDB プロセスを実行するユーザーを変更する場合は、必ず データディレクトリとログ ディレクトリのデータへの権限も変更して、このユーザーがこれらのディレクトリにアクセスできるようにしてください"

リスタート
sudo systemctl restart mongod

状態確認
sudo systemctl status mongod

7/24
redis install
mysql install

Actions #6

Updated by keiji ono 11 months ago

Actions #7

Updated by keiji ono 10 months ago

demo siteのssl
ref:
https://ubuntu.perlzemi.com/blog/20200519084454.html
https://qiita.com/bezeklik/items/990bed2e7e529584fa57
https://help.zerossl.com/hc/en-us/articles/360058295854-Installing-SSL-Certificate-on-Apache
https://app.zerossl.com/certificate/install/f3c9fba186f6ab749083a185527ed9d1

関連するのは
/etc/apache2/sites-enabled, /etc/apache2/mods-enabled
これらのdirにはデモサーバで実際に使用するモジュール設定が格納される。ここに、各*-available dirからリンクを張ることで実行可能となる。
ssl実行に必要なモジュールとして
  • ssl.conf
  • ssl.load
  • socache_shmcd.load
    の各ファイルをmods-avaliable -> mods-enabled にリンクを張る。

sslのvhost設定はsites-availabe/default-ssl.confに記述して sites-available -> sites-enabled にリンクを張る。
設定の書式確認とapache起動は

sudo apachectl configtest
書式に問題なければ
sudo systemctl start apache2
正常に起動すると何もメッセージが帰ってこない。なので状態を確認する。
sudo sytemctl status apache2

sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; preset: enabled)
     Active: active (running) since Mon 2025-08-25 00:49:03 UTC; 14min ago
       Docs: https://httpd.apache.org/docs/2.4/
    Process: 856262 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
      Tasks: 80 (limit: 9486)
     Memory: 188.3M (peak: 256.6M)
        CPU: 16.681s
     CGroup: /system.slice/apache2.service
             ├─856290 /usr/sbin/apache2 -k start
             ├─856293 "Passenger watchdog" 
             ├─856298 "Passenger core" 
             ├─856310 /usr/sbin/apache2 -k start
             ├─856312 /usr/sbin/apache2 -k start
             └─856437 "Passenger RubyApp: /var/lib/redmine (production)" 

 8月 25 00:49:03 srv904266 systemd[1]: Starting apache2.service - The Apache HTTP Server...
 8月 25 00:49:03 srv904266 systemd[1]: Started apache2.service - The Apache HTTP Server.

と出ればOK。

redmineは https://r.jetelina.org/redmine でOK
jetelinaデモは8000portで起動しているのでSSLではない。 http://r.jetelina.org:8000
デモをsslで動かすには別途設定が必要だね

Actions #8

Updated by keiji ono 10 months ago

jetelinaデモサイトでsslに転送実行する方法
  • apache v.2.4.58
  • 必要modules: ./mods-available/proxy.load, proxy_http.load ついでにproxy_http2.load これらを./mods-enabledにリンクを張る
  • apache2.conf に以下を追記
    ProxyRequests Off
    SSLProxyEngine On
    ProxyPass /jetelina http://r.jetelina.org:8000/jetelina
    ProxyPassReverse /jetelina http://r.jetelina.org:8000/jetelina
    
  • 設定syntaxを確認してから再起動
    sudo apachectl configtest
    sudo systemctl restart apache2
    sudo systemctl status apache2
    
これで、https://r.jetelina.org/jetelina -> http://r.jetelina.org:8000/jetelina へ転送されて実行される。\(o)/
ただし、html内で記述しているjsファイル類はhttpsだと「知らなーい」と言われてしまうのでちょっと工夫が必要。(´・ω・`)
jetelinaのjs/cssはリダイレクト対象になっているが、Genieオリジナルのjs/cssはパスが違うのでリダイレクト対象になっていないのが原因。
  • server設定で対応するならProxy設定に "/jetelna"のリバースに"/js","/css"を追加
  • jetelinaで対応するなら
    1. Genieオリジナルのjs,cssをjetelina配下にリンクを張る  これだとwinに対応できない
    2.            〃        移動する    これならwinにも対応する。だけど、どうなんだろう?

jetelinaで対応して2とするのがいいのかなぁ。jetelinaにwin版とlinux版を用意するのがいいのかなぁ。

2025/8/28
結局、genieのオリジナルjs/cssをjetleina配下にコピーしてjetelina_dashboard.htmlを書き換えて対応することにした。これでlinux/win共通で稼働するし、jetleina環境で解決することでreverse proxy設定も単純になる。きっと他に設定が必要になってもjetelina環境で帰結するので簡単になるハズ。

9/8
リバースでhttpsにとんだ後にajax関数は"/ajaxfunc"で呼び出される。ajaxfuncは"/jetelina"配下で呼ばれることを期待しているのでこれだと"https://.../ajaxfunc"となってNot Foundになってしまう。さてどうしたものか。

Actions #9

Updated by keiji ono 10 months ago

9/9
redmnie -> r.jetelina.org
jetelina -> d.jetleina.org
でそれぞれ実行することにした。
redmineのssl証明書は"r_*"と改名。
今の所redmineは正常に動いている。
次は、jetelinaをやる....ぞ。

結局こう、
で、redmineに関しては"https://r.jetelina.org"で、jetelinaでは"https://d.jetelina.org/jetelina"がurlになる。
これは、"https://d.jetelina.org"ではGenieのwelcomeが出るから。なのでjetelinaのproxy設定が2種類(htmlとjs/post&get)がある。

■/etc/apache2/sites-available/000-default.conf

<VirtualHost 168.231.125.156:80>                                                        ←IPで
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    ServerName r.jetelina.org                            ←サーバ名を指定: redmine server

    ServerAdmin webmaster@localhost
#    DocumentRoot /var/www/html
    DocumentRoot /var/lib/redmine/public                       ←redmineはこれが必要

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

#    ProxyRequests Off
#    SSLProxyEngine On

#    ProxyPass / https://localhost/redmine
#    ProxyPassReverse / https://localhost/redmine/
</VirtualHost>

<VirtualHost 168.231.125.156:80>                                                           ←こっちもIPで
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    ServerName d.jetelina.org                             ←サーバ名:jetelinaサーバ

    ServerAdmin webmaster@localhost
#    DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

#    ProxyRequests Off
    SSLProxyEngine On                               ←忘れずに

    ProxyPass /jetelina/ http://localhost:8000/jetelina/              ←html/js/css向けに
    ProxyPassReverse /jetelina/ http://localhost:8000/jetelina/          ←   〃
    ProxyPass / http://localhost:8000/                       ←ajax/post&get向けに
    ProxyPassReverse / http://localhost:8000/                   ←    〃
</VirtualHost>

------------------------------------------------------------------------------------------------------------------------
■/etc/apache2/sites-available/default-ssl.conf

<VirtualHost r.jetelina.org:443>                          ←サーバ名で:redmineサーバ
    ServerName r.jetelina.org
    ServerAdmin webmaster@localhost

#    DocumentRoot /var/www/html
    DocumentRoot /var/lib/redmine/public                    ←redmineはこれが必要

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile      /etc/ssl/certs/r_certificate.crt         ←r.jete... の証明書
    SSLCertificateKeyFile   /etc/ssl/private/r_private.key          ←   〃

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    SSLCertificateChainFile /etc/ssl/certs/r_ca_bundle.crt          ←   〃

    #   Certificate Authority (CA):
    #   Set the CA certificate verification path where to find CA
    #   certificates for client authentication or alternatively one
    #   huge file containing all of them (file must be PEM encoded)
    #   Note: Inside SSLCACertificatePath you need hash symlinks
    #         to point to the certificate files. Use the provided
    #         Makefile to update the hash symlinks after changes.
    #SSLCACertificatePath /etc/ssl/certs/
    #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

    #   Certificate Revocation Lists (CRL):
    #   Set the CA revocation path where to find CA CRLs for client
    #   authentication or alternatively one huge file containing all
    #   of them (file must be PEM encoded)
    #   Note: Inside SSLCARevocationPath you need hash symlinks
    #         to point to the certificate files. Use the provided
    #         Makefile to update the hash symlinks after changes.
    #SSLCARevocationPath /etc/apache2/ssl.crl/
    #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

    #   Client Authentication (Type):
    #   Client certificate verification type and depth.  Types are
    #   none, optional, require and optional_no_ca.  Depth is a
    #   number which specifies how deeply to verify the certificate
    #   issuer chain before deciding the certificate is not valid.
    #SSLVerifyClient require
    #SSLVerifyDepth  10

    #   SSL Engine Options:
    #   Set various options for the SSL engine.
    #   o FakeBasicAuth:
    #    Translate the client X.509 into a Basic Authorisation.  This means that
    #    the standard Auth/DBMAuth methods can be used for access control.  The
    #    user name is the `one line' version of the client's X.509 certificate.
    #    Note that no password is obtained from the user. Every entry in the user
    #    file needs this password: `xxj31ZMTZzkVA'.
    #   o ExportCertData:
    #    This exports two additional environment variables: SSL_CLIENT_CERT and
    #    SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
    #    server (always existing) and the client (only existing when client
    #    authentication is used). This can be used to import the certificates
    #    into CGI scripts.
    #   o StdEnvVars:
    #    This exports the standard SSL/TLS related `SSL_*' environment variables.
    #    Per default this exportation is switched off for performance reasons,
    #    because the extraction step is an expensive operation and is usually
    #    useless for serving static content. So one usually enables the
    #    exportation for CGI and SSI requests only.
    #   o OptRenegotiate:
    #    This enables optimized SSL connection renegotiation handling when SSL
    #    directives are used in per-directory context.
    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>
</VirtualHost>

<VirtualHost d.jetelina.org:443>                                                       ←サーバ名で:jetelinaサーバ
    ServerName d.jetelina.org
    ServerAdmin webmaster@localhost

#    DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile      /etc/ssl/certs/d_certificate.crt         ←d.jeteli...の証明書
    SSLCertificateKeyFile   /etc/ssl/private/d_private.key          ←    〃

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    SSLCertificateChainFile /etc/ssl/certs/d_ca_bundle.crt          ←    〃

    <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

#    ProxyRequests Off
#    SSLProxyEngine On                            ←000-default.confで設定済みなのでここでは不要

    ProxyPass /jetelina/ http://localhost:8000/jetelina/          ←html/js/css向けに
    ProxyPassReverse /jetelina/ http://localhost:8000/jetelina/       ← 〃
    ProxyPass / http://localhost:8000/                   ←ajax/post&get向けに
    ProxyPassReverse / http://localhost:8000/                ← 〃
</VirtualHost>

Actions #10

Updated by keiji ono 10 months ago

9/10
デモサイトは
  • postgresqlがユーザDB
  • アカウントは、keiji,jelena,hisashi,antonを作成

正しいURLは"https://d.jetelina.org/jetelina/"。
"http://d.jetelina.org","https://d.jetelina.org"ではGenieのwelcome.htmlになるので、welcome.htmlから正しいURLにリダイレクトするようにした。

    <html>
        <meta http-equiv="refresh" content="1;url=https://d.jetelina.org/jetelina/">
        <head>
        </head>
        <body>
                lead you to the correct place
        </body>
    </html>

"https://d.jetelina.org/jetelina"と、最後に"/"が付かないとcss&jsのパスが効かないので間抜けな画面になるのは今は放っておこう。

Actions #11

Updated by keiji ono 8 months ago

でもサイトのpostgresが時々落ちてredmineが使えなくなる事象が発生している。2025/10
postgresが自動で再起動するとportがブロックされてしまうらしい。
なので、firewallを明示的に開けてみた。

jetelina@srv904266:/var/lib/redmine/log$ sudo ufw allow 5432
Rules updated
Rules updated (v6)

jetelina@srv904266:/var/lib/redmine/log$ sudo netstat -lntp | grep postgres
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      3637220/postgres    
tcp6       0      0 ::1:5432                :::*                    LISTEN      3637220/postgres    

log fileは
postgres -> /var/log/postgres
redmine -> /usr/lib/redmine/log

Actions #12

Updated by keiji ono 8 months ago

SSL certification
ZeroSSLは90日毎に更新が必要

サイトのアカウントは  / Sada...1

Actions #13

Updated by keiji ono 8 months ago

ウィルスが気になったら
ref: https://qiita.com/nouernet/items/4b5a01bba7d3ceb2d42c

clamav は実装済みなので以下を実行する

>sudo clamscan

Actions #14

Updated by keiji ono 7 months ago

ちょっとセキュリティ設定をしたほうがいいかもしれない。
https://dflabo-jp.tech/close-ports-ubuntu/#index_id4
https://qiita.com/kztktr/items/3d255879eca179fb8734

sshの"PermitRootLogin"は"yes"だったので"no"にした 2025/11/21

Actions #15

Updated by keiji ono 7 months ago

2025/12/6
nmapをd.jetelina.orgに仕掛けた結果。
外部に開いているポートはssh/httpd/httpsだけみたいなのでヨシとしてもいいのかな。

onoke@onoke-OptiPlex-990:~/jetelina_v3_1_git/Jetelina$ nmap -A d.jetelina.org
Starting Nmap 7.80 ( https://nmap.org ) at 2025-12-06 10:41 JST
Nmap scan report for d.jetelina.org (168.231.125.156)
Host is up (0.0053s latency).
rDNS record for 168.231.125.156: srv904266.hstgr.cloud
Not shown: 920 filtered ports, 77 closed ports
PORT    STATE SERVICE    VERSION
22/tcp  open  tcpwrapped
|_ssh-hostkey: ERROR: Script execution failed (use -d to debug)
80/tcp  open  tcpwrapped
443/tcp open  tcpwrapped

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.34 seconds

Actions #16

Updated by keiji ono 7 months ago

重要 SSL証明証更新

r.jetelina.orgはまだzerosslでまだイケる。
d.jetelina.orgはlet's encriptに切り替えた。

let's encryptはサーバ環境の理由によりstandaloneでしか証明証を取得できなかった。
これを毎回手作業でやらないといけないので要注意。
取得した証明証類は/etc/letsencrypt配下にあるので、これを/etc/ssl配下にコピーする。
証明書: fullchain.pem -> d_
private key: privkey.pem -> d_

1. apacheを止める  
  jetelina@srv904266:~/sslcert/lets$ sudo systemctl stop apache2
2. 証明書を取得する
jetelina@srv904266:~/sslcert/lets$ sudo certbot certonly --standalone -d d.jetelina.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for d.jetelina.org

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/d.jetelina.org/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/d.jetelina.org/privkey.pem
This certificate expires on 2026-03-06.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

3. 証明書を所定の場所にコピーする
  sudo cp /etc/letsencrypt/live/d.jetelina.org/fullchain.pem ./d_certificate.crt
  sudo cp /etc/letsencrypt/live/d.jetelina.org/privkey.pem ./d_private.key

 *"/live"は多分最初だけで、更新時は"/renewal"になるかも

Actions #17

Updated by keiji ono 7 months ago

12/8
v3.1でpostgresql with pg_ivm/redis/mongodb が動くことを確認した。
postgresqlではちゃんとpg_ivmでテーブルができている。\(o)/

myqlだけつながらない。-> なんかよくわからないので再インストールした。

  1. https://qiita.com/toshirot/items/61d2393dff6f704cc61c
  2. https://zenn.dev/phpguider/articles/b0f453689bc991
    mysql再インストールでやったこと
    1を参考にアンインストール → インストール
    2を参考にセキュリティ強化とユーザ作成
    root/ater..0
    user/userpasswd
    
    jetelina@srv904266:~$ sudo mysql -u root -p
    Enter password: 
    Welcome to the MySQL monitor.  Commands end with ; or \g.
    Your MySQL connection id is 11
    Server version: 8.0.44-0ubuntu0.24.04.2 (Ubuntu)
    
    Copyright (c) 2000, 2025, Oracle and/or its affiliates.
    
    Oracle is a registered trademark of Oracle Corporation and/or its
    affiliates. Other names may be trademarks of their respective
    owners.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    mysql> create user 'user'@'%' identified by 'userpasswd';      <- ユーザ作成
    Query OK, 0 rows affected (0.04 sec)
    
    mysql> grant all privileges on *.* to 'user'@'%' with grant option;
    Query OK, 0 rows affected (0.01 sec)
    
    mysql> flush privileges;
    Query OK, 0 rows affected (0.01 sec)
    mysql>exit;
    
    jetelina@srv904266:~$ mysql -u user -p                              <-'user'で再度ログイン これ大事
    Enter password: 
    Welcome to the MySQL monitor.  Commands end with ; or \g.
    Your MySQL connection id is 12
    Server version: 8.0.44-0ubuntu0.24.04.2 (Ubuntu)
    
    Copyright (c) 2000, 2025, Oracle and/or its affiliates.
    
    Oracle is a registered trademark of Oracle Corporation and/or its
    affiliates. Other names may be trademarks of their respective
    owners.
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    mysql> show database;
    ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'database' at line 1
    mysql> show databases;
    +--------------------+
    | Database           |
    +--------------------+                     <-'jetelina' tableがないので作る
    | information_schema |
    | mysql              |
    | performance_schema |
    | sys                |
    +--------------------+
    4 rows in set (0.00 sec)
    
    mysql> create database jetelina;          <-'jetelina’ table作成
    Query OK, 1 row affected (0.00 sec)
    
    mysql> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | jetelina           |                    <-'jetelina' tableができた
    | mysql              |
    | performance_schema |
    | sys                |
    +--------------------+
    5 rows in set (0.01 sec)
    
    mysql> use jetelina
    Reading table information for completion of table and column names
    You can turn off this feature to get a quicker startup with -A
    
    Database changed
    mysql> show tables;
    +--------------------+
    | Tables_in_jetelina |
    +--------------------+
    | ftest              |                <- 'ftest.csv'をuploadしてみた\(^o^)/
    +--------------------+
    1 row in set (0.00 sec)
    
    mysql> exit;
    
    
Actions #18

Updated by keiji ono 7 months ago

2025/Nov
なんか前からだけど、デモサイトのpostgresqlがよく落ちるんだよねぇ。
redmineもだからアプリのせいではなくシステム/OSの問題だと思うんだけど今のところよくわかんないのと触りたくないので放っておいてる。
そのうち、なんかの時に...

select version();

PostgreSQL 16.11 (Ubuntu 16.11-0ubuntu0.24.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0, 64-bit

postgres log
2025-12-10 22:45:07.261 UTC [711210] LOG:  starting PostgreSQL 16.11 (Ubuntu 16.11-0ubuntu0.24.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0, 64-bit
2025-12-10 22:45:07.261 UTC [711210] LOG:  listening on IPv6 address "::1", port 5432
2025-12-10 22:45:07.261 UTC [711210] LOG:  listening on IPv4 address "127.0.0.1", port 5432
2025-12-10 22:45:07.263 UTC [711210] LOG:  listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432" 
2025-12-10 22:45:07.273 UTC [711213] LOG:  database system was interrupted; last known up at 2025-12-10 02:08:18 UTC
2025-12-10 22:45:07.456 UTC [711213] LOG:  database system was not properly shut down; automatic recovery in progress
2025-12-10 22:45:07.466 UTC [711213] LOG:  redo starts at 0/28E5B00

syslog

2025-12-10T22:45:01.063548+00:00 srv904266 CRON[711197]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
2025-12-10T22:45:07.091680+00:00 srv904266 systemd[1]: postgresql.service: Deactivated successfully.
2025-12-10T22:45:07.093739+00:00 srv904266 systemd[1]: Stopped postgresql.service - PostgreSQL RDBMS.
2025-12-10T22:45:07.094006+00:00 srv904266 systemd[1]: Stopping postgresql.service - PostgreSQL RDBMS...
2025-12-10T22:45:07.101229+00:00 srv904266 systemd[1]: Starting postgresql@16-main.service - PostgreSQL Cluster 16-main...
2025-12-10T22:45:09.590654+00:00 srv904266 systemd[1]: Started postgresql@16-main.service - PostgreSQL Cluster 16-main.
2025-12-10T22:45:09.601189+00:00 srv904266 systemd[1]: Starting postgresql.service - PostgreSQL RDBMS...
2025-12-10T22:45:09.605739+00:00 srv904266 systemd[1]: Finished postgresql.service - PostgreSQL RDBMS.

なんか、debian-sa1がcron実行されてそれに伴ってpostgresが再起動されるみたいなのでこれを止めてみる。
/etc/cron.d/sysstat

# The first element of the path is a directory where the debian-sa1
# script is located
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin

# Activity reports every 10 minutes everyday
5-55/10 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1

# Additional run at 23:59 to rotate the statistics file
#59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2        <-こいつをコメントアウトしてみた

utc/jstの時差は9hなので、utc-23:59 -> jst-8:59
あれっ、でもsyslogには22:45実行で残ってるなぁ。ロンドン/リトアニアの冬時間時差が2hだからかなぁ。そんなわけないか。

そんなわけなかった。コメントアウトしても相変わらずsa1は起動してpostgresqlは再起動されて、でもその後でも今回は繋がる。つまり手動での再起動は必要なかった。なんなんだろう?
落ちるもんは落ちるのでコメントアウトを元に戻した。

まさかJetelina/Giene/Juliaに何かある、とは思えないが、確認のためプロセスを落としてみた。これで明日とかやっぱりダメならJetelinaのせいではなかろう。

リソース不足という噂がある。
なのでJetelinaを一旦止めてRedmineだけ動かしおいたら2日連続で落ちなかった。次はRemineを止めてJetelinaだけ動かしてみよう。

■Redmine & Jetelinaが動いているとき
jetelina@srv904266:~/Jetelina/Jetelina/Jetelina/bin$ free -h
               total        used        free      shared  buff/cache   available
Mem:           7.8Gi       3.2Gi       422Mi        28Mi       4.5Gi       4.5Gi
Swap:             0B          0B          0B

■Remineだけ動いている時
jetelina@srv904266:~$ free -h
               total        used        free      shared  buff/cache   available
Mem:           7.8Gi       2.7Gi       1.0Gi        28Mi       4.4Gi       5.1Gi
Swap:             0B          0B          0B

■Jetelinaだけ動いている時
jetelina@srv904266:~$ free -h
               total        used        free      shared  buff/cache   available
Mem:           7.8Gi       3.1Gi       574Mi        30Mi       4.5Gi       4.7Gi
Swap:             0B          0B          0B

確かにキツそうだ。

Actions

Also available in: Atom PDF