This is an old revision of the document!
<html><head><META http-equiv=“Content-Type” content=“text/html; charset=utf-8”></head><body>
<h2><a></a>vps</h2>
<hr>
Table of Contents
<dl><dt><a href=“#0.1_idp656”>1. Info</a></dt><dt><a href=“#0.1_idp42944”>2. Základ</a></dt><dd><dl><dt><a href=“#0.1_idp43584”>2.1. Auktualizace systému</a></dt><dt><a href=“#0.1_idp44864”>2.2. Základní balíky a nastavení</a></dt><dt><a href=“#0.1_idp51728”>2.3. Firewall</a></dt><dt><a href=“#0.1_idp67296”>2.4. OpenVPN</a></dt><dt><a href=“#0.1_idp90288”>2.5. sendmail interface pro SMTP server</a></dt></dl></dd><dt><a href=“#0.1_idp100384”>3. web server</a></dt><dd><dl><dt><a href=“#0.1_idp101056”>3.1. Nginx</a></dt><dt><a href=“#0.1_idp108528”>3.2. Tomcat</a></dt><dt><a href=“#0.1_idp33040”>3.3. Apache + PHP</a></dt></dl></dd><dt><a href=“#0.1_idp37024”>4. Git</a></dt><dt><a href=“#0.1_idp139840”>5. Mysql</a></dt><dt><a href=“#0.1_idp142304”>6. Redmine</a></dt><dd><dl><dt><a href=“#0.1_idp156304”>6.1. Passenger v nginx</a></dt><dt><a href=“#0.1_idp160720”>6.2. Thin v nginx (primitivni alternativa k passengeru)</a></dt></dl></dd><dt><a href=“#0.1_idp168544”>7. nexus (maven repository)</a></dt></dl>
<h2 style=“clear:both”><a></a>1. Info</h2>
<p>Nainstalovaný systém je <strong>debian 7 (wheezy)</strong>. Původně jsem zkoušel debian 6, ale nefungoval v něm
shorewall. Pak to běželo na arch linuxu, ale ten není od vpsfree moc podporovaný a navíc má rolling-updates, takže obsahují i hodně velký změny (upgrade glibc, init systému apod.), což může lehce všechno rozjebat do stavu, kdy se to musí komplet přeinstalovat.</p></div><div title="2. Základ"><div><div><div><h2 style="clear:both"><a></a>2. Základ</h2></div></div></div><div title="2.1. Auktualizace systému"><div><div><div><h3><a></a>2.1. Auktualizace systému</h3></div></div></div><div>apt-get update # nahraje info o aktualnich verzich
apt-get upgrade # upgraduje baliky na nejnovejsi verze
<h3><a></a>2.2. Základní balíky a nastavení</h3>
apt-get install rsyslog man bzip2 wget sudo htop cron-apt
# Oracle Java: # je potreba java-package 0.50+ kuli podpore server-jre, tohle je lepsi nez povolovat backports repozitar wget <a href=“http://ftp.cz.debian.org/debian/pool/contrib/j/java-package/java-package_0.53~bpo70+1_all.deb” target=“_blank”>http://ftp.cz.debian.org/<WBR>debian/pool/contrib/j/java-<WBR>package/java-package_0.53~<WBR>bpo70+1_all.deb</a> dpkg -i java-package_0.53~bpo70+1_all.<WBR>deb wget –no-check-certificate –no-cookies - –header "Cookie: oraclelicense=accept-<WBR>securebackup-cookie" \ <a href=“http://download.oracle.com/otn-pub/java/jdk/7u55-b13/server-jre-7u55-linux-x64.tar.gzmake-jpkg” target=“_blank”>http://download.oracle.com/<WBR>otn-pub/java/jdk/7u55-b13/<WBR>server-jre-7u55-linux-x64.tar.<WBR>gz make-jpkg</a> server-jre-7u55-linux-x64.tar.<WBR>gz dpkg -i oracle-java7-jre_7u55_amd64.<WBR>deb
<a></a>
Example 1. /etc/ssh/sshd_<WBR>config
<p>Zkopirovat klic na prihlaseni napr. ssh-copy-id
<a href="mailto:root@example.com" target="_blank">root@example.com</a>, zkontrolovat, ze to funguje, pak zakazat login s
heslem:</p><div>PasswordAuthentication no</div></div></div><br><div><a></a><div>Example 2. /etc/vim/vimrc</div><div><div>set mouse-=a
colorscheme elflord syntax on
<br>
<a></a>
Example 3. /etc/cron-apt/<WBR>config
MAILON="upgrade" MAILTO="<strong><a href=“mailto:user@example.com” target=“_blank”>user@example.com</a></strong>"
<br>
<h3><a></a>2.3. Firewall</h3>
<p>Nastavení firewallu se dělá pomocí balíku
<code>shorewall</code>, detaily viz. <a href="#0.1_">http://shorewall.net/<WBR>standalone.htm</a>, <a href="#0.1_">https://wiki.debian.org/HowTo/<WBR>shorewall</a>.</p><div>apt-get install shorewall
cd /etc/shorewall # adresar by mel byt prazdny, krome shorewall.conf
<a></a>
Example 4. /etc/shorewall/<WBR>zones
<p>Nastavení zón ($FW v ostatních souborech se automaticky
nahrazuje "fw").</p><div>#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS fw firewall net ipv4 vpn ipv4
</div><br>
<a></a>
Example 5. /etc/shorewall/<WBR>policy
<p>Tohle je nastaveni implicitních akcí (vyhodnocuje se v zadaném
pořadí!).</p><div>#SOURCE DEST POLICY LOG LIMIT: CONNLIMIT:
# LEVEL BURST MASK
# povol spojeni "ze serveru na internet" $FW net ACCEPT
# zahod vsechno "z internetu na server" net all DROP info
# odmitni vsechno "z vpn na internet" (aby si vpn klienti nebrouzdali pres server) vpn net REJECT info
# povol vsechno ostatni "z vpn" vpn all ACCEPT
# The FOLLOWING POLICY MUST BE LAST all all REJECT info
</div><br>
<a></a>
Example 6. /etc/shorewall/<WBR>interfaces
FORMAT 2 ##############################<WBR>##############################<WBR>################### #ZONE INTERFACE OPTIONS net venet0 tcpflags,logmartians,nosmurfs vpn tun0
<br>
<a></a>
Example 7. /ets/shorewall/<WBR>rules
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH # PORT PORT(S) DEST LIMIT GROUP #SECTION ALL #SECTION ESTABLISHED #SECTION RELATED SECTION NEW
# povoleni SSH sluzby pro klienty z internetu (NEDELAT, v pripade nouze se lze pripojit k terminalu pres administraci VPS) # - pro vsechny #ACCEPT net $FW tcp ssh # - pro urcitou IP adresu #ACCEPT net:78.80.8.27 $FW tcp ssh # - pro skupinu IP adres (subnet) #ACCEPT net:<a href=“http://81.25.21.0/24” target=“_blank”>81.25.21.0/24</a> $FW tcp ssh
# OpenVPN ACCEPT net $FW udp 1194 ACCEPT $FW net udp - 1194
# WEB ACCEPT all all tcp 80 ACCEPT all all tcp 443
<br>
<a></a>
Example 8. /etc/shorewall/<WBR>shorewall.conf
STARTUP_ENABLED=Yes
<br>
<a></a>
Example 9. /etc/default/<WBR>shorewall
startup=1
<br><p>Pár užitečných příkazů:</p>
/etc/init.d/shorewall start|stop|restart|… shorewall status shorewall show shorevall safe-start shorewall safe-restart
</div>
<h3><a></a>2.4. OpenVPN</h3>
apt-get install openvpn cp -a /usr/share/openvpn/easy-rsa /etc/openvpn cd /etc/openvpn/easy-rsa
<a></a>
Example 10. /etc/openvpn/easy-<WBR>rsa/vars
export KEY_SIZE=2048 export KEY_COUNTRY="<strong>CZ</strong>" export KEY_PROVINCE="<strong>Czech Republic</strong>" export KEY_CITY="<strong>Prague</strong>" export KEY_ORG="<strong>MOJE FIRMA s.r.o.</strong>" export KEY_EMAIL="<strong><a href=“mailto:support@example.com” target=“_blank”>support@example.com</a></strong><WBR>" export KEY_OU=""
<br>
source vars ./clean-all ./build-ca # zadat např. openvpn-ca jako Common Name/Name ./build-key-server <strong>mujserver</strong> ./build-key <strong>tonda</strong> # nebo build-key-pass pro zaheslovani privatnich klicu ./build-key <strong>cenda</strong> … ./build-dh cd keys openvpn –genkey –secret ta.key cp {ca.crt,dh2048.pem,ta.key,<WBR>inter.{crt,key}} /etc/openvpn chmod 600 /etc/openvpn/{ta.key,inter.<WBR>key}
<a></a>
Example 11. /etc/openvpn/<WBR>server.conf
dev tun port 1194 ;proto tcp proto udp # VPN subnet - vybrat neco nahodnyho z <a href=“http://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces” target=“_blank”>http://en.wikipedia.org/wiki/<WBR>Private_network#Private_IPv4_<WBR>address_spaces</a> # urcite ne 10.0.0.0, 10.1.1.0, 192.168.0.0, 192.168.1.0 - to pouziva vetsina "domacich" siti server <strong>10.134.75</strong>.0 255.255.255.0 ifconfig-pool-persist ipp.txt ca ca.crt crl-verify crl.pem # viz. revokace certifikatu cert inter.crt key inter.key dh dh2048.pem tls-auth ta.key 0 cipher AES-256-CBC comp-lzo yes
<br>
<a></a>
Example 12. client.conf
dev tun port 1194 proto udp client remote <strong><a href=“http://mujserver.example.com” target=“_blank”>mujserver.example.com</a></strong> ca ca.crt cert <strong>tonda.crt</strong> key <strong>tonda.key</strong> tls-auth ta.key 1 remote-cert-tls server cipher AES-256-CBC comp-lzo yes
<br><p>Teď už je třeba jenom poslat každému klientovi
<code>client.conf</code>, <code>ta.key</code> a
odpovídající <code>crt</code> a <code>key</code> soubor.
<span><strong>Doporučuje se přesunout
<code>ca.key</code> na offline úložiště a odstranit
<code>key</code> soubory všech klientů.</strong></span></p><div># predpoklada nastaveni sendmailu (dale v navodu)
cd keys key="<strong>tonda</strong>" email="<strong><a href=“mailto:tonda@example.com” target=“_blank”>tonda@example.com</a></strong>" zippwd=$(dd if=/dev/urandom bs=1 count=10 2>/dev/null | base64 | head -c 8) rm -v $key.7z; 7z a -p $zippwd ca.crt $key.{crt,key} ta.key && mailx -s "openvpn keys" -a $key.7z $email <<<"heslo k archivu dodam"; rm -v $key.7z echo "heslo na rozbaleni $key.7z: $zippwd"
<h4><a></a>2.4.1. Revokace certifikátů</h4>
cd /etc/openvpn/easy-rsa source vars ./revoke-full <strong>jmeno_certifikátu</strong> cp -v crl.pem /etc/openvpn
</div>
<h3><a></a>2.5. sendmail interface pro SMTP server</h3>
<p>Některé komponenty (např. redmine) potřebují posílat emaily přes
sendmail interface (např. jejich SMTP klient z nějakého důvodu nefunguje
se SMTP serverem). Proto se dá nainstalovat lepší SMTP klient, který
podporuje sendmail interface. Detaily viz. <a href="#0.1_">http://msmtp.sourceforge.net/<WBR>doc/msmtp.html</a>.</p><div>apt-get purge exim4-config exim4 exim4-base exim4-daemon-light
apt-get install msmtp-mta ls -l /usr/sbin/sendmail # musi ukazovat na /usr/msmtp
<a></a>
Example 13. /etc/msmtprc
# Accounts will inherit settings from this section defaults auth on tls on tls_certcheck off #tls_trust_file /usr/share/ca-certificates/<WBR>mozilla/Thawte_Premium_Server_<WBR>CA.crt
account <strong>blackhole</strong> host <strong><a href=“http://smtp.example.com” target=“_blank”>smtp.example.com</a></strong> port <strong>465</strong> from <strong><a href=“mailto:blackhole@example.com” target=“_blank”>blackhole@example.com</a></strong> user <strong><a href=“mailto:blackhole@example.com” target=“_blank”>blackhole@example.com</a></strong> password <strong>my_password</strong> tls_starttls <strong>off</strong>
account default : <strong>blackhole</strong>
<br></div></div>
<h2 style=“clear:both”><a></a>3. web server</h2>
<h3><a></a>3.1. Nginx</h3>
<p>Nginx krom jiného umožňuje provozovat více různých web serverů na
stejném portu (např. tomcat pro java web aplikace + apache pro php +
passenger pro ruby aplikace).</p><p>Protoze potrebujem <span><em>passenger</em></span> pro
<span><em>ruby</em></span> aplikace (napr. <span><em>redmine</em></span>),
neda se to instalovat z debianich balicku.</p><div>apt-key adv --keyserver <a href="http://keyserver.ubuntu.com" target="_blank">keyserver.ubuntu.com</a> --recv-keys 561F9B9CAC40B2F7
apt-get install apt-transport-https ca-certificates echo "deb <a href=“https://oss-binaries.phusionpassenger.com/apt/passenger” target=“_blank”>https://oss-binaries.<WBR>phusionpassenger.com/apt/<WBR>passenger</a> wheezy main" > /etc/apt/sources.list.d/<WBR>passenger.list chmod 600 /etc/apt/sources.list.d/<WBR>passenger.list apt-get update apt-get install nginx-extras passenger
<p>Pokud se bude pouzivat SSL, tak je potreba vygenerovat
certifikat:</p><div>openssl req -new -x509 -nodes -out /etc/nginx/server.crt -keyout /etc/nginx/server.key</div><div><a></a><div>Example 14. /etc/nginx/conf/<WBR>nginx.conf</div><div><div>#user nobody;
worker_processes 1;
error_log /var/log/nginx/error.log; pid /var/run/nginx.pid;
#error_log logs/error.log notice; #error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 128; # maximalni pocet spojeni - <a href="http://wiki.nginx.org/EventsModule#worker_connections" target="_blank">http://wiki.nginx.org/<WBR>EventsModule#worker_<WBR>connections</a>
}
http {
passenger_root /usr/lib/ruby/vendor_ruby/<WBR>phusion_passenger/locations.<WBR>ini; passenger_ruby /usr/bin/ruby;
include mime.types; default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on; #tcp_nopush on;
#keepalive_timeout 0; keepalive_timeout 65;
#gzip on;
ssl_certificate server.crt; ssl_certificate_key server.key;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host;
}
</div></div><br></div>
<h3><a></a>3.2. Tomcat</h3>
<p>Web server je tomcat 7, protožev něm chceme provozovat jednoduchý
javovský web aplikace (tzn. potřebujeme něco v javě, ale nepotřebujeme
super-druper aplikační server).</p><div>apt-get install tomcat7</div><div><a></a><div>Example 15. conf/server.xml</div><div><div><Server port="8005" shutdown="SHUTDOWN">
<Service name="Catalina">
<Connector port="<span><strong>8081</strong></span>" protocol="org.apache.coyote.<WBR>http11.Http11NioProtocol"
connectionTimeout="20000"
redirectPort="<span><strong>443</strong></span>"
minSpareThreads="2" maxThreads="10" />
<Engine name="Catalina" defaultHost="<span><strong><a href="http://www.example.com" target="_blank">www.example.com</a></strong></span>">
<Host name="<span><strong><a href="http://www.example.com" target="_blank">www.example.com</a></strong></span>" appBase="<span><strong>webapps-moje</strong></span>"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.<WBR>catalina.valves.<WBR>AccessLogValve" directory="logs"
prefix="access_log." suffix=".log"
pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>
</Engine>
</Service>
</Server>
<p>
appBase
je zmenena, protoze upgrade tomcatu
by mohl prepsat aplikace ve
<code>/var/lib/tomcat7/webapps</code> (minimalne nektery
distribuce to delaly).</p></div></div><br><div><a></a><div>Example 16. /etc/default/<WBR>tomcat7</div><div><div>JAVA_HOME=/usr/lib/jvm/jre-7-<WBR>oracle-x64
CATALINA_OPTS=-Djava.awt.<WBR>headless=true -Xmx80m -XX:+UseConcMarkSweepGC # povolit pro remote management (napr. jconsole nebo jvisualvm) #JAVA_OPTS="${JAVA_OPTS} -Djava.rmi.server.hostname=<strong><a href=“http://mujserver.example.com” target=“_blank”>muj<WBR>server.example.com</a></strong> -Djava.net.preferIPv4Stack=<WBR>true -Dcom.sun.management.<WBR>jmxremote.ssl=false -Dcom.sun.management.<WBR>jmxremote.port=5000 -Dcom.sun.management.<WBR>jmxremote.authenticate=false"</div></div></div><br><p>Nastavit nginx, aby pozadavky preposilal na tomcat:</p>
<a></a>
Example 17. /etc/nginx/conf/<WBR>nginx.conf
server {
# JAVA web server - treba Tomcat
listen *:80 default_server;
listen *:443 ssl;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
location / {
proxy_pass <a href="http://127.0.0.1:8081" target="_blank">http://127.0.0.1:8081</a>;
}
}</div></div></div><br></div><div title="3.3. Apache + PHP"><div><div><div><h3><a></a>3.3. Apache + PHP</h3></div></div></div><p>Pro PHP experimenty:</p><div><a></a><div>Example 18. /etc/nginx/conf/<WBR>nginx.conf</div><div><div> server {
# PHP + phpmyadmin
listen *:80;
listen *:443 ssl;
server_name <span><strong><a href="http://php.example.com" target="_blank">php.example.com</a></strong></span>; # tohle je dalsi DNS jmeno pro verrejnou adresu vps serveru
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
location / {
proxy_pass <a href="http://127.0.0.1:8082" target="_blank">http://127.0.0.1:8082</a>;
}
# PHPmyadmin jenom pres SSL
location /phpmyadmin {
if ($scheme = "http") {
rewrite ^ https://$http_host$request_uri permanent;
}
if ($scheme = "https") {
proxy_pass <a href="http://127.0.0.1:8082" target="_blank">http://127.0.0.1:8082</a>;
}
}
}</div></div></div><br></div></div><div title="4. Git"><div><div><div><h2 style="clear:both"><a></a>4. Git</h2></div></div></div><p>Přístup k repozitářům gitu řídí
<span><em>gitolite</em></span>.</p><div># zkopirovat id_rsa.pub spravce gitu do /root/spravcegitu.pub
apt-get install gitolite dpkg-reconfigure gitolite # zmenit user na <strong>git</strong>
<a></a>
Example 19. /var/lib/gitolite/<WBR>.gitolite.rc
$REPO_UMASK = 0027; # nastavi soubory g+rx, aby k tomu mel pristup napr. redmine
<br>
<a></a>
Example 20. /etc/ssh/sshd_<WBR>config
<p>Zakáže se autentikace heslem (všechno běží pouze přes
certifikáty):</p><div>Match User git
PasswordAuthentication no
<br>
<h2 style=“clear:both”><a></a>5. Mysql</h2>
<p>Mysql je potřeba např. pro redmine (viz. níže). Více na <a href=“#0.1_”>https://wiki.archlinux.org/<WBR>index.php/MySQL</a>.</p>
apt-get install mysql-server mysql_secure_installation
<h2 style=“clear:both”><a></a>6. Redmine</h2>
<p>Podrobnosti viz. <a href=“#0.1_”>http://www.redmine.org/<WBR>projects/redmine/wiki/<WBR>RedmineInstall</a>.</p>
apt-get install ruby ruby-dev make imagemagick libmagickcore-dev libmagickwand-dev libmysqlclient-dev cd VER=2.5.1 wget <a href=“http://www.redmine.org/releases/redmine-$VER.tar.gz” target=“_blank”>http://www.redmine.org/<WBR>releases/redmine-$VER.tar.gz</a> tar xzf redmine-$VER.tar.gz -C /opt chown -R root:root /opt/redmine-$VER
mysql -p # zepta se na heslo (viz. instalace mysql) create database redmine character set utf8; create user 'redmine'@'localhost' identified by '<strong>my_password</strong>'; grant all privileges on redmine.* to 'redmine'@'localhost';
<a></a>
Example 21. config/database.<WBR>yml
production:
adapter: mysql2 database: redmine host: localhost username: redmine password: <span><strong>my_password</strong></span> encoding: utf8</div></div></div><br><div><a></a><div>Example 22. config/<WBR>configuration.yml</div><div><div>production: email_delivery: delivery_method: :sendmail</div></div></div><br><p>Tohle je potreba udelat az po <code>config/database.yml</code>, aby to nahralo vsechny potrebny doplnky (hlavne teda ty na pristup k databazi).</p><div>cd /opt/redmine-$VER
gem install –no-user-install bundler bundle install –system –without development test postgresql sqlite rake generate_secret_token useradd -m –home-dir /var/lib/redmine-$VER –shell /bin/bash –system redmine usermod -a -G git redmine mkdir -p /var/lib/redmine-$VER/{tmp,<WBR>public/plugin_assets} tar c files log tmp public/plugin_assets | tar xv -C /var/lib/redmine-$VER for i in files log tmp public/plugin_assets; do rm -Rf $i; ln -nfs /var/lib/redmine-$VER/$i $i; done chown -R redmine:redmine /var/lib/redmine-$VER chmod -R ugo+r /var/lib/redmine-$VER
<p>Zkopírují se data ze starého serveru:</p>
<strong># nejak dostat data z <code>files</code> do <code>/var/lib/redmine-1.4/files</code></strong> mysql -u redmine -p redmine < dump_redmine_default_2012-05-<WBR>28.sql | tee restore.log RAILS_ENV=production rake db:migrate
<h3>Note</h3><p>Novou databázi lze vytvořit pomocí:</p>
RAILS_ENV=production rake db:migrate RAILS_ENV=production rake redmine:load_default_data
<p>Instalaci lze otestovat spuštěním jednoduchého web serveru (podívat
se na projekty a jestli funguje integrace s gitem a posílání emailů):</p><div>su - -s /bin/bash redmine
ruby script/rails server webrick -e production
<h3><a></a>6.1. Passenger v nginx</h3>
<p>Detaily viz. <a href=“#0.1_”>http://www.modrails.com/<WBR>documentation/Users%20guide%<WBR>20Nginx.html#install_on_<WBR>debian_ubuntu</a>.</p>
apt-get install ruby-passenger
<a></a>
Example 23. /etc/nginx/conf/<WBR>nginx.conf
http {
# POZOR: musi byt zapnuty passenger (viz. instalace nginx)
server {
listen 8080 default_server;
root /opt/redmine-2.5.1/public;
passenger_enabled on;
# implicitne se pouzije aktualni owner/group souboru <code>config/environment.rb</code>
passenger_user redmine;
passenger_group redmine;
client_max_body_size 100M; # nektere uploady do redmine budou vetsi nez default limit
}
}
<br>
<h3><a></a>6.2. Thin v nginx (primitivni alternativa k passengeru)</h3>
gem install –no-user-install thin thin install
<p>Pridat nasledujici:</p>
<a></a>
Example 24. /opt/redmine-1.4/<WBR>Gemfile
gem 'thin'
<br>
<a></a>
Example 25. /etc/thin/redmine.<WBR>yml
— chdir: /opt/redmine-1.4 environment: production timeout: 30 log: /var/log/thin/redmine.log pid: /var/lib/redmine-1.4/thin.pid # musi byt zapisovatelny userem redmine max_conns: 1024 max_persistent_conns: 100 require: [] wait: 30 socket: /var/lib/redmine-1.4/thin.sock # musi byt zapisovatelny userem redmine daemonize: true user: redmine group: redmine servers: 1
<br><p>A nakonec v
/etc/rc.conf
přidat
<code>thin</code> do <code>DAEMONS</code>.</p><div><a></a><div>Example 26. /etc/nginx/conf/<WBR>nginx.conf</div><div><div> upstream redmine {
server unix:/var/lib/redmine-1.4/<WBR>thin.0.sock;
}
server {
listen *:8080 default_server;
client_max_body_size 100M;
location / {
proxy_pass <a href="http://redmine" target="_blank">http://redmine</a>;
}
}</div></div></div><br></div></div><div title="7. nexus (maven repository)"><div><div><div><h2 style="clear:both"><a></a>7. nexus (maven repository)</h2></div></div></div><div title="Note" style="margin-left:0.5in;margin-right:0.5in"><h3>Note</h3><p>Mozna by stalo za uvahu jenom hodit war do tomcatu, at tam
zbytecne nejede 2x JVM.</p></div><div>useradd --system --shell /bin/bash --home-dir /var/lib/nexus -m nexus
wget <a href=“http://www.sonatype.org/downloads/nexus-latest-bundle.tar.gz” target=“_blank”>http://www.sonatype.org/<WBR>downloads/nexus-latest-bundle.<WBR>tar.gz</a> tar xzf nexus-latest-bundle.tar.gz -C /opt ln -nfsv /opt/nexus-2.7.0-05 /opt/nexus mkdir /var/run/nexus chown nexus:nexus /var/run/nexus mkdir /var/lib/nexus/{logs,tmp} chown nexus:nexus /var/lib/nexus/{logs,tmp} rm -rfv /opt/nexus/{logs,tmp} ln -fsv /var/lib/nexus/logs /opt/nexus ln -fsv /var/lib/nexus/tmp /opt/nexus cp /opt/nexus/bin/nexus /etc/init.d chmod ugo+x /etc/init.d/nexus update-rc.d nexus defaults
<a></a>
Example 27. /etc/init.d/nexus
NEXUS_HOME="/opt/nexus" #JAVA_HOME="/opt/jdk-7" RUN_AS_USER="nexus" PIDDIR="/var/lib/nexus" # musi byt writeable uzivatelem nexus
<br>
<a></a>
Example 28. /opt/nexus/conf/<WBR>nexus.properties
application-port=8083 nexus-work=/var/lib/nexus
<br>
<a></a>
Example 29. /opt/nexus/bin/<WBR>jsw/conf/wrapper.conf
wrapper.java.maxmemory=80
<br><p>Zbytek viz. <a href=“#0.1_”>http://books.sonatype.com/<WBR>nexus-book/reference/install-<WBR>sect-repoman-post-install.html</a></p>
</div> </body></html>
Page Tools
