2020-09-25

OpenSSL Generate self-signed certificate for HaProxy

#A/ OpenSSL-Gen-CERT.sh
#LastUpdate: #14:49 2020.09.25, #14:30 2020.09.25
############################################
#REF: https://gist.github.com/yuezhu/47b15b4b8e944221861ccf7d7f5868f5
############################################
#__________GLOBAL_VAR:BEGIN
SSL_CERT_LOC="."
mkdir -p $SSL_CERT_LOC
cd $SSL_CERT_LOC
/bin/rm -rf {*.crt,*.csr,*.key,*.pem}

MyDomain="ha.stats.local"
#__________GLOBAL_VAR:END


#A__________GEN_PRIVATE_KEY:BEGIN
# Generate a unique private key (KEY)
# sudo openssl genrsa -out $MyDomain.key 2048
#__________GEN_PRIVATE_KEY:END


#B__________GEN_CSR:BEGIN
# Generating a Certificate Signing Request (CSR)
#sudo openssl req -new -key $MyDomain.key -out $MyDomain.csr -config openssl.cnf
#__________GEN_CSR:END


#C=A+B:
COUNTRY_NAME="US"
STATE_NAME="CA"
LOCATION_NAME="CA"
ORG_NAME="ORG NAME"
ORG_UNIT_NAME="UNIT-InformationTechnologyCenter"

sudo openssl req -nodes \
-newkey rsa:2048 \
-keyout $MyDomain.key \
-out $MyDomain.csr \
-subj "/C=$COUNTRY_NAME/ST=$STATE_NAME/L=$LOCATION_NAME/O=$ORG_NAME/OU=$ORG_UNIT_NAME/CN=$MyDomain"



#D__________GEN_SELF_SIGNED_CERT:BEGIN
# Creating a Self-Signed Certificate (CRT)
openssl x509 -req -days 3650 -in $MyDomain.csr -signkey $MyDomain.key -out $MyDomain.crt
#__________GEN_SELF_SIGNED_CERT:END



#E__________GEN_PEM:BEGIN
# Append KEY and CRT to $MyDomain.pem
cat $MyDomain.key $MyDomain.crt >> $MyDomain.pem
#__________GEN_PEM:END



#F__________CHECK_SSL_CERT:BEGIN
#https://www.sslshopper.com/article-most-common-openssl-commands.html

#F.1:
echo "------------------------------------------"
echo "Check a Certificate Signing Request (CSR): [$MyDomain.csr]"
openssl req -text -noout -verify -in $MyDomain.csr
sleep 10

#F.2:
echo "------------------------------------------"
echo "Check a private key: [$MyDomain.key]"
openssl rsa -check -in $MyDomain.key
sleep 10

#F.3:
echo "------------------------------------------"
echo "Check a certificate: [$MyDomain.crt]"
openssl x509 -text -noout -in $MyDomain.crt
sleep 10

# #F.4:
# echo "------------------------------------------"
# echo "Check a PKCS#12 file (.pfx or .p12):"
# openssl pkcs12 -info -in $MyDomain.p12

#F.5:
for var_temp in *.pem;
do    
    echo "------------------------------------------"
    echo 'CREATED SSL CERT: ['$var_temp']':
    openssl x509 -noout -dates -in $var_temp

done
echo "------------------------------------------"
#sleep 10

echo "CREATED SSL SELF CERT: DONE"
echo ""

#__________CHECK_SSL_CERT:END

#THE_END

#CHECK SSL CERT:
#https://support.acquia.com/hc/en-us/articles/360004119234-Verifying-the-validity-of-an-SSL-certificate
# openssl x509 -noout -modulus -in $MyDomain.pem | openssl md5
# openssl rsa  -noout -modulus -in $MyDomain.key | openssl md5
# openssl x509 -noout -dates -in $MyDomain.pem

# openssl x509 -in $MyDomain.pem -noout -pubkey
# openssl rsa -in $MyDomain.key -pubout


#https://www.sslshopper.com/article-most-common-openssl-commands.html
# openssl req -text -noout -verify -in $MyDomain.csr
# openssl x509 -in $MyDomain.crt -text -noout


#RESULT:





































































































#B/ Import SSL CERT TO HAPROXY:

#/etc/haproxy/crtlist.txt
#LastUpdate: #15:11 2020.09.25
###################################
# #HTTPS:
# frontend FRONTEND_443  
    # http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
    # http-response set-header X-Frame-Options SAMEORIGIN
    # http-response set-header X-Content-Type-Options nosniff
    # bind *:443 ssl crt-list /etc/haproxy/crtlist.txt
    # mode http
    # option httpclose
    # option forwardfor
    # reqadd X-Forwarded-Proto:\ https
###################################

#___________SSL_CERT:BEGIN
#15:11 2020.09.25
/etc/haproxy/certs/ha.stats.local.pem
#___________SSL_CERT:END

#----------------------------------#END
#THE-END


#FILE_NAME="haproxy_99_HAProxyStats_9999.tcp"
#LastUpdate: #8:23 2020.09.25
#################################
#REF: 
#Setup HAProxy stats over HTTPS
#https://evancarmi.com/writing/setup-haproxy-stats-over-https/
#################################
##__________FRONTEND_[HAProxyStats]:BEGIN
listen  BACKEND_HAProxyStats_9999
    mode http
    bind *:9999 ssl crt-list /etc/haproxy/crtlist.txt alpn h2,http/1.1
    #bind *:9999
    stats enable
    #stats http-request
    #stats hide-version
    stats realm Haproxy\ Statistics
    stats refresh 30s
    #stats uri /haproxy?stats
    stats uri /
    stats auth a:b
    redirect scheme https code 301 if !{ ssl_fc }
##__________FRONTEND_[HAProxyStats]:END
#THE-END


#URL: 
http://10.0.1.105:9999/haproxy?stats: Not OK
https://10.0.1.105:9999/haproxy?stats: OK























































2020-09-16

XAMPP/XEMPP/XNMPP (Linux, Nginx, MariaDB, PHP-FPM, Pure-FTPd) Portable for all Linux Server

XAMPP/XEMPP/XNMPP:
Linux
N
ginx
M
ariaDB
P
HP-FPM
P
ure-FTPd
Portable for Linux Ubuntu Server
LastUpdate: 2020.09.16-17h00 GMT+7



###########################
Index:
A/ Operating System: 
Linux Ubuntu Server 18.04.LTS.x64

B/ Web Server: 
Nginx version: "nginx-1.18.0"
(Included LetsEncrypt for HTTPS)

C/ RDBMS Database: 
MariaDB 10.4.13

D/ PHP Processor:
PHP-FPM: FastCGI Process Manager

E/ FTP Server: 
pure-ftpd FTP Sercure



###########################
A/ Operating System

A.1/ Ubuntu Server 18.04.LTS.x64
root@futurepo:/opt# cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.5 LTS"

A.2/ Kernel Information:
root@futurepo:/opt/lampp/script# uname -a
Linux futurepo 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux



###########################
B/ Web Server
Nginx version: "nginx-1.18.0"
root@futurepo:/opt/lampp/script# /opt/lampp/nginx-1.18.0/sbin/nginx -V
nginx version: nginx-1.18.0/20200819
built by gcc 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04) 
built with OpenSSL 1.1.1  11 Sep 2018
TLS SNI support enabled
configure arguments: 
--prefix=/opt/lampp/nginx-1.18.0 
--add-module=headers-more-nginx-module 
--error-log-path=/opt/lampp/nginx-1.18.0/log/error.log 
--http-log-path=/opt/lampp/nginx-1.18.0/log/access.log 
--pid-path=/opt/lampp/nginx-1.18.0/nginx.pid 
--lock-path=/opt/lampp/nginx-1.18.0/nginx.lock 
--http-client-body-temp-path=/opt/lampp/nginx-1.18.0/cache/client_temp 
--http-proxy-temp-path=/opt/lampp/nginx-1.18.0/cache/proxy_temp 
--http-fastcgi-temp-path=/opt/lampp/nginx-1.18.0/cache/fastcgi_temp 
--http-uwsgi-temp-path=/opt/lampp/nginx-1.18.0/cache/uwsgi_temp 
--http-scgi-temp-path=/opt/lampp/nginx-1.18.0/cache/scgi_temp 
--user=nginx 
--group=nginx 
--with-http_ssl_module 
--with-http_realip_module 
--with-http_addition_module 
--with-http_sub_module 
--with-http_dav_module 
--with-http_flv_module 
--with-http_mp4_module 
--with-http_gunzip_module 
--with-http_gzip_static_module 
--with-http_random_index_module 
--with-http_secure_link_module 
--with-http_stub_status_module 
--with-http_auth_request_module 
--with-http_image_filter_module 
--with-mail 
--with-mail_ssl_module 
--with-file-aio 
--with-http_v2_module 
--with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'
root@futurepo:/opt/lampp/script# 



###########################
C/ RDBMS Database: MariaDB
root@futurepo:/opt/lampp/nginx-1.18.0/sbin# A004-xampp-mysql-console-admin.sh
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 3107
Server version: 10.4.13-MariaDB Source distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> status
--------------
/opt/lampp/bin/mysql  Ver 15.1 Distrib 10.4.13-MariaDB, for Linux (x86_64) using readline 5.1
Connection id:          3107
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server:                 MariaDB
Server version:         10.4.13-MariaDB Source distribution
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    utf8mb4
Db     characterset:    utf8mb4
Client characterset:    utf8mb4
Conn.  characterset:    utf8mb4
UNIX socket:            /opt/lampp/var/mysql/mysql.sock
Uptime:                 1 hour 38 min 14 sec
Threads: 12  Questions: 22339  Slow queries: 0  Opens: 51  Flush tables: 1  Open tables: 41  Queries per second avg: 3.790
--------------
MariaDB [(none)]> 




###########################
D/ PHP-FPM: FastCGI Process Manager
###PHP: D001-1-php-fpm-7.4-restart.sh | D001-3-wordpress-security.sh
    #php-fpm-reload.sh | php-fpm-restart.sh | php-fpm-status.sh | php-fpm-stop.sh
    #/opt/lampp/php-7.4.9/bin/php -v
        PHP 7.4.9 (cli) (built: Aug 18 2020 11:04:00) ( NTS )
        Copyright (c) The PHP Group
        Zend Engine v3.4.0, Copyright (c) Zend Technologies
        #/opt/lampp/php-7.4.9/bin/php -i| grep php.ini
        Configuration File (php.ini) Path => /opt/lampp/php-7.4.9/lib        
        #-rw-r--r-- 1 root root 72599 Aug 18 14:05 /opt/lampp/php-7.4.9/lib/php.ini
    #/opt/lampp/php-7.4.9/sbin/php-fpm -v
        PHP 7.4.9 (fpm-fcgi) (built: Aug 18 2020 11:04:10)
        Copyright (c) The PHP Group
        Zend Engine v3.4.0, Copyright (c) Zend Technologies
        #/opt/lampp/php-7.4.9/sbin/php-fpm -i| grep php.ini
        Configuration File (php.ini) Path => /opt/lampp/php-7.4.9/lib
        Loaded Configuration File => /opt/lampp/php-7.4.9/lib/php.ini
        #-rw-r--r-- 1 root root 72599 Aug 18 14:05 /opt/lampp/php-7.4.9/lib/php.ini



###########################
E/ FTP Server: 
pure-ftpd FTP Sercure
root@futurepo:/opt/lampp/pure-ftpd# B001-1-pureftpd-restart-FULL.sh
######################################
PURE-FTPD CURRENT PID: 
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      7694/pure-ftpd (SER 
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      7510/mysqld         

PURE-FTPD [FULL PERMISSION] RESTARTING...
21/tcp:               7694
######################################
PURE-FTPD NEW PID: 
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      24370/pure-ftpd (SE 
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      7510/mysqld         
######################################




###########################
Bonus:
Bonus1: root@futurepo:/opt/lampp/script# ll
root root 1857 Aug 17 14:36  A001-xampp-mysql-initial.sh.bk
root root 3691 Aug 17 13:34  A002-MySQL-Upgrade.sh*
root root  605 Aug 19 09:49  A003-1-xampp-mysql-restart.sh*
root root  298 Jan 17  2019  A003-2-xampp-mysql-stop.sh*
root root  238 Jan 17  2019  A004-xampp-mysql-console-admin.sh*
root root  338 Aug 17 14:24  A005-1-mysql-EventScheduler-ON.sh*
root root  171 Jan 17  2019  A005-2-mysql-EventScheduler-ON.sql
root root  322 Aug 17 13:52  A006-1-mysql-EventScheduler-OFF.sh*
root root  171 Jan 17  2019  A006-2-mysql-EventScheduler-OFF.sql
root root 1764 Aug 19 16:29  A007-3-backup-website.sh*
root root    1 Aug 21 08:27  A007-4-restore-website.sh*
root root 1570 Aug 21 08:27  A007-5-Backup-1-DB.sh*
root root 1862 Aug 21 15:10  A007-6-Restore-1-DB.sh*

root root 1749 Aug 19 09:49  B001-1-pureftpd-restart-FULL.sh*
root root 1516 Jan 17  2019  B001-2-pureftpd-restart-RO.sh*
root root   38 Dec 11  2018  B001-3-pureftpd-log.sh*
root root  359 Dec 11  2018  B001-4-ssl-cert-expired-date-pure-ftpd.sh*

root root  685 Feb 12  2020  C001-1-xampp-APACHE-restart.sh*
root root  688 Feb 12  2020  C001-2-xampp-APACHE.stop.sh*

root root  874 Sep 16 14:16  D001-1-php-fpm-7.4-restart.sh*
root root  639 Aug 19 09:18  D001-2-php-fpm-7.4-stop.sh*
root root 1476 Sep 16 14:31  D001-3-wordpress-security.sh*

root root 3109 Aug 19 09:48  E001-1-nginx-restart-all-instance.sh*
root root 1582 Aug 19 09:28  E001-2-nginx-stop-all-instance.sh*
root root 2655 Aug 19 09:31  E001-3-nginx-reload-all-instance.sh*
root root 1271 Aug 19 09:33  E001-4-nginx-status-all-instance.sh*
root root 2121 Aug 20 11:23  E001-5-nginx-test-all-instance.sh*


Bonus2: /etc/rc.local
#!/bin/bash
###################################
#FILE_NAME: /etc/rc.local
#Author: qwerty | 
#LastUpdate: #2020.08.12-15.54.35.332
###################################
###################################CONTENT:BEGIN
#!/bin/bash
#!/bin/sh -e
# rc.local
# By default this script does nothing.
#####################################

#SAMBA:
/opt/script/samba-stop.sh

#MariaDB:
/opt/lampp/script/A003-1-xampp-mysql-restart.sh

#FTP Server:
/opt/lampp/script/B001-1-pureftpd-restart-FULL.sh

#PHP-FPM: 7.4.9:
/opt/lampp/script/D001-1-php-fpm-7.4-restart.sh

#NGINX:
/opt/lampp/script/E001-1-nginx-restart-all-instance.sh

#######
exit 0
###################################CONTENT:END



Bonus3:crontab -l
root@futurepo:/opt/lampp/script# crontab -l
##############################################
#UBUNTU: /var/spool/cron/crontabs/root
#CENTOS: /var/spool/cron/root
#LastUpdate: #10:19 2020.09.16
##############################################
#*     *     *   *    *      command to be executed         
#-     -     -   -    -                                       
#|     |     |   |    |                                       
#|     |     |   |    +----- day of week (MON-1|TUE-2|WED-3|THU-4|FRI-5|SAT-6|SUN-0)
#|     |     |   +------- month (1-12)                    
#|     |     +--------- day of month (1-31)
#|     +----------- hour (0-23)                    
#+------------- min (0-59)
##############################################
#GET DATE PER 1min:
* * * * * /opt/script/schedule-per-1s.sh

#Sync Time Server, daily, 23h00:          
00 23 * * * /opt/script/time-force-update.sh

#CRONTAB BACKUP, DAILY, 23h00:
#00 23 * * * /opt/script/crontab-backup.sh

# Check process HAProxy status every minute.
# * * * * * /opt/script/haproxy_monitor_stats.sh

#CLEAR RAM PER HOUR: 
0 */1 * * * /opt/script/ram.clear.sh

#RENEW SSL CERT: Daily, 0h00:
00 00 * * * /opt/script/le-renew-[futurepo.xxx].sh

#Wordpress Security Checking: DAILY, 23h00:
00 23 * * * /opt/lampp/script/D001-3-wordpress-security.sh

#Wordpress: Backup Websites: Daily, 0h00:
#
A007-3-backup-website.sh <DBName> <Wordpress Website Name>
00 23 * * * /opt/lampp/script/A007-3-backup-website.sh "futurepo" "futurepo.xxx"


Bonus4:date;netstat-status.sh















###########################
Download:
Contact to: iadmin@mgiay.com



###########################
Keyword:
#XAMPP
#XEMPP
#XNMPP
#Linux
#Nginx
#MariaDB
#PHP
#Pure-FTPd
Linux, Nginx, MariaDB, PHP, Pure-FTPd

XAMPP is currently only availably as 32 bit application. Please use a 32 bit compatibility library for your system

 

XAMPP is currently only availably as 32 bit application. Please use a 32 bit compatibility library for your system.

sudo apt-get install ia32-libs
sudo apt-get install lib32stdc++6

#/opt/lampp/lampp

#qwerty: 13:37 2020.09.16
# # XAMPP is currently 32 bit only
# case `uname -m` in
            # *_64)
            # if $XAMPP_ROOT/bin/php -v > /dev/null 2>&1
            # then
                        # :
            # else
                        # $GETTEXT -s "XAMPP is currently only availably as 32 bit application. Please use a 32 bit compatibility library for your system."
                        # exit 1
            # fi
            # ;;
# esac



/opt/lampp/lampp start

2020-02-18

How to force redirect 301 "www.example.com" to "example.com"

How to force redirect 301 "www.example.com" to "example.com"


1/ CloudFlare: CNAME "www" -> "example.com".
2/ CloudFlare: DISABLE CDN
3/ HaProxy enable redirect 301:
root@srv004:/etc/haproxy/template# cat haproxy_02_http.cfg.temp 
    #13:58 2020.02.18
    redirect prefix https://example.com code 301 if { hdr(host) -i www.example.com }

2019-10-01

UBUNTU18-NETPLAN

#/etc/netplan/50-cloud-init.yaml
#LastUpdate: #08:38 2019.10.02
#################################
#_________[GLOBAL]:BEGIN
network:
    version: 2
    ethernets:
#_________[GLOBAL]:END

#_________[WAN]:BEGIN
        ens192:
            addresses: [139.99.71.101/24]
            gateway4: 139.99.71.254
            nameservers:
                addresses: [1.1.1.1,8.8.8.8]
                search: [google.com]
            dhcp4: no
#_________[WAN]:BEGIN

#_________[LAN]:BEGIN
        ens160:
            addresses: [172.16.26.30/24]
            #gateway4:
            nameservers:
                addresses: [1.1.1.1,8.8.8.8]
                search: [google.com]
            dhcp4: no
#_________[LAN]:END
#THE-END 
#sudo netplan --debug apply
#netplan apply


#or:

sudo netplan --debug apply
** (generate:6466): DEBUG: 08:46:16.527: Processing input file /etc/netplan/50-cloud-init.yaml..
** (generate:6466): DEBUG: 08:46:16.527: starting new processing pass
** (generate:6466): DEBUG: 08:46:16.527: ens192: setting default backend to 1
** (generate:6466): DEBUG: 08:46:16.527: Configuration is valid
** (generate:6466): DEBUG: 08:46:16.527: ens160: setting default backend to 1
** (generate:6466): DEBUG: 08:46:16.527: Configuration is valid
** (generate:6466): DEBUG: 08:46:16.527: Generating output files..
** (generate:6466): DEBUG: 08:46:16.528: NetworkManager: definition ens160 is not for us (backend 1)
** (generate:6466): DEBUG: 08:46:16.528: NetworkManager: definition ens192 is not for us (backend 1)
DEBUG:netplan generated networkd configuration changed, restarting networkd
DEBUG:no netplan generated NM configuration exists
DEBUG:ens160 not found in {}
DEBUG:ens192 not found in {'ens160': {'addresses': ['172.16.26.30/24'], 'nameservers': {'addresses': ['1.1.1.1', '8.8.8.8'], 'search': ['google.com']}, 'dhcp4': False}}
DEBUG:Merged config:
network:
  bonds: {}
  bridges: {}
  ethernets:
    ens160:
      addresses:
      - 172.16.26.30/24
      dhcp4: false
      nameservers:
        addresses:
        - 1.1.1.1
        - 8.8.8.8
        search:
        - google.com
    ens192:
      addresses:
      - 139.99.71.101/24
      dhcp4: false
      gateway4: 139.99.71.254
      nameservers:
        addresses:
        - 1.1.1.1
        - 8.8.8.8
        search:
        - google.com
  vlans: {}
  wifis: {}

DEBUG:Skipping non-physical interface: lo
DEBUG:device ens160 operstate is up, not changing
DEBUG:device ens192 operstate is up, not changing
DEBUG:{}
DEBUG:netplan triggering .link rules for lo
DEBUG:netplan triggering .link rules for ens160
DEBUG:netplan triggering .link rules for ens192

2019-09-25

Increasing New LVM Volume for VPS

#10:19 2019.09.26
#################
#Increasing-New-LVM-Volume-for-VPS.sh
#OS: "Ubuntu 18.04.3 LTS" / Linux srv150 4.15.0-64-generic GNU/Linux
#################
#fdisk /dev/sdb
n
p
w

#mkfs.ext4 /dev/sdb1

#
root@srv030:/opt/lvm-informations# lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL
NAME            FSTYPE       SIZE MOUNTPOINT      LABEL
loop0           squashfs      89M /snap/core/7713 
loop1           squashfs      91M /snap/core/6350 
sda                          100G                 
├─sda1                         1M                 
├─sda2          ext4           2G /boot           
└─sda3          LVM2_member   98G                 
  ├─vg0-lv1_os  ext4          20G /               
  └─vg0-lv2_opt ext4          78G /opt            
sdb                          130G                 
└─sdb1          ext4         130G                 


#root@srv030:/opt/lvm-informations# vgdisplay | grep "VG Size"
  VG Size               <98.00 GiB

#root@srv030:/opt/lvm-informations# vgextend vg0 /dev/sdb1
WARNING: ext4 signature detected on /dev/sdb1 at offset 1080. Wipe it? [y/n]: y
  Wiping ext4 signature on /dev/sdb1.
  Physical volume "/dev/sdb1" successfully created.
  Volume group "vg0" successfully extended

#root@srv030:/opt/lvm-informations# vgdisplay | grep "VG Size"
  VG Size               227.99 GiB

  
#Update dung lượng mới cho volume "/dev/vg0/lv2_opt": 
lvresize -L+130gb /dev/vg0/lv2_opt

#xfs_growfs /dev/vg01_hdd/lv03_opt
resize2fs  /dev/vg0/lv2_opt

#DONE:
root@srv030:/opt/lvm-informations# vgdisplay | grep "Size"
  VG Size               227.99 GiB
  PE Size               4.00 MiB
  Alloc PE / Size       58111 / <227.00 GiB
  Free  PE / Size       255 / 1020.00 MiB
  
#root@srv030:/opt/lvm-informations# df -h;date;
Filesystem               Size  Used Avail Use% Mounted on
# udev                     7.9G     0  7.9G   0% /dev
# tmpfs                    1.6G  1.1M  1.6G   1% /run
# /dev/mapper/vg0-lv1_os    20G  6.2G   13G  33% /
# tmpfs                    7.9G     0  7.9G   0% /dev/shm
# tmpfs                    5.0M     0  5.0M   0% /run/lock
# tmpfs                    7.9G     0  7.9G   0% /sys/fs/cgroup
# /dev/loop0                90M   90M     0 100% /snap/core/7713
# /dev/loop1                91M   91M     0 100% /snap/core/6350
# /dev/sda2                2.0G   80M  1.8G   5% /boot
/dev/mapper/vg0-lv2_opt  204G  223M  194G   1% /opt
# tmpfs                    1.6G     0  1.6G   0% /run/user/0
# Thu Sep 26 10:21:32 +07 2019
# root@srv030:/opt/lvm-informations# 



#DONE-DONE-DONE














2019-09-13

Make HAProxy match multiple conditions for HTTP health checking



The solution is to use to the raw tcp-check and write a health check script sequence which match all the conditions.


For example, you want to ensure the server’s response has: 
HTTP status code is 200 
absence of keyword Error


1
2
3
4
5
6
7
8
9
10
backend myapp
[...]
 option tcp-check
 tcp-check send GET\ /my/check/url\ HTTP/1.1\r\n
 tcp-check send Host:\ myhost\r\n
 tcp-check send Connection:\ close\r\n
 tcp-check send \r\n
 tcp-check expect string HTTP/1.1\ 200\ OK
 tcp-check expect ! string Error

https://alohalb.wordpress.com/2012/10/12/scalable-waf-protection-with-haproxy-and-apache-with-modsecurity/


#####
https://www.haproxy.com/documentation/aloha/10-0/traffic-management/lb-layer7/health-checks/

Equivalent of the configuration above, with all default options:
backend bk_myapp
        [...]
        option httpchk OPTIONS / HTTP/1.0
        http-check expect rstatus (2|3)[0-9][0-9]
        default-server inter 3s fall 3 rise 2
        server srv1 10.0.0.1:80 check
        server srv2 10.0.0.2:80 check