diff --git a/docs/dynamic_cacheing_nginx_reverse_proxy_for_pacman.md b/docs/dynamic_cacheing_nginx_reverse_proxy_for_pacman.md index 1830b32..fb7ad5d 100644 --- a/docs/dynamic_cacheing_nginx_reverse_proxy_for_pacman.md +++ b/docs/dynamic_cacheing_nginx_reverse_proxy_for_pacman.md @@ -41,7 +41,7 @@ You can start with a default `/etc/nginx/nginx.conf`, and add the line `include sites-enabled/*;` at the end of the *http* section. -```text +```nginx # /etc/nginx/nginx.conf #user html; worker_processes 1; @@ -181,12 +181,12 @@ ip address instead, then that should match what you write in your mirrorlist. And of course your mirrorlist entry on the client machine, has to preserve the directory scheme. -```text +```conf # /etc/pacman.d/mirrorlist Server = http://:/archlinux/$repo/os/$arch ``` -```text +```nginx # /etc/nginx/sites-enabled/proxy_cache.conf # nginx may need to resolve domain names at run time resolver 8.8.8.8 8.8.4.4; @@ -282,7 +282,7 @@ systemctl enable/start /etc/systemd/system/proxy_cache_clean.timer Keeps the 2 most recent versions of each package using paccache command. -```text +```conf # /etc/systemd/system/proxy_cache_clean.service [Unit] Description=Clean The pacman proxy cache @@ -296,7 +296,7 @@ StandardError=syslog ## systemd timer for the systemd service that cleans the proxy cache -```text +```conf # /etc/systemd/system/proxy_cache_clean.timer [Unit] Description=Timer for clean The pacman proxy cache @@ -323,7 +323,7 @@ the database files, then you'll just be stuck with old database files, unless you periodically delete them. But I'm not sure about all this, will keep an eye on things. -```text +```conf # /etc/systemd/system/proxy_cache_database_clean.service [Unit] Description=Clean The pacman proxy cache database @@ -337,7 +337,7 @@ StandardError=syslog ## systemd timer for the systemd service that deletes the pacman database files from the proxy cache -```text +```conf # /etc/systemd/system/proxy_cache_database_clean.timer [Unit] Description=Timer for clean The pacman proxy cache database @@ -350,3 +350,12 @@ Unit=proxy_cache_database_clean.service [Install] WantedBy=timers.target ``` + +## If you prefer cron because the server is actually an ubuntu:16.04 LXD container +Make sure single quote in the command here. + +```cron +#!/bin/bash +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin +5,20,35,50 * * * * /bin/bash -c 'for f in $(find /var/www/html/pacman-cache -name *db) ; do rm $f; done' +``` diff --git a/site/dynamic_cacheing_nginx_reverse_proxy_for_pacman/index.html b/site/dynamic_cacheing_nginx_reverse_proxy_for_pacman/index.html index 624e614..ae0edf6 100644 --- a/site/dynamic_cacheing_nginx_reverse_proxy_for_pacman/index.html +++ b/site/dynamic_cacheing_nginx_reverse_proxy_for_pacman/index.html @@ -108,6 +108,8 @@
  • systemd timer for the systemd service that deletes the pacman database files from the proxy cache
    • +
  • If you prefer cron because the server is actually an ubuntu:16.04 LXD container
    • + @@ -203,7 +205,7 @@ working as of July 2017 with a fresh install of nginx.

    You can start with a default /etc/nginx/nginx.conf, and add the line include sites-enabled/*; at the end of the http section.

    -
    # /etc/nginx/nginx.conf
+
    # /etc/nginx/nginx.conf
 #user html;
 worker_processes  1;
 
@@ -337,11 +339,11 @@ have to assign static ip addresses and explicitly write the local
 ip address instead, then that should match what you write in your mirrorlist.
    
 
    And of course your mirrorlist entry
 on the client machine, has to preserve the directory scheme.
    
-
    # /etc/pacman.d/mirrorlist
+
    # /etc/pacman.d/mirrorlist
 Server = http://<hostname or ip address>:<port if not 80>/archlinux/$repo/os/$arch
 
    
 
-
    # /etc/nginx/sites-enabled/proxy_cache.conf
+
    # /etc/nginx/sites-enabled/proxy_cache.conf
 # nginx may need to resolve domain names at run time
 resolver 8.8.8.8 8.8.4.4;
 
@@ -432,7 +434,7 @@ server
 
    
 
 
    Keeps the 2 most recent versions of each package using paccache command.
    
-
    # /etc/systemd/system/proxy_cache_clean.service
+
    # /etc/systemd/system/proxy_cache_clean.service
 [Unit]
 Description=Clean The pacman proxy cache
 
@@ -444,7 +446,7 @@ StandardError=syslog
 
    
 
 
    systemd timer for the systemd service that cleans the proxy cache
    
-
    # /etc/systemd/system/proxy_cache_clean.timer
+
    # /etc/systemd/system/proxy_cache_clean.timer
 [Unit]
 Description=Timer for clean The pacman proxy cache
 
@@ -466,7 +468,7 @@ WantedBy=timers.target
 the database files, then you'll just be stuck with old database files, unless
 you periodically delete them. But I'm not sure about all this, will keep an
 eye on things.
    
-
    # /etc/systemd/system/proxy_cache_database_clean.service
+
    # /etc/systemd/system/proxy_cache_database_clean.service
 [Unit]
 Description=Clean The pacman proxy cache database
 
@@ -478,7 +480,7 @@ StandardError=syslog
 
    
 
 
    systemd timer for the systemd service that deletes the pacman database files from the proxy cache
    
-
    # /etc/systemd/system/proxy_cache_database_clean.timer
+
    # /etc/systemd/system/proxy_cache_database_clean.timer
 [Unit]
 Description=Timer for clean The pacman proxy cache database
 
@@ -489,6 +491,13 @@ Unit=proxy_cache_database_clean.service
 
 [Install]
 WantedBy=timers.target
+
    
+
+
    If you prefer cron because the server is actually an ubuntu:16.04 LXD container
    
+
    Make sure single quote in the command here.
    
+
    #!/bin/bash
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
+5,20,35,50 * * * * /bin/bash -c 'for f in $(find /var/www/html/pacman-cache -name *db) ; do rm $f; done'
 
    
               
             
diff --git a/site/index.html b/site/index.html
index 9392021..f647d1b 100644
--- a/site/index.html
+++ b/site/index.html
@@ -228,5 +228,5 @@
 
 
diff --git a/site/mkdocs/search_index.json b/site/mkdocs/search_index.json
index 6db5c37..ba2ba01 100644
--- a/site/mkdocs/search_index.json
+++ b/site/mkdocs/search_index.json
@@ -312,7 +312,7 @@
         },
         {
             "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/",
-            "text": "Dynamic Cacheing Nginx Reverse Proxy For Pacman\n\n\nYou set up a dynamic cacheing reverse proxy and then you put the ip address or hostname for that server in \n/etc/pacman.d/mirrorlist\n on your client machines.\n\n\nOf course if you want to you can set this up and run it in an\n\nNspawn Container\n.\nThe \nArchWiki Page for pacman tips\n\nmostly spells out what to do, but I want to document\nthe exact steps I would take.\n\n\nAs for how you would run this on a server with other virtual hosts?\nWho cares? That is what is so brilliant about using using an\nnspawn container, in that it behaves like just another\ncomputer on the lan with it's own ip address.  But it only does one\nthing, and that's all you have to configure it for.\n\n\nI see no reason to use nginx-mainline instead of stable.\n\n\npacman -S nginx\n\n\n\n\nThe suggested configuration in the Arch Wiki\nis to create a directory \n/srv/http/pacman-cache\n,\nand that seems to work well enough\n\n\nmkdir /srv/http/pacman-cache\n# and then change it's ownershipt\nchown http:http /srv/http/pacman-cache\n\n\n\n\nnginx configuration\n\n\nand then it references an nginx.conf in\n\nthis gist\n,\nbut that is not a complete nginx.conf and so here is a method to get that\nworking as of July 2017 with a fresh install of nginx.\n\n\nYou can start with a default \n/etc/nginx/nginx.conf\n,\nand add the line \ninclude sites-enabled/*;\n\nat the end of the \nhttp\n section.\n\n\n# /etc/nginx/nginx.conf\n#user html;\nworker_processes  1;\n\n#error_log  logs/error.log;\n#error_log  logs/error.log  notice;\n#error_log  logs/error.log  info;\n\n#pid        logs/nginx.pid;\n\n\nevents {\n    worker_connections  1024;\n}\n\n\nhttp {\n    include       mime.types;\n    default_type  application/octet-stream;\n\n    #log_format  main  '$remote_addr - $remote_user [$time_local] \"$request\" '\n    #                  '$status $body_bytes_sent \"$http_referer\" '\n    #                  '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n\n    #access_log  logs/access.log  main;\n\n    sendfile        on;\n    #tcp_nopush     on;\n\n    #keepalive_timeout  0;\n    keepalive_timeout  65;\n\n    #gzip  on;\n\n    server {\n        listen       80;\n        server_name  localhost;\n\n        #charset koi8-r;\n\n        #access_log  logs/host.access.log  main;\n\n        location / {\n            root   /usr/share/nginx/html;\n            index  index.html index.htm;\n        }\n\n        #error_page  404              /404.html;\n\n        # redirect server error pages to the static page /50x.html\n        #\n        error_page   500 502 503 504  /50x.html;\n        location = /50x.html {\n            root   /usr/share/nginx/html;\n        }\n\n        # proxy the PHP scripts to Apache listening on 127.0.0.1:80\n        #\n        #location ~ \\.php$ {\n        #    proxy_pass   http://127.0.0.1;\n        #}\n\n        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000\n        #\n        #location ~ \\.php$ {\n        #    root           html;\n        #    fastcgi_pass   127.0.0.1:9000;\n        #    fastcgi_index  index.php;\n        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;\n        #    include        fastcgi_params;\n        #}\n\n        # deny access to .htaccess files, if Apache's document root\n        # concurs with nginx's one\n        #\n        #location ~ /\\.ht {\n        #    deny  all;\n        #}\n    }\n\n\n    # another virtual host using mix of IP-, name-, and port-based configuration\n    #\n    #server {\n    #    listen       8000;\n    #    listen       somename:8080;\n    #    server_name  somename  alias  another.alias;\n\n    #    location / {\n    #        root   html;\n    #        index  index.html index.htm;\n    #    }\n    #}\n\n\n    # HTTPS server\n    #\n    #server {\n    #    listen       443 ssl;\n    #    server_name  localhost;\n\n    #    ssl_certificate      cert.pem;\n    #    ssl_certificate_key  cert.key;\n\n    #    ssl_session_cache    shared:SSL:1m;\n    #    ssl_session_timeout  5m;\n\n    #    ssl_ciphers  HIGH:!aNULL:!MD5;\n    #    ssl_prefer_server_ciphers  on;\n\n    #    location / {\n    #        root   html;\n    #        index  index.html index.htm;\n    #    }\n    #}\n    include sites-enabled/*;\n\n}\n\n\n\n\nAnd then create the directory \n/etc/nginx/sites-enabled\n\n\nmkdir /etc/nginx/sites-enabled\n\n\n\n\nAnd then create \n/etc/nginx/sites-enabled/proxy_cache.conf\n,\nwhich is \nmostly\n a\n\ncopy-and-paste from this gist\n.\n\n\nNotice the \nserver_name\n. This has to match the entry in\n\n/etc/pacman.d/mirrorlist\n on the client machines you are\nupdating from. If you can use the hostname, great. But if you\nhave to assign static ip addresses and explicitly write the local\nip address instead, then that should match what you write in your mirrorlist.\n\n\nAnd of course your mirrorlist entry\non the client machine, has to preserve the directory scheme.\n\n\n# /etc/pacman.d/mirrorlist\nServer = http://:/archlinux/$repo/os/$arch\n\n\n\n\n# /etc/nginx/sites-enabled/proxy_cache.conf\n# nginx may need to resolve domain names at run time\nresolver 8.8.8.8 8.8.4.4;\n\n# Pacman Cache\nserver\n{\nlisten      80;\nserver_name ; # has to match the entry in mirrorlist on client machine.\nroot        /srv/http/pacman-cache;\nautoindex   on;\n\n    # Requests for package db and signature files should redirect upstream without caching\n    # Well that's the default anyway.\n    # But what if you're spinning up a lot of nspawn containers, don't want to waste all that bandwidth?\n    # I choose to instead run a systemd timer that deletes the *db files once every 15 minutes\n    location ~ \\.(db|sig)$ {\n        try_files $uri @pkg_mirror;\n        # proxy_pass http://mirrors$request_uri;\n    }\n\n    # Requests for actual packages should be served directly from cache if available.\n    #   If not available, retrieve and save the package from an upstream mirror.\n    location ~ \\.tar\\.xz$ {\n        try_files $uri @pkg_mirror;\n    }\n\n    # Retrieve package from upstream mirrors and cache for future requests\n    location @pkg_mirror {\n        proxy_store    on;\n        proxy_redirect off;\n        proxy_store_access  user:rw group:rw all:r;\n        proxy_next_upstream error timeout http_404;\n        proxy_pass          http://mirrors$request_uri;\n    }\n}\n\n# Upstream Arch Linux Mirrors\n# - Configure as many backend mirrors as you want in the blocks below\n# - Servers are used in a round-robin fashion by nginx\n# - Add \"backup\" if you want to only use the mirror upon failure of the other mirrors\n# - Separate \"server\" configurations are required for each upstream mirror so we can set the \"Host\" header appropriately\nupstream mirrors {\nserver localhost:8001;\nserver localhost:8002; # backup\nserver localhost:8003; # backup\n}\n\n# Arch Mirror 1 Proxy Configuration\nserver\n{\nlisten      8001;\nserver_name localhost;\n\n    location / {\n        proxy_pass       http://mirrors.kernel.org$request_uri;\n        proxy_set_header Host mirrors.kernel.org;\n    }\n}\n\n# Arch Mirror 2 Proxy Configuration\nserver\n{\nlisten      8002;\nserver_name localhost;\n\n    location / {\n        proxy_pass       http://mirrors.ocf.berkeley.edu$request_uri;\n        proxy_set_header Host mirrors.ocf.berkeley.edu;\n    }\n}\n\n# Arch Mirror 3 Proxy Configuration\nserver\n{\n    listen      8003;\n    server_name localhost;\n\n    location / {\n        proxy_pass       http://mirrors.cat.pdx.edu$request_uri;\n        proxy_set_header Host mirrors.cat.pdx.edu;\n    }\n}\n\n\n\n\nsystemd service that cleans the proxy cache\n\n\ndon't enable the service, enable the timer\n\n\nsystemctl enable/start /etc/systemd/system/proxy_cache_clean.timer\n\n\n\n\nKeeps the 2 most recent versions of each package using paccache command.\n\n\n# /etc/systemd/system/proxy_cache_clean.service\n[Unit]\nDescription=Clean The pacman proxy cache\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/find /srv/http/pacman-cache/ -type d -exec /usr/bin/paccache -v -r -k 2 -c {} \\;\nStandardOutput=syslog\nStandardError=syslog\n\n\n\n\nsystemd timer for the systemd service that cleans the proxy cache\n\n\n# /etc/systemd/system/proxy_cache_clean.timer\n[Unit]\nDescription=Timer for clean The pacman proxy cache\n\n[Timer]\nOnBootSec=20min\nOnUnitActiveSec=100h\nUnit=proxy_cache_clean.service\n\n[Install]\nWantedBy=timers.target\n\n\n\n\nsystemd service that deletes the pacman database files from the proxy cache\n\n\ndon't enable the service, enable the timer\n\n\nsystemctl enable/start /etc/systemd/system/proxy_cache_database_clean.timer\n\n\n\n\nYou won't need this if you don't cache the database files. But if you do cache\nthe database files, then you'll just be stuck with old database files, unless\nyou periodically delete them. But I'm not sure about all this, will keep an\neye on things.\n\n\n# /etc/systemd/system/proxy_cache_database_clean.service\n[Unit]\nDescription=Clean The pacman proxy cache database\n\n[Service]\nType=oneshot\nExecStart=/bin/bash -c \"for f in $(find /srv -name *db) ; do rm $f; done\"\nStandardOutput=syslog\nStandardError=syslog\n\n\n\n\nsystemd timer for the systemd service that deletes the pacman database files from the proxy cache\n\n\n# /etc/systemd/system/proxy_cache_database_clean.timer\n[Unit]\nDescription=Timer for clean The pacman proxy cache database\n\n[Timer]\nOnBootSec=10min\nOnUnitActiveSec=15min\nUnit=proxy_cache_database_clean.service\n\n[Install]\nWantedBy=timers.target",
+            "text": "Dynamic Cacheing Nginx Reverse Proxy For Pacman\n\n\nYou set up a dynamic cacheing reverse proxy and then you put the ip address or hostname for that server in \n/etc/pacman.d/mirrorlist\n on your client machines.\n\n\nOf course if you want to you can set this up and run it in an\n\nNspawn Container\n.\nThe \nArchWiki Page for pacman tips\n\nmostly spells out what to do, but I want to document\nthe exact steps I would take.\n\n\nAs for how you would run this on a server with other virtual hosts?\nWho cares? That is what is so brilliant about using using an\nnspawn container, in that it behaves like just another\ncomputer on the lan with it's own ip address.  But it only does one\nthing, and that's all you have to configure it for.\n\n\nI see no reason to use nginx-mainline instead of stable.\n\n\npacman -S nginx\n\n\n\n\nThe suggested configuration in the Arch Wiki\nis to create a directory \n/srv/http/pacman-cache\n,\nand that seems to work well enough\n\n\nmkdir /srv/http/pacman-cache\n# and then change it's ownershipt\nchown http:http /srv/http/pacman-cache\n\n\n\n\nnginx configuration\n\n\nand then it references an nginx.conf in\n\nthis gist\n,\nbut that is not a complete nginx.conf and so here is a method to get that\nworking as of July 2017 with a fresh install of nginx.\n\n\nYou can start with a default \n/etc/nginx/nginx.conf\n,\nand add the line \ninclude sites-enabled/*;\n\nat the end of the \nhttp\n section.\n\n\n# /etc/nginx/nginx.conf\n#user html;\nworker_processes  1;\n\n#error_log  logs/error.log;\n#error_log  logs/error.log  notice;\n#error_log  logs/error.log  info;\n\n#pid        logs/nginx.pid;\n\n\nevents {\n    worker_connections  1024;\n}\n\n\nhttp {\n    include       mime.types;\n    default_type  application/octet-stream;\n\n    #log_format  main  '$remote_addr - $remote_user [$time_local] \"$request\" '\n    #                  '$status $body_bytes_sent \"$http_referer\" '\n    #                  '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n\n    #access_log  logs/access.log  main;\n\n    sendfile        on;\n    #tcp_nopush     on;\n\n    #keepalive_timeout  0;\n    keepalive_timeout  65;\n\n    #gzip  on;\n\n    server {\n        listen       80;\n        server_name  localhost;\n\n        #charset koi8-r;\n\n        #access_log  logs/host.access.log  main;\n\n        location / {\n            root   /usr/share/nginx/html;\n            index  index.html index.htm;\n        }\n\n        #error_page  404              /404.html;\n\n        # redirect server error pages to the static page /50x.html\n        #\n        error_page   500 502 503 504  /50x.html;\n        location = /50x.html {\n            root   /usr/share/nginx/html;\n        }\n\n        # proxy the PHP scripts to Apache listening on 127.0.0.1:80\n        #\n        #location ~ \\.php$ {\n        #    proxy_pass   http://127.0.0.1;\n        #}\n\n        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000\n        #\n        #location ~ \\.php$ {\n        #    root           html;\n        #    fastcgi_pass   127.0.0.1:9000;\n        #    fastcgi_index  index.php;\n        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;\n        #    include        fastcgi_params;\n        #}\n\n        # deny access to .htaccess files, if Apache's document root\n        # concurs with nginx's one\n        #\n        #location ~ /\\.ht {\n        #    deny  all;\n        #}\n    }\n\n\n    # another virtual host using mix of IP-, name-, and port-based configuration\n    #\n    #server {\n    #    listen       8000;\n    #    listen       somename:8080;\n    #    server_name  somename  alias  another.alias;\n\n    #    location / {\n    #        root   html;\n    #        index  index.html index.htm;\n    #    }\n    #}\n\n\n    # HTTPS server\n    #\n    #server {\n    #    listen       443 ssl;\n    #    server_name  localhost;\n\n    #    ssl_certificate      cert.pem;\n    #    ssl_certificate_key  cert.key;\n\n    #    ssl_session_cache    shared:SSL:1m;\n    #    ssl_session_timeout  5m;\n\n    #    ssl_ciphers  HIGH:!aNULL:!MD5;\n    #    ssl_prefer_server_ciphers  on;\n\n    #    location / {\n    #        root   html;\n    #        index  index.html index.htm;\n    #    }\n    #}\n    include sites-enabled/*;\n\n}\n\n\n\n\nAnd then create the directory \n/etc/nginx/sites-enabled\n\n\nmkdir /etc/nginx/sites-enabled\n\n\n\n\nAnd then create \n/etc/nginx/sites-enabled/proxy_cache.conf\n,\nwhich is \nmostly\n a\n\ncopy-and-paste from this gist\n.\n\n\nNotice the \nserver_name\n. This has to match the entry in\n\n/etc/pacman.d/mirrorlist\n on the client machines you are\nupdating from. If you can use the hostname, great. But if you\nhave to assign static ip addresses and explicitly write the local\nip address instead, then that should match what you write in your mirrorlist.\n\n\nAnd of course your mirrorlist entry\non the client machine, has to preserve the directory scheme.\n\n\n# /etc/pacman.d/mirrorlist\nServer = http://:/archlinux/$repo/os/$arch\n\n\n\n\n# /etc/nginx/sites-enabled/proxy_cache.conf\n# nginx may need to resolve domain names at run time\nresolver 8.8.8.8 8.8.4.4;\n\n# Pacman Cache\nserver\n{\nlisten      80;\nserver_name ; # has to match the entry in mirrorlist on client machine.\nroot        /srv/http/pacman-cache;\nautoindex   on;\n\n    # Requests for package db and signature files should redirect upstream without caching\n    # Well that's the default anyway.\n    # But what if you're spinning up a lot of nspawn containers, don't want to waste all that bandwidth?\n    # I choose to instead run a systemd timer that deletes the *db files once every 15 minutes\n    location ~ \\.(db|sig)$ {\n        try_files $uri @pkg_mirror;\n        # proxy_pass http://mirrors$request_uri;\n    }\n\n    # Requests for actual packages should be served directly from cache if available.\n    #   If not available, retrieve and save the package from an upstream mirror.\n    location ~ \\.tar\\.xz$ {\n        try_files $uri @pkg_mirror;\n    }\n\n    # Retrieve package from upstream mirrors and cache for future requests\n    location @pkg_mirror {\n        proxy_store    on;\n        proxy_redirect off;\n        proxy_store_access  user:rw group:rw all:r;\n        proxy_next_upstream error timeout http_404;\n        proxy_pass          http://mirrors$request_uri;\n    }\n}\n\n# Upstream Arch Linux Mirrors\n# - Configure as many backend mirrors as you want in the blocks below\n# - Servers are used in a round-robin fashion by nginx\n# - Add \"backup\" if you want to only use the mirror upon failure of the other mirrors\n# - Separate \"server\" configurations are required for each upstream mirror so we can set the \"Host\" header appropriately\nupstream mirrors {\nserver localhost:8001;\nserver localhost:8002; # backup\nserver localhost:8003; # backup\n}\n\n# Arch Mirror 1 Proxy Configuration\nserver\n{\nlisten      8001;\nserver_name localhost;\n\n    location / {\n        proxy_pass       http://mirrors.kernel.org$request_uri;\n        proxy_set_header Host mirrors.kernel.org;\n    }\n}\n\n# Arch Mirror 2 Proxy Configuration\nserver\n{\nlisten      8002;\nserver_name localhost;\n\n    location / {\n        proxy_pass       http://mirrors.ocf.berkeley.edu$request_uri;\n        proxy_set_header Host mirrors.ocf.berkeley.edu;\n    }\n}\n\n# Arch Mirror 3 Proxy Configuration\nserver\n{\n    listen      8003;\n    server_name localhost;\n\n    location / {\n        proxy_pass       http://mirrors.cat.pdx.edu$request_uri;\n        proxy_set_header Host mirrors.cat.pdx.edu;\n    }\n}\n\n\n\n\nsystemd service that cleans the proxy cache\n\n\ndon't enable the service, enable the timer\n\n\nsystemctl enable/start /etc/systemd/system/proxy_cache_clean.timer\n\n\n\n\nKeeps the 2 most recent versions of each package using paccache command.\n\n\n# /etc/systemd/system/proxy_cache_clean.service\n[Unit]\nDescription=Clean The pacman proxy cache\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/find /srv/http/pacman-cache/ -type d -exec /usr/bin/paccache -v -r -k 2 -c {} \\;\nStandardOutput=syslog\nStandardError=syslog\n\n\n\n\nsystemd timer for the systemd service that cleans the proxy cache\n\n\n# /etc/systemd/system/proxy_cache_clean.timer\n[Unit]\nDescription=Timer for clean The pacman proxy cache\n\n[Timer]\nOnBootSec=20min\nOnUnitActiveSec=100h\nUnit=proxy_cache_clean.service\n\n[Install]\nWantedBy=timers.target\n\n\n\n\nsystemd service that deletes the pacman database files from the proxy cache\n\n\ndon't enable the service, enable the timer\n\n\nsystemctl enable/start /etc/systemd/system/proxy_cache_database_clean.timer\n\n\n\n\nYou won't need this if you don't cache the database files. But if you do cache\nthe database files, then you'll just be stuck with old database files, unless\nyou periodically delete them. But I'm not sure about all this, will keep an\neye on things.\n\n\n# /etc/systemd/system/proxy_cache_database_clean.service\n[Unit]\nDescription=Clean The pacman proxy cache database\n\n[Service]\nType=oneshot\nExecStart=/bin/bash -c \"for f in $(find /srv -name *db) ; do rm $f; done\"\nStandardOutput=syslog\nStandardError=syslog\n\n\n\n\nsystemd timer for the systemd service that deletes the pacman database files from the proxy cache\n\n\n# /etc/systemd/system/proxy_cache_database_clean.timer\n[Unit]\nDescription=Timer for clean The pacman proxy cache database\n\n[Timer]\nOnBootSec=10min\nOnUnitActiveSec=15min\nUnit=proxy_cache_database_clean.service\n\n[Install]\nWantedBy=timers.target\n\n\n\n\nIf you prefer cron because the server is actually an ubuntu:16.04 LXD container\n\n\nMake sure single quote in the command here.\n\n\n#!/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\n5,20,35,50 * * * * /bin/bash -c 'for f in $(find /var/www/html/pacman-cache -name *db) ; do rm $f; done'",
             "title": "Dynamic Cacheing Nginx Reverse Proxy For Pacman"
         },
         {
@@ -360,6 +360,11 @@
             "text": "# /etc/systemd/system/proxy_cache_database_clean.timer\n[Unit]\nDescription=Timer for clean The pacman proxy cache database\n\n[Timer]\nOnBootSec=10min\nOnUnitActiveSec=15min\nUnit=proxy_cache_database_clean.service\n\n[Install]\nWantedBy=timers.target",
             "title": "systemd timer for the systemd service that deletes the pacman database files from the proxy cache"
         },
+        {
+            "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/#if-you-prefer-cron-because-the-server-is-actually-an-ubuntu1604-lxd-container",
+            "text": "Make sure single quote in the command here.  #!/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\n5,20,35,50 * * * * /bin/bash -c 'for f in $(find /var/www/html/pacman-cache -name *db) ; do rm $f; done'",
+            "title": "If you prefer cron because the server is actually an ubuntu:16.04 LXD container"
+        },
         {
             "location": "/freebsd_jails_on_freenas/",
             "text": "FreeBSD Jails on FreeNAS\n\n\nMostly a personal distillation for getting a FreeBSD\nJail up and running on FreeNAS.\n\n\nIn The FreeNAS WebGui, Create A New Jail\n\n\nThe default networking configuration, will give\nyour jail an ip address on the lan. For now, I've\ndecided to just share a pkg cache with each jail.\nNavigate to \nJails -> Storage -> Add Storage\n and\nadd the \npkg\n storage directory to \n/var/cache/pkg\n\ninside the jail.  \n\n\nFor instance, on my local FreeNAS server,\nthe pkg directory is at /mnt/VolumeOne/pkg/.\n\n\nIf you ssh into the host server, you can type the command\n\njls\n, to list the jails. Based on the output of the\ncommand \njls\n, you can get a shell with \njexec \n\nof \njexec \n.\n\n\nupdating\n\n\nHow about the command \npkg audit -F\n? Downloads a\nlist of known security issues and checks your system\nagainst that.\n\n\nI would recommend, to myself anyway, to shell into\nthe new jail with \njexec\n, run \npkg upgrade\n to install any new packages,\nand then from the FreeNAS webgui, restart the jail. Although\nthe restarted jail will have a new jail number as reported by\nthe \njls\n command.\n\n\nlocale\n\n\nWhen you use \njexec\n to get a shell, you get an environment\nwith an utf_8 locale. Not so if you ssh into the new jail.\nFor this put the following contents into ~/.login_conf\n\n\n# ~/.login_conf\nme:\\\n        :charset=UTF-8:\\\n        :lang=en_US.UTF-8:\\\n        :setenv=LC_COLLATE=C:\n\n\n\n\nssh\n\n\nTo get ssh running, edit \n/etc/rc.conf\n inside the jail.\n\n\n# /etc/rc.conf\nsshd_enable=\"YES\"\n\n\n\n\nTo start sshd immediately, make any necessary edits to\n/etc/ssh/sshd_config, and run the following command.\n\n\nservice sshd start\n\n\n\n\nByobu\n\n\nYou'll need newt to configure byobu, and if you don't install tmux\nthen screen will become the backend.\n\n\npkg install byobu tmux newt\n\n\n\n\nIf you execute \nbyobu-config\n, by pressing \nf9\n, the\nfollowing options seem to work. Some options, of course,\nwill prevent others from working so you have to enable them\none at a time to see what happens.\n\n\n\n\ndate\n\n\ndisk\n\n\ndistro\n\n\nhostname\n\n\nip address\n\n\nload_average\n\n\nlogo\n\n\ntime\n\n\nuptime\n\n\nusers\n\n\nwhoami\n\n\n\n\nvim\n\n\nVia pkg, there are two options: vim and vim-lite. Note vim will pull\nin a whole bunch of gui dependancies, but vim-lite is not build with python.\n\n\nFor instance, powerline will not work with vim-lite because it's not built with\npython. Also, vim-youcompleteme will not work with vim-lite. However, lightline\nwill work with vim-lite, and VimCompletesMe will work with vim-lite.\n\n\nTo get lightline working update $TERM\n\n\n# ~/.config/fish/config.fish\nexport TERM=xterm-256color\n\n\n\n\nAnd vimrc\n\n\n# ~/.vimrc\nset ls=2\n\n\n\n\nAnother option is to build vim from source via ports. You can prevent vim\nfrom pulling in a bunch of gui dependancies with the following in /etc/make.conf.\n\n\n# /etc/make.conf\nWITHOUT_X11=yes\n\n\n\n\nAnd then when you compile vim from ports, run \nmake config\n where you can enable\npython.\n\n\npython\n\n\nFor python3 virtualenv\n\n\nvirtualenv-3.6 \n\n\n\n\nrunning gitit under the supervision of supervisord\n\n\npy27-supervisor and hs-gitit are available as pkg install, if you want to\nrun a gitit wiki.\n\n\ngitit doesn't come with an init service. To generate a sample config,\nrun \ngitit --print-default-config > gitit.conf\n, and then if you want\nyou can reference gitit.conf by passing gitit the \n-f\n flag.\n\n\nSo for instance, after you install supervisord, add something like the\nfollowing to the end of \n/usr/local/etc/supervisord.conf\n, and create\nthe directory \n/var/log/supervisor/\n.\n\n\n[program:gitit]\nuser=\ndirectory=/path/to/wikidata/directory/\ncommand=/usr/local/bin/gitit -f /usr/local/etc/gitit.conf\nstdout_logfile=/var/log/supervisor/%(program_name)s.log\nstderr_logfile=/var/log/supervisor/%(program_name)s.log\nautorestart=true\n\n\n\n\nsupervisord is a service you can enable in\n\n/etc/rc.conf\n\n\n# /etc/rc.conf\nsupervisord_enable=\"YES\"\n\n\n\n\nand then start with \nservice supervisord start\n\nwhen you get supervisord running, you can start a\nsupervisorctl shell, i.e.\n\n\nsupervisorctl\nsupervisor> status\n# outputs\ngitit                            RUNNING   pid 98057, uptime 0:32:27\nsupervisor> start/restart/stop gitit\nsupervisor> exit\n\n\n\n\nBut there is one other little detail, in that when you try to\nrun gitit as a daemon like this, on FreeBSD it will fail because it can't\nfind git. But the symlink solution is easy enough.\n\n\nln -s /usr/local/bin/git /usr/bin/\n\n\n\n\nAnd you might as well stick a reverse proxy in front of it. Assuming\nyou configure gitit listen only on localhost:5001, install nginx.\n\npkg install nginx\n\n\nenable nginx in /etc/rc.conf\n\n\nnginx_enable=\"YES\"\n\n\n\n\nThen, in the file \n/usr/local/etc/nginx/nginx.conf\n change the location \"\n/\n\"\nso that it looks like this.\n\n\n{\n.....\n        location / {\n            # root   /usr/local/www/nginx;\n            # index  index.html index.htm;\n                proxy_pass http://127.0.0.1:5001;\n                proxy_set_header Host $host;\n                proxy_set_header X-Real-IP $remote_addr;\n                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        }\n....\n}\n\n\n\n\nand then start nginx \nservice nginx start",
diff --git a/site/sitemap.xml b/site/sitemap.xml
index c377320..edaaf92 100644
--- a/site/sitemap.xml
+++ b/site/sitemap.xml
@@ -4,7 +4,7 @@
     
     
      /
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -12,7 +12,7 @@
     
     
      /apt_pinning_artful_aardvark_packages_in_xenial_xerus/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -20,7 +20,7 @@
     
     
      /lxd_container_home_server_networking_for_dummies/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -28,7 +28,7 @@
     
     
      /how_to_reassign_a_static_ip_address_with_dnsmasq/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -36,7 +36,7 @@
     
     
      /serve_and_share_apps_from_your_phone_with_fdroid/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -44,7 +44,7 @@
     
     
      /nspawn/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -52,7 +52,7 @@
     
     
      /mastodon_on_arch/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -60,7 +60,7 @@
     
     
      /debian_nspawn_container_on_arch_for_testing_apache_configurations/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -68,7 +68,7 @@
     
     
      /dynamic_cacheing_nginx_reverse_proxy_for_pacman/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -76,7 +76,7 @@
     
     
      /freebsd_jails_on_freenas/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -84,7 +84,7 @@
     
     
      /arch_redis_nspawn/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -92,7 +92,7 @@
     
     
      /arch_postgresql_nspawn/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -100,7 +100,7 @@
     
     
      /misc_tips_troubleshooting/
-     2017-07-23
+     2017-07-24
      daily
     
     
@@ -108,7 +108,7 @@
     
     
      /self_signed_certs/
-     2017-07-23
+     2017-07-24
      daily