diff --git a/docs/dynamic_cacheing_nginx_reverse_proxy_for_pacman.md b/docs/dynamic_cacheing_nginx_reverse_proxy_for_pacman.md new file mode 100644 index 0000000..1830b32 --- /dev/null +++ b/docs/dynamic_cacheing_nginx_reverse_proxy_for_pacman.md @@ -0,0 +1,352 @@ +# Dynamic Cacheing Nginx Reverse Proxy For Pacman + +## You set up a dynamic cacheing reverse proxy and then you put the ip address or hostname for that server in `/etc/pacman.d/mirrorlist` on your client machines. + +Of course if you want to you can set this up and run it in an +[Nspawn Container](nspawn.md). +The [ArchWiki Page for pacman tips](https://wiki.archlinux.org/index.php/Pacman/Tips_and_tricks#Dynamic_reverse_proxy_cache_using_nginx) +mostly spells out what to do, but I want to document +the exact steps I would take. + +As for how you would run this on a server with other virtual hosts? +Who cares? That is what is so brilliant about using using an +nspawn container, in that it behaves like just another +computer on the lan with it's own ip address. But it only does one +thing, and that's all you have to configure it for. + +I see no reason to use nginx-mainline instead of stable. + +```bash +pacman -S nginx +``` + +The suggested configuration in the Arch Wiki +is to create a directory `/srv/http/pacman-cache`, +and that seems to work well enough + +```bash +mkdir /srv/http/pacman-cache +# and then change it's ownershipt +chown http:http /srv/http/pacman-cache +``` + +## nginx configuration + +and then it references an nginx.conf in +[this gist](https://gist.github.com/anonymous/97ec4148f643de925e433bed3dc7ee7d), +but that is not a complete nginx.conf and so here is a method to get that +working as of July 2017 with a fresh install of nginx. + +You can start with a default `/etc/nginx/nginx.conf`, +and add the line `include sites-enabled/*;` +at the end of the *http* section. + +```text +# /etc/nginx/nginx.conf +#user html; +worker_processes 1; + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +#pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + #access_log logs/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 65; + + #gzip on; + + server { + listen 80; + server_name localhost; + + #charset koi8-r; + + #access_log logs/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + include sites-enabled/*; + +} +``` + +And then create the directory `/etc/nginx/sites-enabled` + +```bash +mkdir /etc/nginx/sites-enabled +``` + +And then create `/etc/nginx/sites-enabled/proxy_cache.conf`, +which is *mostly* a +[copy-and-paste from this gist](https://gist.github.com/anonymous/97ec4148f643de925e433bed3dc7ee7d). + +Notice the *server_name*. This has to match the entry in +`/etc/pacman.d/mirrorlist` on the client machines you are +updating from. If you can use the hostname, great. But if you +have to assign static ip addresses and explicitly write the local +ip address instead, then that should match what you write in your mirrorlist. + +And of course your mirrorlist entry +on the client machine, has to preserve the directory scheme. + +```text +# /etc/pacman.d/mirrorlist +Server = http://:/archlinux/$repo/os/$arch +``` + +```text +# /etc/nginx/sites-enabled/proxy_cache.conf +# nginx may need to resolve domain names at run time +resolver 8.8.8.8 8.8.4.4; + +# Pacman Cache +server +{ +listen 80; +server_name ; # has to match the entry in mirrorlist on client machine. +root /srv/http/pacman-cache; +autoindex on; + + # Requests for package db and signature files should redirect upstream without caching + # Well that's the default anyway. + # But what if you're spinning up a lot of nspawn containers, don't want to waste all that bandwidth? + # I choose to instead run a systemd timer that deletes the *db files once every 15 minutes + location ~ \.(db|sig)$ { + try_files $uri @pkg_mirror; + # proxy_pass http://mirrors$request_uri; + } + + # Requests for actual packages should be served directly from cache if available. + # If not available, retrieve and save the package from an upstream mirror. + location ~ \.tar\.xz$ { + try_files $uri @pkg_mirror; + } + + # Retrieve package from upstream mirrors and cache for future requests + location @pkg_mirror { + proxy_store on; + proxy_redirect off; + proxy_store_access user:rw group:rw all:r; + proxy_next_upstream error timeout http_404; + proxy_pass http://mirrors$request_uri; + } +} + +# Upstream Arch Linux Mirrors +# - Configure as many backend mirrors as you want in the blocks below +# - Servers are used in a round-robin fashion by nginx +# - Add "backup" if you want to only use the mirror upon failure of the other mirrors +# - Separate "server" configurations are required for each upstream mirror so we can set the "Host" header appropriately +upstream mirrors { +server localhost:8001; +server localhost:8002; # backup +server localhost:8003; # backup +} + +# Arch Mirror 1 Proxy Configuration +server +{ +listen 8001; +server_name localhost; + + location / { + proxy_pass http://mirrors.kernel.org$request_uri; + proxy_set_header Host mirrors.kernel.org; + } +} + +# Arch Mirror 2 Proxy Configuration +server +{ +listen 8002; +server_name localhost; + + location / { + proxy_pass http://mirrors.ocf.berkeley.edu$request_uri; + proxy_set_header Host mirrors.ocf.berkeley.edu; + } +} + +# Arch Mirror 3 Proxy Configuration +server +{ + listen 8003; + server_name localhost; + + location / { + proxy_pass http://mirrors.cat.pdx.edu$request_uri; + proxy_set_header Host mirrors.cat.pdx.edu; + } +} +``` + +## systemd service that cleans the proxy cache + +### don't enable the service, enable the timer + +```bash +systemctl enable/start /etc/systemd/system/proxy_cache_clean.timer +``` + +Keeps the 2 most recent versions of each package using paccache command. + +```text +# /etc/systemd/system/proxy_cache_clean.service +[Unit] +Description=Clean The pacman proxy cache + +[Service] +Type=oneshot +ExecStart=/usr/bin/find /srv/http/pacman-cache/ -type d -exec /usr/bin/paccache -v -r -k 2 -c {} \; +StandardOutput=syslog +StandardError=syslog +``` + +## systemd timer for the systemd service that cleans the proxy cache + +```text +# /etc/systemd/system/proxy_cache_clean.timer +[Unit] +Description=Timer for clean The pacman proxy cache + +[Timer] +OnBootSec=20min +OnUnitActiveSec=100h +Unit=proxy_cache_clean.service + +[Install] +WantedBy=timers.target +``` + +## systemd service that deletes the pacman database files from the proxy cache + +### don't enable the service, enable the timer + +```bash +systemctl enable/start /etc/systemd/system/proxy_cache_database_clean.timer +``` + +You won't need this if you don't cache the database files. But if you do cache +the database files, then you'll just be stuck with old database files, unless +you periodically delete them. But I'm not sure about all this, will keep an +eye on things. + +```text +# /etc/systemd/system/proxy_cache_database_clean.service +[Unit] +Description=Clean The pacman proxy cache database + +[Service] +Type=oneshot +ExecStart=/bin/bash -c "for f in $(find /srv -name *db) ; do rm $f; done" +StandardOutput=syslog +StandardError=syslog +``` + +## systemd timer for the systemd service that deletes the pacman database files from the proxy cache + +```text +# /etc/systemd/system/proxy_cache_database_clean.timer +[Unit] +Description=Timer for clean The pacman proxy cache database + +[Timer] +OnBootSec=10min +OnUnitActiveSec=15min +Unit=proxy_cache_database_clean.service + +[Install] +WantedBy=timers.target +``` diff --git a/docs/index.md b/docs/index.md index e1473a7..8b10551 100644 --- a/docs/index.md +++ b/docs/index.md @@ -4,8 +4,10 @@ Obviously, the commit history will reflect the time when these documents are wri * [Serve And Share Apps From Your Phone With Fdroid](serve_and_share_apps_from_your_phone_with_fdroid.md) * [Nspawn Containers](nspawn.md) +* [Dynamic Cacheing Nginx Reverse Proxy For Pacman](dynamic_cacheing_nginx_reverse_proxy_for_pacman.md) * [Quick Dirty Redis Nspawn Container on Arch Linux](arch_redis_nspawn.md) * [Quick Dirty Postgresql Nspawn Container on Arch Linux](arch_postgresql_nspawn.md) +* [Self Signed Certs](self_signed_certs.md) + + + + + + + + + Dynamic Cacheing Nginx Reverse Proxy For Pacman - Trent Docs + + + + + + + + + + + + + + + + +
+ + + + +
+ + + + + +
+
+
+
    +
  • Docs »
  • + + + +
  • Dynamic Cacheing Nginx Reverse Proxy For Pacman
  • +
  • + +
  • +
+
+
+
+
+ +

Dynamic Cacheing Nginx Reverse Proxy For Pacman

+

You set up a dynamic cacheing reverse proxy and then you put the ip address or hostname for that server in /etc/pacman.d/mirrorlist on your client machines.

+

Of course if you want to you can set this up and run it in an +Nspawn Container. +The ArchWiki Page for pacman tips +mostly spells out what to do, but I want to document +the exact steps I would take.

+

As for how you would run this on a server with other virtual hosts? +Who cares? That is what is so brilliant about using using an +nspawn container, in that it behaves like just another +computer on the lan with it's own ip address. But it only does one +thing, and that's all you have to configure it for.

+

I see no reason to use nginx-mainline instead of stable.

+
pacman -S nginx
+
+ +

The suggested configuration in the Arch Wiki +is to create a directory /srv/http/pacman-cache, +and that seems to work well enough

+
mkdir /srv/http/pacman-cache
+# and then change it's ownershipt
+chown http:http /srv/http/pacman-cache
+
+ +

nginx configuration

+

and then it references an nginx.conf in +this gist, +but that is not a complete nginx.conf and so here is a method to get that +working as of July 2017 with a fresh install of nginx.

+

You can start with a default /etc/nginx/nginx.conf, +and add the line include sites-enabled/*; +at the end of the http section.

+
# /etc/nginx/nginx.conf
+#user html;
+worker_processes  1;
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+
+#pid        logs/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    server {
+        listen       80;
+        server_name  localhost;
+
+        #charset koi8-r;
+
+        #access_log  logs/host.access.log  main;
+
+        location / {
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+
+        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+        #
+        #location ~ \.php$ {
+        #    proxy_pass   http://127.0.0.1;
+        #}
+
+        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+        #
+        #location ~ \.php$ {
+        #    root           html;
+        #    fastcgi_pass   127.0.0.1:9000;
+        #    fastcgi_index  index.php;
+        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+        #    include        fastcgi_params;
+        #}
+
+        # deny access to .htaccess files, if Apache's document root
+        # concurs with nginx's one
+        #
+        #location ~ /\.ht {
+        #    deny  all;
+        #}
+    }
+
+
+    # another virtual host using mix of IP-, name-, and port-based configuration
+    #
+    #server {
+    #    listen       8000;
+    #    listen       somename:8080;
+    #    server_name  somename  alias  another.alias;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+
+
+    # HTTPS server
+    #
+    #server {
+    #    listen       443 ssl;
+    #    server_name  localhost;
+
+    #    ssl_certificate      cert.pem;
+    #    ssl_certificate_key  cert.key;
+
+    #    ssl_session_cache    shared:SSL:1m;
+    #    ssl_session_timeout  5m;
+
+    #    ssl_ciphers  HIGH:!aNULL:!MD5;
+    #    ssl_prefer_server_ciphers  on;
+
+    #    location / {
+    #        root   html;
+    #        index  index.html index.htm;
+    #    }
+    #}
+    include sites-enabled/*;
+
+}
+
+ +

And then create the directory /etc/nginx/sites-enabled

+
mkdir /etc/nginx/sites-enabled
+
+ +

And then create /etc/nginx/sites-enabled/proxy_cache.conf, +which is mostly a +copy-and-paste from this gist.

+

Notice the server_name. This has to match the entry in +/etc/pacman.d/mirrorlist on the client machines you are +updating from. If you can use the hostname, great. But if you +have to assign static ip addresses and explicitly write the local +ip address instead, then that should match what you write in your mirrorlist.

+

And of course your mirrorlist entry +on the client machine, has to preserve the directory scheme.

+
# /etc/pacman.d/mirrorlist
+Server = http://<hostname or ip address>:<port if not 80>/archlinux/$repo/os/$arch
+
+ +
# /etc/nginx/sites-enabled/proxy_cache.conf
+# nginx may need to resolve domain names at run time
+resolver 8.8.8.8 8.8.4.4;
+
+# Pacman Cache
+server
+{
+listen      80;
+server_name <hostname or ip address>; # has to match the entry in mirrorlist on client machine.
+root        /srv/http/pacman-cache;
+autoindex   on;
+
+    # Requests for package db and signature files should redirect upstream without caching
+    # Well that's the default anyway.
+    # But what if you're spinning up a lot of nspawn containers, don't want to waste all that bandwidth?
+    # I choose to instead run a systemd timer that deletes the *db files once every 15 minutes
+    location ~ \.(db|sig)$ {
+        try_files $uri @pkg_mirror;
+        # proxy_pass http://mirrors$request_uri;
+    }
+
+    # Requests for actual packages should be served directly from cache if available.
+    #   If not available, retrieve and save the package from an upstream mirror.
+    location ~ \.tar\.xz$ {
+        try_files $uri @pkg_mirror;
+    }
+
+    # Retrieve package from upstream mirrors and cache for future requests
+    location @pkg_mirror {
+        proxy_store    on;
+        proxy_redirect off;
+        proxy_store_access  user:rw group:rw all:r;
+        proxy_next_upstream error timeout http_404;
+        proxy_pass          http://mirrors$request_uri;
+    }
+}
+
+# Upstream Arch Linux Mirrors
+# - Configure as many backend mirrors as you want in the blocks below
+# - Servers are used in a round-robin fashion by nginx
+# - Add "backup" if you want to only use the mirror upon failure of the other mirrors
+# - Separate "server" configurations are required for each upstream mirror so we can set the "Host" header appropriately
+upstream mirrors {
+server localhost:8001;
+server localhost:8002; # backup
+server localhost:8003; # backup
+}
+
+# Arch Mirror 1 Proxy Configuration
+server
+{
+listen      8001;
+server_name localhost;
+
+    location / {
+        proxy_pass       http://mirrors.kernel.org$request_uri;
+        proxy_set_header Host mirrors.kernel.org;
+    }
+}
+
+# Arch Mirror 2 Proxy Configuration
+server
+{
+listen      8002;
+server_name localhost;
+
+    location / {
+        proxy_pass       http://mirrors.ocf.berkeley.edu$request_uri;
+        proxy_set_header Host mirrors.ocf.berkeley.edu;
+    }
+}
+
+# Arch Mirror 3 Proxy Configuration
+server
+{
+    listen      8003;
+    server_name localhost;
+
+    location / {
+        proxy_pass       http://mirrors.cat.pdx.edu$request_uri;
+        proxy_set_header Host mirrors.cat.pdx.edu;
+    }
+}
+
+ +

systemd service that cleans the proxy cache

+

don't enable the service, enable the timer

+
systemctl enable/start /etc/systemd/system/proxy_cache_clean.timer
+
+ +

Keeps the 2 most recent versions of each package using paccache command.

+
# /etc/systemd/system/proxy_cache_clean.service
+[Unit]
+Description=Clean The pacman proxy cache
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/find /srv/http/pacman-cache/ -type d -exec /usr/bin/paccache -v -r -k 2 -c {} \;
+StandardOutput=syslog
+StandardError=syslog
+
+ +

systemd timer for the systemd service that cleans the proxy cache

+
# /etc/systemd/system/proxy_cache_clean.timer
+[Unit]
+Description=Timer for clean The pacman proxy cache
+
+[Timer]
+OnBootSec=20min
+OnUnitActiveSec=100h
+Unit=proxy_cache_clean.service
+
+[Install]
+WantedBy=timers.target
+
+ +

systemd service that deletes the pacman database files from the proxy cache

+

don't enable the service, enable the timer

+
systemctl enable/start /etc/systemd/system/proxy_cache_database_clean.timer
+
+ +

You won't need this if you don't cache the database files. But if you do cache +the database files, then you'll just be stuck with old database files, unless +you periodically delete them. But I'm not sure about all this, will keep an +eye on things.

+
# /etc/systemd/system/proxy_cache_database_clean.service
+[Unit]
+Description=Clean The pacman proxy cache database
+
+[Service]
+Type=oneshot
+ExecStart=/bin/bash -c "for f in $(find /srv -name *db) ; do rm $f; done"
+StandardOutput=syslog
+StandardError=syslog
+
+ +

systemd timer for the systemd service that deletes the pacman database files from the proxy cache

+
# /etc/systemd/system/proxy_cache_database_clean.timer
+[Unit]
+Description=Timer for clean The pacman proxy cache database
+
+[Timer]
+OnBootSec=10min
+OnUnitActiveSec=15min
+Unit=proxy_cache_database_clean.service
+
+[Install]
+WantedBy=timers.target
+
+ +
+
+ + +
+
+ +
+ +
+ +
+ + + + « Previous + + + Next » + + +
+ + + + diff --git a/site/index.html b/site/index.html index 67cd5db..30e33a1 100644 --- a/site/index.html +++ b/site/index.html @@ -76,6 +76,11 @@
  • + Dynamic Cacheing Nginx Reverse Proxy For Pacman +
  • + +
  • + Quick Dirty Redis Nspawn Container on Arch Linux
  • @@ -84,6 +89,11 @@ Quick Dirty Postgresql Nspawn Container on Arch Linux +
  • + + Self Signed Certs +
  • +   @@ -122,8 +132,10 @@ diff --git a/site/mkdocs/search_index.json b/site/mkdocs/search_index.json index 643dc0f..3d41a9b 100644 --- a/site/mkdocs/search_index.json +++ b/site/mkdocs/search_index.json @@ -2,7 +2,7 @@ "docs": [ { "location": "/", - "text": "Welcome to Trent Docs\n\n\nGit Repo For These Docs\n\n\nObviously, the commit history will reflect the time when these documents are written.\n\n\n\n\nServe And Share Apps From Your Phone With Fdroid\n\n\nNspawn Containers\n\n\nQuick Dirty Redis Nspawn Container on Arch Linux\n\n\nQuick Dirty Postgresql Nspawn Container on Arch Linux", + "text": "Welcome to Trent Docs\n\n\nGit Repo For These Docs\n\n\nObviously, the commit history will reflect the time when these documents are written.\n\n\n\n\nServe And Share Apps From Your Phone With Fdroid\n\n\nNspawn Containers\n\n\nDynamic Cacheing Nginx Reverse Proxy For Pacman\n\n\nQuick Dirty Redis Nspawn Container on Arch Linux\n\n\nQuick Dirty Postgresql Nspawn Container on Arch Linux\n\n\nSelf Signed Certs", "title": "Home" }, { @@ -12,7 +12,7 @@ }, { "location": "/#git-repo-for-these-docs", - "text": "Obviously, the commit history will reflect the time when these documents are written. Serve And Share Apps From Your Phone With Fdroid Nspawn Containers Quick Dirty Redis Nspawn Container on Arch Linux Quick Dirty Postgresql Nspawn Container on Arch Linux", + "text": "Obviously, the commit history will reflect the time when these documents are written. Serve And Share Apps From Your Phone With Fdroid Nspawn Containers Dynamic Cacheing Nginx Reverse Proxy For Pacman Quick Dirty Redis Nspawn Container on Arch Linux Quick Dirty Postgresql Nspawn Container on Arch Linux Self Signed Certs", "title": "Git Repo For These Docs" }, { @@ -180,6 +180,56 @@ "text": "You can start/stop nspawn containers with machinectl command. You can start nspawn containers with systemd-nspawn command. You can configure the systemd service for a container with @nspawn.service file override Or you can configure an nspawn container with a dot.nspawn file But in regards to the above list\nI have noticed differences in behaviour,\nin some scenarios, concerning file attributes\nfor bind mounts. Another curiosity: when you have nspawn containers natted on VirtualEthernet connections,\nthey might be able to ping each other at 10.x.y.z, but not resolve each other. But they might\nbe able to resolve each other if they are all connected to the same bridge interface or nspawn\nnetwork zone, but will randomly resolve each other in any of the 10.x.y.z, 169.x.y.z,\nor fe80::....:....:....%host (ipv6 local) spaces, which would complicate configuring the containers\nto talk to each other. But I intend to look into this some more.", "title": "Final Observations" }, + { + "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/", + "text": "Dynamic Cacheing Nginx Reverse Proxy For Pacman\n\n\nYou set up a dynamic cacheing reverse proxy and then you put the ip address or hostname for that server in \n/etc/pacman.d/mirrorlist\n on your client machines.\n\n\nOf course if you want to you can set this up and run it in an\n\nNspawn Container\n.\nThe \nArchWiki Page for pacman tips\n\nmostly spells out what to do, but I want to document\nthe exact steps I would take.\n\n\nAs for how you would run this on a server with other virtual hosts?\nWho cares? That is what is so brilliant about using using an\nnspawn container, in that it behaves like just another\ncomputer on the lan with it's own ip address. But it only does one\nthing, and that's all you have to configure it for.\n\n\nI see no reason to use nginx-mainline instead of stable.\n\n\npacman -S nginx\n\n\n\n\nThe suggested configuration in the Arch Wiki\nis to create a directory \n/srv/http/pacman-cache\n,\nand that seems to work well enough\n\n\nmkdir /srv/http/pacman-cache\n# and then change it's ownershipt\nchown http:http /srv/http/pacman-cache\n\n\n\n\nnginx configuration\n\n\nand then it references an nginx.conf in\n\nthis gist\n,\nbut that is not a complete nginx.conf and so here is a method to get that\nworking as of July 2017 with a fresh install of nginx.\n\n\nYou can start with a default \n/etc/nginx/nginx.conf\n,\nand add the line \ninclude sites-enabled/*;\n\nat the end of the \nhttp\n section.\n\n\n# /etc/nginx/nginx.conf\n#user html;\nworker_processes 1;\n\n#error_log logs/error.log;\n#error_log logs/error.log notice;\n#error_log logs/error.log info;\n\n#pid logs/nginx.pid;\n\n\nevents {\n worker_connections 1024;\n}\n\n\nhttp {\n include mime.types;\n default_type application/octet-stream;\n\n #log_format main '$remote_addr - $remote_user [$time_local] \"$request\" '\n # '$status $body_bytes_sent \"$http_referer\" '\n # '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n\n #access_log logs/access.log main;\n\n sendfile on;\n #tcp_nopush on;\n\n #keepalive_timeout 0;\n keepalive_timeout 65;\n\n #gzip on;\n\n server {\n listen 80;\n server_name localhost;\n\n #charset koi8-r;\n\n #access_log logs/host.access.log main;\n\n location / {\n root /usr/share/nginx/html;\n index index.html index.htm;\n }\n\n #error_page 404 /404.html;\n\n # redirect server error pages to the static page /50x.html\n #\n error_page 500 502 503 504 /50x.html;\n location = /50x.html {\n root /usr/share/nginx/html;\n }\n\n # proxy the PHP scripts to Apache listening on 127.0.0.1:80\n #\n #location ~ \\.php$ {\n # proxy_pass http://127.0.0.1;\n #}\n\n # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000\n #\n #location ~ \\.php$ {\n # root html;\n # fastcgi_pass 127.0.0.1:9000;\n # fastcgi_index index.php;\n # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;\n # include fastcgi_params;\n #}\n\n # deny access to .htaccess files, if Apache's document root\n # concurs with nginx's one\n #\n #location ~ /\\.ht {\n # deny all;\n #}\n }\n\n\n # another virtual host using mix of IP-, name-, and port-based configuration\n #\n #server {\n # listen 8000;\n # listen somename:8080;\n # server_name somename alias another.alias;\n\n # location / {\n # root html;\n # index index.html index.htm;\n # }\n #}\n\n\n # HTTPS server\n #\n #server {\n # listen 443 ssl;\n # server_name localhost;\n\n # ssl_certificate cert.pem;\n # ssl_certificate_key cert.key;\n\n # ssl_session_cache shared:SSL:1m;\n # ssl_session_timeout 5m;\n\n # ssl_ciphers HIGH:!aNULL:!MD5;\n # ssl_prefer_server_ciphers on;\n\n # location / {\n # root html;\n # index index.html index.htm;\n # }\n #}\n include sites-enabled/*;\n\n}\n\n\n\n\nAnd then create the directory \n/etc/nginx/sites-enabled\n\n\nmkdir /etc/nginx/sites-enabled\n\n\n\n\nAnd then create \n/etc/nginx/sites-enabled/proxy_cache.conf\n,\nwhich is \nmostly\n a\n\ncopy-and-paste from this gist\n.\n\n\nNotice the \nserver_name\n. This has to match the entry in\n\n/etc/pacman.d/mirrorlist\n on the client machines you are\nupdating from. If you can use the hostname, great. But if you\nhave to assign static ip addresses and explicitly write the local\nip address instead, then that should match what you write in your mirrorlist.\n\n\nAnd of course your mirrorlist entry\non the client machine, has to preserve the directory scheme.\n\n\n# /etc/pacman.d/mirrorlist\nServer = http://:/archlinux/$repo/os/$arch\n\n\n\n\n# /etc/nginx/sites-enabled/proxy_cache.conf\n# nginx may need to resolve domain names at run time\nresolver 8.8.8.8 8.8.4.4;\n\n# Pacman Cache\nserver\n{\nlisten 80;\nserver_name ; # has to match the entry in mirrorlist on client machine.\nroot /srv/http/pacman-cache;\nautoindex on;\n\n # Requests for package db and signature files should redirect upstream without caching\n # Well that's the default anyway.\n # But what if you're spinning up a lot of nspawn containers, don't want to waste all that bandwidth?\n # I choose to instead run a systemd timer that deletes the *db files once every 15 minutes\n location ~ \\.(db|sig)$ {\n try_files $uri @pkg_mirror;\n # proxy_pass http://mirrors$request_uri;\n }\n\n # Requests for actual packages should be served directly from cache if available.\n # If not available, retrieve and save the package from an upstream mirror.\n location ~ \\.tar\\.xz$ {\n try_files $uri @pkg_mirror;\n }\n\n # Retrieve package from upstream mirrors and cache for future requests\n location @pkg_mirror {\n proxy_store on;\n proxy_redirect off;\n proxy_store_access user:rw group:rw all:r;\n proxy_next_upstream error timeout http_404;\n proxy_pass http://mirrors$request_uri;\n }\n}\n\n# Upstream Arch Linux Mirrors\n# - Configure as many backend mirrors as you want in the blocks below\n# - Servers are used in a round-robin fashion by nginx\n# - Add \"backup\" if you want to only use the mirror upon failure of the other mirrors\n# - Separate \"server\" configurations are required for each upstream mirror so we can set the \"Host\" header appropriately\nupstream mirrors {\nserver localhost:8001;\nserver localhost:8002; # backup\nserver localhost:8003; # backup\n}\n\n# Arch Mirror 1 Proxy Configuration\nserver\n{\nlisten 8001;\nserver_name localhost;\n\n location / {\n proxy_pass http://mirrors.kernel.org$request_uri;\n proxy_set_header Host mirrors.kernel.org;\n }\n}\n\n# Arch Mirror 2 Proxy Configuration\nserver\n{\nlisten 8002;\nserver_name localhost;\n\n location / {\n proxy_pass http://mirrors.ocf.berkeley.edu$request_uri;\n proxy_set_header Host mirrors.ocf.berkeley.edu;\n }\n}\n\n# Arch Mirror 3 Proxy Configuration\nserver\n{\n listen 8003;\n server_name localhost;\n\n location / {\n proxy_pass http://mirrors.cat.pdx.edu$request_uri;\n proxy_set_header Host mirrors.cat.pdx.edu;\n }\n}\n\n\n\n\nsystemd service that cleans the proxy cache\n\n\ndon't enable the service, enable the timer\n\n\nsystemctl enable/start /etc/systemd/system/proxy_cache_clean.timer\n\n\n\n\nKeeps the 2 most recent versions of each package using paccache command.\n\n\n# /etc/systemd/system/proxy_cache_clean.service\n[Unit]\nDescription=Clean The pacman proxy cache\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/find /srv/http/pacman-cache/ -type d -exec /usr/bin/paccache -v -r -k 2 -c {} \\;\nStandardOutput=syslog\nStandardError=syslog\n\n\n\n\nsystemd timer for the systemd service that cleans the proxy cache\n\n\n# /etc/systemd/system/proxy_cache_clean.timer\n[Unit]\nDescription=Timer for clean The pacman proxy cache\n\n[Timer]\nOnBootSec=20min\nOnUnitActiveSec=100h\nUnit=proxy_cache_clean.service\n\n[Install]\nWantedBy=timers.target\n\n\n\n\nsystemd service that deletes the pacman database files from the proxy cache\n\n\ndon't enable the service, enable the timer\n\n\nsystemctl enable/start /etc/systemd/system/proxy_cache_database_clean.timer\n\n\n\n\nYou won't need this if you don't cache the database files. But if you do cache\nthe database files, then you'll just be stuck with old database files, unless\nyou periodically delete them. But I'm not sure about all this, will keep an\neye on things.\n\n\n# /etc/systemd/system/proxy_cache_database_clean.service\n[Unit]\nDescription=Clean The pacman proxy cache database\n\n[Service]\nType=oneshot\nExecStart=/bin/bash -c \"for f in $(find /srv -name *db) ; do rm $f; done\"\nStandardOutput=syslog\nStandardError=syslog\n\n\n\n\nsystemd timer for the systemd service that deletes the pacman database files from the proxy cache\n\n\n# /etc/systemd/system/proxy_cache_database_clean.timer\n[Unit]\nDescription=Timer for clean The pacman proxy cache database\n\n[Timer]\nOnBootSec=10min\nOnUnitActiveSec=15min\nUnit=proxy_cache_database_clean.service\n\n[Install]\nWantedBy=timers.target", + "title": "Dynamic Cacheing Nginx Reverse Proxy For Pacman" + }, + { + "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/#dynamic-cacheing-nginx-reverse-proxy-for-pacman", + "text": "", + "title": "Dynamic Cacheing Nginx Reverse Proxy For Pacman" + }, + { + "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/#you-set-up-a-dynamic-cacheing-reverse-proxy-and-then-you-put-the-ip-address-or-hostname-for-that-server-in-etcpacmandmirrorlist-on-your-client-machines", + "text": "Of course if you want to you can set this up and run it in an Nspawn Container .\nThe ArchWiki Page for pacman tips \nmostly spells out what to do, but I want to document\nthe exact steps I would take. As for how you would run this on a server with other virtual hosts?\nWho cares? That is what is so brilliant about using using an\nnspawn container, in that it behaves like just another\ncomputer on the lan with it's own ip address. But it only does one\nthing, and that's all you have to configure it for. I see no reason to use nginx-mainline instead of stable. pacman -S nginx The suggested configuration in the Arch Wiki\nis to create a directory /srv/http/pacman-cache ,\nand that seems to work well enough mkdir /srv/http/pacman-cache\n# and then change it's ownershipt\nchown http:http /srv/http/pacman-cache", + "title": "You set up a dynamic cacheing reverse proxy and then you put the ip address or hostname for that server in /etc/pacman.d/mirrorlist on your client machines." + }, + { + "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/#nginx-configuration", + "text": "and then it references an nginx.conf in this gist ,\nbut that is not a complete nginx.conf and so here is a method to get that\nworking as of July 2017 with a fresh install of nginx. You can start with a default /etc/nginx/nginx.conf ,\nand add the line include sites-enabled/*; \nat the end of the http section. # /etc/nginx/nginx.conf\n#user html;\nworker_processes 1;\n\n#error_log logs/error.log;\n#error_log logs/error.log notice;\n#error_log logs/error.log info;\n\n#pid logs/nginx.pid;\n\n\nevents {\n worker_connections 1024;\n}\n\n\nhttp {\n include mime.types;\n default_type application/octet-stream;\n\n #log_format main '$remote_addr - $remote_user [$time_local] \"$request\" '\n # '$status $body_bytes_sent \"$http_referer\" '\n # '\"$http_user_agent\" \"$http_x_forwarded_for\"';\n\n #access_log logs/access.log main;\n\n sendfile on;\n #tcp_nopush on;\n\n #keepalive_timeout 0;\n keepalive_timeout 65;\n\n #gzip on;\n\n server {\n listen 80;\n server_name localhost;\n\n #charset koi8-r;\n\n #access_log logs/host.access.log main;\n\n location / {\n root /usr/share/nginx/html;\n index index.html index.htm;\n }\n\n #error_page 404 /404.html;\n\n # redirect server error pages to the static page /50x.html\n #\n error_page 500 502 503 504 /50x.html;\n location = /50x.html {\n root /usr/share/nginx/html;\n }\n\n # proxy the PHP scripts to Apache listening on 127.0.0.1:80\n #\n #location ~ \\.php$ {\n # proxy_pass http://127.0.0.1;\n #}\n\n # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000\n #\n #location ~ \\.php$ {\n # root html;\n # fastcgi_pass 127.0.0.1:9000;\n # fastcgi_index index.php;\n # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;\n # include fastcgi_params;\n #}\n\n # deny access to .htaccess files, if Apache's document root\n # concurs with nginx's one\n #\n #location ~ /\\.ht {\n # deny all;\n #}\n }\n\n\n # another virtual host using mix of IP-, name-, and port-based configuration\n #\n #server {\n # listen 8000;\n # listen somename:8080;\n # server_name somename alias another.alias;\n\n # location / {\n # root html;\n # index index.html index.htm;\n # }\n #}\n\n\n # HTTPS server\n #\n #server {\n # listen 443 ssl;\n # server_name localhost;\n\n # ssl_certificate cert.pem;\n # ssl_certificate_key cert.key;\n\n # ssl_session_cache shared:SSL:1m;\n # ssl_session_timeout 5m;\n\n # ssl_ciphers HIGH:!aNULL:!MD5;\n # ssl_prefer_server_ciphers on;\n\n # location / {\n # root html;\n # index index.html index.htm;\n # }\n #}\n include sites-enabled/*;\n\n} And then create the directory /etc/nginx/sites-enabled mkdir /etc/nginx/sites-enabled And then create /etc/nginx/sites-enabled/proxy_cache.conf ,\nwhich is mostly a copy-and-paste from this gist . Notice the server_name . This has to match the entry in /etc/pacman.d/mirrorlist on the client machines you are\nupdating from. If you can use the hostname, great. But if you\nhave to assign static ip addresses and explicitly write the local\nip address instead, then that should match what you write in your mirrorlist. And of course your mirrorlist entry\non the client machine, has to preserve the directory scheme. # /etc/pacman.d/mirrorlist\nServer = http://:/archlinux/$repo/os/$arch # /etc/nginx/sites-enabled/proxy_cache.conf\n# nginx may need to resolve domain names at run time\nresolver 8.8.8.8 8.8.4.4;\n\n# Pacman Cache\nserver\n{\nlisten 80;\nserver_name ; # has to match the entry in mirrorlist on client machine.\nroot /srv/http/pacman-cache;\nautoindex on;\n\n # Requests for package db and signature files should redirect upstream without caching\n # Well that's the default anyway.\n # But what if you're spinning up a lot of nspawn containers, don't want to waste all that bandwidth?\n # I choose to instead run a systemd timer that deletes the *db files once every 15 minutes\n location ~ \\.(db|sig)$ {\n try_files $uri @pkg_mirror;\n # proxy_pass http://mirrors$request_uri;\n }\n\n # Requests for actual packages should be served directly from cache if available.\n # If not available, retrieve and save the package from an upstream mirror.\n location ~ \\.tar\\.xz$ {\n try_files $uri @pkg_mirror;\n }\n\n # Retrieve package from upstream mirrors and cache for future requests\n location @pkg_mirror {\n proxy_store on;\n proxy_redirect off;\n proxy_store_access user:rw group:rw all:r;\n proxy_next_upstream error timeout http_404;\n proxy_pass http://mirrors$request_uri;\n }\n}\n\n# Upstream Arch Linux Mirrors\n# - Configure as many backend mirrors as you want in the blocks below\n# - Servers are used in a round-robin fashion by nginx\n# - Add \"backup\" if you want to only use the mirror upon failure of the other mirrors\n# - Separate \"server\" configurations are required for each upstream mirror so we can set the \"Host\" header appropriately\nupstream mirrors {\nserver localhost:8001;\nserver localhost:8002; # backup\nserver localhost:8003; # backup\n}\n\n# Arch Mirror 1 Proxy Configuration\nserver\n{\nlisten 8001;\nserver_name localhost;\n\n location / {\n proxy_pass http://mirrors.kernel.org$request_uri;\n proxy_set_header Host mirrors.kernel.org;\n }\n}\n\n# Arch Mirror 2 Proxy Configuration\nserver\n{\nlisten 8002;\nserver_name localhost;\n\n location / {\n proxy_pass http://mirrors.ocf.berkeley.edu$request_uri;\n proxy_set_header Host mirrors.ocf.berkeley.edu;\n }\n}\n\n# Arch Mirror 3 Proxy Configuration\nserver\n{\n listen 8003;\n server_name localhost;\n\n location / {\n proxy_pass http://mirrors.cat.pdx.edu$request_uri;\n proxy_set_header Host mirrors.cat.pdx.edu;\n }\n}", + "title": "nginx configuration" + }, + { + "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/#systemd-service-that-cleans-the-proxy-cache", + "text": "", + "title": "systemd service that cleans the proxy cache" + }, + { + "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/#dont-enable-the-service-enable-the-timer", + "text": "systemctl enable/start /etc/systemd/system/proxy_cache_clean.timer Keeps the 2 most recent versions of each package using paccache command. # /etc/systemd/system/proxy_cache_clean.service\n[Unit]\nDescription=Clean The pacman proxy cache\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/find /srv/http/pacman-cache/ -type d -exec /usr/bin/paccache -v -r -k 2 -c {} \\;\nStandardOutput=syslog\nStandardError=syslog", + "title": "don't enable the service, enable the timer" + }, + { + "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/#systemd-timer-for-the-systemd-service-that-cleans-the-proxy-cache", + "text": "# /etc/systemd/system/proxy_cache_clean.timer\n[Unit]\nDescription=Timer for clean The pacman proxy cache\n\n[Timer]\nOnBootSec=20min\nOnUnitActiveSec=100h\nUnit=proxy_cache_clean.service\n\n[Install]\nWantedBy=timers.target", + "title": "systemd timer for the systemd service that cleans the proxy cache" + }, + { + "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/#systemd-service-that-deletes-the-pacman-database-files-from-the-proxy-cache", + "text": "", + "title": "systemd service that deletes the pacman database files from the proxy cache" + }, + { + "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/#dont-enable-the-service-enable-the-timer_1", + "text": "systemctl enable/start /etc/systemd/system/proxy_cache_database_clean.timer You won't need this if you don't cache the database files. But if you do cache\nthe database files, then you'll just be stuck with old database files, unless\nyou periodically delete them. But I'm not sure about all this, will keep an\neye on things. # /etc/systemd/system/proxy_cache_database_clean.service\n[Unit]\nDescription=Clean The pacman proxy cache database\n\n[Service]\nType=oneshot\nExecStart=/bin/bash -c \"for f in $(find /srv -name *db) ; do rm $f; done\"\nStandardOutput=syslog\nStandardError=syslog", + "title": "don't enable the service, enable the timer" + }, + { + "location": "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/#systemd-timer-for-the-systemd-service-that-deletes-the-pacman-database-files-from-the-proxy-cache", + "text": "# /etc/systemd/system/proxy_cache_database_clean.timer\n[Unit]\nDescription=Timer for clean The pacman proxy cache database\n\n[Timer]\nOnBootSec=10min\nOnUnitActiveSec=15min\nUnit=proxy_cache_database_clean.service\n\n[Install]\nWantedBy=timers.target", + "title": "systemd timer for the systemd service that deletes the pacman database files from the proxy cache" + }, { "location": "/arch_redis_nspawn/", "text": "Quick Dirty Redis Nspawn Container on Arch Linux\n\n\nRefer to the \nNspawn\n page for setting up the nspawn container,\ninstall redis, and start/enable redis.service.\nOnce you have the container running, it seems all you have to do to get\nthings working in a container subnet is to change the bind address.\n\n\n# /etc/redis.conf\n# bind 127.0.0.1\nbind 0.0.0.0\n\n\n\n\nyou can nmap port 6379, be sure to restart redis\n\n\nAgain I would refer you to the Arch Wiki", @@ -199,6 +249,16 @@ "location": "/arch_postgresql_nspawn/#quick-dirty-postgresql-nspawn-container-on-arch-linux", "text": "Refer to the Nspawn page for setting up the nspawn container. \nAnd then refer the ArchWiki instructions \nfor postgresql. You'll want to install postgresql, set a password for the default user postgres ,\nand then login as postgres and initilize the database. pacman -S postgresql\n# passwd for postgresql user \npasswd postgres \n# login as postgres \nsu -l postgres\n# initialize the databse cluster\n[postgres]$ initdb --locale $LANG -E UTF8 -D '/var/lib/postgres/data' You'll need to configure /var/lib/postgres/data/pg_hba.conf and /var/lib/postgres/data/postgresql.conf for remote access,\npresumably with an identd daemon in mind. The ident daemon will\nlisten on port 113, not on the machine with the database server,\nbut it listens from the machine where is the client that remotely\nwants to access the database.", "title": "Quick Dirty Postgresql Nspawn Container on Arch Linux" + }, + { + "location": "/self_signed_certs/", + "text": "Setting up Self-Signed Certs\n\n\nThis \njamielinux\n\nblog post looks promising.", + "title": "Self Signed Certs" + }, + { + "location": "/self_signed_certs/#setting-up-self-signed-certs", + "text": "This jamielinux \nblog post looks promising.", + "title": "Setting up Self-Signed Certs" } ] } \ No newline at end of file diff --git a/site/nspawn/index.html b/site/nspawn/index.html index c069075..aa31f59 100644 --- a/site/nspawn/index.html +++ b/site/nspawn/index.html @@ -86,6 +86,11 @@
  • + Dynamic Cacheing Nginx Reverse Proxy For Pacman +
  • + +
  • + Quick Dirty Redis Nspawn Container on Arch Linux
  • @@ -94,6 +99,11 @@ Quick Dirty Postgresql Nspawn Container on Arch Linux +
  • + + Self Signed Certs +
  • +   @@ -275,7 +285,7 @@ to talk to each other. But I intend to look into this some more.

    diff --git a/site/search.html b/site/search.html index c8a2852..18b0bb7 100644 --- a/site/search.html +++ b/site/search.html @@ -60,6 +60,11 @@
  • + Dynamic Cacheing Nginx Reverse Proxy For Pacman +
  • + +
  • + Quick Dirty Redis Nspawn Container on Arch Linux
  • @@ -68,6 +73,11 @@ Quick Dirty Postgresql Nspawn Container on Arch Linux +
  • + + Self Signed Certs +
  • +   diff --git a/site/self_signed_certs/index.html b/site/self_signed_certs/index.html new file mode 100644 index 0000000..094b15c --- /dev/null +++ b/site/self_signed_certs/index.html @@ -0,0 +1,168 @@ + + + + + + + + + + + Self Signed Certs - Trent Docs + + + + + + + + + + + + + + + + +
    + + + + +
    + + + + + +
    +
    +
    +
      +
    • Docs »
    • + + + +
    • Self Signed Certs
    • +
    • + +
    • +
    +
    +
    +
    +
    + +

    Setting up Self-Signed Certs

    +

    This jamielinux +blog post looks promising.

    + +
    +
    + + +
    +
    + +
    + +
    + +
    + + + + « Previous + + + +
    + + + + diff --git a/site/serve_and_share_apps_from_your_phone_with_fdroid/index.html b/site/serve_and_share_apps_from_your_phone_with_fdroid/index.html index b4839cc..63d37ea 100644 --- a/site/serve_and_share_apps_from_your_phone_with_fdroid/index.html +++ b/site/serve_and_share_apps_from_your_phone_with_fdroid/index.html @@ -98,6 +98,11 @@
  • + Dynamic Cacheing Nginx Reverse Proxy For Pacman +
  • + +
  • + Quick Dirty Redis Nspawn Container on Arch Linux
  • @@ -106,6 +111,11 @@ Quick Dirty Postgresql Nspawn Container on Arch Linux +
  • + + Self Signed Certs +
  • +   diff --git a/site/sitemap.xml b/site/sitemap.xml index ff2a604..1c4d3d3 100644 --- a/site/sitemap.xml +++ b/site/sitemap.xml @@ -4,7 +4,7 @@ / - 2017-06-29 + 2017-07-01 daily @@ -12,7 +12,7 @@ /serve_and_share_apps_from_your_phone_with_fdroid/ - 2017-06-29 + 2017-07-01 daily @@ -20,7 +20,15 @@ /nspawn/ - 2017-06-29 + 2017-07-01 + daily + + + + + + /dynamic_cacheing_nginx_reverse_proxy_for_pacman/ + 2017-07-01 daily @@ -28,7 +36,7 @@ /arch_redis_nspawn/ - 2017-06-29 + 2017-07-01 daily @@ -36,7 +44,15 @@ /arch_postgresql_nspawn/ - 2017-06-29 + 2017-07-01 + daily + + + + + + /self_signed_certs/ + 2017-07-01 daily