mirror of
https://github.com/TrentSPalmer/trentdocs_website.git
synced 2024-11-23 08:01:30 -08:00
add docs/dynamic_cacheing_nginx_reverse_proxy_for_pacman.md and start
self_signed_certs.md
This commit is contained in:
parent
6dd8b8796a
commit
9919cb4d95
352
docs/dynamic_cacheing_nginx_reverse_proxy_for_pacman.md
Normal file
352
docs/dynamic_cacheing_nginx_reverse_proxy_for_pacman.md
Normal file
@ -0,0 +1,352 @@
|
|||||||
|
# Dynamic Cacheing Nginx Reverse Proxy For Pacman
|
||||||
|
|
||||||
|
## You set up a dynamic cacheing reverse proxy and then you put the ip address or hostname for that server in `/etc/pacman.d/mirrorlist` on your client machines.
|
||||||
|
|
||||||
|
Of course if you want to you can set this up and run it in an
|
||||||
|
[Nspawn Container](nspawn.md).
|
||||||
|
The [ArchWiki Page for pacman tips](https://wiki.archlinux.org/index.php/Pacman/Tips_and_tricks#Dynamic_reverse_proxy_cache_using_nginx)
|
||||||
|
mostly spells out what to do, but I want to document
|
||||||
|
the exact steps I would take.
|
||||||
|
|
||||||
|
As for how you would run this on a server with other virtual hosts?
|
||||||
|
Who cares? That is what is so brilliant about using using an
|
||||||
|
nspawn container, in that it behaves like just another
|
||||||
|
computer on the lan with it's own ip address. But it only does one
|
||||||
|
thing, and that's all you have to configure it for.
|
||||||
|
|
||||||
|
I see no reason to use nginx-mainline instead of stable.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
pacman -S nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
The suggested configuration in the Arch Wiki
|
||||||
|
is to create a directory `/srv/http/pacman-cache`,
|
||||||
|
and that seems to work well enough
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mkdir /srv/http/pacman-cache
|
||||||
|
# and then change it's ownershipt
|
||||||
|
chown http:http /srv/http/pacman-cache
|
||||||
|
```
|
||||||
|
|
||||||
|
## nginx configuration
|
||||||
|
|
||||||
|
and then it references an nginx.conf in
|
||||||
|
[this gist](https://gist.github.com/anonymous/97ec4148f643de925e433bed3dc7ee7d),
|
||||||
|
but that is not a complete nginx.conf and so here is a method to get that
|
||||||
|
working as of July 2017 with a fresh install of nginx.
|
||||||
|
|
||||||
|
You can start with a default `/etc/nginx/nginx.conf`,
|
||||||
|
and add the line `include sites-enabled/*;`
|
||||||
|
at the end of the *http* section.
|
||||||
|
|
||||||
|
```text
|
||||||
|
# /etc/nginx/nginx.conf
|
||||||
|
#user html;
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
#error_log logs/error.log;
|
||||||
|
#error_log logs/error.log notice;
|
||||||
|
#error_log logs/error.log info;
|
||||||
|
|
||||||
|
#pid logs/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
# '$status $body_bytes_sent "$http_referer" '
|
||||||
|
# '"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
#access_log logs/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
#keepalive_timeout 0;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
#charset koi8-r;
|
||||||
|
|
||||||
|
#access_log logs/host.access.log main;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html index.htm;
|
||||||
|
}
|
||||||
|
|
||||||
|
#error_page 404 /404.html;
|
||||||
|
|
||||||
|
# redirect server error pages to the static page /50x.html
|
||||||
|
#
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
||||||
|
#
|
||||||
|
#location ~ \.php$ {
|
||||||
|
# proxy_pass http://127.0.0.1;
|
||||||
|
#}
|
||||||
|
|
||||||
|
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||||
|
#
|
||||||
|
#location ~ \.php$ {
|
||||||
|
# root html;
|
||||||
|
# fastcgi_pass 127.0.0.1:9000;
|
||||||
|
# fastcgi_index index.php;
|
||||||
|
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
||||||
|
# include fastcgi_params;
|
||||||
|
#}
|
||||||
|
|
||||||
|
# deny access to .htaccess files, if Apache's document root
|
||||||
|
# concurs with nginx's one
|
||||||
|
#
|
||||||
|
#location ~ /\.ht {
|
||||||
|
# deny all;
|
||||||
|
#}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# another virtual host using mix of IP-, name-, and port-based configuration
|
||||||
|
#
|
||||||
|
#server {
|
||||||
|
# listen 8000;
|
||||||
|
# listen somename:8080;
|
||||||
|
# server_name somename alias another.alias;
|
||||||
|
|
||||||
|
# location / {
|
||||||
|
# root html;
|
||||||
|
# index index.html index.htm;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
||||||
|
|
||||||
|
# HTTPS server
|
||||||
|
#
|
||||||
|
#server {
|
||||||
|
# listen 443 ssl;
|
||||||
|
# server_name localhost;
|
||||||
|
|
||||||
|
# ssl_certificate cert.pem;
|
||||||
|
# ssl_certificate_key cert.key;
|
||||||
|
|
||||||
|
# ssl_session_cache shared:SSL:1m;
|
||||||
|
# ssl_session_timeout 5m;
|
||||||
|
|
||||||
|
# ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
# ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
# location / {
|
||||||
|
# root html;
|
||||||
|
# index index.html index.htm;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
include sites-enabled/*;
|
||||||
|
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
And then create the directory `/etc/nginx/sites-enabled`
|
||||||
|
|
||||||
|
```bash
|
||||||
|
mkdir /etc/nginx/sites-enabled
|
||||||
|
```
|
||||||
|
|
||||||
|
And then create `/etc/nginx/sites-enabled/proxy_cache.conf`,
|
||||||
|
which is *mostly* a
|
||||||
|
[copy-and-paste from this gist](https://gist.github.com/anonymous/97ec4148f643de925e433bed3dc7ee7d).
|
||||||
|
|
||||||
|
Notice the *server_name*. This has to match the entry in
|
||||||
|
`/etc/pacman.d/mirrorlist` on the client machines you are
|
||||||
|
updating from. If you can use the hostname, great. But if you
|
||||||
|
have to assign static ip addresses and explicitly write the local
|
||||||
|
ip address instead, then that should match what you write in your mirrorlist.
|
||||||
|
|
||||||
|
And of course your mirrorlist entry
|
||||||
|
on the client machine, has to preserve the directory scheme.
|
||||||
|
|
||||||
|
```text
|
||||||
|
# /etc/pacman.d/mirrorlist
|
||||||
|
Server = http://<hostname or ip address>:<port if not 80>/archlinux/$repo/os/$arch
|
||||||
|
```
|
||||||
|
|
||||||
|
```text
|
||||||
|
# /etc/nginx/sites-enabled/proxy_cache.conf
|
||||||
|
# nginx may need to resolve domain names at run time
|
||||||
|
resolver 8.8.8.8 8.8.4.4;
|
||||||
|
|
||||||
|
# Pacman Cache
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen 80;
|
||||||
|
server_name <hostname or ip address>; # has to match the entry in mirrorlist on client machine.
|
||||||
|
root /srv/http/pacman-cache;
|
||||||
|
autoindex on;
|
||||||
|
|
||||||
|
# Requests for package db and signature files should redirect upstream without caching
|
||||||
|
# Well that's the default anyway.
|
||||||
|
# But what if you're spinning up a lot of nspawn containers, don't want to waste all that bandwidth?
|
||||||
|
# I choose to instead run a systemd timer that deletes the *db files once every 15 minutes
|
||||||
|
location ~ \.(db|sig)$ {
|
||||||
|
try_files $uri @pkg_mirror;
|
||||||
|
# proxy_pass http://mirrors$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Requests for actual packages should be served directly from cache if available.
|
||||||
|
# If not available, retrieve and save the package from an upstream mirror.
|
||||||
|
location ~ \.tar\.xz$ {
|
||||||
|
try_files $uri @pkg_mirror;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Retrieve package from upstream mirrors and cache for future requests
|
||||||
|
location @pkg_mirror {
|
||||||
|
proxy_store on;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_store_access user:rw group:rw all:r;
|
||||||
|
proxy_next_upstream error timeout http_404;
|
||||||
|
proxy_pass http://mirrors$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Upstream Arch Linux Mirrors
|
||||||
|
# - Configure as many backend mirrors as you want in the blocks below
|
||||||
|
# - Servers are used in a round-robin fashion by nginx
|
||||||
|
# - Add "backup" if you want to only use the mirror upon failure of the other mirrors
|
||||||
|
# - Separate "server" configurations are required for each upstream mirror so we can set the "Host" header appropriately
|
||||||
|
upstream mirrors {
|
||||||
|
server localhost:8001;
|
||||||
|
server localhost:8002; # backup
|
||||||
|
server localhost:8003; # backup
|
||||||
|
}
|
||||||
|
|
||||||
|
# Arch Mirror 1 Proxy Configuration
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen 8001;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://mirrors.kernel.org$request_uri;
|
||||||
|
proxy_set_header Host mirrors.kernel.org;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Arch Mirror 2 Proxy Configuration
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen 8002;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://mirrors.ocf.berkeley.edu$request_uri;
|
||||||
|
proxy_set_header Host mirrors.ocf.berkeley.edu;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Arch Mirror 3 Proxy Configuration
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen 8003;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://mirrors.cat.pdx.edu$request_uri;
|
||||||
|
proxy_set_header Host mirrors.cat.pdx.edu;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## systemd service that cleans the proxy cache
|
||||||
|
|
||||||
|
### don't enable the service, enable the timer
|
||||||
|
|
||||||
|
```bash
|
||||||
|
systemctl enable/start /etc/systemd/system/proxy_cache_clean.timer
|
||||||
|
```
|
||||||
|
|
||||||
|
Keeps the 2 most recent versions of each package using paccache command.
|
||||||
|
|
||||||
|
```text
|
||||||
|
# /etc/systemd/system/proxy_cache_clean.service
|
||||||
|
[Unit]
|
||||||
|
Description=Clean The pacman proxy cache
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/bin/find /srv/http/pacman-cache/ -type d -exec /usr/bin/paccache -v -r -k 2 -c {} \;
|
||||||
|
StandardOutput=syslog
|
||||||
|
StandardError=syslog
|
||||||
|
```
|
||||||
|
|
||||||
|
## systemd timer for the systemd service that cleans the proxy cache
|
||||||
|
|
||||||
|
```text
|
||||||
|
# /etc/systemd/system/proxy_cache_clean.timer
|
||||||
|
[Unit]
|
||||||
|
Description=Timer for clean The pacman proxy cache
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnBootSec=20min
|
||||||
|
OnUnitActiveSec=100h
|
||||||
|
Unit=proxy_cache_clean.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
||||||
|
```
|
||||||
|
|
||||||
|
## systemd service that deletes the pacman database files from the proxy cache
|
||||||
|
|
||||||
|
### don't enable the service, enable the timer
|
||||||
|
|
||||||
|
```bash
|
||||||
|
systemctl enable/start /etc/systemd/system/proxy_cache_database_clean.timer
|
||||||
|
```
|
||||||
|
|
||||||
|
You won't need this if you don't cache the database files. But if you do cache
|
||||||
|
the database files, then you'll just be stuck with old database files, unless
|
||||||
|
you periodically delete them. But I'm not sure about all this, will keep an
|
||||||
|
eye on things.
|
||||||
|
|
||||||
|
```text
|
||||||
|
# /etc/systemd/system/proxy_cache_database_clean.service
|
||||||
|
[Unit]
|
||||||
|
Description=Clean The pacman proxy cache database
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/bin/bash -c "for f in $(find /srv -name *db) ; do rm $f; done"
|
||||||
|
StandardOutput=syslog
|
||||||
|
StandardError=syslog
|
||||||
|
```
|
||||||
|
|
||||||
|
## systemd timer for the systemd service that deletes the pacman database files from the proxy cache
|
||||||
|
|
||||||
|
```text
|
||||||
|
# /etc/systemd/system/proxy_cache_database_clean.timer
|
||||||
|
[Unit]
|
||||||
|
Description=Timer for clean The pacman proxy cache database
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnBootSec=10min
|
||||||
|
OnUnitActiveSec=15min
|
||||||
|
Unit=proxy_cache_database_clean.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
||||||
|
```
|
@ -4,8 +4,10 @@ Obviously, the commit history will reflect the time when these documents are wri
|
|||||||
|
|
||||||
* [Serve And Share Apps From Your Phone With Fdroid](serve_and_share_apps_from_your_phone_with_fdroid.md)
|
* [Serve And Share Apps From Your Phone With Fdroid](serve_and_share_apps_from_your_phone_with_fdroid.md)
|
||||||
* [Nspawn Containers](nspawn.md)
|
* [Nspawn Containers](nspawn.md)
|
||||||
|
* [Dynamic Cacheing Nginx Reverse Proxy For Pacman](dynamic_cacheing_nginx_reverse_proxy_for_pacman.md)
|
||||||
* [Quick Dirty Redis Nspawn Container on Arch Linux](arch_redis_nspawn.md)
|
* [Quick Dirty Redis Nspawn Container on Arch Linux](arch_redis_nspawn.md)
|
||||||
* [Quick Dirty Postgresql Nspawn Container on Arch Linux](arch_postgresql_nspawn.md)
|
* [Quick Dirty Postgresql Nspawn Container on Arch Linux](arch_postgresql_nspawn.md)
|
||||||
|
* [Self Signed Certs](self_signed_certs.md)
|
||||||
|
|
||||||
<!---
|
<!---
|
||||||
* [Template](Template.md)
|
* [Template](Template.md)
|
||||||
|
4
docs/self_signed_certs.md
Normal file
4
docs/self_signed_certs.md
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# Setting up Self-Signed Certs
|
||||||
|
|
||||||
|
This [jamielinux](https://jamielinux.com/docs/openssl-certificate-authority/)
|
||||||
|
blog post looks promising.
|
@ -6,5 +6,7 @@ pages:
|
|||||||
- 'Home': index.md
|
- 'Home': index.md
|
||||||
- 'Serve And Share Apps From Your Phone With Fdroid': serve_and_share_apps_from_your_phone_with_fdroid.md
|
- 'Serve And Share Apps From Your Phone With Fdroid': serve_and_share_apps_from_your_phone_with_fdroid.md
|
||||||
- 'Nspawn': nspawn.md
|
- 'Nspawn': nspawn.md
|
||||||
|
- 'Dynamic Cacheing Nginx Reverse Proxy For Pacman': dynamic_cacheing_nginx_reverse_proxy_for_pacman.md
|
||||||
- 'Quick Dirty Redis Nspawn Container on Arch Linux': arch_redis_nspawn.md
|
- 'Quick Dirty Redis Nspawn Container on Arch Linux': arch_redis_nspawn.md
|
||||||
- 'Quick Dirty Postgresql Nspawn Container on Arch Linux': arch_postgresql_nspawn.md
|
- 'Quick Dirty Postgresql Nspawn Container on Arch Linux': arch_postgresql_nspawn.md
|
||||||
|
- 'Self Signed Certs': self_signed_certs.md
|
||||||
|
@ -64,6 +64,11 @@
|
|||||||
|
|
||||||
<li class="toctree-l1">
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
@ -78,6 +83,11 @@
|
|||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../self_signed_certs/">Self Signed Certs</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -138,6 +148,8 @@ wants to access the database.</p>
|
|||||||
|
|
||||||
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
|
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
|
||||||
|
|
||||||
|
<a href="../self_signed_certs/" class="btn btn-neutral float-right" title="Self Signed Certs">Next <span class="icon icon-circle-arrow-right"></span></a>
|
||||||
|
|
||||||
|
|
||||||
<a href="../arch_redis_nspawn/" class="btn btn-neutral" title="Quick Dirty Redis Nspawn Container on Arch Linux"><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
<a href="../arch_redis_nspawn/" class="btn btn-neutral" title="Quick Dirty Redis Nspawn Container on Arch Linux"><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
||||||
|
|
||||||
@ -168,6 +180,8 @@ wants to access the database.</p>
|
|||||||
<span><a href="../arch_redis_nspawn/" style="color: #fcfcfc;">« Previous</a></span>
|
<span><a href="../arch_redis_nspawn/" style="color: #fcfcfc;">« Previous</a></span>
|
||||||
|
|
||||||
|
|
||||||
|
<span style="margin-left: 15px"><a href="../self_signed_certs/" style="color: #fcfcfc">Next »</a></span>
|
||||||
|
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
<script src="../js/theme.js"></script>
|
<script src="../js/theme.js"></script>
|
||||||
|
@ -62,6 +62,11 @@
|
|||||||
<a class="" href="../nspawn/">Nspawn</a>
|
<a class="" href="../nspawn/">Nspawn</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
<li class="toctree-l1 current">
|
<li class="toctree-l1 current">
|
||||||
|
|
||||||
<a class="current" href="./">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
<a class="current" href="./">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
||||||
@ -78,6 +83,11 @@
|
|||||||
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../self_signed_certs/">Self Signed Certs</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -132,7 +142,7 @@ bind 0.0.0.0
|
|||||||
<a href="../arch_postgresql_nspawn/" class="btn btn-neutral float-right" title="Quick Dirty Postgresql Nspawn Container on Arch Linux">Next <span class="icon icon-circle-arrow-right"></span></a>
|
<a href="../arch_postgresql_nspawn/" class="btn btn-neutral float-right" title="Quick Dirty Postgresql Nspawn Container on Arch Linux">Next <span class="icon icon-circle-arrow-right"></span></a>
|
||||||
|
|
||||||
|
|
||||||
<a href="../nspawn/" class="btn btn-neutral" title="Nspawn"><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
<a href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" class="btn btn-neutral" title="Dynamic Cacheing Nginx Reverse Proxy For Pacman"><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -158,7 +168,7 @@ bind 0.0.0.0
|
|||||||
<span class="rst-current-version" data-toggle="rst-current-version">
|
<span class="rst-current-version" data-toggle="rst-current-version">
|
||||||
|
|
||||||
|
|
||||||
<span><a href="../nspawn/" style="color: #fcfcfc;">« Previous</a></span>
|
<span><a href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" style="color: #fcfcfc;">« Previous</a></span>
|
||||||
|
|
||||||
|
|
||||||
<span style="margin-left: 15px"><a href="../arch_postgresql_nspawn/" style="color: #fcfcfc">Next »</a></span>
|
<span style="margin-left: 15px"><a href="../arch_postgresql_nspawn/" style="color: #fcfcfc">Next »</a></span>
|
||||||
|
504
site/dynamic_cacheing_nginx_reverse_proxy_for_pacman/index.html
Normal file
504
site/dynamic_cacheing_nginx_reverse_proxy_for_pacman/index.html
Normal file
@ -0,0 +1,504 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
|
||||||
|
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="shortcut icon" href="../img/favicon.ico">
|
||||||
|
<title>Dynamic Cacheing Nginx Reverse Proxy For Pacman - Trent Docs</title>
|
||||||
|
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../css/theme.css" type="text/css" />
|
||||||
|
<link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
|
||||||
|
<link rel="stylesheet" href="../css/highlight.css">
|
||||||
|
|
||||||
|
<script>
|
||||||
|
// Current page data
|
||||||
|
var mkdocs_page_name = "Dynamic Cacheing Nginx Reverse Proxy For Pacman";
|
||||||
|
var mkdocs_page_input_path = "dynamic_cacheing_nginx_reverse_proxy_for_pacman.md";
|
||||||
|
var mkdocs_page_url = "/dynamic_cacheing_nginx_reverse_proxy_for_pacman/";
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<script src="../js/jquery-2.1.1.min.js"></script>
|
||||||
|
<script src="../js/modernizr-2.8.3.min.js"></script>
|
||||||
|
<script type="text/javascript" src="../js/highlight.pack.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body class="wy-body-for-nav" role="document">
|
||||||
|
|
||||||
|
<div class="wy-grid-for-nav">
|
||||||
|
|
||||||
|
|
||||||
|
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
|
||||||
|
<div class="wy-side-nav-search">
|
||||||
|
<a href=".." class="icon icon-home"> Trent Docs</a>
|
||||||
|
<div role="search">
|
||||||
|
<form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
|
||||||
|
<input type="text" name="q" placeholder="Search docs" />
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
|
||||||
|
<ul class="current">
|
||||||
|
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="..">Home</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../nspawn/">Nspawn</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1 current">
|
||||||
|
|
||||||
|
<a class="current" href="./">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
|
||||||
|
<ul class="subnav">
|
||||||
|
|
||||||
|
<li class="toctree-l2"><a href="#dynamic-cacheing-nginx-reverse-proxy-for-pacman">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a></li>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
|
||||||
|
<li><a class="toctree-l3" href="#you-set-up-a-dynamic-cacheing-reverse-proxy-and-then-you-put-the-ip-address-or-hostname-for-that-server-in-etcpacmandmirrorlist-on-your-client-machines">You set up a dynamic cacheing reverse proxy and then you put the ip address or hostname for that server in /etc/pacman.d/mirrorlist on your client machines.</a></li>
|
||||||
|
|
||||||
|
<li><a class="toctree-l3" href="#nginx-configuration">nginx configuration</a></li>
|
||||||
|
|
||||||
|
<li><a class="toctree-l3" href="#systemd-service-that-cleans-the-proxy-cache">systemd service that cleans the proxy cache</a></li>
|
||||||
|
|
||||||
|
<li><a class="toctree-l3" href="#systemd-timer-for-the-systemd-service-that-cleans-the-proxy-cache">systemd timer for the systemd service that cleans the proxy cache</a></li>
|
||||||
|
|
||||||
|
<li><a class="toctree-l3" href="#systemd-service-that-deletes-the-pacman-database-files-from-the-proxy-cache">systemd service that deletes the pacman database files from the proxy cache</a></li>
|
||||||
|
|
||||||
|
<li><a class="toctree-l3" href="#systemd-timer-for-the-systemd-service-that-deletes-the-pacman-database-files-from-the-proxy-cache">systemd timer for the systemd service that deletes the pacman database files from the proxy cache</a></li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../self_signed_certs/">Self Signed Certs</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
|
||||||
|
|
||||||
|
|
||||||
|
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
|
||||||
|
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
|
||||||
|
<a href="..">Trent Docs</a>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="wy-nav-content">
|
||||||
|
<div class="rst-content">
|
||||||
|
<div role="navigation" aria-label="breadcrumbs navigation">
|
||||||
|
<ul class="wy-breadcrumbs">
|
||||||
|
<li><a href="..">Docs</a> »</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>Dynamic Cacheing Nginx Reverse Proxy For Pacman</li>
|
||||||
|
<li class="wy-breadcrumbs-aside">
|
||||||
|
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
</div>
|
||||||
|
<div role="main">
|
||||||
|
<div class="section">
|
||||||
|
|
||||||
|
<h1 id="dynamic-cacheing-nginx-reverse-proxy-for-pacman">Dynamic Cacheing Nginx Reverse Proxy For Pacman</h1>
|
||||||
|
<h2 id="you-set-up-a-dynamic-cacheing-reverse-proxy-and-then-you-put-the-ip-address-or-hostname-for-that-server-in-etcpacmandmirrorlist-on-your-client-machines">You set up a dynamic cacheing reverse proxy and then you put the ip address or hostname for that server in <code>/etc/pacman.d/mirrorlist</code> on your client machines.</h2>
|
||||||
|
<p>Of course if you want to you can set this up and run it in an
|
||||||
|
<a href="../nspawn/">Nspawn Container</a>.
|
||||||
|
The <a href="https://wiki.archlinux.org/index.php/Pacman/Tips_and_tricks#Dynamic_reverse_proxy_cache_using_nginx">ArchWiki Page for pacman tips</a>
|
||||||
|
mostly spells out what to do, but I want to document
|
||||||
|
the exact steps I would take.</p>
|
||||||
|
<p>As for how you would run this on a server with other virtual hosts?
|
||||||
|
Who cares? That is what is so brilliant about using using an
|
||||||
|
nspawn container, in that it behaves like just another
|
||||||
|
computer on the lan with it's own ip address. But it only does one
|
||||||
|
thing, and that's all you have to configure it for.</p>
|
||||||
|
<p>I see no reason to use nginx-mainline instead of stable.</p>
|
||||||
|
<pre><code class="bash">pacman -S nginx
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>The suggested configuration in the Arch Wiki
|
||||||
|
is to create a directory <code>/srv/http/pacman-cache</code>,
|
||||||
|
and that seems to work well enough</p>
|
||||||
|
<pre><code class="bash">mkdir /srv/http/pacman-cache
|
||||||
|
# and then change it's ownershipt
|
||||||
|
chown http:http /srv/http/pacman-cache
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="nginx-configuration">nginx configuration</h2>
|
||||||
|
<p>and then it references an nginx.conf in
|
||||||
|
<a href="https://gist.github.com/anonymous/97ec4148f643de925e433bed3dc7ee7d">this gist</a>,
|
||||||
|
but that is not a complete nginx.conf and so here is a method to get that
|
||||||
|
working as of July 2017 with a fresh install of nginx.</p>
|
||||||
|
<p>You can start with a default <code>/etc/nginx/nginx.conf</code>,
|
||||||
|
and add the line <code>include sites-enabled/*;</code>
|
||||||
|
at the end of the <em>http</em> section.</p>
|
||||||
|
<pre><code class="text"># /etc/nginx/nginx.conf
|
||||||
|
#user html;
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
#error_log logs/error.log;
|
||||||
|
#error_log logs/error.log notice;
|
||||||
|
#error_log logs/error.log info;
|
||||||
|
|
||||||
|
#pid logs/nginx.pid;
|
||||||
|
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
include mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
# '$status $body_bytes_sent "$http_referer" '
|
||||||
|
# '"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
#access_log logs/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
#tcp_nopush on;
|
||||||
|
|
||||||
|
#keepalive_timeout 0;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
#gzip on;
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
#charset koi8-r;
|
||||||
|
|
||||||
|
#access_log logs/host.access.log main;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html index.htm;
|
||||||
|
}
|
||||||
|
|
||||||
|
#error_page 404 /404.html;
|
||||||
|
|
||||||
|
# redirect server error pages to the static page /50x.html
|
||||||
|
#
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
|
||||||
|
#
|
||||||
|
#location ~ \.php$ {
|
||||||
|
# proxy_pass http://127.0.0.1;
|
||||||
|
#}
|
||||||
|
|
||||||
|
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||||
|
#
|
||||||
|
#location ~ \.php$ {
|
||||||
|
# root html;
|
||||||
|
# fastcgi_pass 127.0.0.1:9000;
|
||||||
|
# fastcgi_index index.php;
|
||||||
|
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
|
||||||
|
# include fastcgi_params;
|
||||||
|
#}
|
||||||
|
|
||||||
|
# deny access to .htaccess files, if Apache's document root
|
||||||
|
# concurs with nginx's one
|
||||||
|
#
|
||||||
|
#location ~ /\.ht {
|
||||||
|
# deny all;
|
||||||
|
#}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# another virtual host using mix of IP-, name-, and port-based configuration
|
||||||
|
#
|
||||||
|
#server {
|
||||||
|
# listen 8000;
|
||||||
|
# listen somename:8080;
|
||||||
|
# server_name somename alias another.alias;
|
||||||
|
|
||||||
|
# location / {
|
||||||
|
# root html;
|
||||||
|
# index index.html index.htm;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
||||||
|
|
||||||
|
# HTTPS server
|
||||||
|
#
|
||||||
|
#server {
|
||||||
|
# listen 443 ssl;
|
||||||
|
# server_name localhost;
|
||||||
|
|
||||||
|
# ssl_certificate cert.pem;
|
||||||
|
# ssl_certificate_key cert.key;
|
||||||
|
|
||||||
|
# ssl_session_cache shared:SSL:1m;
|
||||||
|
# ssl_session_timeout 5m;
|
||||||
|
|
||||||
|
# ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
# ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
# location / {
|
||||||
|
# root html;
|
||||||
|
# index index.html index.htm;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
include sites-enabled/*;
|
||||||
|
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>And then create the directory <code>/etc/nginx/sites-enabled</code></p>
|
||||||
|
<pre><code class="bash">mkdir /etc/nginx/sites-enabled
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>And then create <code>/etc/nginx/sites-enabled/proxy_cache.conf</code>,
|
||||||
|
which is <em>mostly</em> a
|
||||||
|
<a href="https://gist.github.com/anonymous/97ec4148f643de925e433bed3dc7ee7d">copy-and-paste from this gist</a>.</p>
|
||||||
|
<p>Notice the <em>server_name</em>. This has to match the entry in
|
||||||
|
<code>/etc/pacman.d/mirrorlist</code> on the client machines you are
|
||||||
|
updating from. If you can use the hostname, great. But if you
|
||||||
|
have to assign static ip addresses and explicitly write the local
|
||||||
|
ip address instead, then that should match what you write in your mirrorlist.</p>
|
||||||
|
<p>And of course your mirrorlist entry
|
||||||
|
on the client machine, has to preserve the directory scheme.</p>
|
||||||
|
<pre><code class="text"># /etc/pacman.d/mirrorlist
|
||||||
|
Server = http://<hostname or ip address>:<port if not 80>/archlinux/$repo/os/$arch
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<pre><code class="text"># /etc/nginx/sites-enabled/proxy_cache.conf
|
||||||
|
# nginx may need to resolve domain names at run time
|
||||||
|
resolver 8.8.8.8 8.8.4.4;
|
||||||
|
|
||||||
|
# Pacman Cache
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen 80;
|
||||||
|
server_name <hostname or ip address>; # has to match the entry in mirrorlist on client machine.
|
||||||
|
root /srv/http/pacman-cache;
|
||||||
|
autoindex on;
|
||||||
|
|
||||||
|
# Requests for package db and signature files should redirect upstream without caching
|
||||||
|
# Well that's the default anyway.
|
||||||
|
# But what if you're spinning up a lot of nspawn containers, don't want to waste all that bandwidth?
|
||||||
|
# I choose to instead run a systemd timer that deletes the *db files once every 15 minutes
|
||||||
|
location ~ \.(db|sig)$ {
|
||||||
|
try_files $uri @pkg_mirror;
|
||||||
|
# proxy_pass http://mirrors$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Requests for actual packages should be served directly from cache if available.
|
||||||
|
# If not available, retrieve and save the package from an upstream mirror.
|
||||||
|
location ~ \.tar\.xz$ {
|
||||||
|
try_files $uri @pkg_mirror;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Retrieve package from upstream mirrors and cache for future requests
|
||||||
|
location @pkg_mirror {
|
||||||
|
proxy_store on;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_store_access user:rw group:rw all:r;
|
||||||
|
proxy_next_upstream error timeout http_404;
|
||||||
|
proxy_pass http://mirrors$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Upstream Arch Linux Mirrors
|
||||||
|
# - Configure as many backend mirrors as you want in the blocks below
|
||||||
|
# - Servers are used in a round-robin fashion by nginx
|
||||||
|
# - Add "backup" if you want to only use the mirror upon failure of the other mirrors
|
||||||
|
# - Separate "server" configurations are required for each upstream mirror so we can set the "Host" header appropriately
|
||||||
|
upstream mirrors {
|
||||||
|
server localhost:8001;
|
||||||
|
server localhost:8002; # backup
|
||||||
|
server localhost:8003; # backup
|
||||||
|
}
|
||||||
|
|
||||||
|
# Arch Mirror 1 Proxy Configuration
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen 8001;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://mirrors.kernel.org$request_uri;
|
||||||
|
proxy_set_header Host mirrors.kernel.org;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Arch Mirror 2 Proxy Configuration
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen 8002;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://mirrors.ocf.berkeley.edu$request_uri;
|
||||||
|
proxy_set_header Host mirrors.ocf.berkeley.edu;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Arch Mirror 3 Proxy Configuration
|
||||||
|
server
|
||||||
|
{
|
||||||
|
listen 8003;
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://mirrors.cat.pdx.edu$request_uri;
|
||||||
|
proxy_set_header Host mirrors.cat.pdx.edu;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="systemd-service-that-cleans-the-proxy-cache">systemd service that cleans the proxy cache</h2>
|
||||||
|
<h3 id="dont-enable-the-service-enable-the-timer">don't enable the service, enable the timer</h3>
|
||||||
|
<pre><code class="bash">systemctl enable/start /etc/systemd/system/proxy_cache_clean.timer
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>Keeps the 2 most recent versions of each package using paccache command.</p>
|
||||||
|
<pre><code class="text"># /etc/systemd/system/proxy_cache_clean.service
|
||||||
|
[Unit]
|
||||||
|
Description=Clean The pacman proxy cache
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/bin/find /srv/http/pacman-cache/ -type d -exec /usr/bin/paccache -v -r -k 2 -c {} \;
|
||||||
|
StandardOutput=syslog
|
||||||
|
StandardError=syslog
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="systemd-timer-for-the-systemd-service-that-cleans-the-proxy-cache">systemd timer for the systemd service that cleans the proxy cache</h2>
|
||||||
|
<pre><code class="text"># /etc/systemd/system/proxy_cache_clean.timer
|
||||||
|
[Unit]
|
||||||
|
Description=Timer for clean The pacman proxy cache
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnBootSec=20min
|
||||||
|
OnUnitActiveSec=100h
|
||||||
|
Unit=proxy_cache_clean.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="systemd-service-that-deletes-the-pacman-database-files-from-the-proxy-cache">systemd service that deletes the pacman database files from the proxy cache</h2>
|
||||||
|
<h3 id="dont-enable-the-service-enable-the-timer_1">don't enable the service, enable the timer</h3>
|
||||||
|
<pre><code class="bash">systemctl enable/start /etc/systemd/system/proxy_cache_database_clean.timer
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>You won't need this if you don't cache the database files. But if you do cache
|
||||||
|
the database files, then you'll just be stuck with old database files, unless
|
||||||
|
you periodically delete them. But I'm not sure about all this, will keep an
|
||||||
|
eye on things.</p>
|
||||||
|
<pre><code class="text"># /etc/systemd/system/proxy_cache_database_clean.service
|
||||||
|
[Unit]
|
||||||
|
Description=Clean The pacman proxy cache database
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/bin/bash -c "for f in $(find /srv -name *db) ; do rm $f; done"
|
||||||
|
StandardOutput=syslog
|
||||||
|
StandardError=syslog
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="systemd-timer-for-the-systemd-service-that-deletes-the-pacman-database-files-from-the-proxy-cache">systemd timer for the systemd service that deletes the pacman database files from the proxy cache</h2>
|
||||||
|
<pre><code class="text"># /etc/systemd/system/proxy_cache_database_clean.timer
|
||||||
|
[Unit]
|
||||||
|
Description=Timer for clean The pacman proxy cache database
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnBootSec=10min
|
||||||
|
OnUnitActiveSec=15min
|
||||||
|
Unit=proxy_cache_database_clean.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<footer>
|
||||||
|
|
||||||
|
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
|
||||||
|
|
||||||
|
<a href="../arch_redis_nspawn/" class="btn btn-neutral float-right" title="Quick Dirty Redis Nspawn Container on Arch Linux">Next <span class="icon icon-circle-arrow-right"></span></a>
|
||||||
|
|
||||||
|
|
||||||
|
<a href="../nspawn/" class="btn btn-neutral" title="Nspawn"><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div role="contentinfo">
|
||||||
|
<!-- Copyright etc -->
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="rst-versions" role="note" style="cursor: pointer">
|
||||||
|
<span class="rst-current-version" data-toggle="rst-current-version">
|
||||||
|
|
||||||
|
|
||||||
|
<span><a href="../nspawn/" style="color: #fcfcfc;">« Previous</a></span>
|
||||||
|
|
||||||
|
|
||||||
|
<span style="margin-left: 15px"><a href="../arch_redis_nspawn/" style="color: #fcfcfc">Next »</a></span>
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
<script src="../js/theme.js"></script>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
@ -76,6 +76,11 @@
|
|||||||
|
|
||||||
<li class="toctree-l1">
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
<a class="" href="arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
<a class="" href="arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
@ -84,6 +89,11 @@
|
|||||||
<a class="" href="arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
<a class="" href="arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="self_signed_certs/">Self Signed Certs</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -122,8 +132,10 @@
|
|||||||
<ul>
|
<ul>
|
||||||
<li><a href="serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a></li>
|
<li><a href="serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a></li>
|
||||||
<li><a href="nspawn/">Nspawn Containers</a></li>
|
<li><a href="nspawn/">Nspawn Containers</a></li>
|
||||||
|
<li><a href="dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a></li>
|
||||||
<li><a href="arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a></li>
|
<li><a href="arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a></li>
|
||||||
<li><a href="arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a></li>
|
<li><a href="arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a></li>
|
||||||
|
<li><a href="self_signed_certs/">Self Signed Certs</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
<!---
|
<!---
|
||||||
* [Template](Template.md)
|
* [Template](Template.md)
|
||||||
@ -174,5 +186,5 @@
|
|||||||
|
|
||||||
<!--
|
<!--
|
||||||
MkDocs version : 0.16.3
|
MkDocs version : 0.16.3
|
||||||
Build Date UTC : 2017-06-30 04:37:41
|
Build Date UTC : 2017-07-01 21:12:17
|
||||||
-->
|
-->
|
||||||
|
File diff suppressed because one or more lines are too long
@ -86,6 +86,11 @@
|
|||||||
|
|
||||||
<li class="toctree-l1">
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
@ -94,6 +99,11 @@
|
|||||||
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../self_signed_certs/">Self Signed Certs</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -275,7 +285,7 @@ to talk to each other. But I intend to look into this some more.</p>
|
|||||||
|
|
||||||
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
|
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
|
||||||
|
|
||||||
<a href="../arch_redis_nspawn/" class="btn btn-neutral float-right" title="Quick Dirty Redis Nspawn Container on Arch Linux">Next <span class="icon icon-circle-arrow-right"></span></a>
|
<a href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" class="btn btn-neutral float-right" title="Dynamic Cacheing Nginx Reverse Proxy For Pacman">Next <span class="icon icon-circle-arrow-right"></span></a>
|
||||||
|
|
||||||
|
|
||||||
<a href="../serve_and_share_apps_from_your_phone_with_fdroid/" class="btn btn-neutral" title="Serve And Share Apps From Your Phone With Fdroid"><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
<a href="../serve_and_share_apps_from_your_phone_with_fdroid/" class="btn btn-neutral" title="Serve And Share Apps From Your Phone With Fdroid"><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
||||||
@ -307,7 +317,7 @@ to talk to each other. But I intend to look into this some more.</p>
|
|||||||
<span><a href="../serve_and_share_apps_from_your_phone_with_fdroid/" style="color: #fcfcfc;">« Previous</a></span>
|
<span><a href="../serve_and_share_apps_from_your_phone_with_fdroid/" style="color: #fcfcfc;">« Previous</a></span>
|
||||||
|
|
||||||
|
|
||||||
<span style="margin-left: 15px"><a href="../arch_redis_nspawn/" style="color: #fcfcfc">Next »</a></span>
|
<span style="margin-left: 15px"><a href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/" style="color: #fcfcfc">Next »</a></span>
|
||||||
|
|
||||||
</span>
|
</span>
|
||||||
</div>
|
</div>
|
||||||
|
@ -60,6 +60,11 @@
|
|||||||
|
|
||||||
<li class="toctree-l1">
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
<a class="" href="arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
<a class="" href="arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
@ -68,6 +73,11 @@
|
|||||||
<a class="" href="arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
<a class="" href="arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="self_signed_certs/">Self Signed Certs</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
168
site/self_signed_certs/index.html
Normal file
168
site/self_signed_certs/index.html
Normal file
@ -0,0 +1,168 @@
|
|||||||
|
<!DOCTYPE html>
|
||||||
|
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
|
||||||
|
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
|
||||||
|
|
||||||
|
<link rel="shortcut icon" href="../img/favicon.ico">
|
||||||
|
<title>Self Signed Certs - Trent Docs</title>
|
||||||
|
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
|
||||||
|
|
||||||
|
<link rel="stylesheet" href="../css/theme.css" type="text/css" />
|
||||||
|
<link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
|
||||||
|
<link rel="stylesheet" href="../css/highlight.css">
|
||||||
|
|
||||||
|
<script>
|
||||||
|
// Current page data
|
||||||
|
var mkdocs_page_name = "Self Signed Certs";
|
||||||
|
var mkdocs_page_input_path = "self_signed_certs.md";
|
||||||
|
var mkdocs_page_url = "/self_signed_certs/";
|
||||||
|
</script>
|
||||||
|
|
||||||
|
<script src="../js/jquery-2.1.1.min.js"></script>
|
||||||
|
<script src="../js/modernizr-2.8.3.min.js"></script>
|
||||||
|
<script type="text/javascript" src="../js/highlight.pack.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body class="wy-body-for-nav" role="document">
|
||||||
|
|
||||||
|
<div class="wy-grid-for-nav">
|
||||||
|
|
||||||
|
|
||||||
|
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
|
||||||
|
<div class="wy-side-nav-search">
|
||||||
|
<a href=".." class="icon icon-home"> Trent Docs</a>
|
||||||
|
<div role="search">
|
||||||
|
<form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
|
||||||
|
<input type="text" name="q" placeholder="Search docs" />
|
||||||
|
</form>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
|
||||||
|
<ul class="current">
|
||||||
|
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="..">Home</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../serve_and_share_apps_from_your_phone_with_fdroid/">Serve And Share Apps From Your Phone With Fdroid</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../nspawn/">Nspawn</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1 current">
|
||||||
|
|
||||||
|
<a class="current" href="./">Self Signed Certs</a>
|
||||||
|
<ul class="subnav">
|
||||||
|
|
||||||
|
<li class="toctree-l2"><a href="#setting-up-self-signed-certs">Setting up Self-Signed Certs</a></li>
|
||||||
|
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
|
||||||
|
|
||||||
|
|
||||||
|
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
|
||||||
|
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
|
||||||
|
<a href="..">Trent Docs</a>
|
||||||
|
</nav>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="wy-nav-content">
|
||||||
|
<div class="rst-content">
|
||||||
|
<div role="navigation" aria-label="breadcrumbs navigation">
|
||||||
|
<ul class="wy-breadcrumbs">
|
||||||
|
<li><a href="..">Docs</a> »</li>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<li>Self Signed Certs</li>
|
||||||
|
<li class="wy-breadcrumbs-aside">
|
||||||
|
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<hr/>
|
||||||
|
</div>
|
||||||
|
<div role="main">
|
||||||
|
<div class="section">
|
||||||
|
|
||||||
|
<h1 id="setting-up-self-signed-certs">Setting up Self-Signed Certs</h1>
|
||||||
|
<p>This <a href="https://jamielinux.com/docs/openssl-certificate-authority/">jamielinux</a>
|
||||||
|
blog post looks promising.</p>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<footer>
|
||||||
|
|
||||||
|
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
|
||||||
|
|
||||||
|
|
||||||
|
<a href="../arch_postgresql_nspawn/" class="btn btn-neutral" title="Quick Dirty Postgresql Nspawn Container on Arch Linux"><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
<hr/>
|
||||||
|
|
||||||
|
<div role="contentinfo">
|
||||||
|
<!-- Copyright etc -->
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
|
||||||
|
</footer>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="rst-versions" role="note" style="cursor: pointer">
|
||||||
|
<span class="rst-current-version" data-toggle="rst-current-version">
|
||||||
|
|
||||||
|
|
||||||
|
<span><a href="../arch_postgresql_nspawn/" style="color: #fcfcfc;">« Previous</a></span>
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
<script src="../js/theme.js"></script>
|
||||||
|
|
||||||
|
</body>
|
||||||
|
</html>
|
@ -98,6 +98,11 @@
|
|||||||
|
|
||||||
<li class="toctree-l1">
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../dynamic_cacheing_nginx_reverse_proxy_for_pacman/">Dynamic Cacheing Nginx Reverse Proxy For Pacman</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
<a class="" href="../arch_redis_nspawn/">Quick Dirty Redis Nspawn Container on Arch Linux</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
@ -106,6 +111,11 @@
|
|||||||
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
<a class="" href="../arch_postgresql_nspawn/">Quick Dirty Postgresql Nspawn Container on Arch Linux</a>
|
||||||
</li>
|
</li>
|
||||||
|
|
||||||
|
<li class="toctree-l1">
|
||||||
|
|
||||||
|
<a class="" href="../self_signed_certs/">Self Signed Certs</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>/</loc>
|
<loc>/</loc>
|
||||||
<lastmod>2017-06-29</lastmod>
|
<lastmod>2017-07-01</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
@ -12,7 +12,7 @@
|
|||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>/serve_and_share_apps_from_your_phone_with_fdroid/</loc>
|
<loc>/serve_and_share_apps_from_your_phone_with_fdroid/</loc>
|
||||||
<lastmod>2017-06-29</lastmod>
|
<lastmod>2017-07-01</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
@ -20,7 +20,15 @@
|
|||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>/nspawn/</loc>
|
<loc>/nspawn/</loc>
|
||||||
<lastmod>2017-06-29</lastmod>
|
<lastmod>2017-07-01</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>/dynamic_cacheing_nginx_reverse_proxy_for_pacman/</loc>
|
||||||
|
<lastmod>2017-07-01</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
@ -28,7 +36,7 @@
|
|||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>/arch_redis_nspawn/</loc>
|
<loc>/arch_redis_nspawn/</loc>
|
||||||
<lastmod>2017-06-29</lastmod>
|
<lastmod>2017-07-01</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
@ -36,7 +44,15 @@
|
|||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>/arch_postgresql_nspawn/</loc>
|
<loc>/arch_postgresql_nspawn/</loc>
|
||||||
<lastmod>2017-06-29</lastmod>
|
<lastmod>2017-07-01</lastmod>
|
||||||
|
<changefreq>daily</changefreq>
|
||||||
|
</url>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>/self_signed_certs/</loc>
|
||||||
|
<lastmod>2017-07-01</lastmod>
|
||||||
<changefreq>daily</changefreq>
|
<changefreq>daily</changefreq>
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user