From f2399ba6a1a75956c49100d08ff47ed9cb70b5ff Mon Sep 17 00:00:00 2001 From: Trent Palmer Date: Mon, 17 Jul 2017 03:26:40 -0700 Subject: [PATCH] update gitit instructions with reverse proxy --- docs/freebsd_jails_on_freenas.md | 30 ++++++++++++++++++++++++ site/freebsd_jails_on_freenas/index.html | 25 ++++++++++++++++++++ site/index.html | 2 +- site/mkdocs/search_index.json | 4 ++-- site/sitemap.xml | 20 ++++++++-------- 5 files changed, 68 insertions(+), 13 deletions(-) diff --git a/docs/freebsd_jails_on_freenas.md b/docs/freebsd_jails_on_freenas.md index a754528..ffc07fd 100644 --- a/docs/freebsd_jails_on_freenas.md +++ b/docs/freebsd_jails_on_freenas.md @@ -178,3 +178,33 @@ find git. But the symlink solution is easy enough. ```csh ln -s /usr/local/bin/git /usr/bin/ ``` + +And you might as well stick a reverse proxy in front of it. Assuming +you configure gitit listen only on localhost:5001, install nginx. +`pkg install nginx` + +enable nginx in /etc/rc.conf + +```conf +nginx_enable="YES" +``` + +Then, in the file `/usr/local/etc/nginx/nginx.conf` change the location "*/*" +so that it looks like this. + +```nginx +{ +..... + location / { + # root /usr/local/www/nginx; + # index index.html index.htm; + proxy_pass http://127.0.0.1:5001; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +.... +} +``` + +and then start nginx `service nginx start` diff --git a/site/freebsd_jails_on_freenas/index.html b/site/freebsd_jails_on_freenas/index.html index 51a10cf..fb615fd 100644 --- a/site/freebsd_jails_on_freenas/index.html +++ b/site/freebsd_jails_on_freenas/index.html @@ -288,6 +288,31 @@ run gitit as a daemon like this, on FreeBSD it will fail because it can't find git. But the symlink solution is easy enough.

ln -s /usr/local/bin/git /usr/bin/
+ +

And you might as well stick a reverse proxy in front of it. Assuming +you configure gitit listen only on localhost:5001, install nginx. +pkg install nginx

+

enable nginx in /etc/rc.conf

+
nginx_enable="YES"
+
+ +

Then, in the file /usr/local/etc/nginx/nginx.conf change the location "/" +so that it looks like this.

+
{
+.....
+        location / {
+            # root   /usr/local/www/nginx;
+            # index  index.html index.htm;
+                proxy_pass http://127.0.0.1:5001;
+                proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+....
+}
+
+ +

and then start nginx service nginx start

diff --git a/site/index.html b/site/index.html index 2823fc2..cf9cbff 100644 --- a/site/index.html +++ b/site/index.html @@ -204,5 +204,5 @@ diff --git a/site/mkdocs/search_index.json b/site/mkdocs/search_index.json index ce72360..409e7a7 100644 --- a/site/mkdocs/search_index.json +++ b/site/mkdocs/search_index.json @@ -267,7 +267,7 @@ }, { "location": "/freebsd_jails_on_freenas/", - "text": "FreeBSD Jails on FreeNAS\n\n\nMostly a personal distillation for getting a FreeBSD\nJail up and running on FreeNAS.\n\n\nIn The FreeNAS WebGui, Create A New Jail\n\n\nThe default networking configuration, will give\nyour jail an ip address on the lan. For now, I've\ndecided to just share a pkg cache with each jail.\nNavigate to \nJails -> Storage -> Add Storage\n and\nadd the \npkg\n storage directory to \n/var/cache/pkg\n\ninside the jail. \n\n\nFor instance, on my local FreeNAS server,\nthe pkg directory is at /mnt/VolumeOne/pkg/.\n\n\nIf you ssh into the host server, you can type the command\n\njls\n, to list the jails. Based on the output of the\ncommand \njls\n, you can get a shell with \njexec \n\nof \njexec \n.\n\n\nupdating\n\n\nHow about the command \npkg audit -F\n? Downloads a\nlist of known security issues and checks your system\nagainst that.\n\n\nI would recommend, to myself anyway, to shell into\nthe new jail with \njexec\n, run \npkg upgrade\n to install any new packages,\nand then from the FreeNAS webgui, restart the jail. Although\nthe restarted jail will have a new jail number as reported by\nthe \njls\n command.\n\n\nlocale\n\n\nWhen you use \njexec\n to get a shell, you get an environment\nwith an utf_8 locale. Not so if you ssh into the new jail.\nFor this put the following contents into ~/.login_conf\n\n\n# ~/.login_conf\nme:\\\n :charset=UTF-8:\\\n :lang=en_US.UTF-8:\\\n :setenv=LC_COLLATE=C:\n\n\n\n\nssh\n\n\nTo get ssh running, edit \n/etc/rc.conf\n inside the jail.\n\n\n# /etc/rc.conf\nsshd_enable=\"YES\"\n\n\n\n\nTo start sshd immediately, make any necessary edits to\n/etc/ssh/sshd_config, and run the following command.\n\n\nservice sshd start\n\n\n\n\nByobu\n\n\nYou'll need newt to configure byobu, and if you don't install tmux\nthen screen will become the backend.\n\n\npkg install byobu tmux newt\n\n\n\n\nIf you execute \nbyobu-config\n, by pressing \nf9\n, the\nfollowing options seem to work. Some options, of course,\nwill prevent others from working so you have to enable them\none at a time to see what happens.\n\n\n\n\ndate\n\n\ndisk\n\n\ndistro\n\n\nhostname\n\n\nip address\n\n\nload_average\n\n\nlogo\n\n\ntime\n\n\nuptime\n\n\nusers\n\n\nwhoami\n\n\n\n\nvim\n\n\nVia pkg, there are two options: vim and vim-lite. Note vim will pull\nin a whole bunch of gui dependancies, but vim-lite is not build with python.\n\n\nFor instance, powerline will not work with vim-lite because it's not built with\npython. Also, vim-youcompleteme will not work with vim-lite. However, lightline\nwill work with vim-lite, and VimCompletesMe will work with vim-lite.\n\n\nTo get lightline working update $TERM\n\n\n# ~/.config/fish/config.fish\nexport TERM=xterm-256color\n\n\n\n\nAnd vimrc\n\n\n# ~/.vimrc\nset ls=2\n\n\n\n\nAnother option is to build vim from source via ports. You can prevent vim\nfrom pulling in a bunch of gui dependancies with the following in /etc/make.conf.\n\n\n# /etc/make.conf\nWITHOUT_X11=yes\n\n\n\n\nAnd then when you compile vim from ports, run \nmake config\n where you can enable\npython.\n\n\npython\n\n\nFor python3 virtualenv\n\n\nvirtualenv-3.6 \n\n\n\n\nrunning gitit under the supervision of supervisord\n\n\npy27-supervisor and hs-gitit are available as pkg install, if you want to\nrun a gitit wiki.\n\n\ngitit doesn't come with an init service. To generate a sample config,\nrun \ngitit --print-default-config > gitit.conf\n, and then if you want\nyou can reference gitit.conf by passing gitit the \n-f\n flag.\n\n\nSo for instance, after you install supervisord, add something like the\nfollowing to the end of \n/usr/local/etc/supervisord.conf\n, and create\nthe directory \n/var/log/supervisor/\n.\n\n\n[program:gitit]\nuser=\ndirectory=/path/to/wikidata/directory/\ncommand=/usr/local/bin/gitit -f /usr/local/etc/gitit.conf\nstdout_logfile=/var/log/supervisor/%(program_name)s.log\nstderr_logfile=/var/log/supervisor/%(program_name)s.log\nautorestart=true\n\n\n\n\nsupervisord is a service you can enable in\n\n/etc/rc.conf\n\n\n# /etc/rc.conf\nsupervisord_enable=\"YES\"\n\n\n\n\nand then start with \nservice supervisord start\n\nwhen you get supervisord running, you can start a\nsupervisorctl shell, i.e.\n\n\nsupervisorctl\nsupervisor> status\n# outputs\ngitit RUNNING pid 98057, uptime 0:32:27\nsupervisor> start/restart/stop gitit\nsupervisor> exit\n\n\n\n\nBut there is one other little detail, in that when you try to\nrun gitit as a daemon like this, on FreeBSD it will fail because it can't\nfind git. But the symlink solution is easy enough.\n\n\nln -s /usr/local/bin/git /usr/bin/", + "text": "FreeBSD Jails on FreeNAS\n\n\nMostly a personal distillation for getting a FreeBSD\nJail up and running on FreeNAS.\n\n\nIn The FreeNAS WebGui, Create A New Jail\n\n\nThe default networking configuration, will give\nyour jail an ip address on the lan. For now, I've\ndecided to just share a pkg cache with each jail.\nNavigate to \nJails -> Storage -> Add Storage\n and\nadd the \npkg\n storage directory to \n/var/cache/pkg\n\ninside the jail. \n\n\nFor instance, on my local FreeNAS server,\nthe pkg directory is at /mnt/VolumeOne/pkg/.\n\n\nIf you ssh into the host server, you can type the command\n\njls\n, to list the jails. Based on the output of the\ncommand \njls\n, you can get a shell with \njexec \n\nof \njexec \n.\n\n\nupdating\n\n\nHow about the command \npkg audit -F\n? Downloads a\nlist of known security issues and checks your system\nagainst that.\n\n\nI would recommend, to myself anyway, to shell into\nthe new jail with \njexec\n, run \npkg upgrade\n to install any new packages,\nand then from the FreeNAS webgui, restart the jail. Although\nthe restarted jail will have a new jail number as reported by\nthe \njls\n command.\n\n\nlocale\n\n\nWhen you use \njexec\n to get a shell, you get an environment\nwith an utf_8 locale. Not so if you ssh into the new jail.\nFor this put the following contents into ~/.login_conf\n\n\n# ~/.login_conf\nme:\\\n :charset=UTF-8:\\\n :lang=en_US.UTF-8:\\\n :setenv=LC_COLLATE=C:\n\n\n\n\nssh\n\n\nTo get ssh running, edit \n/etc/rc.conf\n inside the jail.\n\n\n# /etc/rc.conf\nsshd_enable=\"YES\"\n\n\n\n\nTo start sshd immediately, make any necessary edits to\n/etc/ssh/sshd_config, and run the following command.\n\n\nservice sshd start\n\n\n\n\nByobu\n\n\nYou'll need newt to configure byobu, and if you don't install tmux\nthen screen will become the backend.\n\n\npkg install byobu tmux newt\n\n\n\n\nIf you execute \nbyobu-config\n, by pressing \nf9\n, the\nfollowing options seem to work. Some options, of course,\nwill prevent others from working so you have to enable them\none at a time to see what happens.\n\n\n\n\ndate\n\n\ndisk\n\n\ndistro\n\n\nhostname\n\n\nip address\n\n\nload_average\n\n\nlogo\n\n\ntime\n\n\nuptime\n\n\nusers\n\n\nwhoami\n\n\n\n\nvim\n\n\nVia pkg, there are two options: vim and vim-lite. Note vim will pull\nin a whole bunch of gui dependancies, but vim-lite is not build with python.\n\n\nFor instance, powerline will not work with vim-lite because it's not built with\npython. Also, vim-youcompleteme will not work with vim-lite. However, lightline\nwill work with vim-lite, and VimCompletesMe will work with vim-lite.\n\n\nTo get lightline working update $TERM\n\n\n# ~/.config/fish/config.fish\nexport TERM=xterm-256color\n\n\n\n\nAnd vimrc\n\n\n# ~/.vimrc\nset ls=2\n\n\n\n\nAnother option is to build vim from source via ports. You can prevent vim\nfrom pulling in a bunch of gui dependancies with the following in /etc/make.conf.\n\n\n# /etc/make.conf\nWITHOUT_X11=yes\n\n\n\n\nAnd then when you compile vim from ports, run \nmake config\n where you can enable\npython.\n\n\npython\n\n\nFor python3 virtualenv\n\n\nvirtualenv-3.6 \n\n\n\n\nrunning gitit under the supervision of supervisord\n\n\npy27-supervisor and hs-gitit are available as pkg install, if you want to\nrun a gitit wiki.\n\n\ngitit doesn't come with an init service. To generate a sample config,\nrun \ngitit --print-default-config > gitit.conf\n, and then if you want\nyou can reference gitit.conf by passing gitit the \n-f\n flag.\n\n\nSo for instance, after you install supervisord, add something like the\nfollowing to the end of \n/usr/local/etc/supervisord.conf\n, and create\nthe directory \n/var/log/supervisor/\n.\n\n\n[program:gitit]\nuser=\ndirectory=/path/to/wikidata/directory/\ncommand=/usr/local/bin/gitit -f /usr/local/etc/gitit.conf\nstdout_logfile=/var/log/supervisor/%(program_name)s.log\nstderr_logfile=/var/log/supervisor/%(program_name)s.log\nautorestart=true\n\n\n\n\nsupervisord is a service you can enable in\n\n/etc/rc.conf\n\n\n# /etc/rc.conf\nsupervisord_enable=\"YES\"\n\n\n\n\nand then start with \nservice supervisord start\n\nwhen you get supervisord running, you can start a\nsupervisorctl shell, i.e.\n\n\nsupervisorctl\nsupervisor> status\n# outputs\ngitit RUNNING pid 98057, uptime 0:32:27\nsupervisor> start/restart/stop gitit\nsupervisor> exit\n\n\n\n\nBut there is one other little detail, in that when you try to\nrun gitit as a daemon like this, on FreeBSD it will fail because it can't\nfind git. But the symlink solution is easy enough.\n\n\nln -s /usr/local/bin/git /usr/bin/\n\n\n\n\nAnd you might as well stick a reverse proxy in front of it. Assuming\nyou configure gitit listen only on localhost:5001, install nginx.\n\npkg install nginx\n\n\nenable nginx in /etc/rc.conf\n\n\nnginx_enable=\"YES\"\n\n\n\n\nThen, in the file \n/usr/local/etc/nginx/nginx.conf\n change the location \"\n/\n\"\nso that it looks like this.\n\n\n{\n.....\n location / {\n # root /usr/local/www/nginx;\n # index index.html index.htm;\n proxy_pass http://127.0.0.1:5001;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n }\n....\n}\n\n\n\n\nand then start nginx \nservice nginx start", "title": "FreeBSD Jails on FreeNAS" }, { @@ -312,7 +312,7 @@ }, { "location": "/freebsd_jails_on_freenas/#running-gitit-under-the-supervision-of-supervisord", - "text": "py27-supervisor and hs-gitit are available as pkg install, if you want to\nrun a gitit wiki. gitit doesn't come with an init service. To generate a sample config,\nrun gitit --print-default-config > gitit.conf , and then if you want\nyou can reference gitit.conf by passing gitit the -f flag. So for instance, after you install supervisord, add something like the\nfollowing to the end of /usr/local/etc/supervisord.conf , and create\nthe directory /var/log/supervisor/ . [program:gitit]\nuser=\ndirectory=/path/to/wikidata/directory/\ncommand=/usr/local/bin/gitit -f /usr/local/etc/gitit.conf\nstdout_logfile=/var/log/supervisor/%(program_name)s.log\nstderr_logfile=/var/log/supervisor/%(program_name)s.log\nautorestart=true supervisord is a service you can enable in /etc/rc.conf # /etc/rc.conf\nsupervisord_enable=\"YES\" and then start with service supervisord start \nwhen you get supervisord running, you can start a\nsupervisorctl shell, i.e. supervisorctl\nsupervisor> status\n# outputs\ngitit RUNNING pid 98057, uptime 0:32:27\nsupervisor> start/restart/stop gitit\nsupervisor> exit But there is one other little detail, in that when you try to\nrun gitit as a daemon like this, on FreeBSD it will fail because it can't\nfind git. But the symlink solution is easy enough. ln -s /usr/local/bin/git /usr/bin/", + "text": "py27-supervisor and hs-gitit are available as pkg install, if you want to\nrun a gitit wiki. gitit doesn't come with an init service. To generate a sample config,\nrun gitit --print-default-config > gitit.conf , and then if you want\nyou can reference gitit.conf by passing gitit the -f flag. So for instance, after you install supervisord, add something like the\nfollowing to the end of /usr/local/etc/supervisord.conf , and create\nthe directory /var/log/supervisor/ . [program:gitit]\nuser=\ndirectory=/path/to/wikidata/directory/\ncommand=/usr/local/bin/gitit -f /usr/local/etc/gitit.conf\nstdout_logfile=/var/log/supervisor/%(program_name)s.log\nstderr_logfile=/var/log/supervisor/%(program_name)s.log\nautorestart=true supervisord is a service you can enable in /etc/rc.conf # /etc/rc.conf\nsupervisord_enable=\"YES\" and then start with service supervisord start \nwhen you get supervisord running, you can start a\nsupervisorctl shell, i.e. supervisorctl\nsupervisor> status\n# outputs\ngitit RUNNING pid 98057, uptime 0:32:27\nsupervisor> start/restart/stop gitit\nsupervisor> exit But there is one other little detail, in that when you try to\nrun gitit as a daemon like this, on FreeBSD it will fail because it can't\nfind git. But the symlink solution is easy enough. ln -s /usr/local/bin/git /usr/bin/ And you might as well stick a reverse proxy in front of it. Assuming\nyou configure gitit listen only on localhost:5001, install nginx. pkg install nginx enable nginx in /etc/rc.conf nginx_enable=\"YES\" Then, in the file /usr/local/etc/nginx/nginx.conf change the location \" / \"\nso that it looks like this. {\n.....\n location / {\n # root /usr/local/www/nginx;\n # index index.html index.htm;\n proxy_pass http://127.0.0.1:5001;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n }\n....\n} and then start nginx service nginx start", "title": "running gitit under the supervision of supervisord" }, { diff --git a/site/sitemap.xml b/site/sitemap.xml index 2ca9fe1..2faa09b 100644 --- a/site/sitemap.xml +++ b/site/sitemap.xml @@ -4,7 +4,7 @@ / - 2017-07-16 + 2017-07-17 daily @@ -12,7 +12,7 @@ /serve_and_share_apps_from_your_phone_with_fdroid/ - 2017-07-16 + 2017-07-17 daily @@ -20,7 +20,7 @@ /nspawn/ - 2017-07-16 + 2017-07-17 daily @@ -28,7 +28,7 @@ /mastodon_on_arch/ - 2017-07-16 + 2017-07-17 daily @@ -36,7 +36,7 @@ /debian_nspawn_container_on_arch_for_testing_apache_configurations/ - 2017-07-16 + 2017-07-17 daily @@ -44,7 +44,7 @@ /dynamic_cacheing_nginx_reverse_proxy_for_pacman/ - 2017-07-16 + 2017-07-17 daily @@ -52,7 +52,7 @@ /freebsd_jails_on_freenas/ - 2017-07-16 + 2017-07-17 daily @@ -60,7 +60,7 @@ /arch_redis_nspawn/ - 2017-07-16 + 2017-07-17 daily @@ -68,7 +68,7 @@ /arch_postgresql_nspawn/ - 2017-07-16 + 2017-07-17 daily @@ -76,7 +76,7 @@ /self_signed_certs/ - 2017-07-16 + 2017-07-17 daily