Assuming you have a Website with some higher load, higher demand for availability, or both of them. You can do the following:
Duplicate your Webserver (and the Content of Course) as much as you need Put a Loadbalancer in Front the Webserver, best in Combination with a Firewall Ruleset Terminate TLS on the Loadbalancer once, or on each Webserver directly. Whatever you prefer. You can also double the Loadbalancer with two Boxes the get redundancy on this level.
### Network Diagramm
Unsaved +----------------+ | | | | | www | | | | | +--------+-------+ | +--------+-------+ | | | Loadbalancer | | | +--------+-------+ | +---------------------------------------+ | | | | | | +-------+-------+ +--------+-------+ +--------+-------+ | | | | | | | www1 | | www2 | | www3 | | | | | | | +---------------+ +----------------+ +----------------+ Close sha256: 6c647991d00482767cb565bb8a1948f68d4fa41481ed120ab6afe92df96ce299
Install NGINX & PHP pkg_add nginx php--%7.4 rcctl enable nginx php74_fpm Edit php.ini sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/' /etc/php-7.4.ini sed -i s'/short_open_tag = Off.*/short_open_tag = On/' /etc/php-7.4.ini Stop 7.3 & Start 7.4 rcctl stop php73_fpm rcctl restart nginx php74_fpm Uninstall PHP 7.3 pkg_del php--%7.3 pkg_del -a sha256: 17490303fe106a6c3a34071338097e6c1aff50c0d4764f1615c0993ce9211bb2
… and you thought that cgi is dead …
nginx.conf cat << 'EOF' > /etc/nginx/nginx.conf worker_processes 1; worker_rlimit_nofile 1024; events { worker_connections 800; } http { include mime.types; default_type application/octet-stream; index index.html index.htm; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log logs/access.log main; access_log syslog:server=unix:/dev/log,severity=notice main; keepalive_timeout 65; server_tokens off; server { listen 80; listen [::]:80; server_name localhost; root /var/www/htdocs; # FastCGI to CGI wrapper server # location /cgi-bin/ { #error_log /var/log/slowcgi/errors; fastcgi_pass unix:run/slowcgi.
Install NGINX & PHP pkg_add nginx php--%7.3 rcctl enable nginx php73_fpm Edit php.ini sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/' /etc/php-7.3.ini sed -i s'/short_open_tag = Off.*/short_open_tag = On/' /etc/php-7.3.ini nginx.conf mkdir /var/log/nginx cat << 'EOF' > /etc/nginx/nginx.conf worker_processes 1; worker_rlimit_nofile 1024; events { worker_connections 800; } http { include mime.types; default_type application/octet-stream; index index.php index.html index.htm; keepalive_timeout 65; server_tokens off; proxy_cache_valid any 0s; log_format main '$remote_addr - $ssl_client_serial - [$time_local] - "$request" - $status - $body_bytes_sent'; map $ssl_client_serial $ssl_access { default 0; WFuDgzQBZXV740D3 1; # Hans Muster EDugUslEX1Et90WX 0; # Beat Breu 2DF3C663741296F5 1; # Ruedi Ruessel } # # HTTP -> Redirect to HTTPS # server { listen 80; server_name localhost; access_log logs/host.
Requirement Webserver http Webserver https Protected Folder https://egal.com/protected with Client Certificate /etc/httpd.conf # $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $ server "*" { listen on * port 8080 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } } /etc/nginx/nginx.conf # Take note of http://wiki.nginx.org/Pitfalls #user www; worker_processes 1; #load_module "modules/ngx_stream_module.so"; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #error_log syslog:server=unix:/dev/log,severity=notice; #pid logs/nginx.pid; worker_rlimit_nofile 1024; events { worker_connections 800; } http { include mime.
NGINX with Client Certificates root@debian:/etc/nginx/sites-available# server { listen 80; listen [::]:80; server_name host198.planet; root /var/www/host198.planet; access_log /var/log/nginx/host198.planet; index index.html; location / { try_files $uri $uri/ =404; } } server { listen 443 ssl; listen [::]:443 ssl; server_name host198.planet; root /var/www/host198.planet; ssl_certificate /etc/ssl/private/fullchain.crt; ssl_certificate_key /etc/ssl/private/host198.planet.key; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_client_certificate /etc/ssl/private/ca.crt; ssl_verify_client optional; access_log /var/log/nginx/host198.planet; index index.html; #location / { # try_files $uri $uri/ =404; #} location / { # if the client-side certificate failed to authenticate, show a 403 # message to the client if ($ssl_client_verify !
NOT YET WORKING … Install NGINX pkg_add -v nginx rcctl enable nginx rcctl restart nginx Enable BasicAuth server { ... auth_basic "Administrator’s Area"; auth_basic_user_file conf/htpasswd; location /public/ { auth_basic off; } } Create File and User htpasswd -c /etc/apache2/.htpasswd user1 Restart Service rcctl restart nginx Source https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
sha256: a030f2314ac07debef7ffdbc0f71930fd0f1ee51289dd43dd3dc33d26674e3be
How to Install Netbox on Debian 10.1 URL: https://github.com/netbox-community/netbox
install postgresql apt-get install -y postgresql libpq-dev sudo pg_ctlcluster 11 main start create database # sudo -u postgres psql psql (9.4.5) Type "help" for help. postgres=# CREATE DATABASE netbox; CREATE DATABASE postgres=# CREATE USER netbox WITH PASSWORD 'streng-geheim-und-so'; CREATE ROLE postgres=# GRANT ALL PRIVILEGES ON DATABASE netbox TO netbox; GRANT postgres=# \q psql -U netbox -W -h localhost netbox streng-geheim-und-so netbox=> quit install application apt-get install -y python3 python3-pip python3-dev build-essential libxml2-dev libxslt1-dev libffi-dev graphviz libpq-dev libssl-dev redis-server zlib1g-dev git install a release (we skip that) # wget https://github.