aguia-pescadora-alpha (#17), haproxy (#47), mongo (#48): HAproxy de m…

…ongo agora explicitamente não faz referencia a estar em cluster; Instalado HAproxy em Alpha; instalado ferramentas extras por linha de comando que já estavam na Bravo para acessar bancos de dados em Elefante Borneu

logbook/aguia-pescadora-alpha.sh

@@ -336,6 +336,91 @@ sudo apt-get install zangband
 ###
 ##### Jogos de terminal, fim
 
+#------------------------------------------------------------------------------#
+# SEÇÃO 4.5: AMBIENTES DE DESENVOLVIMENTO: ACESSO A BANDOS DE DADOS EXTERNOS   #
+#                                                                              #
+# TL;DR: Alguns bancos de dados permitem instalar pacotes para gerenciamento   #
+#        por linha de comando sem precisar instalar o próprio banco de dados   #
+#------------------------------------------------------------------------------#
+
+##### MariaDB (apenas cliente) _________________________________________________
+### O objetivo aqui é ter do lado do cliente os pacotes mínimos para contectar
+### ao cluster Elevante Bornéu
+# @see elefante-borneu-yul-01.sh (arquivo de configuração dos Elevante Bornéu)
+
+sudo apt-get install software-properties-common
+sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
+sudo add-apt-repository 'deb [arch=amd64] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.3/ubuntu bionic main'
+
+# Em Águia Pescadora devemos instalar APENAS os cliente de MariaDB/MySQL
+sudo apt install mariadb-client
+
+## Teste se o usuario do haproxy consegue acessar
+mysql -h elefante-borneu-yul-01.etica.ai -u haproxy
+
+##### MongoDB lado do cliente (mongodb-org-shell, mongodb-org-tools) ___________
+# AVISO: instale APENAS 'mongodb-org-shell' e 'mongodb-org-tools'. Não é
+#        necessário instalar 'mongodb-org-server' ou o 'mongodb-org'
+
+## Configurar pacotes
+# @see https://docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu/#install-mongodb-community-edition-using-deb-packages
+sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
+echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
+sudo apt update
+
+sudo apt install mongodb-org-shell mongodb-org-tools
+
+##### Redis lado do cliente (redis-tools) ______________________________________
+sudo apt install redis-tools
+
+#### Testar com redis-cli
+redis-cli
+ping
+# Resposta deve ser: PONG
+set test "It's working!"
+get test
+# Resposta deve ser "It's working!"
+
+# Nota: pode testar também especificando o host (util para testar o HAProxy)
+# redis-cli -h elefante-borneu-yul-01.etica.ai
+
+#------------------------------------------------------------------------------#
+# SEÇÃO 5.0: BALANCEAMENTO DE CARGA PARA SERVIÇOS EXTERNOS COM HAPROXY         #
+#                                                                              #
+# TL;DR: alguns serviços importantes não são instalados nesta máquina, mas em  #
+#        algum servidor externo. Estratégias com uso de HAProxy podem permitir #
+#        abstração dessa complexidade para os usuarios                         #
+#------------------------------------------------------------------------------#
+
+##### HAProxy __________________________________________________________________
+
+sudo apt install haproxy
+
+vim /etc/haproxy/haproxy.cfg
+# Fazer ajustes...
+
+vim /etc/nginx/sites-available/haproxy.apa.etica.ai.conf
+# Adicione todas as customizacoes no arquivo acima...
+
+sudo ln -s /etc/nginx/sites-available/haproxy.apa.etica.ai.conf /etc/nginx/sites-enabled/
+sudo nginx -t
+sudo systemctl reload nginx
+
+sudo certbot --nginx -d haproxy.apa.etica.ai
+
+##### HAProxy, como testar atualizacoes ANTES de implementar -------------------
+
+# Use o comando a seguir para testar se o arquivo /etc/haproxy/haproxy.cfg
+# poderá impedir que dar reload cause falha critica
+sudo haproxy -f /etc/haproxy/haproxy.cfg -c
+#sudo service haproxy configtest
+
+# Então aplique usando reload (melhor do que usar sudo systemctl restart haproxy)
+sudo systemctl reload haproxy
+
+## Teste se o usuario do haproxy consegue acessar
+mysql -h elefante-borneu-yul-01.etica.ai -u haproxy
+
 
 #------------------------------------------------------------------------------#
 # SEÇÃO: OUTROS                                                                #

logbook/aguia-pescadora-alpha/etc/haproxy/haproxy.cfg

@@ -0,0 +1,138 @@
+global
+	log /dev/log	local0
+	log /dev/log	local1 notice
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+	stats timeout 30s
+	user haproxy
+	group haproxy
+	daemon
+
+	# Default SSL material locations
+	ca-base /etc/ssl/certs
+	crt-base /etc/ssl/private
+
+	# Default ciphers to use on SSL-enabled listening sockets.
+	# For more information, see ciphers(1SSL). This list is from:
+	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
+	# An alternative list with additional directives can be obtained from
+	#  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
+	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
+	ssl-default-bind-options no-sslv3
+
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+	errorfile 400 /etc/haproxy/errors/400.http
+	errorfile 403 /etc/haproxy/errors/403.http
+	errorfile 408 /etc/haproxy/errors/408.http
+	errorfile 500 /etc/haproxy/errors/500.http
+	errorfile 502 /etc/haproxy/errors/502.http
+	errorfile 503 /etc/haproxy/errors/503.http
+	errorfile 504 /etc/haproxy/errors/504.http
+
+# Load Balancing for Galera Cluster
+listen MariaDB-Galera-Cluster
+	bind 127.0.0.1:3306
+	balance leastconn
+	mode tcp
+	option tcplog
+	option mysql-check user haproxy
+	server elefante-borneu-yul-01 149.56.130.19:3306 maxconn 25 check weight 10
+	server elefante-borneu-yul-02 149.56.130.66:3306 maxconn 25 check weight 10
+	server elefante-borneu-yul-03 149.56.130.178:3306 maxconn 25 check weight 10
+
+#listen MongoDB-TestFakeCluster
+#	bind 127.0.0.1:27017
+#	balance leastconn
+#	option tcp-check
+#	option tcplog
+#	server elefante-borneu-yul-01 149.56.130.19:27017 maxconn 25 check weight 10
+#	server elefante-borneu-yul-02 149.56.130.66:27017 maxconn 25 check weight 10
+#	server elefante-borneu-yul-03 149.56.130.178:27017 maxconn 25 check weight 10
+
+listen MongoDB-01
+	bind 127.0.0.1:27017
+	balance leastconn
+	option tcp-check
+	option tcplog
+	server elefante-borneu-yul-01 149.56.130.19:27017 maxconn 25 check weight 10
+	#server elefante-borneu-yul-02 149.56.130.66:27017 maxconn 25 check weight 10
+	#server elefante-borneu-yul-03 149.56.130.178:27017 maxconn 25 check weight 10
+
+listen MongoDB-02
+	bind 127.0.0.1:27018
+	balance leastconn
+	option tcp-check
+	option tcplog
+	#server elefante-borneu-yul-01 149.56.130.19:27017 maxconn 25 check weight 10
+	server elefante-borneu-yul-02 149.56.130.66:27017 maxconn 25 check weight 10
+	#server elefante-borneu-yul-03 149.56.130.178:27017 maxconn 25 check weight 10
+
+listen MongoDB-03
+	bind 127.0.0.1:27018
+	balance leastconn
+	option tcp-check
+	option tcplog
+	#server elefante-borneu-yul-01 149.56.130.19:27017 maxconn 25 check weight 10
+	#server elefante-borneu-yul-02 149.56.130.66:27017 maxconn 25 check weight 10
+	server elefante-borneu-yul-03 149.56.130.178:27017 maxconn 25 check weight 10
+
+listen 'Redis-01'
+	bind 127.0.0.1:6379
+	balance leastconn
+	option tcp-check
+	tcp-check connect
+	tcp-check send PING\r\n
+	tcp-check expect string +PONG
+	#tcp-check send info\ replication\r\n
+	#tcp-check expect string role:master
+	tcp-check send QUIT\r\n
+	tcp-check expect string +OK
+	server elefante-borneu-yul-01 149.56.130.19:6379 maxconn 100 check weight 10
+	#server elefante-borneu-yul-02 149.56.130.66:6379 maxconn 100 check weight 10
+	#server elefante-borneu-yul-03 149.56.130.178:6379 maxconn 100 check weight 10
+
+listen 'Redis-02'
+	bind 127.0.0.1:6380
+	balance leastconn
+	option tcp-check
+	tcp-check connect
+	tcp-check send PING\r\n
+	tcp-check expect string +PONG
+	#tcp-check send info\ replication\r\n
+	#tcp-check expect string role:master
+	tcp-check send QUIT\r\n
+	tcp-check expect string +OK
+	#server elefante-borneu-yul-01 149.56.130.19:6379 maxconn 100 check weight 10
+	server elefante-borneu-yul-02 149.56.130.66:6379 maxconn 100 check weight 10
+	#server elefante-borneu-yul-03 149.56.130.178:6379 maxconn 100 check weight 10
+
+listen 'Redis-03'
+	bind 127.0.0.1:6381
+	balance leastconn
+	option tcp-check
+	tcp-check connect
+	tcp-check send PING\r\n
+	tcp-check expect string +PONG
+	#tcp-check send info\ replication\r\n
+	#tcp-check expect string role:master
+	tcp-check send QUIT\r\n
+	tcp-check expect string +OK
+	#server elefante-borneu-yul-01 149.56.130.19:6379 maxconn 100 check weight 10
+	#server elefante-borneu-yul-02 149.56.130.66:6379 maxconn 100 check weight 10
+	server elefante-borneu-yul-03 149.56.130.178:6379 maxconn 100 check weight 10
+
+listen stats
+	bind 127.0.0.1:1936
+	stats enable
+	stats hide-version
+	stats refresh 30s
+	stats show-node
+#	stats auth username:password
+	stats uri  /

logbook/aguia-pescadora-alpha/etc/nginx/nginx.conf

@@ -0,0 +1,85 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# SSL Settings
+	##
+
+	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
+	ssl_prefer_server_ciphers on;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+# 
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+# 
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+# 
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}

logbook/aguia-pescadora-alpha/etc/nginx/sites-available/EXEMPLO-PROXY.apa.etica.ai.conf

@@ -0,0 +1,14 @@
+# FILE:         /etc/nginx/sites-available/EXEMPLO-PROXY.abp.etica.ai.conf
+
+server {
+
+    listen 80;
+    listen [::]:80;
+
+    server_name EXEMPLO-PROXY.apb.etica.ai;
+
+    location / {
+        proxy_ignore_client_abort on;
+        proxy_pass   http://127.0.0.1:9999;
+    }
+}

logbook/aguia-pescadora-alpha/etc/nginx/sites-available/EXEMPLO-USUARIO.apa.etica.ai.conf

@@ -0,0 +1,16 @@
+# FILE:         /etc/nginx/sites-available/EXEMPLO-USUARIO.apb.etica.ai.conf
+
+server {
+
+    listen 80;
+    listen [::]:80;
+    root /home2/EXEMPLO-USUARIO/web/public_html;
+
+    index index.html;
+
+    server_name EXEMPLO-USUARIO.apb.etica.ai EXEMPLO-USUARIO.lb-ap.etica.ai;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}