Mirror server K - linuxvn/about GitHub Wiki

WARNING: This is WIP

General information

  • Server shortname: k
  • Server internal hostname: toshiba
  • Public Address: http://f.archlinuxvn.org/
  • Services: Mirror, web services (archlinuxvn.org, theslinux.com, viettug.org, some legacy archives and personal sites)
  • Web server: nginx, static files

Firewall specification

Outgoing connections

  • Connecting to ArchLinux to check mirror's ranking (score), provide http://f.archlinuxvn.org/config/status.json
  • Connecting to ArchLinux/BlackArch/ArchArm/SlitTaz tier-2 mirrors (via rsync)
  • ntpd servers
  • Dnscrypt-proxy servers (a lot)
  • Telegram API connections (for bots)
  • Connecting to normal ArchLinux mirrors (self-update with pacman)
  • Cloudflare API server (dynamic dns)
  • Inter/Local connections
  • Something missing, FIXME

Incoming connections

  • inter/local connections (e.g, dns)
  • http connection (from the world)
  • ssh connections (from the world/any from bastion)

Sudo settings

  • All sudo commands have NOPASSWD tag
  • Backup script need root file system access, currently via pi user
  • Admin can switch to mirror's users via sudo su - <user>
  • We also provide some system specific task to Admin thanks to sudo

Management software

  • ufw, easy to maintain and avoid conflicts with Docker (potential)
  • iptables: FIXME

Other information

  • Timezone, fixed in UTC. Application can choose its timezone to display (e.g., UTC+7)
  • Ansible script: We will develop some simple Ansible scripts for server tuning
  • Something that I missing. FIXME
  • All cronjob settings are given in /etc/cron.d/mine. Some quick cronjob setting should be migrated to that file in long term.

Troubleshooting

Mirror out-of-sync

Check upstream status, starting from this page https://www.archlinux.org/mirrors/status/

If the upstream is good, make sure the cronie is working well.

$ journalctl  -u cronie -o cat \
  | grep /home/www/system/archlinux/bin/cron.sh -A  6 --color
--
(mirror) CMD (rolo -p 1235 /home/www/system/archlinux/bin/cron.sh)
(mirror) CMDOUT (20190322-001902: PID file does exist /home/www/system/archlinux//var/archlinux//cron.sh.pid)
pam_unix(crond:session): session closed for user mirror
(root) CMD (  /root/dns/update.sh)
pam_unix(crond:session): session opened for user mirror by (uid=0)
(mirror) CMD (rolo -p 8731 -a 127.0.0.1 --no-bind ssh -fN gtnew)
(root) CMDOUT (:: updating f...)
--
(mirror) CMD (rolo -p 1235 /home/www/system/archlinux/bin/cron.sh)
(mirror) CMDOUT (20190322-011901: PID file does exist /home/www/system/archlinux//var/archlinux//cron.sh.pid)
pam_unix(crond:session): session closed for user mirror
(root) CMD (  /root/dns/update.sh)
pam_unix(crond:session): session opened for user mirror by (uid=0)
(mirror) CMD (rolo -p 8731 -a 127.0.0.1 --no-bind ssh -fN gtnew)
(root) CMDOUT (:: updating f...)
⚠️ **GitHub.com Fallback** ⚠️