Last active
January 9, 2020 04:10
-
-
Save thomashoneyman/ffdce56057c2a3260f88f97e6f88666b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| services.nginx = { | |
| enable = true; | |
| recommendedGzipSettings = true; | |
| recommendedOptimisation = true; | |
| recommendedProxySettings = true; | |
| recommendedTlsSettings = true; | |
| virtualHosts = { | |
| "${domain}" = { | |
| forceSSL = true; | |
| enableACME = true; | |
| root = "${frontend}/dist"; | |
| # Requests should otherwise attempt to resolve to a static file | |
| # or fall back to index.html | |
| locations."/" = { | |
| tryFiles = "$uri $uri/ /index.html"; | |
| }; | |
| # Requests to /api should be proxied to the Haskell server | |
| locations."/api" = { | |
| proxyPass = "http://127.0.0.1:${toString backendPort}"; | |
| }; | |
| }; | |
| "hydra.${domain}" = { | |
| forceSSL = true; | |
| enableACME = true; | |
| locations."/" = { | |
| proxyPass = "http://127.0.0.1:${toString hydraPort}"; | |
| }; | |
| }; | |
| }; | |
| }; | |
| services.hydra = { | |
| enable = true; | |
| listenHost = "127.0.0.1"; | |
| port = hydraPort; | |
| # TODO: document | |
| useSubstitutes = true; | |
| hydraURL = "https://hydra.${domain}"; | |
| notificationSender = "hydra@${domain}.com"; | |
| buildMachinesFiles = []; | |
| # Extra configuration to write to the Hydra.conf file | |
| extraConfig = '' | |
| <githubstatus> | |
| # A template string to use when applying the GitHub status | |
| jobs = prs:.*:.* | |
| github = api.github.com | |
| inputs = src | |
| authorization = ${github.owner} | |
| context = hydra | |
| </githubstatus> | |
| ''; | |
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 157.52.156.49 - - [09/Jan/2020:03:10:10 +0000] "CONNECT www.ceek.jp:443 HTTP/1.0" 400 150 "-" "-" | |
| 107.184.85.253 - - [09/Jan/2020:03:14:09 +0000] "GET / HTTP/2.0" 502 150 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" | |
| 107.184.85.253 - - [09/Jan/2020:03:18:03 +0000] "GET / HTTP/2.0" 502 150 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" | |
| 169.197.108.42 - - [09/Jan/2020:03:24:31 +0000] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" | |
| 169.197.108.42 - - [09/Jan/2020:03:24:32 +0000] "GET / HTTP/1.1" 200 180 "http://13.56.171.125/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" | |
| 107.184.85.253 - - [09/Jan/2020:03:37:01 +0000] "GET / HTTP/2.0" 502 150 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" | |
| 107.184.85.253 - - [09/Jan/2020:03:37:28 +0000] "GET / HTTP/2.0" 502 150 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" | |
| 107.184.85.253 - - [09/Jan/2020:03:37:39 +0000] "GET / HTTP/2.0" 502 150 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" | |
| 107.184.85.253 - - [09/Jan/2020:03:42:38 +0000] "GET / HTTP/1.1" 301 162 "-" "curl/7.65.3" | |
| 107.184.85.253 - - [09/Jan/2020:03:44:33 +0000] "GET / HTTP/2.0" 502 150 "-" "curl/7.65.3" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| * Trying 13.56.171.125:443... | |
| * TCP_NODELAY set | |
| * Connected to hydra.mydomain.com (13.56.171.125) port 443 (#0) | |
| * ALPN, offering h2 | |
| * ALPN, offering http/1.1 | |
| * TLSv1.3 (OUT), TLS handshake, Client hello (1): | |
| * TLSv1.3 (IN), TLS handshake, Server hello (2): | |
| * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): | |
| * TLSv1.3 (OUT), TLS handshake, Client hello (1): | |
| * TLSv1.3 (IN), TLS handshake, Server hello (2): | |
| * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): | |
| * TLSv1.3 (IN), TLS handshake, Certificate (11): | |
| * TLSv1.3 (IN), TLS handshake, CERT verify (15): | |
| * TLSv1.3 (IN), TLS handshake, Finished (20): | |
| * TLSv1.3 (OUT), TLS handshake, Finished (20): | |
| * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 | |
| * ALPN, server accepted to use h2 | |
| * Server certificate: | |
| * subject: CN=hydra.mydomain.com | |
| * start date: Jan 8 23:23:52 2020 GMT | |
| * expire date: Apr 7 23:23:52 2020 GMT | |
| * subjectAltName: host "hydra.mydomain.com" matched cert's "hydra.mydomain.com" | |
| * issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3 | |
| * SSL certificate verify ok. | |
| * Using HTTP2, server supports multi-use | |
| * Connection state changed (HTTP/2 confirmed) | |
| * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 | |
| * Using Stream ID: 1 (easy handle 0x1a20070) | |
| > GET / HTTP/2 | |
| > Host: hydra.mydomain.com | |
| > User-Agent: curl/7.65.3 | |
| > Accept: */* | |
| > | |
| * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): | |
| * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): | |
| * old SSL session ID is stale, removing | |
| * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! | |
| < HTTP/2 502 | |
| < server: nginx | |
| < date: Thu, 09 Jan 2020 03:44:33 GMT | |
| < content-type: text/html | |
| < content-length: 150 | |
| < | |
| <html> | |
| <head><title>502 Bad Gateway</title></head> | |
| <body> | |
| <center><h1>502 Bad Gateway</h1></center> | |
| <hr><center>nginx</center> | |
| </body> | |
| </html> | |
| * Connection #0 to host hydra.mydomain.com left intact |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2020/01/08 19:47:16 [warn] 724#724: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/var/lib/acme/mydomain.com/fullchain.pem" | |
| 2020/01/08 19:47:18 [warn] 761#761: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/var/lib/acme/mydomain.com/fullchain.pem" | |
| 2020/01/08 20:19:36 [warn] 720#720: "ssl_stapling" ignored, no OCSP responder URL in the certificate "/var/lib/acme/hydra.mydomain.com/fullchain.pem".pem" | |
| ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Jan 09 04:05:57 server systemd[1]: Started hydra-server.service. | |
| Jan 09 04:06:15 server hydra-server[9911]: [warn] Unicode::Encoding plugin is auto-applied, please remove this from your appclass and make sure to define "encoding" config | |
| Jan 09 04:06:41 server hydra-server[9911]: DEPRECATION WARNING: The Regex dispatch type is deprecated. | |
| Jan 09 04:06:41 server hydra-server[9911]: It is recommended that you convert Regex and LocalRegex | |
| Jan 09 04:06:41 server hydra-server[9911]: methods to Chained methods. at /nix/store/ifld654fq0l7lbfards21rg7dqcr5imq-hydra-perl-deps/lib/perl5/site_perl/5.30.0/Catalyst/DispatchType/Regex.pm line 210. | |
| Jan 09 04:06:56 server hydra-server[9911]: 2020/01/09-04:06:55 Starman::Server (type Net::Server::PreFork) starting! pid(9911) | |
| Jan 09 04:06:56 server hydra-server[9911]: Binding to TCP port 3000 on host 127.0.0.1 with IPv4 | |
| Jan 09 04:06:56 server hydra-server[9911]: Setting gid to "122 122 122" | |
| Jan 09 04:06:56 server hydra-server[9911]: Starman: Accepting connections at http://127.0.0.1:3000/ | |
| Jan 09 04:06:56 server hydra-server[9911]: 2020/01/09-04:06:56 Bad fork [Cannot allocate memory] | |
| Jan 09 04:06:56 server hydra-server[9911]: at line 167 in file /nix/store/ifld654fq0l7lbfards21rg7dqcr5imq-hydra-perl-deps/lib/perl5/site_perl/5.30.0/Net/Server/PreFork.pm | |
| Jan 09 04:06:56 server hydra-server[9911]: 2020/01/09-04:06:56 Received QUIT. Running a graceful shutdown | |
| Jan 09 04:06:56 server hydra-server[9911]: 2020/01/09-04:06:56 Worker processes cleaned up | |
| Jan 09 04:06:56 server hydra-server[9911]: 2020/01/09-04:06:56 Server closing! | |
| Jan 09 04:06:57 server systemd[1]: hydra-server.service: Succeeded. | |
| Jan 09 04:06:57 server systemd[1]: hydra-server.service: Consumed 51.178s CPU time, no IP traffic. | |
| Jan 09 04:06:57 server systemd[1]: hydra-server.service: Service RestartSec=100ms expired, scheduling restart. | |
| Jan 09 04:06:57 server systemd[1]: hydra-server.service: Scheduled restart job, restart counter is at 2. | |
| Jan 09 04:06:57 server systemd[1]: Stopped hydra-server.service. | |
| Jan 09 04:06:57 server systemd[1]: hydra-server.service: Consumed 51.178s CPU time, no IP traffic. | |
| Jan 09 04:06:57 server systemd[1]: Started hydra-server.service. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@:~]# netstat -anp | grep LIST | egrep '80|443' | |
| tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 9263/nginx: master | |
| tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 9263/nginx: master | |
| tcp6 0 0 :::80 :::* LISTEN 9263/nginx: master | |
| tcp6 0 0 :::443 :::* LISTEN 9263/nginx: master | |
| unix 2 [ ACC ] STREAM LISTENING 23533 807/python2.7 /run/fail2ban/fail2ban.sock |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@:~]# netstat -anp | grep nginx | |
| tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 9263/nginx: master | |
| tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 9263/nginx: master | |
| tcp6 0 0 :::80 :::* LISTEN 9263/nginx: master | |
| tcp6 0 0 :::443 :::* LISTEN 9263/nginx: master | |
| unix 3 [ ] STREAM CONNECTED 404443 9263/nginx: master | |
| unix 3 [ ] STREAM CONNECTED 404442 9263/nginx: master | |
| unix 3 [ ] STREAM CONNECTED 399775 9263/nginx: master |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ● hydra-server.service | |
| Loaded: loaded (/nix/store/x4cb0wc1vjrskybdffjd69a82zn9pf6x-unit-hydra-> | |
| Active: active (running) since Thu 2020-01-09 03:59:49 UTC; 49s ago | |
| Main PID: 9786 (.hydra-server-w) | |
| IP: 0B in, 0B out | |
| Tasks: 1 | |
| Memory: 133.5M | |
| CPU: 38.839s | |
| CGroup: /system.slice/hydra-server.service | |
| └─9786 /nix/store/4jgv6q38ac1wsigy0gnc1x9nsfjqmby9-perl-5.30.0/> | |
| Jan 09 03:59:49 server systemd[1]: hydra-server.service: Consumed 51.406s > | |
| Jan 09 03:59:49 server systemd[1]: Started hydra-server.service. | |
| Jan 09 04:00:12 server hydra-server[9786]: [warn] Unicode::Encoding plugin> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment