One place for hosting & domains

      Quickstart

      How To Deploy a Static Site from GitHub with DigitalOcean App Platform [Quickstart]


      Introduction

      If you’ve built a static website in a local environment, the next step is to decide how to publish it to the web. One way to publish your site is to deploy it as an application through DigitalOcean App Platform, which allows developers to publish code directly to DigitalOcean servers without worrying about the underlying infrastructure. App Platform offers free hosting for your first three static sites.

      In this tutorial, you will deploy a static website with App Platform from a GitHub repository. To follow along, you should have your website files hosted in a GitHub repository that you own. If you need instructions for hosting files in a GitHub repository and creating a GitHub account, please visit our our more in-depth tutorial How To Deploy a Static Website to the Cloud with DigitalOcean App Platform. By the end of this tutorial, you should have a published website and an understanding of how to deploy websites to the cloud from a GitHub repository with App Platform.

      Prerequisites

      • A GitHub account.
      • Files for a static website in a GitHub repository that you own. You may also clone our sample static website repository for testing purposes.
      • A credit card or Paypal account for signing up with DigitalOcean’s cloud service. You will not be charged for your first three sites.

      Step 1 — Create Your DigitalOcean Account

      To create a DigitalOcean account, visit the sign up page and choose among the following options:

      • Entering an email address and password
      • Using Google Single Sign On
      • Using GitHub Single Sign On

      If you choose to use an email address and password, you will need to verify your email address using the link included in the email that is automatically sent to you after registration.

      Note that you will need to enter a payment method to verify your identity. This is a required step that helps to keep spammers out. You will not be charged. You may see a temporary pre-authorization charge to verify the card, which will be reversed within a week.

      Once you have verified your account, you should be able to access the DigitalOcean App Platform. For complete documentation about signing up for a DigitalOcean account, please visit our guide Sign up for a DigitalOcean Account.

      You are now ready to proceed to the next step.

      Step 2 — Deploy Your Website with DigitalOcean App Platform

      In this step we’ll deploy our static website with App Platform.

      First, visit the DigitalOcean App Platform portal and click on the blue “Launch Your App” button:

      App Platform Portal

      On the next page, you will be prompted to select your GitHub repository. Since you have not yet connected your App Platform account to your GitHub account, you’ll need to click on the “Link Your GitHub Account” button:

      App Platform webpage with first step of deloying an app

      You will then be prompted to sign into your GitHub account (if you aren’t already signed in) and select the account that you want to connect to App Platform. Once selected, you will be directed to a page where you can select which repositories to permit App Platform to access. Click the “Only select repositories” button and select the repository that you wish to push to App Platform.

      GitHub webpage where users select repository to connect to the App Platform

      When you are done, click the “Save” button at the bottom of the webpage. You will now be directed back to App Platform, where you should now be able to select your repository in the dropdown menu:

      App Platform webpage displaying menu for selecting repository

      After selecting your repository, click “Next.” You will then be prompted to choose the name, branch, and options for Autodeploy. If the Autodeploy box is checked, any future changes you make to your repository files will be immediately pushed to your live site. Make your selections and click “Next”:

      Choosing name and branch of repository window on the App Platform

      Next, you will be taken to a page where you can configure your App. This page should automatically detect your component type as a “Static Site”:

      App Platform webpage for configuring your app

      You should not need to make any changes on this page. Scroll down and click the blue button “Next” at the bottom of the page. You will be directed to a new window where you can select the “Starter” plan if you’d like to deploy this site as one of your free three static sites:

      App Platform page for selecting payment plan

      Select your desired plan and click the “Launch Your Starter App” button. You will be directed to your app’s admin page. When your app is finished deploying, you will see the “Deployed Successfully!” message:

      Admin page for app on App Platform.

      You will also see a link under your app’s name at the top of the page. Click on the link to make sure your site is working properly. You should be directed to a new web page with your published website. If your site is not appearing, go back and check for errors.

      Your static site should now be published to the web through App Platform. Anyone with the app link will be able to access your site. If you’d like to add a custom domain to your site, please visit our How To Manage Custom Domains guide in App Platform product documentation.

      Conclusion

      In this tutorial, you have learned how to deploy a static site from GitHub to the DigitalOcean App Platform. If you kept the “Automatically deploy on push” option selected in Step 2, any changes you make to your GitHub repository will be automatically pushed to your site. If you did not select that option, you can deploy your changes by returning to your App’s admin page and clicking the “Deploy” button in the upper right hand corner.

      For further information about App Platform, please visit the official App Platform product documentation and App Platform How To Manage Static Sites. Remember, you can host up to three free static sites. If you wish to delete your app, follow the instructions in the section Destroy an App in the product documentation.



      Source link

      How To Configure HAProxy Logging with Rsyslog on CentOS 8 [Quickstart]


      Introduction

      HAProxy, which stands for High Availability Proxy, is a widely used TCP and HTTP-based proxy server that runs on Linux, Solaris, and FreeBSD. It is used to load balance applications by distributing requests between multiple servers, and to ensure that applications are highly available for users.

      By default on many CentOS 8 installations, HAProxy is not configured to write its log output to a file. This quickstart tutorial will explain how to configure HAProxy logging with Rsyslog by using a Unix domain socket for reliability, speed, and security.

      Prerequisites

      To complete this tutorial, you will need a server running CentOS 8. This server should have a non-root user with administrative privileges. To set this up, follow the Initial Server Setup guide for CentOS 8 tutorial.

      Step 1 — Installing and Enabling HAProxy

      To install HAProxy, run the following dnf command:

      When you are prompted Is this ok [y/N]: enter y and press RETURN to install the package.

      Once you have installed HAProxy, enable and start it using the systemctl command:

      • sudo systemctl enable haproxy.service

      You should receive the following output:

      Output

      Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.

      With the HAProxy service now enabled, you can start it up to ensure that it runs with a default configuration on your server:

      • sudo systemctl start haproxy.service

      Next examine HAProxy’s status to make sure it is running:

      • sudo systemctl status haproxy.service

      You should receive output like the following. Note the highlighted active (running) portion of the output. If your server shows the same highlighted section then HAProxy is running correctly on your server and you can proceed with configuring logging.

      Output

      ● haproxy.service - HAProxy Load Balancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2020-09-09 21:16:39 UTC; 4min 39s ago Process: 21340 ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q (code=exited, status=0/SUCCESS) Main PID: 21341 (haproxy) Tasks: 2 (limit: 2881) Memory: 2.7M CGroup: /system.slice/haproxy.service ├─21341 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid . . .

      If your output is different, or the status shows something like Active: failed, then follow the troubleshooting steps in the HAproxy Common Errors Series Introduction tutorial to determine what is preventing HAProxy from starting correctly.

      Once you have confirmed that HAProxy is enabled and running, you can continue to the next step, which is configuring HAProxy’s logging directives.

      Step 2 — Configuring HAProxy Logging Directives

      To configure HAProxy’s logging directives, open /etc/haproxy/haproxy.cfg in vi or your preferred editor:

      • sudo vi /etc/haproxy/haproxy.cfg

      Press i to switch to INSERT mode, then find the line log 127.0.0.1 local2 and comment it out by adding a # character to the beginning of the line, as highlighted in the following example:

      /etc/haproxy/haproxy.cfg

      . . .
      # 2) configure local2 events to go to the /var/log/haproxy.log
      #   file. A line like the following can be added to
      #   /etc/sysconfig/syslog
      #
      #    local2.*                       /var/log/haproxy.log
      #
          #log         127.0.0.1 local2
      
          chroot      /var/lib/haproxy
          pidfile     /var/run/haproxy.pid
      . . .
      

      Now add a line directly after the commented out line with the following contents:

          log         /dev/log local0
      

      The entire section of /etc/haproxy/haproxy.cfg that you edited should contain the following lines:

      /etc/haproxy/haproxy.cfg

      . . .
      #    local2.*                       /var/log/haproxy.log
      #
           #log         127.0.0.1 local2
           log         /dev/log local0
      
           chroot      /var/lib/haproxy
           pidfile     /var/run/haproxy.pid
      . . .
      

      The chroot line is important, because it restricts the HAProxy process to accessing files in the /var/lib/haproxy directory only. The log /dev/log local0 line will create a file inside that directory that Rsyslog will use to collect log entries from.

      Once you are finished editing the log lines in /etc/haproxy/haproxy.cfg, save and close the file by pressing ESC, typing :wq, and pressing ENTER.

      The last step that you need to complete in this section is to create the /var/lib/haproxy/dev directory since it does not exist by default.

      Create the directory using the mkdir command and then restart HAProxy:

      • sudo mkdir /var/lib/haproxy/dev
      • sudo systemctl restart haproxy.service

      You have now configured HAProxy to send its logs to a Unix domain socket that resides in /var/lib/haproxy/dev/log. In the next step, you will configure Rsyslog to create and access the socket.

      Step 3 — Configuring Rsyslog to Collect HAProxy Logs

      Rsyslog’s default configuration on CentOS 8 does not handle HAProxy logs. To collect logs from the HAProxy service, open a new file /etc/rsyslog.d/99-haproxy.conf using vi or your preferred editor:

      • sudo vi /etc/rsyslog.d/99-haproxy.conf

      Press i to switch to INSERT mode, then paste the following lines into the file:

      /etc/rsyslog.d/99-haproxy.conf

      $AddUnixListenSocket /var/lib/haproxy/dev/log
      
      # Send HAProxy messages to a dedicated logfile
      :programname, startswith, "haproxy" {
        /var/log/haproxy.log
        stop
      }
      

      The $AddUnixListenSocket directive tells Rsyslog to create a Unix domain socket in the specified location, in this case /var/lib/haproxy/dev/log. The :programname, startswith, "haproxy" section specifies the file where Rsyslog will write the log entries to that it collects from the socket.

      Once you are finished editing /etc/rsyslog.d/99-haproxy.conf, save and close the file by pressing ESC, typing :wq, and pressing ENTER.

      You have now configured Rsyslog to read log entries from the Unix domain socket in /var/lib/haproxy/dev/log and write them to a log file in /var/log/haproxy.log.

      However, before restarting Rsyslog you will need to determine if SELinux is enforcing access control on your CentOS 8 system.

      To check SELinux’s current policy, run the following:

      You will receive one of the following outputs:

      • Enforcing – In this mode, SELinux is enforcing access controls on your system. You will need to complete the following optional Step 4 — Configuring SELinux section.
      • Permissive – In this case, SELinux logs all access attempts to its log file, but does not enforce access controls on your system.
      • Disabled – If SELinux is disabled, then it is not logging or enforcing any access control policies on your system.

      If the getenforce command returned either Permissive or Disabled, then you can restart Rsyslog with the following command:

      • sudo systemctl restart rsyslog

      Once you restart Rsyslog, you will be able to view logs in the /var/log/haproxy.log file that you configured in /etc/rsyslog.d/99-haproxy.conf. Proceed to Step 5 — Testing HAProxy Logging to make sure that everything is working as expected.

      Otherwise, if your system is running SELinux in Enforcing mode, then the next section of this tutorial explains how to add a module to allow Rsyslog and HAProxy to communicate with each other over their shared Unix domain socket.

      Step 4 — (Optional) Configuring SELinux

      If your CentOS 8 system is configured with SELinux in Enforcing mode, then you will need to allow Rsyslog access to HAProxy’s chroot directory. Allowing this access will let Rsyslog create the Unix domain socket that HAproxy will send its logs to.

      If you are not familiar with SELinux, this tutorial series An Introduction to SELinux on CentOS 7 will help you learn how to manage and interact with SELinux. Although it is written for CentOS 7, the principles and commands in the series are equally applicable to CentOS 8.

      To enable Rsyslog and HAProxy access to their shared socket, the first task is to create a Type Enforcement policy file. Open a new file called rsyslog-haproxy.te in vi or your preferred editor:

      Press i to switch to INSERT mode, then paste the following lines into the file:

      rsyslog-haproxy.te

      module rsyslog-haproxy 1.0;
      
      require {
          type syslogd_t;
          type haproxy_var_lib_t;
          class dir { add_name remove_name search write };
          class sock_file { create setattr unlink };
      }
      
      #============= syslogd_t ==============
      allow syslogd_t haproxy_var_lib_t:dir { add_name remove_name search write };
      allow syslogd_t haproxy_var_lib_t:sock_file { create setattr unlink };
      

      The first line defines the module name and version. The require portion tells the SELinux module loader about the types and classes that are required for the policy to be loaded as a module. The last two lines are the rules that allow Rsyslog access to HAProxy’s chroot and socket file respectively.

      When you are done editing the file, save and close it by pressing ESC, typing :wq, and pressing ENTER.

      Next, run the following command to install the checkpolicy package, which contains the checkmodule utility that you will use to turn the Type Enforcement file into an SELinux module.

      • sudo dnf install checkpolicy

      Now that you have the checkmodule tool installed, the next step is to compile the module and then load it into SELinux. Run the following to compile the Type Enforcement file into an SELinux module:

      • checkmodule -M -m rsyslog-haproxy.te -o rsyslog-haproxy.mod

      Next, run semodule_package to generate a complete policy package that SELinux can load into the Linux kernel:

      • semodule_package -o rsyslog-haproxy.pp -m rsyslog-haproxy.mod

      The final step is to load the package that you generated into the Linux kernel using the semodule command:

      • sudo semodule -i rsyslog-haproxy.pp

      Adding the module may take a few seconds. Once the command completes you can confirm that the module is loaded into the kernel by running the semodule command:

      • sudo semodule -l |grep rsyslog-haproxy

      You should receive output like the following:

      Output

      rsyslog-haproxy

      Once the module is loaded you can restart Rsyslog with the following command:

      • sudo systemctl restart rsyslog

      You have now defined, compiled, and loaded an SELinux policy that will allow HAProxy and Rsyslog to communicate over their shared socket.

      In the next step you will test that everything works by making an HTTP request to HAProxy and examining its new log file.

      Step 5 — Testing HAProxy Logging

      Now that you have configured HAProxy, Rsyslog, and optionally SELinux, you can test that logging to /var/log/haproxy.log is working.

      By default the haproxy package ships with a configuration file that creates an HTTP listener socket on port 5000. The configuration points to a non-existent backend server, so any request to the port will result in an HTTP 503 error.

      To check for a 503 error in your /var/log/haproxy.log file, first generate an HTTP request using curl like this:

      • curl -si http://127.0.0.1:5000

      You should receive output like the following:

      Output

      HTTP/1.0 503 Service Unavailable Cache-Control: no-cache Connection: close Content-Type: text/html <html><body><h1>503 Service Unavailable</h1> No server is available to handle this request. </body></html>

      Now examine /var/log/haproxy.log for any HTTP 503 responses using the grep command:

      • sudo grep -E ‘NOSRV.+503’ /var/log/haproxy.log

      Note: The NOSRV.+503 portion of the command is a regular expression. This tutorial on Using Grep & Regular Expressions to Search for Text Patterns in Linux
      goes into more depth on using grep and regular expressions.

      You should receive a line (or multiple lines) like the following:

      [secondary_label Output
      Sep 9 21:32:22 centos-s-1vcpu-1gb-nyc3-01 haproxy[4451]: 127.0.0.1:56024 [9/Sep/2020:21:32:22.098] main app/<NOSRV> 0/-1/-1/-1/0 503 212 - - SC-- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
      

      This line corresponds to the curl request that you made, which means that Rsyslog and HAProxy are configured to use their shared socket correctly.

      Conclusion

      In this quickstart tutorial, you configured HAProxy to log to a Unix domain socket. You also set up Rsyslog to create and read from the socket so that the two programs can communicate with each other without opening up any TCP/IP ports on your system. Finally, you optionally compiled, packaged, and loaded an SELinux policy to allow Rsyslog and HAProxy shared access to their socket.



      Source link

      How To Create a New Sudo-enabled User on Ubuntu 20.04 [Quickstart]


      Not using Ubuntu 20.04?


      Choose a different version or distribution.

      Introduction

      When managing a server, you’ll sometimes want to allow users to execute commands as “root,” the administrator-level user. The sudo command provides system administrators with a way to grant administrator privileges — ordinarily only available to the root user — to normal users.

      In this tutorial, you’ll learn how to create a new user with sudo access on Ubuntu 20.04 without having to modify your server’s /etc/sudoers file.

      Note: If you want to configure sudo for an existing user, skip to step 3.

      Step 1 — Logging Into Your Server

      SSH in to your server as the root user:

      • ssh root@your_server_ip_address

      Step 2 — Adding a New User to the System

      Use the adduser command to add a new user to your system:

      Be sure to replace sammy with the username that you want to create. You will be prompted to create and verify a password for the user:

      Output

      Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully

      Next, you’ll be asked to fill in some information about the new user. It is fine to accept the defaults and leave this information blank:

      Output

      Changing the user information for sammy Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n]

      Step 3 — Adding the User to the sudo Group

      Use the usermod command to add the user to the sudo group:

      Again, be sure to replace sammy with the username you just added. By default on Ubuntu, all members of the sudo group have full sudo privileges.

      Step 4 — Testing sudo Access

      To test that the new sudo permissions are working, first use the su command to switch to the new user account:

      As the new user, verify that you can use sudo by prepending sudo to the command that you want to run with superuser privileges:

      For example, you can list the contents of the /root directory, which is normally only accessible to the root user:

      The first time you use sudo in a session, you will be prompted for the password of that user’s account. Enter the password to proceed:

      Output:

      [sudo] password for sammy:

      Note: This is not asking for the root password! Enter the password of the sudo-enabled user you just created.

      If your user is in the proper group and you entered the password correctly, the command that you issued with sudo will run with root privileges.

      Conclusion

      In this quickstart tutorial, we created a new user account and added it to the sudo group to enable sudo access.

      For your new user to be granted external access, please follow our section on Enabling External Access for Your Regular User.

      If you need more detailed information on setting up an Ubuntu 20.04 server, please read our Initial Server Setup with Ubuntu 20.04 tutorial.



      Source link