Server

I will leave a note about when I wanted to split nginx logs every hour while compressing them with zstd using logrotate. Overview Simply putting the settings in /etc/logrotate.conf or /etc/logrotate.d/ will basically execute it with the daily CRON of /etc/cron.daily/logrotate. This time, since I want to rotate logs every hour, I prepared a separate logrotate setting and made it run using the timer function of systemd. Enabling zstd # apt install zstd Zstandard Wikipedia logrotate I will create /etc/logrotate-nginx. …

This is a note about using global IP addresses directly on LXD containers or assigning local switch IP addresses directly in Sakura Cloud. We will be building this on Ubuntu 20.04. Configuration Directly connected to the router + switch Two disks: one for the VM OS and one for the LXD containers Setup The OS installation steps are omitted. We use the Ubuntu 20.04.01 LTS archive image provided by Sakura Cloud. …

This is a note about experiencing kernel panic in an environment using jail+epair+bridge (VIMAGE) on FreeBSD 12.2. Environment vtnet0 => bridge0 => epair0a => jail(epair0b) Various settings are written in jail.conf, and processes to remove the epair from the bridge and delete the epair are included in exec.poststop. exec.poststop ="/sbin/ifconfig bridge0 deletem epair1a"; exec.poststop+="/sbin/ifconfig epair1a destroy"; Stopping this jail environment caused kernel panic about once every 2-3 attempts. Fatal trap 12: page fault while in kernel mode cpuid = 3; apic id = 03 fault virtual address = 0x410 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80b9f237 stack pointer = 0x28:0xfffffe003369c370 frame pointer = 0x28:0xfffffe003369c3f0 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 4456 (ifconfig) trap number = 12 panic: page fault cpuid = 3 time = 1612947580 KDB: stack backtrace: #0 0xffffffff80c0aa85 at kdb_backtrace+0x65 #1 0xffffffff80bbed3b at vpanic+0x17b #2 0xffffffff80bbebb3 at panic+0x43 #3 0xffffffff8108e911 at trap_fatal+0x391 #4 0xffffffff8108e96f at trap_pfault+0x4f #5 0xffffffff8108dfb6 at trap+0x286 #6 0xffffffff81066938 at calltrap+0x8 #7 0xffffffff80bb9591 at _rm_rlock_hard+0x3c1 #8 0xffffffff80ce5ce6 at rtinit+0x2a6 #9 0xffffffff80d3873e at in_scrubprefix+0x29e #10 0xffffffff80d5001d at rip_ctlinput+0x8d #11 0xffffffff80c4922c at pfctlinput+0x5c #12 0xffffffff80cbb4fa at if_down+0x12a #13 0xffffffff80cb90d0 at if_detach_internal+0x150 #14 0xffffffff80cb8df0 at if_detach+0x50 #15 0xffffffff8297ebb1 at epair_clone_destroy+0x81 #16 0xffffffff80cc0c4d at if_clone_destroyif+0xdd #17 0xffffffff80cc0b12 at if_clone_destroy+0x1a2 Uptime: 3m28s 55 __asm("movq %%gs:%P1,%0" : "=r" (td) : "n" (offsetof(struct pcpu, (kgdb) #0 doadump () at src/sys/amd64/include/pcpu_aux. …

Leaving this as a personal memo because I forget every time. How to Take FreeBSD Crash Dumps Add dump settings to /etc/rc.conf dumpdev="/dev/vtbd0p3" dumpdir="/var/crash" Assign the swap area to dumpdev. Check the device assigned to swap with swapinfo. # swapinfo Device 1K-blocks Used Avail Capacity /dev/vtbd0p3 4194264 0 4194264 0% It seems dumpdev="AUTO" also works. If it’s a one-time thing, you can execute it as follows: dumpon /dev/vtbd0p3 Check the current settings # dumpon -v -l kernel dumps on vtbd0p3 …

Personal notes from the past. In Apache 2.4, you can still use Allow and Deny for ACL settings with mod_access_compat. Rewriting ACL from Apache 2.2 to 2.4 Allowing All Apache 2.2 <Directory "/home/www"> Order allow,deny Allow from all </Directory> Apache 2.4 <Directory "/home/www"> Require all granted </Directory> Denying All Apache 2.2 <Directory "/home/www"> Order deny,allow Deny from all </Directory> Apache 2.4 <Directory "/home/www"> Require all denied </Directory> Allowing Specific IP Address Apache 2. …

Personal notes on frequently used and easily forgotten network commands. Checking Operation Linux FreeBSD Check interfaces ip link show ifconfig -l Check interfaces (including addresses) ip addr ifconfig Check interface packet counters ip -s link dev netstat -idb -I ARP table ip -4 neighbor arp -a IPv6 neighbor table ip -6 neighbor ndp -a Bridge Operation Linux FreeBSD Add interface brctl addif br0 eth0 ifconfig bridge0 addm vtnet0 Remove interface brctl delif br0 eth0 ifconfig bridge0 deletem vtnet0 Create bridge interface brctl addbr br0 ip link set up dev br0 ifconfig bridge0 create ifconfig bridge0 up Delete bridge interface ip link set down dev br0 brctl delbr br0 ifconfig bridge0 down ifconfig bridge0 destroy VLAN Operation Linux FreeBSD Create VLAN interface ip link add link eth0 name eth0. …

This article is the 13th entry in the Sakura Internet Advent Calendar 2020. Content Protection Using One-Time URL When distributing content to a specific group, it often involves downloading content after password authentication. However, when using it with a CDN, BASIC authentication might not be available, and changing the URL can result in the cache being treated as a different entity, making CDN utilization difficult. Web Accelerator has a One-Time URL feature, which I’ll introduce for content protection. …

This content was moved from Qiita. While it’s common to deliver images and other content with S3 + CloudFront, if the delivery target is limited to Japan, it might be cheaper to use S3 + Sakura Cloud’s CDN service, Web Accelerator. So, let’s set it up. I haven’t verified if the actual billing will be cheaper. The delivery fee for CloudFront is 0.140 USD (15.8 yen as of December 28, 2017) per GiB in Japan, so Web Accelerator, which costs 5 yen (including tax) per GiB, seems cheaper. …

This content was moved from Qiita. Configuration Notes for Ubuntu 18.04 Personal notes on changes in Ubuntu versions that caught my attention. Changing the Hostname # hostnamectl set-hostname sv1.example.jp Setting up iptables With netplan, it doesn’t work well with if-pre-up.d? Using iptables-persistent works well. # apt install iptables-persistent # <configure iptables> # iptables-save > /etc/iptables/rules.v4 # ip6tables-save > /etc/iptables/rules.v6 Configuring netplan Place the file in yaml format in /etc/netplan/*.yaml network: ethernets: ens3: addresses: - 192. …

This content has been moved from Qiita. Let’s use Let’s Encrypt with Sakura Cloud Web Accelerator. Update (2021/01/29) The Web Accelerator now has an auto-renewal feature for Let’s Encrypt, so there’s no need for the following efforts anymore! 🎉 Announcing Automatic Renewal of Let’s Encrypt Certificates on Web Accelerator Using Automatic Renewal Certificates for Let’s Encrypt on Web Accelerator Overview When using a custom domain with Sakura Cloud Web Accelerator, you can enable SSL (including HTTP2 support) by installing an SSL certificate. …