Skip to content

Commit

Permalink
Merge pull request #507 from rspier/opdocs
Browse files Browse the repository at this point in the history
Minor doc updates and bootstrap cleanups
  • Loading branch information
rspier authored May 20, 2024
2 parents e15e29e + 0a4ec44 commit b935e72
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 2 deletions.
4 changes: 2 additions & 2 deletions bootstrap/selfconfig-root
Original file line number Diff line number Diff line change
Expand Up @@ -68,13 +68,13 @@ my @required_debs = qw(
libexpat1-dev
libgetopt-long-descriptive-perl
libpath-tiny-perl
libsasl2-modules
libssl-dev
nginx
python3-certbot-nginx
ufw
unzip
zlib1g-dev
libsasl2-modules
ufw
);

run_cmd(qw(apt-get -o DPkg::Lock::Timeout=60 install -y), @required_debs);
Expand Down
27 changes: 27 additions & 0 deletions doc/install-prod.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,17 @@ Install node exporter.
apt -y install prometheus-node-exporter
```

### General

You probably want to enable some non-default collectors. In
`/etc/default/prometheus-node-exporter`:

```
ARGS="--collector.systemd"
```

### nginx

Consider
[nginx-prometheus-exporter](https://github.com/nginxinc/nginx-prometheus-exporter).

Expand Down Expand Up @@ -95,13 +106,29 @@ server {

## Additional Configuration

### Fail2ban

Default fail2ban bantime is very short. Make it longer:

```
fail2ban-client start sshd
fail2ban-client set sshd bantime 86400
```

Make sure that fail2ban is reading logs. Run `fail2ban-client status
sshd`. If it's not failing any IPs, that's a sign it's not working.
The default backend of `auto` normally works, but may get confused if
`/var/log/auth.log` exists. If deleting `/var/log/auth.log` doesn't
work, or you want to force it to always read the journal... in
`/etc/fail2ban/jail.conf`:

```
[DEFAULT]
backend = systemd
```

### Package upgrades

Automatic security upgrades are a good idea, and probably outweigh
the risks.

Expand Down

0 comments on commit b935e72

Please sign in to comment.