From b30dacc6febad8d17e96ccbf01ec5286384dc32d Mon Sep 17 00:00:00 2001 From: "Yann Esposito (Yogsototh)" Date: Sun, 4 Aug 2019 13:15:47 +0200 Subject: [PATCH] goaccess service --- goaccess/README.org | 14 +++++ goaccess/etc/systemd/system/goaccess.service | 13 +++++ goaccess/nginx/sites-available/stats.esy.fun | 59 ++++++++++++++++++++ goaccess/root/serve-stats.sh | 2 + 4 files changed, 88 insertions(+) create mode 100644 goaccess/README.org create mode 100644 goaccess/etc/systemd/system/goaccess.service create mode 100644 goaccess/nginx/sites-available/stats.esy.fun create mode 100755 goaccess/root/serve-stats.sh diff --git a/goaccess/README.org b/goaccess/README.org new file mode 100644 index 0000000..151d869 --- /dev/null +++ b/goaccess/README.org @@ -0,0 +1,14 @@ +* goaccess service + +** Version + + #+begin_src +> goaccess --version +GoAccess - 1.3. +For more details visit: http://goaccess.io +Copyright (C) 2009-2016 by Gerardo Orellana + +Build configure arguments: + --enable-utf8 + --enable-geoip=legacy + #+end_src diff --git a/goaccess/etc/systemd/system/goaccess.service b/goaccess/etc/systemd/system/goaccess.service new file mode 100644 index 0000000..bd60105 --- /dev/null +++ b/goaccess/etc/systemd/system/goaccess.service @@ -0,0 +1,13 @@ +[Unit] +Description = starting goaccess server +After=network.target +StartLimitIntervalSec=0 + +[Service] +Type=simple +Restart=always +RestartSec=1 +User=root +ExecStart=/root/serve-stats.sh + + diff --git a/goaccess/nginx/sites-available/stats.esy.fun b/goaccess/nginx/sites-available/stats.esy.fun new file mode 100644 index 0000000..b8b753c --- /dev/null +++ b/goaccess/nginx/sites-available/stats.esy.fun @@ -0,0 +1,59 @@ +# Nginx configuration + +## Redirects all HTTP traffic to the HTTPS host +server { + server_name stats.esy.fun; + root /var/www/stats.esy.fun; + access_log /var/log/nginx/stats.esy.fun_access.log; + error_log /var/log/nginx/stats.esy.fun_error.log; + + # access restricted + auth_basic "Admin restricted"; + auth_basic_user_file /etc/nginx/htpasswd; + + server_tokens off; ## Don't show the nginx version number, a security best practice + + index index.html; + location / { try_files $uri $uri/ =404; } + location /ws { + proxy_connect_timeout 7d; + proxy_send_timeout 7d; + proxy_read_timeout 7d; + proxy_pass http://127.0.0.1:8022; + } + + # optimise headers + # imagine almost never expire + location ~* \.(jpg|jpeg|png|gif|ico)$ { + expires 30d; + } + + listen [::]:443 http2 ssl; # managed by Certbot + listen 443 http2 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/esy.fun/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/esy.fun/privkey.pem; # managed by Certbot + + # WARNING + # compression with HTTPS can be used to decrypt + # Only for public data ! + gzip on; + gzip_types application/javascript image/* text/css; + gunzip on; + + etag on; + ## [Optional] Enable HTTP Strict Transport Security + ## HSTS is a feature improving protection against MITM attacks + ## For more information see: + ## https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; +} + +server { + if ($host = stats.esy.fun) { + return 301 https://$host$request_uri; + } # managed by Certbot + server_name stats.esy.fun; + listen 0.0.0.0:80; + listen [::]:80; + return 404; # managed by Certbot +} diff --git a/goaccess/root/serve-stats.sh b/goaccess/root/serve-stats.sh new file mode 100755 index 0000000..12abfbb --- /dev/null +++ b/goaccess/root/serve-stats.sh @@ -0,0 +1,2 @@ +#!/usr/bin/env bash +goaccess /var/log/nginx/*.log -a -g --ignore-crawlers --real-time-html --ws-url=wss://stats.esy.fun/ws --port 8022 -o /var/www/stats.esy.fun/index.html --log-format=COMBINED