goaccess service

2019-08-04 13:15:47 +02:00 · 2019-08-04 13:15:47 +02:00 · b30dacc6fe
commit b30dacc6fe
parent 9c4d358ef0
4 changed files with 88 additions and 0 deletions
--- a/goaccess/README.org
+++ b/goaccess/README.org
@ -0,0 +1,14 @@
+* goaccess service
+
+** Version
+
+  #+begin_src
+> goaccess --version
+GoAccess - 1.3.
+For more details visit: http://goaccess.io
+Copyright (C) 2009-2016 by Gerardo Orellana
+
+Build configure arguments:
+  --enable-utf8
+  --enable-geoip=legacy
+  #+end_src
--- a/goaccess/etc/systemd/system/goaccess.service
+++ b/goaccess/etc/systemd/system/goaccess.service
@ -0,0 +1,13 @@
+[Unit]
+Description = starting goaccess server
+After=network.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=simple
+Restart=always
+RestartSec=1
+User=root
+ExecStart=/root/serve-stats.sh
+
+
--- a/goaccess/nginx/sites-available/stats.esy.fun
+++ b/goaccess/nginx/sites-available/stats.esy.fun
@ -0,0 +1,59 @@
+# Nginx configuration
+
+## Redirects all HTTP traffic to the HTTPS host
+server {
+  server_name stats.esy.fun;
+  root /var/www/stats.esy.fun;
+  access_log  /var/log/nginx/stats.esy.fun_access.log;
+  error_log   /var/log/nginx/stats.esy.fun_error.log;
+
+  # access restricted
+  auth_basic "Admin restricted";
+  auth_basic_user_file /etc/nginx/htpasswd; 
+
+  server_tokens off; ## Don't show the nginx version number, a security best practice
+
+  index index.html;
+  location / { try_files $uri $uri/ =404; }
+  location /ws {
+    proxy_connect_timeout 7d;
+    proxy_send_timeout 7d;
+    proxy_read_timeout 7d;
+    proxy_pass http://127.0.0.1:8022;
+  }
+
+  # optimise headers
+  # imagine almost never expire
+  location ~* \.(jpg|jpeg|png|gif|ico)$ {
+       expires 30d;
+  }
+
+  listen [::]:443 http2 ssl; # managed by Certbot
+  listen 443 http2 ssl; # managed by Certbot
+  ssl_certificate /etc/letsencrypt/live/esy.fun/fullchain.pem; # managed by Certbot
+  ssl_certificate_key /etc/letsencrypt/live/esy.fun/privkey.pem; # managed by Certbot
+
+  # WARNING
+  # compression with HTTPS can be used to decrypt
+  # Only for public data !
+  gzip on;
+  gzip_types application/javascript image/* text/css;
+  gunzip on;
+
+  etag on;
+  ## [Optional] Enable HTTP Strict Transport Security
+  ## HSTS is a feature improving protection against MITM attacks
+  ## For more information see:
+  ##   https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
+  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+}
+
+server {
+  if ($host = stats.esy.fun) {
+     return 301 https://$host$request_uri;
+  } # managed by Certbot
+  server_name stats.esy.fun;
+  listen 0.0.0.0:80;
+  listen [::]:80;
+  return 404; # managed by Certbot
+}
--- a/goaccess/root/serve-stats.sh
+++ b/goaccess/root/serve-stats.sh
@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+goaccess /var/log/nginx/*.log -a -g --ignore-crawlers --real-time-html --ws-url=wss://stats.esy.fun/ws --port 8022 -o /var/www/stats.esy.fun/index.html --log-format=COMBINED