Update notes for 2016-05-06

This commit is contained in:
Alan Orth 2016-05-06 18:00:59 +03:00
parent ba1d8c5699
commit b51a7a6adb
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
6 changed files with 113 additions and 2 deletions

View File

@ -41,3 +41,30 @@ GET /rest/handle/10568/NaN?expand=parentCommunityList,metadata HTTP/1.1
- Hmm, also disk space is full - Hmm, also disk space is full
- I decided to blow away the solr indexes, since they are 50GB and we don't really need all the Atmire stuff there right now - I decided to blow away the solr indexes, since they are 50GB and we don't really need all the Atmire stuff there right now
- I will re-generate the Discovery indexes after re-deploying - I will re-generate the Discovery indexes after re-deploying
- Testing `renew-letsencrypt.sh` script for nginx
```
#!/usr/bin/env bash
readonly SERVICE_BIN=/usr/sbin/service
readonly LETSENCRYPT_BIN=/opt/letsencrypt/letsencrypt-auto
# stop nginx so LE can listen on port 443
$SERVICE_BIN nginx stop
$LETSENCRYPT_BIN renew -nvv --standalone --standalone-supported-challenges tls-sni-01 > /var/log/letsencrypt/renew.log 2>&1
LE_RESULT=$?
$SERVICE_BIN nginx start
if [[ "$LE_RESULT" != 0 ]]; then
echo 'Automated renewal failed:'
cat /var/log/letsencrypt/renew.log
exit 1
fi
```
- Seems to work well

View File

@ -121,6 +121,34 @@
<li>Hmm, also disk space is full</li> <li>Hmm, also disk space is full</li>
<li>I decided to blow away the solr indexes, since they are 50GB and we don&rsquo;t really need all the Atmire stuff there right now</li> <li>I decided to blow away the solr indexes, since they are 50GB and we don&rsquo;t really need all the Atmire stuff there right now</li>
<li>I will re-generate the Discovery indexes after re-deploying</li> <li>I will re-generate the Discovery indexes after re-deploying</li>
<li>Testing <code>renew-letsencrypt.sh</code> script for nginx</li>
</ul>
<pre><code>#!/usr/bin/env bash
readonly SERVICE_BIN=/usr/sbin/service
readonly LETSENCRYPT_BIN=/opt/letsencrypt/letsencrypt-auto
# stop nginx so LE can listen on port 443
$SERVICE_BIN nginx stop
$LETSENCRYPT_BIN renew -nvv --standalone --standalone-supported-challenges tls-sni-01 &gt; /var/log/letsencrypt/renew.log 2&gt;&amp;1
LE_RESULT=$?
$SERVICE_BIN nginx start
if [[ &quot;$LE_RESULT&quot; != 0 ]]; then
echo 'Automated renewal failed:'
cat /var/log/letsencrypt/renew.log
exit 1
fi
</code></pre>
<ul>
<li>Seems to work well</li>
</ul> </ul>
</section> </section>

View File

@ -71,7 +71,7 @@
</div> </div>
</header> </header>
<div> <div>
2016-05-01 Since yesterday there have been 10,000 REST errors and the site has been unstable again I have blocked access to the API now There are 3,000 IPs accessing the REST API in a 24-hour period! # awk '{print $1}' /var/log/nginx/rest.log | uniq | wc -l 3168 The two most often requesters are in Ethiopia and Colombia: 213.55.99.121 and 181.118.144.29 100% of the requests coming from Ethiopia are like this 2016-05-01 Since yesterday there have been 10,000 REST errors and the site has been unstable again I have blocked access to the API now There are 3,000 IPs accessing the REST API in a 24-hour period! # awk '{print $1}' /var/log/nginx/rest.log | uniq | wc -l 3168 The two most often requesters are in Ethiopia and Colombia: 213.55.99.121 and 181.118.144.29 100% of the requests coming from Ethiopia are like this and result in an HTTP 500: GET /rest/handle/10568/NaN?expand=parentCommunityList,metadata HTTP/1.1 For now I&rsquo;ll block just the Ethiopian IP The owner of that application has said that the NaN (not a number) is an error in his code and he&rsquo;ll fix it 2016-05-03 Update nginx to 1.10.x branch on CGSpace Fix a reference to dc.type.output in Discovery that I had missed when we migrated to dc.type last month (#223) 2016-05-06 DSpace Test is down, catalina.out has lots of messages about heap space from some time yesterday (!) It looks like Sisay was doing some batch imports Hmm, also disk space is full I decided to blow away the solr indexes, since they are 50GB and we don&rsquo;t really need all the Atmire stuff there right now I will re-generate the Discovery indexes after re-deploying Testing renew-letsencrypt.sh script for nginx #!/usr/bin/env bash readonly SERVICE_BIN=/usr/sbin/service readonly LETSENCRYPT_BIN=/opt/letsencrypt/letsencrypt-auto # stop nginx so LE can listen on port 443 $SERVICE_BIN nginx stop $LETSENCRYPT_BIN renew -nvv --standalone --standalone-supported-challenges tls-sni-01 &gt; /var/log/letsencrypt/renew.log 2&gt;&amp;1 LE_RESULT=$?
</div> </div>
<footer> <footer>

View File

@ -59,6 +59,34 @@
&lt;li&gt;Hmm, also disk space is full&lt;/li&gt; &lt;li&gt;Hmm, also disk space is full&lt;/li&gt;
&lt;li&gt;I decided to blow away the solr indexes, since they are 50GB and we don&amp;rsquo;t really need all the Atmire stuff there right now&lt;/li&gt; &lt;li&gt;I decided to blow away the solr indexes, since they are 50GB and we don&amp;rsquo;t really need all the Atmire stuff there right now&lt;/li&gt;
&lt;li&gt;I will re-generate the Discovery indexes after re-deploying&lt;/li&gt; &lt;li&gt;I will re-generate the Discovery indexes after re-deploying&lt;/li&gt;
&lt;li&gt;Testing &lt;code&gt;renew-letsencrypt.sh&lt;/code&gt; script for nginx&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code&gt;#!/usr/bin/env bash
readonly SERVICE_BIN=/usr/sbin/service
readonly LETSENCRYPT_BIN=/opt/letsencrypt/letsencrypt-auto
# stop nginx so LE can listen on port 443
$SERVICE_BIN nginx stop
$LETSENCRYPT_BIN renew -nvv --standalone --standalone-supported-challenges tls-sni-01 &amp;gt; /var/log/letsencrypt/renew.log 2&amp;gt;&amp;amp;1
LE_RESULT=$?
$SERVICE_BIN nginx start
if [[ &amp;quot;$LE_RESULT&amp;quot; != 0 ]]; then
echo &#39;Automated renewal failed:&#39;
cat /var/log/letsencrypt/renew.log
exit 1
fi
&lt;/code&gt;&lt;/pre&gt;
&lt;ul&gt;
&lt;li&gt;Seems to work well&lt;/li&gt;
&lt;/ul&gt; &lt;/ul&gt;
</description> </description>
</item> </item>

View File

@ -75,7 +75,7 @@
</div> </div>
</header> </header>
<div> <div>
2016-05-01 Since yesterday there have been 10,000 REST errors and the site has been unstable again I have blocked access to the API now There are 3,000 IPs accessing the REST API in a 24-hour period! # awk '{print $1}' /var/log/nginx/rest.log | uniq | wc -l 3168 The two most often requesters are in Ethiopia and Colombia: 213.55.99.121 and 181.118.144.29 100% of the requests coming from Ethiopia are like this 2016-05-01 Since yesterday there have been 10,000 REST errors and the site has been unstable again I have blocked access to the API now There are 3,000 IPs accessing the REST API in a 24-hour period! # awk '{print $1}' /var/log/nginx/rest.log | uniq | wc -l 3168 The two most often requesters are in Ethiopia and Colombia: 213.55.99.121 and 181.118.144.29 100% of the requests coming from Ethiopia are like this and result in an HTTP 500: GET /rest/handle/10568/NaN?expand=parentCommunityList,metadata HTTP/1.1 For now I&rsquo;ll block just the Ethiopian IP The owner of that application has said that the NaN (not a number) is an error in his code and he&rsquo;ll fix it 2016-05-03 Update nginx to 1.10.x branch on CGSpace Fix a reference to dc.type.output in Discovery that I had missed when we migrated to dc.type last month (#223) 2016-05-06 DSpace Test is down, catalina.out has lots of messages about heap space from some time yesterday (!) It looks like Sisay was doing some batch imports Hmm, also disk space is full I decided to blow away the solr indexes, since they are 50GB and we don&rsquo;t really need all the Atmire stuff there right now I will re-generate the Discovery indexes after re-deploying Testing renew-letsencrypt.sh script for nginx #!/usr/bin/env bash readonly SERVICE_BIN=/usr/sbin/service readonly LETSENCRYPT_BIN=/opt/letsencrypt/letsencrypt-auto # stop nginx so LE can listen on port 443 $SERVICE_BIN nginx stop $LETSENCRYPT_BIN renew -nvv --standalone --standalone-supported-challenges tls-sni-01 &gt; /var/log/letsencrypt/renew.log 2&gt;&amp;1 LE_RESULT=$?
</div> </div>
<footer> <footer>

View File

@ -59,6 +59,34 @@
&lt;li&gt;Hmm, also disk space is full&lt;/li&gt; &lt;li&gt;Hmm, also disk space is full&lt;/li&gt;
&lt;li&gt;I decided to blow away the solr indexes, since they are 50GB and we don&amp;rsquo;t really need all the Atmire stuff there right now&lt;/li&gt; &lt;li&gt;I decided to blow away the solr indexes, since they are 50GB and we don&amp;rsquo;t really need all the Atmire stuff there right now&lt;/li&gt;
&lt;li&gt;I will re-generate the Discovery indexes after re-deploying&lt;/li&gt; &lt;li&gt;I will re-generate the Discovery indexes after re-deploying&lt;/li&gt;
&lt;li&gt;Testing &lt;code&gt;renew-letsencrypt.sh&lt;/code&gt; script for nginx&lt;/li&gt;
&lt;/ul&gt;
&lt;pre&gt;&lt;code&gt;#!/usr/bin/env bash
readonly SERVICE_BIN=/usr/sbin/service
readonly LETSENCRYPT_BIN=/opt/letsencrypt/letsencrypt-auto
# stop nginx so LE can listen on port 443
$SERVICE_BIN nginx stop
$LETSENCRYPT_BIN renew -nvv --standalone --standalone-supported-challenges tls-sni-01 &amp;gt; /var/log/letsencrypt/renew.log 2&amp;gt;&amp;amp;1
LE_RESULT=$?
$SERVICE_BIN nginx start
if [[ &amp;quot;$LE_RESULT&amp;quot; != 0 ]]; then
echo &#39;Automated renewal failed:&#39;
cat /var/log/letsencrypt/renew.log
exit 1
fi
&lt;/code&gt;&lt;/pre&gt;
&lt;ul&gt;
&lt;li&gt;Seems to work well&lt;/li&gt;
&lt;/ul&gt; &lt;/ul&gt;
</description> </description>
</item> </item>