{"id":23879770,"url":"https://github.com/scottyrichardson/olyn","last_synced_at":"2025-02-22T23:43:25.133Z","repository":{"id":268260028,"uuid":"620497607","full_name":"scottyrichardson/olyn","owner":"scottyrichardson","description":"Olyn is a bundle of custom Chef cookbooks to build and deploy functional clustered Debian web servers with globally replicated multi-write MySQL databases. All of this is done using infrastructure-as-code and configuration files.","archived":false,"fork":false,"pushed_at":"2024-12-15T15:32:09.000Z","size":17,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-01-03T23:35:31.322Z","etag":null,"topics":["chef","debian","fail2ban","haproxy","logwatch","olyn","openlitespeed","openssh","percona","ufw","varnish"],"latest_commit_sha":null,"homepage":"http://olyn.richardson.is/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scottyrichardson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-28T19:55:30.000Z","updated_at":"2024-12-15T18:35:56.000Z","dependencies_parsed_at":"2024-12-15T16:44:22.152Z","dependency_job_id":null,"html_url":"https://github.com/scottyrichardson/olyn","commit_stats":null,"previous_names":["scottyrichardson/olyn"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyrichardson%2Folyn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyrichardson%2Folyn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyrichardson%2Folyn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scottyrichardson%2Folyn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scottyrichardson","download_url":"https://codeload.github.com/scottyrichardson/olyn/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240250354,"owners_count":19771778,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chef","debian","fail2ban","haproxy","logwatch","olyn","openlitespeed","openssh","percona","ufw","varnish"],"created_at":"2025-01-03T23:35:15.921Z","updated_at":"2025-02-22T23:43:25.107Z","avatar_url":"https://github.com/scottyrichardson.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# Olyn - An Automated DevOps Framework for Chef\n\nOlyn is a bundle of custom Chef cookbooks to build and deploy functional clustered Debian web servers with globally replicated multi-write MySQL databases. All of this is done using infrastructure-as-code and configuration files.\n\n## Features\n\n- Configures a Percona cluster to securely replicate databases asynchronously to other nodes using their public IPs\n- Builds a virtual web root from multiple Git repos\n- Installs and configures openlitespeed web server with HTTPS\n- Uses HAProxy to enable a reverse proxy that handles internal load balancing and SSL offloading\n- Enables dynamic web page caching using Varnish and a custom warmer routine based on sitemap URLs\n- Handles secrets and certificates securely using a data bag\n- Sets up users, SSH keys, sudo, disables root login, and enforces security best practices\n- Configures UFW to allow installed services and communications from other nodes in the cluster and blocks all other traffic\n- Installs fail2ban to lock out intrusion attempts\n- Sets up logwatch to email important alerts and summaries of log events\n- Does your homework and the dishes\n\n## Tech\n\nOlyn uses a number of open source projects to work properly. You can mix and match packages as needed using Berkshelf to build your ideal IaC setup.\n\n- [Debian Linux](https://www.debian.org/) - Reliable Linux distribution\n- [Percona](https://www.percona.com/) - Deploys replicated MySQL database reliably on any IaaS provider\n- [openlitespeed](https://openlitespeed.org/) - Open-source web server that boosts performance and supports Apache rewrites\n- [HAProxy](https://www.haproxy.com/) - Load balancing, reverse proxy, and SSL offloading services\n- [Fail2Ban](https://www.fail2ban.org/wiki/index.php/Main_Page) - Scans log files for malicious activity\n- [Logwatch](https://ubuntu.com/server/docs/logwatch) - Log monitoring and alerts\n- [openSSH](https://www.openssh.com/) - Secure SSH tunneling\n- [UFW](https://help.ubuntu.com/community/UFW) - Software firewall\n- [Varnish](https://varnish-cache.org/) - Highly configurable HTTP full page cache\n\nAnd of course Olyn itself runs on [Chef](https://www.chef.io/).\n\n## Cookbooks\n\nEach cookbook has its own repo and individual instructions if needed.\n\n| Cookbook | Description |\n| -- | -- |\n| [olyn_init](https://github.com/scottyrichardson/olyn_init) | Initializes and runs all installed Olyn cookbooks. |\n| [olyn_apt](https://github.com/scottyrichardson/olyn_apt) | Configures APT. Sets up custom repos. |\n| [olyn_database](https://github.com/scottyrichardson/olyn_database) | Initializes databases. Creates database users. Configures user permissions. Imports SQL files. |\n| [olyn_fail2ban](https://github.com/scottyrichardson/olyn_fail2ban) | Installs Fail2Ban. Configures jails and ban durations. |\n| [olyn_git](https://github.com/scottyrichardson/olyn_git) | Installs Git. Sets up Git users. Maps CI/CD repos to file directory locations. Builds virtual WWW roots. Configures folder and file permissions. Syncs and deploys new commits. |\n| [olyn_haproxy](https://github.com/scottyrichardson/olyn_haproxy) | Installs HAProxy. Configures front-end and back-end listeners. Sets up SSL offloading. |\n| [olyn_litespeed](https://github.com/scottyrichardson/olyn_litespeed) | Configures Openlitespeed apt repos. Installs Openlitespeed package. Configures VHOSTS, TLS certificates, PHP, admin portal, and security. |\n| [olyn_logwatch](https://github.com/scottyrichardson/olyn_logwatch) | Installs LogWatch. Sets up log monitoring and email alerts. |\n| [olyn_openssh](https://github.com/scottyrichardson/olyn_openssh) | Installs openSSH. Configures SSH ports and security. |\n| [olyn_percona](https://github.com/scottyrichardson/olyn_percona) | Configures Percona apt repos. Installs Percona. Configures replication settings, TLS encryption, and node member list. Bootstraps and/or joins the replicated MySQL database cluster. |\n| [olyn_postfix](https://github.com/scottyrichardson/olyn_postfix) | Installs Postfix. Configures relay host. |\n| [olyn_sendmail](https://github.com/scottyrichardson/olyn_sendmail) | Uninstalls sendmail. |\n| [olyn_sudo](https://github.com/scottyrichardson/olyn_sudo) | Installs sudo. Configures sudo group membership for users. |\n| [olyn_system](https://github.com/scottyrichardson/olyn_system) | Configures Debian OS. Adds cluster nodes to hosts file. Installs base apt packages. Securely installs public and private keys from TLS certificates in data bag. Sets timezone. Creates users and configures permissions. |\n| [olyn_ufw](https://github.com/scottyrichardson/olyn_ufw) | Installs UFW. Configures rules for ports, hosts, and protocols. Adds default deny rule. Reloads configuration. |\n| [olyn_varnish](https://github.com/scottyrichardson/olyn_varnish) | Installs Varnish. Creates front-end and back-end listeners. Compiles VCL rules for content expiration. |\n| [olyn_warmer](https://github.com/scottyrichardson/olyn_warmer) | Installs Nokogiri Ruby gem. Imports sitemaps URLs. Rewarms URLs from sitemaps in Varnish HTTP cache. |\n\n## Local Dev Setup\n\n#### Chef Secret Key File\nBefore deploying to a new environment a secret key file must be generated and saved at `[CHEF_ROOT]/provision/chef_configs/encrypted_data_bag_secret`.\n\nTo generate a new secret key file run the following in a Linux server:\n\n    openssl rand -base64 4096 | tr -d '\\r\\n' \u003e encrypted_data_bag_secret\n\n#### Berks Install Script\nThis script calls Berks to install all cookbooks and their dependencies into `[CHEF_ROOT]/cookbooks` from specified sources.\nCall this script from `[CHEF_ROOT]` during development.\nA `Berksfile` needs to be present in `[CHEF_ROOT]` with all of the required cookbooks listed.\nIf a `Berksfile.lock` file already exists and the dependency versions are still valid, the existing cookbook version will be used.\n\nTo execute this script run the following in a Windows Terminal at `[CHEF_ROOT]`:\n\n    .\\cookbooks\\olyn_init\\scripts\\dev\\berks\\install.bat\n\n#### Berks Update Cookbooks Script\nThis script calls Berks to update all cookbooks and their dependencies into `[CHEF_ROOT]/cookbooks` from specified sources.\nCall this script from `[CHEF_ROOT]` during development.\nA `Berksfile` needs to be present in `[CHEF_ROOT]` with all of the required cookbooks listed.\nUnlike the `install.bat` script, this will attempt to download the latest acceptable versions of all cookbooks and their dependencies.\n\nTo execute this script run the following in a Windows Terminal at `[CHEF_ROOT]`:\n\n    .\\cookbooks\\olyn_init\\scripts\\dev\\berks\\update.bat\n\n#### Data Bags Encryption Script\nThis script encrypts any raw data bags stored under `[CHEF_ROOT]/.unencrypted`.\nCall it during development only.\nUnencrypted databag contents should never hit a live server or a final git repo.\nEncrypted databags are saved to `[CHEF_ROOT]/data_bags`  using the secret key installed to Chef.\n\nTo encrypt all data bags run the following in a Windows Terminal at `[CHEF_ROOT]`:\n\n    .\\cookbooks\\olyn_init\\scripts\\dev\\encrypt\\data_bag.bat\n\nTo encrypt only specific data bags run the following in a Windows Terminal at `[CHEF_ROOT]`:\n\n    .\\cookbooks\\olyn_init\\scripts\\dev\\encrypt\\data_bag.bat [folder_1] [folder_2]\n\n## Initial Server Setup\n\n#### Create The Chef Root Folder\nAs root, create the folder where the bootstrap Chef will reside:\n\n    mkdir ~/chef\n\n#### Upload Chef Files\nConnect via SFTP and upload the root of Chef into `~/chef`.\n\n#### Run the Bootstrap script\nFrom the server execute the bootstrap script.\nIt will update and install all required system packages, install Chef itself, and copy the secret key file into place:\n\n    sudo chmod +x ~/chef/cookbooks/olyn_init/scripts/bootstrap/boot.sh \u0026\u0026 sudo bash ~/chef/cookbooks/olyn_init/scripts/bootstrap/boot.sh \u0026\u0026 sudo chef-solo -c ~/chef/solo.rb -o \"olyn_init\"\n\nAfter the Bootstrap script finishes, the first Chef run can be started:\n\n    sudo chef-solo -c ~/chef/solo.rb\n\nYou can now run any of the standard Chef commands below. After the first run is complete, remove the uploaded Chef files:\n\n    sudo rm ~/chef -R\n\n## Chef Commands\n\n#### Standard Chef Run\nRuns the default runlist of Chef recipes as specified in the `[CHEF_ROOT]/node.json` file.\n\n    sudo chef-solo -c ./solo.rb\n\n#### Run A Single Chef Recipe\nOverrides the default run list to run a single specified recipe.\n\n    sudo chef-solo -c ./solo.rb -o \"[RECIPE_NAME]\"\n\n## Written by\n\n[Scott Richardson](https://github.com/scottyrichardson)\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscottyrichardson%2Folyn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscottyrichardson%2Folyn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscottyrichardson%2Folyn/lists"}