Install TimescaleDB on Rocky Linux 9.2 With Postgresql 15

Sep 18th, 2023 • Permalink

Largely following the official installation guide.

Disable SELinux

vi /etc/selinux/config

Disable firewall

firewall-cmd --zone=public --add-port=5432/tcp
firewall-cmd --permanent --zone=public --add-port=5432/tcp
firewall-cmd --reload
systemctl restart firewalld

Allow Remote Addresses

vi /var/lib/pgsql/15/data/postgresql.conf

listen_address = "*"

Create user and DB

sudo su - postgres
createuser mspv --pwprompt
psql
ALTER ROLE mspv LOGIN;
CREATE DATABASE mspv_db WITH ENCODING='UTF8' OWNER=mspv;
logout
vi /var/lib/pgsql/15/data/pg_hba.conf

# TYPE  DATABASE        USER            ADDRESS                 METHOD
host    mspv_db         mspv            0.0.0.0/0               scram-sha-256

Install Open Project V13 in a New Rocky Linux 9.2

Sep 5th, 2023 • Permalink

I already install a shared open project instance half year ago, but this time I will install a dedicate OP (Open Project) server.

Disable SELinux

vi /etc/selinux/config

Install htop and atop

sudo dnf update
sudo dnf install epel-release
sudo dnf install htop
sudo dnf install atop

Install nginx

sudo dnf install nginx

Install node.js v18

Using nodesource distribution

sudo yum install https://rpm.nodesource.com/pub_18.x/nodistro/repo/nodesource-release-nodistro-1.noarch.rpm -y
update-crypto-policies --set LEGACY
curl -k https://deb.nodesource.com/gpgkey/nodesource.gpg.key -o nodesource.gpg.key
sudo rpm --import nodesource.gpg.key
sudo yum install nodejs -y
yum groupinstall 'Development Tools'

Install postgresql

Following DO manual

dnf module list postgresql
sudo dnf module enable postgresql:15
sudo dnf install postgresql-server postgresql-devel glibc-all-langpacks
sudo postgresql-setup --initdb
sudo systemctl start postgresql
sudo systemctl enable postgresql
sudo -i -u postgres
psql

Setup open_project user account

adduser open_project
cd /etc/sudoers.d/
echo "open_project ALL=(ALL) NOPASSWD:ALL" > 30-open_project-user
sudo su - open_project
mkdir .ssh
chmod 700 .ssh
vi .ssh/authorized_keys # and paste your public key
chmod 600 .ssh/authorized_keys

Install rbenv and ruby-build

whoami # should run as a open_project
git clone https://git.thape.com.cn/rails/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
~/.rbenv/bin/rbenv init # also edit ~/.bash_profile
# As an rbenv plugin
mkdir -p "$(rbenv root)"/plugins
git clone https://git.thape.com.cn/rails/ruby-build.git "$(rbenv root)"/plugins/ruby-build
git clone https://git.thape.com.cn/rails/rbenv-china-mirror.git "$(rbenv root)"/plugins/rbenv-china-mirror

Install Ruby 3.2.2

Ruby 3.2.2 need Rust to build JIT.

dnf config-manager --enable crb
dnf install libyaml-devel
yum install -y rust

rbenv install -l
rbenv install 3.2.2
rbenv global 3.2.2
rbenv shell 3.2.2
echo "gem: --no-document" > ~/.gemrc
gem update --system

Prepare the capistrano deploy folder

whoami # should run as a open_project
cd /var/www
sudo mkdir open_project
sudo chown open_project:open_project open_project/

Create postgresql db user and import DB

sudo su - postgres
createuser open_project
psql
ALTER ROLE open_project LOGIN;
CREATE DATABASE open_project_prod WITH ENCODING='UTF8' OWNER=open_project;
logout
psql -d open_project_prod -f open_project_db.sql

Using mirror when deploy

Run in the release rails root folder

bundle config mirror.https://rubygems.org https://gems.ruby-china.com

Setting the open project settings

/etc/environment

OPENPROJECT_EDITION=bim
OPENPROJECT_APP__TITLE=天华项目全生命周期管理
OPENPROJECT_APP__SHORT__TITLE=PLM
OPENPROJECT_HOST__NAME=plm-staging.thape.com.cn
OPENPROJECT_EMAIL__DELIVERY__METHOD="smtp"
OPENPROJECT_SMTP__ADDRESS="smtp.thape.com.cn"
OPENPROJECT_SMTP__PORT="25"
OPENPROJECT_SMTP__DOMAIN="thape.com.cn"
OPENPROJECT_SMTP__AUTHENTICATION="login"
OPENPROJECT_SMTP__USER__NAME="plm"
OPENPROJECT_SMTP__PASSWORD=""
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO="true"
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE="none"
OPENPROJECT_ENTERPRISE__TRIAL__CREATION__HOST="https://www.google-analytics.com"
GRUF_OP_SERVER="172.17.1.1:10009"
WX_TEMPLATE_ID=""
WX_WORK_PACKAGE_DETAIL="https://plm.thape.com.cn/work_packages/:id"
MP_QRCODE_ABS_PATH="/var/www/open_project/shared/public/static/mp_qrcode.jpg"
LOGO_ABS_PATH="/var/www/open_project/shared/public/static/logo_plm.png"
CSP_FRAME_SRC="https://ith-workspace.thape.com.cn"
CSP_CONNECT_SRC="https://analytics.thape.com.cn"
WECHAT_AUTH_JWT_SECERT=""
WECHAT_AUTH_ITH_URL="/ith/wechat/ppm/login"

/etc/systemd/system/puma_plm.service

[Unit]
Description=Puma HTTP Server for open_project (staging)
 
After=syslog.target network.target
 
[Service]
Type=simple
WatchdogSec=10
User=open_project
EnvironmentFile=/etc/environment
WorkingDirectory=/var/www/open_project/current
ExecStart=/home/open_project/.rbenv/bin/rbenv exec bundle exec puma -e production
ExecReload=/bin/kill -SIGUSR1 $MAINPID
 
# if we crash, restart
RestartSec=10
Restart=on-failure
 
StandardOutput=append:/var/www/open_project/shared/log/puma.log
StandardError=append:/var/www/open_project/shared/log/puma.log
 
SyslogIdentifier=puma_plm
[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
bundle exec rake openproject:plugins:register_frontend
bundle exec rake i18n:js:export
bundle exec rake db:seed
sudo journalctl -u puma_plm # check system log and fix errors
sudo systemctl start puma_plm

Copy Nginx configuration and disable firewall

cp /var/www/open_project/current/config/nginx/production.conf /etc/nginx/conf.d/puma_plm.conf
systemctl restart nginx
firewall-cmd --zone=public --add-service=https
firewall-cmd --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
systemctl restart firewalld

Setup a SFTP Service in Ubuntu 20.04 Server

Sep 4th, 2023 • Permalink

Creating a New User

sudo adduser sammyfiles # using the default

Restricting Access to the home directory only

/etc/ssh/sshd_config

Match User sammyfiles
ForceCommand internal-sftp
PasswordAuthentication yes
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

Verifying the Configuration

systemctl restart sshd
ssh sammyfiles@your_server_ip # should failed
sftp sammyfiles@your_server_ip # should success

Setting up Nginx to do stream proxy

Because the SFTP server is in the internal network, only port 1027 is available on the Internet.

yum install nginx-mod-stream
firewall-cmd --list-all
firewall-cmd --add-port=1027/tcp  --permanent
firewall-cmd --reload
firewall-cmd --list-all
systemctl restart filewalld

The stream block should be located with the http block side by side.

/etc/nginx/nginx.conf

stream {
  upstream jtyhlinkthape_proxy {
    server 172.17.1.38:22;
  }
 
  server {
    listen 1027;
    proxy_timeout 30s;
    proxy_pass jtyhlinkthape_proxy;
  }
}

Deploy Wechat Pay Site to Tianyi Cloud Ubuntu 20.04.6

Aug 8th, 2023 • Permalink

Prepare server

Create new user

adduser pp_vendor
sudo su - pp_vendor
mkdir .ssh
chmod 700 .ssh
vi .ssh/authorized_keys # and paste your public key
chmod 600 .ssh/authorized_keys

Enable new user as sudo

sudo su -
cd /etc/sudoers.d/
echo "pp_vendor ALL=(ALL) NOPASSWD:ALL" > 85-pp_vendor-user

Install Rust

sudo apt install rustc
rustc --version # here is rustc 1.66.1

Install rbenv and Ruby 3.2.2

sudo apt-get install libyaml-dev
sudo apt install rbenv
sudo su - pp_vendor
mkdir -p "$(rbenv root)"/plugins
git clone https://git.thape.com.cn/rails/ruby-build.git "$(rbenv root)"/plugins/ruby-build
git clone https://git.thape.com.cn/rails/rbenv-china-mirror.git "$(rbenv root)"/plugins/rbenv-china-mirror
rbenv install 3.2.2
rbenv global 3.2.2
echo "gem: --no-document" > ~/.gemrc
eval "$(rbenv init -)" >> ~/.bash_profile # or past the `rbenv init -`
rbenv shell 3.2.2

Install Node.js 18 and Yarn

curl -sL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs
sudo apt-get install gcc g++ make
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt-get update && sudo apt-get install yarn

Do deploy

Link rbenv to make capistrano works

mkdir -p ~/.rbenv/bin
cd ~/.rbenv/bin
ln -s /usr/bin/rbenv rbenv
rbenv global 3.2.2
rbenv versions
gem update --system

create deploy folder

cd /var/www
sudo mkdir pp_vendor
sudo chown pp_vendor:pp_vendor pp_vendor/
echo "machine git.thape.com.cn login Eric-Guo password token_of_personal" >> ~/.netrc
cd ~
bundle config mirror.https://rubygems.org https://gems.ruby-china.com
sudo apt install libpq-dev

Create postgresql db user and import DB

sudo su - postgres
createuser pp_vendor
psql
ALTER ROLE pp_vendor LOGIN;
CREATE DATABASE wechat_starter WITH ENCODING='UTF8' OWNER=pp_vendor;
logout
vi /etc/postgresql/12/main/pg_hba.conf

# TYPE  DATABASE        USER            ADDRESS                 METHOD
local   wechat_starter     pp_vendor                          peer

and restart postgresql systemctl restart postgresql

In the local machine

git clone https://github.com/Eric-Guo/wechat-starter.git
bundle exec cap production deploy

My 2023 Monthly Subscription Review List

Jul 6th, 2023 • Permalink

Like the year before here is my current subscription, the first number is RMB per month.

(26) iCloud 200GB + 50GB
(15) Apple Music
(25) Dragonruby Pro (annual 42 USD)
(38) bandwagon host (month 33 USD)
(6) Adblock Pro (annual 70 RMB)
(6) MarginNote 3 OCR (annual 68 RMB)
(32) Rubymine (annual 53 USD)
(6) blog domain (annual 10 USD)
(1.5) 香哈菜谱 (annual 18 RMB)
(49) AWS hosting (3 Year 206 USD, month 1.35 USD)
(16.8) Meituan biking
(43) Google Workspace Business Starter (month 6 USD)
(7.5) Colorful Cloud weather app. (yearly 90 RMB)
(115) Cursor.sh AI editor. (yearly 192 USD)
(28) Gcore VPS for ChatGPT. (monthly 3.5 EUR)
(8.2) Ivory for Mastondon. (yearly 98 RMB)
(8) IndieWeb.Social Backer. (monthly 1.5 SGD)

So totally 432 RMB per month have to pay, in previous year is 282 RMB, so 50% higher compare with year 2022.

Deploy next.js App to a Dedicateed Rocky Linux V8

Jun 26th, 2023 • Permalink

Create a new user

adduser changelog
sudo su - changelog
mkdir .ssh
chmod 700 .ssh
vi .ssh/authorized_keys # and paste your public key
chmod 600 .ssh/authorized_keys

Install Node.js 18 and Yarn

curl -sL https://rpm.nodesource.com/setup_18.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo dnf install -y nodejs
sudo yum install gcc-c++ make
curl -sL https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
sudo yum install yarn

From DigitalOcean blog

Fix permissions for the deploy folder

sudo mkdir /var/www
cd /var/www
sudo mkdir changelog
sudo chown changelog:changelog changelog/

Install other tools

sudo yum install git
sudo dnf update
sudo dnf install epel-release
sudo dnf install htop
echo 'machine git.thape.com.cn login Eric-Guo password personal_token_here' >> ~/.netrc

Install PM2 & Nginx

sudo dnf install nginx
sudo npm install pm2@latest -g

Or alternatively install PM2 as system daemon

Copy Nginx configuration and disable firewall

cp /var/www/changelog/current/config/nginx/changelog.conf /etc/nginx/conf.d/
systemctl restart nginx
firewall-cmd --zone=public --add-service=https
firewall-cmd --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
systemctl restart firewalld

Install Rails App on Amazon Linux 2023 From Scratch

Jun 13th, 2023 • Permalink

Install pre-request

sudo dnf install nodejs
sudo dnf install nginx
sudo dnf install git

Install yarn

sudo curl -sL https://dl.yarnpkg.com/rpm/yarn.repo -o /etc/yum.repos.d/yarn.repo
sudo yum install yarn

Install rbenv and ruby-build

cd # as a ec2-user
git clone https://github.com/rbenv/rbenv .rbenv
echo 'eval "$(~/.rbenv/bin/rbenv init - bash)"' >> ~/.bash_profile
mkdir -p "$(rbenv root)"/plugins
git clone https://github.com/rbenv/ruby-build "$(rbenv root)"/plugins/ruby-build
git clone https://github.com/andorchen/rbenv-china-mirror.git "$(rbenv root)"/plugins/rbenv-china-mirror

Install ruby 3.2.2

sudo dnf install -y gcc rust patch make bzip2 openssl-devel libyaml-devel libffi-devel readline-devel zlib-devel gdbm-devel ncurses-devel
rbenv install 3.2.2
rbenv global 3.2.2
echo "gem: --no-document" > ~/.gemrc

Fix permission for deploy folder

sudo mkdir /var/www
cd /var/www
sudo mkdir oauth2id
sudo chown ec2-user:ec2-user oauth2id/

Do puma config

cap staging deploy
cap staging puma:config

Install additional tools

This maybe require by gems like unf_ext

sudo dnf install autoconf gcc-g++

Install CronTab which require by ACME.

sudo yum install cronie -y
sudo systemctl enable crond.service
sudo systemctl start crond.service
sudo systemctl status crond.service

Install ACME

git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m your@email.com

Fix node error

Add to /etc/environment

NODE_OPTIONS="--openssl-legacy-provider"

PLease notice such NODE_OPTIONS will break VS code / Cursor if set in local.

New nginx conf

Sample nginx configure file

upstream puma_oauth2id_staging {
  server unix:/var/www/oauth2id/shared/tmp/sockets/puma.sock fail_timeout=0;
}
 
server {
  listen 80;
  server_name sso-id.com;
  return 301 https://$host$1$request_uri;
}
 
server {
  listen 443;
  ssl on;
  ssl_certificate /home/ec2-user/.acme.sh/sso-id.com_ecc/fullchain.cer;
  ssl_certificate_key /home/ec2-user/.acme.sh/sso-id.com_ecc/sso-id.com.key;
  server_name sso-id.com;
  root /var/www/oauth2id/current/public;
  try_files $uri/index.html $uri @puma_sccsa_production;
 
  client_max_body_size 4G;
  keepalive_timeout 10;
 
  error_page 500 502 504 /500.html;
  error_page 503 @503;
 
  location @puma_sccsa_production {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header X-Forwarded-Proto https;
    proxy_pass http://puma_oauth2id_staging;
    # limit_req zone=one;
    access_log /var/www/oauth2id/shared/log/nginx.access.log;
    error_log /var/www/oauth2id/shared/log/nginx.error.log;
  }
 
  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }
 
  location ^~ /packs/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }
 
  location = /50x.html {
    root html;
  }
 
  location = /404.html {
    root html;
  }
 
  location @503 {
    error_page 405 = /system/maintenance.html;
    if (-f $document_root/system/maintenance.html) {
      rewrite ^(.*)$ /system/maintenance.html break;
    }
    rewrite ^(.*)$ /503.html break;
  }
 
  if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
    return 405;
  }
 
  if (-f $document_root/system/maintenance.html) {
    return 503;
  }
}

Upgrading PostgreSQL to 13 in Ubuntu 20.04 for Gitlab 16.0

Jun 11th, 2023 • Permalink

Changing the apt repository

By default, Ubuntu 20.04 installs PostgreSQL 12. If you want to upgrade to version 13, you need to use the official PostgreSQL repository.

To change the repository, run the following commands in the terminal:

# Create the file repository configuration:
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
 
# Import the repository signing key:
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
 
# Update the package lists:
sudo apt-get update

Installing PostgreSQL 13

sudo apt-get -y install postgresql-13

Checking if PostgreSQL 13 is available

dpkg --get-selections | grep postgres
pg_lsclusters

Stopping and upgrading the database

sudo service postgresql stop
sudo pg_renamecluster 13 main main_pristine
sudo pg_upgradecluster 12 main

Starting the database

sudo service postgresql start
pg_lsclusters

Stopping the old database

sudo pg_dropcluster 12 main --stop
sudo pg_dropcluster 13 main_pristine --stop

It’s also safe to upgrade directly to version 15. For more information, you can refer to the original reference.

Running Stable Diffusion v2.1 Base on the Mac Studio and macOS 13 Ventura

May 1st, 2023 • Permalink

Stable Diffusion and MidJourney are the two of the most popular text-to-image models today.. MidJourney need to pay minimal $8 per month but Stable Diffusion is $9 per month but you can freely to run in local.

I have no NVidia GPU, but I have a Base model of Mac Studio, so I would like to try after Apple declared CoreML support Stable Diffusion.

Please make sure you have a good network and have upgraded macOS, aka macOS Ventura before beginning.

brew install miniconda
gh repo clone apple/coremltools
cd coremltools # just clone repo
conda init bash
./scripts/build.sh --python=3.10
xcode-select --install

Then running

python -m python_coreml_stable_diffusion.pipeline --prompt "a photo of an astronaut riding a horse on mars" -i models/coreml-stable-diffusion-v1-4_original_packages -o output --compute-unit CPU_AND_GPU --seed 305
# If not running stable-diffusion-v1-4, the --model-version must be specified.
python -m python_coreml_stable_diffusion.pipeline --prompt "a photo of an astronaut riding a horse on mars" --compute-unit CPU_AND_GPU -o output --seed 1106 -i models/coreml-stable-diffusion-2-1-base_original_packages --model-version stabilityai/stable-diffusion-2-1-base
# Fix the model path if an error is reported.
subl /opt/homebrew/Caskroom/miniconda/base/lib/python3.10/site-packages/python_coreml_stable_diffusion/pipeline.py
subl /opt/homebrew/Caskroom/miniconda/base/lib/python3.10/site-packages/python_coreml_stable_diffusion/coreml_model.py

← Older Blog Archives