1.6 KiB
1.6 KiB
Operations Runbook
Wichtige Befehle
API neu starten:
sudo systemctl restart staysense-api.service
Import manuell ausfuehren:
sudo systemctl start staysense-import.service
Service-Logs:
sudo journalctl -u staysense-api.service -f
sudo journalctl -u staysense-import.service -f
Fail2ban Status:
sudo fail2ban-client status
sudo fail2ban-client status nginx-staysense-limitreq
Health check:
curl -s http://127.0.0.1:8787/health
Watchdog pruefen:
sudo systemctl status staysense-watchdog.timer --no-pager
sudo journalctl -u staysense-watchdog.service -n 80 --no-pager
DB Read-Only Sofortfix
sudo chown -R staysense:staysense /opt/staysense/data
sudo chmod 2775 /opt/staysense/data
sudo systemctl restart staysense-api.service
Backup
cp /opt/staysense/data/staysense.db /opt/staysense/data/staysense.db.bak
Restore
cp /opt/staysense/data/staysense.db.bak /opt/staysense/data/staysense.db
sudo systemctl restart staysense-api.service
Hardening Snapshot
- API-Rate-Limit aktiv auf
/api/(limit_req zone=limit burst=20 nodelay) - Endpoint-spezifische Limits:
/api/spot/score:zone=staysense_score,burst=25/api/spot/signal:zone=staysense_signal,burst=3
- Security Header aktiv im vHost (
CSP,X-Frame-Options,X-Content-Type-Options,Referrer-Policy,Permissions-Policy) - Fail2ban Jail aktiv:
- Name:
nginx-staysense-limitreq - Log:
/home/staysense-site/logs/nginx/error.log - Ban bei wiederholten Rate-Limit-Verstoessen
- Alarm-Log:
/var/log/staysense-security.log
- Name: