oliver/StaySense
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions
StaySense/docs/OPERATIONS.md

1.1 KiB
Raw Blame History

Operations Runbook

Wichtige Befehle

API neu starten:

sudo systemctl restart staysense-api.service

Import manuell ausfuehren:

sudo systemctl start staysense-import.service

Service-Logs:

sudo journalctl -u staysense-api.service -f
sudo journalctl -u staysense-import.service -f

Fail2ban Status:

sudo fail2ban-client status
sudo fail2ban-client status nginx-staysense-limitreq

Health check:

curl -s http://127.0.0.1:8787/health

Backup

cp /opt/staysense/data/staysense.db /opt/staysense/data/staysense.db.bak

Restore

cp /opt/staysense/data/staysense.db.bak /opt/staysense/data/staysense.db
sudo systemctl restart staysense-api.service

Hardening Snapshot

  • API-Rate-Limit aktiv auf /api/ (limit_req zone=limit burst=20 nodelay)
  • Security Header aktiv im vHost (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy)
  • Fail2ban Jail aktiv:
    • Name: nginx-staysense-limitreq
    • Log: /home/staysense-site/logs/nginx/error.log
    • Ban bei wiederholten Rate-Limit-Verstoessen