SysOps Admin Dashboard

SysOps Dashboard

SysOps Overview

Screenshot-ready proof of core topics: NGINX vHosts, logs, DB constraints, network exposure, backups, troubleshooting.

HTTPS ON
Goal: show the “ops mindset” on a functional WordPress page (for the exercise screenshot).

🌐 NGINX (vHosts)

WP vHost: sysopsadmin-wp.cdco-devops.abrdns.com
Root: /var/www/sysopsadmin-wp
Dash vHost: sysopsadmin-dash.cdco-devops.abrdns.com
Root: /var/www/sysopsadmin-dash
PHP-FPM socket: /run/php/php8.3-fpm.sock

Two hostnames → one VM → routed by Host header to correct server block.

📜 Log Management

Per-vHost logs (WP):
/var/log/nginx/sysopsadmin_wp_access.log
/var/log/nginx/sysopsadmin_wp_error.log
Required deliverables:
/var/log/nginx/access.log
/var/log/nginx/error.log

Logs = evidence + fastest debug signal (routing, PHP errors, 404s).

🗄️ Database Administration

DB host: localhost
DB name: wordpress
DB user: wp***
DB OK

Exercise rule: DB user has no DELETE. WordPress may warn during cleanup tasks; requirement still met.

🧭 Network Management

  • Public: 80/443 for HTTP/HTTPS
  • Admin: SSH restricted (Tailscale interface)
  • DB: local-only (no public 3306 exposure)

Minimal exposure, intentional service boundaries.

💾 Backup & Recovery

Planned targets:
Site files: /var/www/sysopsadmin-wp
DB dump: MariaDB backup file
Configs: NGINX + TLS files
Last backup marker:
Goal: quick restore proof (site + DB + configs).

🧯 Troubleshooting (examples)

Common issues and remedies in this exact stack (LEMP + WP + Certbot + backups).

  • Backup marker missing / no backups created
    → verify backup target dir exists + writable (e.g. /var/backups/sysopsadmin/)
    → run your backup script manually once and confirm it writes a DB dump + marker file
    → evidence: backup files present + updated timestamp (and optional cron entry if used)
  • No HTTPS yet / Certbot not applied
    → ensure DNS A-records point to this VM + ports 80/443 are reachable publicly
    → run Certbot with Nginx plugin for both FQDNs and confirm the TLS files exist under /etc/letsencrypt/live/<your_dns>/
    → evidence: fullchain.pem, privkey.pem, and Nginx HTTPS config created
  • 502 Bad Gateway / blank PHP
    → check php8.3-fpm is running + socket exists /run/php/php8.3-fpm.sock
    → confirm Nginx fastcgi_pass matches that socket path
    → evidence: /var/log/nginx/sysopsadmin_wp_error.log
  • Wrong site served
    → verify server_name matches FQDN and default catch-all is disabled
    → evidence: /var/log/nginx/access.log + Host header routing
  • WP install warnings
    → “DELETE denied” can be expected due to exercise rule (DB user has no DELETE)
    → evidence: DB grants for wp_user@localhost show no DELETE
  • 403 / assets missing
    → confirm Nginx root points to the right folder and dirs are traversable (755)
    → check file ownership/permissions didn’t block reads (web user needs read access)
    → evidence: /var/log/nginx/sysopsadmin_wp_error.log

Tip: run sudo nginx -t before reloading Nginx to avoid applying a broken config.