Merge pull request #25771 from github/repo-sync

repo sync

Author: Octomerger

content/admin/configuration/administering-your-instance-from-the-management-console/accessing-the-management-console.md

@@ -24,8 +24,8 @@ The first time that you access the {% data variables.enterprise.management_conso
 ## Accessing the {% data variables.enterprise.management_console %} as an unauthenticated user
 
 1. Visit this URL in your browser, replacing `hostname` with your actual {% data variables.product.prodname_ghe_server %} hostname or IP address:
-  ```shell
-  http(s)://HOSTNAME/setup
-  ```
+   ```shell
+   http(s)://HOSTNAME/setup
+   ```
 {% data reusables.enterprise_management_console.type-management-console-password %}
 {% data reusables.enterprise_management_console.click-continue-authentication %}

content/admin/configuration/configuring-network-settings/configuring-built-in-firewall-rules.md

@@ -30,32 +30,32 @@ We do not recommend customizing UFW as it can complicate some troubleshooting is
 
 {% data reusables.enterprise_installation.ssh-into-instance %}
 2. To view the default firewall rules, use the `sudo ufw status` command. You should see output similar to this:
-  ```shell
-  $ sudo ufw status
-  > Status: active
-  > To                         Action      From
-  > --                         ------      ----
-  > ghe-1194                   ALLOW       Anywhere
-  > ghe-122                    ALLOW       Anywhere
-  > ghe-161                    ALLOW       Anywhere
-  > ghe-22                     ALLOW       Anywhere
-  > ghe-25                     ALLOW       Anywhere
-  > ghe-443                    ALLOW       Anywhere
-  > ghe-80                     ALLOW       Anywhere
-  > ghe-8080                   ALLOW       Anywhere
-  > ghe-8443                   ALLOW       Anywhere
-  > ghe-9418                   ALLOW       Anywhere
-  > ghe-1194 (v6)              ALLOW       Anywhere (v6)
-  > ghe-122 (v6)               ALLOW       Anywhere (v6)
-  > ghe-161 (v6)               ALLOW       Anywhere (v6)
-  > ghe-22 (v6)                ALLOW       Anywhere (v6)
-  > ghe-25 (v6)                ALLOW       Anywhere (v6)
-  > ghe-443 (v6)               ALLOW       Anywhere (v6)
-  > ghe-80 (v6)                ALLOW       Anywhere (v6)
-  > ghe-8080 (v6)              ALLOW       Anywhere (v6)
-  > ghe-8443 (v6)              ALLOW       Anywhere (v6)
-  > ghe-9418 (v6)              ALLOW       Anywhere (v6)
-  ```
+   ```shell
+   $ sudo ufw status
+   > Status: active
+   > To                         Action      From
+   > --                         ------      ----
+   > ghe-1194                   ALLOW       Anywhere
+   > ghe-122                    ALLOW       Anywhere
+   > ghe-161                    ALLOW       Anywhere
+   > ghe-22                     ALLOW       Anywhere
+   > ghe-25                     ALLOW       Anywhere
+   > ghe-443                    ALLOW       Anywhere
+   > ghe-80                     ALLOW       Anywhere
+   > ghe-8080                   ALLOW       Anywhere
+   > ghe-8443                   ALLOW       Anywhere
+   > ghe-9418                   ALLOW       Anywhere
+   > ghe-1194 (v6)              ALLOW       Anywhere (v6)
+   > ghe-122 (v6)               ALLOW       Anywhere (v6)
+   > ghe-161 (v6)               ALLOW       Anywhere (v6)
+   > ghe-22 (v6)                ALLOW       Anywhere (v6)
+   > ghe-25 (v6)                ALLOW       Anywhere (v6)
+   > ghe-443 (v6)               ALLOW       Anywhere (v6)
+   > ghe-80 (v6)                ALLOW       Anywhere (v6)
+   > ghe-8080 (v6)              ALLOW       Anywhere (v6)
+   > ghe-8443 (v6)              ALLOW       Anywhere (v6)
+   > ghe-9418 (v6)              ALLOW       Anywhere (v6)
+   ```
 
 ## Adding custom firewall rules
 
@@ -67,13 +67,13 @@ We do not recommend customizing UFW as it can complicate some troubleshooting is
 
 1. Configure a custom firewall rule.
 2. Check the status of each new rule with the `status numbered` command.
-  ```shell
-  $ sudo ufw status numbered
-  ```
+   ```shell
+   $ sudo ufw status numbered
+   ```
 3. To back up your custom firewall rules, use the `cp`command to move the rules to a new file.
-  ```shell
-  $ sudo cp -r /etc/ufw ~/ufw.backup
-  ```
+   ```shell
+   $ sudo cp -r /etc/ufw ~/ufw.backup
+   ```
 
 After you upgrade {% data variables.location.product_location %}, you must reapply your custom firewall rules. We recommend that you create a script to reapply your firewall custom rules.
 
@@ -89,37 +89,37 @@ If something goes wrong after you change the firewall rules, you can reset the r
 
 {% data reusables.enterprise_installation.ssh-into-instance %}
 2. To restore the previous backup rules, copy them back to the firewall with the `cp` command.
-  ```shell
-  $ sudo cp -f ~/ufw.backup/*rules /etc/ufw
-  ```
+   ```shell
+   $ sudo cp -f ~/ufw.backup/*rules /etc/ufw
+   ```
 3. Restart the firewall with the `systemctl` command.
-  ```shell
-  $ sudo systemctl restart ufw
-  ```
+   ```shell
+   $ sudo systemctl restart ufw
+   ```
 4. Confirm that the rules are back to their defaults with the `ufw status` command.
-  ```shell
-  $ sudo ufw status
-  > Status: active
-  > To                         Action      From
-  > --                         ------      ----
-  > ghe-1194                   ALLOW       Anywhere
-  > ghe-122                    ALLOW       Anywhere
-  > ghe-161                    ALLOW       Anywhere
-  > ghe-22                     ALLOW       Anywhere
-  > ghe-25                     ALLOW       Anywhere
-  > ghe-443                    ALLOW       Anywhere
-  > ghe-80                     ALLOW       Anywhere
-  > ghe-8080                   ALLOW       Anywhere
-  > ghe-8443                   ALLOW       Anywhere
-  > ghe-9418                   ALLOW       Anywhere
-  > ghe-1194 (v6)              ALLOW       Anywhere (v6)
-  > ghe-122 (v6)               ALLOW       Anywhere (v6)
-  > ghe-161 (v6)               ALLOW       Anywhere (v6)
-  > ghe-22 (v6)                ALLOW       Anywhere (v6)
-  > ghe-25 (v6)                ALLOW       Anywhere (v6)
-  > ghe-443 (v6)               ALLOW       Anywhere (v6)
-  > ghe-80 (v6)                ALLOW       Anywhere (v6)
-  > ghe-8080 (v6)              ALLOW       Anywhere (v6)
-  > ghe-8443 (v6)              ALLOW       Anywhere (v6)
-  > ghe-9418 (v6)              ALLOW       Anywhere (v6)
-  ```
+   ```shell
+   $ sudo ufw status
+   > Status: active
+   > To                         Action      From
+   > --                         ------      ----
+   > ghe-1194                   ALLOW       Anywhere
+   > ghe-122                    ALLOW       Anywhere
+   > ghe-161                    ALLOW       Anywhere
+   > ghe-22                     ALLOW       Anywhere
+   > ghe-25                     ALLOW       Anywhere
+   > ghe-443                    ALLOW       Anywhere
+   > ghe-80                     ALLOW       Anywhere
+   > ghe-8080                   ALLOW       Anywhere
+   > ghe-8443                   ALLOW       Anywhere
+   > ghe-9418                   ALLOW       Anywhere
+   > ghe-1194 (v6)              ALLOW       Anywhere (v6)
+   > ghe-122 (v6)               ALLOW       Anywhere (v6)
+   > ghe-161 (v6)               ALLOW       Anywhere (v6)
+   > ghe-22 (v6)                ALLOW       Anywhere (v6)
+   > ghe-25 (v6)                ALLOW       Anywhere (v6)
+   > ghe-443 (v6)               ALLOW       Anywhere (v6)
+   > ghe-80 (v6)                ALLOW       Anywhere (v6)
+   > ghe-8080 (v6)              ALLOW       Anywhere (v6)
+   > ghe-8443 (v6)              ALLOW       Anywhere (v6)
+   > ghe-9418 (v6)              ALLOW       Anywhere (v6)
+   ```

content/admin/configuration/configuring-your-enterprise/troubleshooting-tls-errors.md

@@ -25,13 +25,13 @@ shortTitle: Troubleshoot TLS errors
 If you have a Linux machine with OpenSSL installed, you can remove your passphrase.
 
 1. Rename your original key file.
-  ```shell
-  $ mv yourdomain.key yourdomain.key.orig
-  ```
+   ```shell
+   $ mv yourdomain.key yourdomain.key.orig
+   ```
 2. Generate a new key without a passphrase.
-  ```shell
-  $ openssl rsa -in yourdomain.key.orig -out yourdomain.key
-  ```
+   ```shell
+   $ openssl rsa -in yourdomain.key.orig -out yourdomain.key
+   ```
 
 You'll be prompted for the key's passphrase when you run this command.
 
@@ -69,17 +69,17 @@ If your {% data variables.product.prodname_ghe_server %} appliance interacts wit
 
 1. Obtain the CA's root certificate from your local certificate authority and ensure it is in PEM format.
 2. Copy the file to your {% data variables.product.prodname_ghe_server %} appliance over SSH as the "admin" user on port 122.
-  ```shell
-  $ scp -P 122 rootCA.crt admin@HOSTNAME:/home/admin
-  ```
+   ```shell
+   $ scp -P 122 rootCA.crt admin@HOSTNAME:/home/admin
+   ```
 3. Connect to the {% data variables.product.prodname_ghe_server %} administrative shell over SSH as the "admin" user on port 122.
-  ```shell
-  $ ssh -p 122 admin@HOSTNAME
-  ```
+   ```shell
+   $ ssh -p 122 admin@HOSTNAME
+   ```
 4. Import the certificate into the system-wide certificate store.
-  ```shell
-  $ ghe-ssl-ca-certificate-install -c rootCA.crt
-  ```
+   ```shell
+   $ ghe-ssl-ca-certificate-install -c rootCA.crt
+   ```
 
 ## Updating a TLS certificate
 

content/admin/enterprise-management/configuring-clustering/monitoring-cluster-nodes.md

@@ -48,33 +48,33 @@ You can configure [Nagios](https://www.nagios.org/) to monitor {% data variables
 
 ### Configuring the Nagios host
 1. Generate an SSH key with a blank passphrase. Nagios uses this to authenticate to the {% data variables.product.prodname_ghe_server %} cluster.
-  ```shell
-  nagiosuser@nagios:~$ ssh-keygen -t ed25519
-  > Generating public/private ed25519 key pair.
-  > Enter file in which to save the key (/home/nagiosuser/.ssh/id_ed25519):
-  > Enter passphrase (empty for no passphrase): LEAVE BLANK BY PRESSING ENTER
-  > Enter same passphrase again: PRESS ENTER AGAIN
-  > Your identification has been saved in /home/nagiosuser/.ssh/id_ed25519.
-  > Your public key has been saved in /home/nagiosuser/.ssh/id_ed25519.pub.
-  ```
-  {% danger %}
-
-  **Security Warning:** An SSH key without a passphrase can pose a security risk if authorized for full access to a host. Limit this key's authorization to a single read-only command.
-
-  {% enddanger %}
-  {% note %}
-
-  **Note:** If you're using a distribution of Linux that doesn't support the Ed25519 algorithm, use the command:
-  ```shell
-  nagiosuser@nagios:~$ ssh-keygen -t rsa -b 4096
-  ```
-
-  {% endnote %}
+   ```shell
+   nagiosuser@nagios:~$ ssh-keygen -t ed25519
+   > Generating public/private ed25519 key pair.
+   > Enter file in which to save the key (/home/nagiosuser/.ssh/id_ed25519):
+   > Enter passphrase (empty for no passphrase): LEAVE BLANK BY PRESSING ENTER
+   > Enter same passphrase again: PRESS ENTER AGAIN
+   > Your identification has been saved in /home/nagiosuser/.ssh/id_ed25519.
+   > Your public key has been saved in /home/nagiosuser/.ssh/id_ed25519.pub.
+   ```
+   {% danger %}
+
+   **Security Warning:** An SSH key without a passphrase can pose a security risk if authorized for full access to a host. Limit this key's authorization to a single read-only command.
+
+   {% enddanger %}
+   {% note %}
+
+   **Note:** If you're using a distribution of Linux that doesn't support the Ed25519 algorithm, use the command:
+   ```shell
+   nagiosuser@nagios:~$ ssh-keygen -t rsa -b 4096
+   ```
+
+   {% endnote %}
 2. Copy the private key (`id_ed25519`) to the `nagios` home folder and set the appropriate ownership.
-  ```shell
-  nagiosuser@nagios:~$ sudo cp .ssh/id_ed25519 /var/lib/nagios/.ssh/
-  nagiosuser@nagios:~$ sudo chown nagios:nagios /var/lib/nagios/.ssh/id_ed25519
-  ```
+   ```shell
+   nagiosuser@nagios:~$ sudo cp .ssh/id_ed25519 /var/lib/nagios/.ssh/
+   nagiosuser@nagios:~$ sudo chown nagios:nagios /var/lib/nagios/.ssh/id_ed25519
+   ```
 
 3. To authorize the public key to run *only* the `ghe-cluster-status -n` command, use a `command=` prefix in the `/data/user/common/authorized_keys` file. From the administrative shell on any node, modify this file to add the public key generated in step 1. For example: `command="/usr/local/bin/ghe-cluster-status -n" ssh-ed25519 AAAA....`
 
@@ -88,39 +88,39 @@ You can configure [Nagios](https://www.nagios.org/) to monitor {% data variables
   ```
 
 5. To test that the Nagios plugin can successfully execute the command, run it interactively from Nagios host.
-  ```shell
-  nagiosuser@nagios:~$ /usr/lib/nagios/plugins/check_by_ssh -l admin -p 122 -H HOSTNAME -C "ghe-cluster-status -n" -t 30
-  > OK - No errors detected
-  ```
+   ```shell
+   nagiosuser@nagios:~$ /usr/lib/nagios/plugins/check_by_ssh -l admin -p 122 -H HOSTNAME -C "ghe-cluster-status -n" -t 30
+   > OK - No errors detected
+   ```
 
 6. Create a command definition in your Nagios configuration.
 
-  **Example definition**
+   **Example definition**
 
-  ```
-  define command {
+   ```
+   define command {
         command_name    check_ssh_ghe_cluster
         command_line    $USER1$/check_by_ssh -H $HOSTADDRESS$ -C "ghe-cluster-status -n" -l admin -p 122 -t 30
-  }
-  ```
+   }
+   ```
 7. Add this command to a service definition for a node in the {% data variables.product.prodname_ghe_server %} cluster.
 
-  **Example definition**
+   **Example definition**
 
-  ```
-  define host{
+   ```
+   define host{
         use                     generic-host
         host_name               ghe-data-node-0
         alias                   ghe-data-node-0
         address                 10.11.17.180
         }
 
-  define service{
+   define service{
           use                             generic-service
           host_name                       ghe-data-node-0
           service_description             GitHub Cluster Status
           check_command                   check_ssh_ghe_cluster
           }
-  ```
+   ```
 
 After you add the definition to Nagios, the service check executes according to your configuration. You should be able to see the newly configured service in the Nagios web interface.