---
Tag: ["Server", "Security", "Privacy", "App", "Web"]
Date: 2021-09-19
DocType: "Server"
Hierarchy: "NonRoot"
TimeStamp: 2021-09-24
CPU: 2Core
RAM: 4GB
StorageCapa: 40GB
StorageType: SSD
Bandwidth: 4TB
Speed:
OS: Ubuntu 20.04
Domiciliation: NL
IPv4: 41.216.181.11
Hostname: vm919620.desivps.com
Host: DesiVPS
SubDomain: tools
UsedDiskSpace: 17%
---
Parent:: [[mfxm Website Scope|mfxm.fr]]
---
 
```button
name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData
```
^button-ToolsServerEdit
```button
name Save
type command
action Save current file
id Save
```
^button-ToolsServerSave
 
# Tools server
 
```ad-abstract
title: Summary
collapse: open
Higher spec server to be set up with docker to host a variety of tools using containers.
```
 
```toc
style: number
```
 
---
 
### Server parameters
 
```ad-quote
title: Dashboard access
[https://clients.desivps.com/clientarea.php ](https://clients.desivps.com/clientarea.php )
```
 
```ad-quote
title: Address
The service will be located under ** [tools.mfxm.fr ](https://tools.mfxm.fr )** .
```
 
---
 
### Services
 
```ad-abstract
title: Service description
The Tools server will host a variety of tools in docker containers. Several services will aim to service all others and will be installed outside of docker containers.
```
 
#### Installed server dependencies
##### Docker
```ad-warning
title: [[Docker config|docker]] for non root users
[[Docker config|docker]] predominantly works for the root user. In order to let non-root users instruct Docker, users need to be added to the Docker group:
`sudo usermod -aG docker (username)`
Potentially, the Docker group needs to be defined:
`sudo groupadd docker`
```
Currently running Docker containers
```ad-bug
title: sl-network
ID: 3a4d267e8155e3ff957e15c86360de1431d177b2131455707bea99038f179481
IP: 17.27.37.x
```
 
##### Caddy
[[Caddy config|caddy]] is the webserver of choice. Refer to the dedicated note for config and parametrisation.
```ad-bug
title: authentication token
LWERS4M7njDLiAJe5A6gkv9jRDabvnzBGyYk9vPr1F5dY0LMu47FSjB0v21BAE83rYTOksElzcYmioWA
```
 
##### Security
| Program name | Type | Description
|----------------|------|-------------
| **fail2ban** | Daemon | Blocks suspicious attempts to login
| **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS
| **logwatch** | Daemon | Monitors activity on server and sends activity logs
 
##### fail2ban
Classic installation with a dedicated configuration:
`sudo nano /etc/fail2ban/jail.d/sshd.local`
With the following parameters:
>[sshd]
>enabled = true
>port=2227
>maxretry = 10
>bantime = 1m
 
##### Postfix
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Postfix config|system]] is required for every server to work correctly.
 
##### Certbot
Provides SSL certification from **Let's Encrypt** . Installation dependencies are different from Nginx and explained [here ](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/ )
 
##### UFW
Firewall management.
 
##### Nodejs & Yarn
JavaScript & JS package manager.
 
---
 
#### Dedicated Server parameters
| Service | Used value
|---------|:---------:
**Internal docker network** | 17.27.37.x
**Port: SSH** | 2227
**Port: Git server** | 8087
**Port: Git SSH** | 2228
 
---
 
#### Password manager
[Bitwarden ](https://bitwarden.com ) is a FOSS enabling self-hosting with a simple deployment through docker/docker-compose.
 
##### Service parameters (pw-manager)
```ad-info
title: service parameters
**IP**: 17.27.37.3:80
**Docker ID**: 970b6f4b6150fa03be24287ae29a065c06ff7ed91a3402f8184c8a9aafa5e94d
**Docker Name**: bitwarden_bitwarden_1
---
**Address**: https://pw-manager.mfxm.fr
```
 
##### User management (pw-manager)
```ad-info
title: Link
[Admin panel ](https://pw-manager.mfxm.fr )
```
The admin panel needs to be set up with an authentication token and is accessed with the token. User & key management is done from within this panel.
 
---
 
#### Personal notes
[MiniNote ](https://github.com/muety/mininote ) is a FOSS enabling self-hosting with a server-side encryption.
 
##### Service parameters (notes)
```ad-info
title: service parameters
**IP**: 17.27.37.7:3000
**Docker ID**: 73d91d338b533c05a4ad15968efb0470e924f780d016fab13c98f8f1dc3820af
**Docker Name**: mininote_mininote_1
---
**Address**: https://notes.mfxm.fr
```
 
##### User management (notes)
No user management per se. [[Caddy config|Caddy]] provides with a layer of authentication to restrict users to access the full service.
 
---
 
#### Git repository
[Gitea ](https://gitea.io ) is a FOSS enabling self-hosting a Git instance similar to GitHub.
 
##### Service parameters (git server)
```ad-info
title: service parameters
**IP**: 172.21.0.3
**Docker ID**: b6ec6f3843c3c9afe13215f73e0f8002475a145e33b0f0b555970b7f6f1ae38b
**Docker Name**: gitea
**Dedicated user**: git
---
**Address**: https://git.mfxm.fr
```
 
##### Service parameters (git db)
```ad-info
title: service parameters
**IP**: 172.21.0.2
**Docker ID**: a06fac3650f8f7dca29b022401a10f63d825283d762306501690e52ab9073d33
**Docker Name**: gitea_db_1
```
 
##### User management (git)
User management has not been parametered to exclude new users but an admin panel exists to control and remove users under the admin login.
 
##### Doc library (git)
[Link ](https://docs.gitea.io/en-us/command-line )
 
---
 
#### Server-side Monitoring
Refer to the [[Monit config|monit section]] for further information on installation and configuration.
List of monitored services:
- System
- SSH
- Fail2ban
- cron
- Postfix
- docker
- Bitwarden
- Mininote
 
---
 
### Utilities
 
#### Cert storage
`/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/`
 
---
 
### Pricing
 
< mark class = "green" > Tools Server< / mark > | One-off cost | Recurring subscription p.a.
--------|---------------|:----------------------:
< p style = "color:cyan" > **Server hosting**</ p > |   | *$60*
^ToolsServerCost
 
---
 
### Tasks & Further steps
 
- [ ] [[Tools Server]]: Backup server 🔁 every 6 months on the 1st Tuesday
- [x] Set-up landing page
 
 
