You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
493 lines
8.4 KiB
493 lines
8.4 KiB
3 years ago
|
---
|
||
|
|
||
3 years ago
|
Tag: ["Server", "Security", "Privacy", "App", "Web", "Tools"]
|
||
3 years ago
|
Date: 2021-09-19
|
||
|
DocType: "Server"
|
||
|
Hierarchy: "NonRoot"
|
||
3 years ago
|
Performance:
|
||
|
CPU: 2Core
|
||
|
RAM: 4GB
|
||
|
Bandwidth: 4TB
|
||
|
Speed:
|
||
|
Characteristics:
|
||
|
OS: Ubuntu 20.04
|
||
|
Domiciliation: NL
|
||
|
IPv4: 41.216.181.11
|
||
|
Hostname: vm919620.desivps.com
|
||
|
Host: DesiVPS
|
||
|
SubDomain: tools
|
||
|
Disk:
|
||
|
Capa: 40GB
|
||
|
Type: SSD
|
||
3 years ago
|
UsedSpace: 30%
|
||
|
TimeStamp: 2021-10-07
|
||
3 years ago
|
|
||
|
---
|
||
|
|
||
|
Parent:: [[mfxm Website Scope|mfxm.fr]]
|
||
|
|
||
|
---
|
||
|
|
||
|
 
|
||
|
|
||
|
```button
|
||
|
name Edit Server parameters
|
||
|
type command
|
||
|
action MetaEdit: Run MetaEdit
|
||
|
id EditMetaData
|
||
|
```
|
||
|
^button-ToolsServerEdit
|
||
|
|
||
|
```button
|
||
|
name Save
|
||
|
type command
|
||
|
action Save current file
|
||
|
id Save
|
||
|
```
|
||
|
^button-ToolsServerSave
|
||
|
|
||
|
 
|
||
|
|
||
|
# Tools server
|
||
|
|
||
|
 
|
||
|
|
||
|
```ad-abstract
|
||
|
title: Summary
|
||
|
collapse: open
|
||
|
Higher spec server to be set up with docker to host a variety of tools using containers.
|
||
|
```
|
||
|
|
||
|
 
|
||
|
|
||
|
```toc
|
||
|
style: number
|
||
|
```
|
||
|
|
||
|
 
|
||
|
|
||
|
---
|
||
|
|
||
|
 
|
||
|
|
||
|
### Server parameters
|
||
|
|
||
|
 
|
||
|
|
||
|
```ad-quote
|
||
|
title: Dashboard access
|
||
|
[https://clients.desivps.com/clientarea.php](https://clients.desivps.com/clientarea.php)
|
||
|
```
|
||
|
|
||
|
 
|
||
|
|
||
|
```ad-quote
|
||
|
title: Address
|
||
|
The service will be located under **[tools.mfxm.fr](https://tools.mfxm.fr)** .
|
||
|
```
|
||
|
|
||
|
 
|
||
|
|
||
|
---
|
||
|
|
||
|
 
|
||
|
|
||
|
### Services
|
||
|
|
||
|
 
|
||
|
|
||
|
```ad-abstract
|
||
|
title: Service description
|
||
|
The Tools server will host a variety of tools in docker containers. Several services will aim to service all others and will be installed outside of docker containers.
|
||
|
```
|
||
|
|
||
|
 
|
||
|
|
||
|
#### Installed server dependencies
|
||
|
|
||
|
##### Docker
|
||
|
|
||
|
```ad-warning
|
||
|
title: [[Docker config|docker]] for non root users
|
||
|
[[Docker config|docker]] predominantly works for the root user. In order to let non-root users instruct Docker, users need to be added to the Docker group:
|
||
|
|
||
|
`sudo usermod -aG docker (username)`
|
||
|
|
||
|
Potentially, the Docker group needs to be defined:
|
||
|
|
||
|
`sudo groupadd docker`
|
||
|
```
|
||
|
|
||
|
Currently running Docker containers
|
||
|
|
||
|
```ad-bug
|
||
3 years ago
|
title: docker network
|
||
3 years ago
|
ID: 3a4d267e8155e3ff957e15c86360de1431d177b2131455707bea99038f179481
|
||
|
IP: 17.27.37.x
|
||
|
```
|
||
|
|
||
|
 
|
||
|
|
||
|
##### Caddy
|
||
|
|
||
3 years ago
|
[[Configuring Caddy|caddy]] is the webserver of choice. Refer to the dedicated note for config and parametrisation.
|
||
3 years ago
|
|
||
|
```ad-bug
|
||
|
title: authentication token
|
||
|
LWERS4M7njDLiAJe5A6gkv9jRDabvnzBGyYk9vPr1F5dY0LMu47FSjB0v21BAE83rYTOksElzcYmioWA
|
||
|
```
|
||
|
|
||
|
 
|
||
|
|
||
|
##### Security
|
||
|
|
||
|
| Program name | Type | Description
|
||
|
|----------------|------|-------------
|
||
|
| **fail2ban** | Daemon | Blocks suspicious attempts to login
|
||
|
| **unattended-upgrades** | Program | Enables automatic updates of installed programs and OS
|
||
|
| **logwatch** | Daemon | Monitors activity on server and sends activity logs
|
||
|
|
||
|
 
|
||
|
|
||
|
##### fail2ban
|
||
|
|
||
|
Classic installation with a dedicated configuration:
|
||
|
|
||
3 years ago
|
```ad-command
|
||
|
~~~
|
||
|
sudo nano /etc/fail2ban/jail.d/sshd.local
|
||
|
~~~
|
||
|
```
|
||
3 years ago
|
|
||
|
With the following parameters:
|
||
|
|
||
3 years ago
|
```ad-code
|
||
|
~~~
|
||
|
[sshd]
|
||
|
enabled = true
|
||
|
port=2227
|
||
|
maxretry = 10
|
||
|
bantime = 1m
|
||
|
~~~
|
||
|
```
|
||
3 years ago
|
|
||
|
 
|
||
|
|
||
|
##### Postfix
|
||
|
|
||
3 years ago
|
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.
|
||
3 years ago
|
|
||
|
 
|
||
|
|
||
|
##### Certbot
|
||
|
|
||
|
Provides SSL certification from **Let's Encrypt**. Installation dependencies are different from Nginx and explained [here](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/)
|
||
|
|
||
|
 
|
||
|
|
||
|
##### UFW
|
||
|
|
||
3 years ago
|
Firewall management, see [[Configuring UFW|here]] for more details.
|
||
3 years ago
|
|
||
|
 
|
||
|
|
||
|
##### Nodejs & Yarn
|
||
|
|
||
|
JavaScript & JS package manager.
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
---
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
#### Dedicated Server parameters
|
||
|
|
||
|
| Service | Used value
|
||
|
|---------|:---------:
|
||
3 years ago
|
  |  
|
||
3 years ago
|
**Network: [[Configuring Docker\|docker]] dedicated** | 17.27.37.x
|
||
3 years ago
|
**IP: pw-manager** | 17.27.37.3
|
||
3 years ago
|
**IP: StandardNotes** | 172.22.0.1
|
||
3 years ago
|
**IP: Git** | 172.21.0.3
|
||
|
**IP: Git db** | 172.21.0.4
|
||
|
  |  
|
||
3 years ago
|
**Port: SSH** | 2227
|
||
3 years ago
|
**Port: SN** | 2700
|
||
3 years ago
|
**Port: Git server** | 8087
|
||
|
**Port: Git SSH** | 2228
|
||
|
|
||
|
|
||
3 years ago
|
|
||
3 years ago
|
 
|
||
|
|
||
|
---
|
||
3 years ago
|
|
||
|
 
|
||
|
|
||
|
#### Password manager
|
||
|
|
||
|
[Bitwarden](https://bitwarden.com) is a FOSS enabling self-hosting with a simple deployment through docker/docker-compose.
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
##### Service parameters (pw-manager)
|
||
3 years ago
|
|
||
|
```ad-info
|
||
|
title: service parameters
|
||
3 years ago
|
**IP**: 17.27.37.3:80
|
||
3 years ago
|
**DockerID**: 970b6f4b6150fa03be24287ae29a065c06ff7ed91a3402f8184c8a9aafa5e94d
|
||
|
**DockerName**: bitwarden_bitwarden_1
|
||
3 years ago
|
---
|
||
|
**Address**: https://pw-manager.mfxm.fr
|
||
3 years ago
|
```
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
##### User management (pw-manager)
|
||
3 years ago
|
|
||
|
```ad-info
|
||
|
title: Link
|
||
|
[Admin panel](https://pw-manager.mfxm.fr)
|
||
|
```
|
||
|
|
||
|
The admin panel needs to be set up with an authentication token and is accessed with the token. User & key management is done from within this panel.
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
---
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
#### Personal notes
|
||
|
|
||
3 years ago
|
[StandardNotes](https://standardnotes.com) is a program enabling self-hosting with a server-side encryption.
|
||
3 years ago
|
|
||
|
 
|
||
|
|
||
3 years ago
|
##### Service parameters (notes)
|
||
3 years ago
|
|
||
|
```ad-info
|
||
|
title: service parameters
|
||
3 years ago
|
**IP**: 172.22.0.1:2700
|
||
|
**DockerNames**: api-gateway, auth-worker, syncing-server-js-worker, auth, syncing-server-js, db, cache
|
||
3 years ago
|
---
|
||
3 years ago
|
**Address**: https://st-notes.mfxm.fr
|
||
3 years ago
|
```
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
##### Configuration (notes)
|
||
|
|
||
|
2 files are used to configure the service:
|
||
|
|
||
3 years ago
|
```ad-path
|
||
|
~~~
|
||
|
~/standalone/.env
|
||
|
~~~
|
||
|
```
|
||
3 years ago
|
|
||
3 years ago
|
```ad-path
|
||
|
~~~
|
||
|
~/standalone/docker/auth/.env
|
||
|
~~~
|
||
|
```
|
||
3 years ago
|
|
||
|
Docs can be found [here](https://docs.standardnotes.com/self-hosting/docker).
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
##### User management (notes)
|
||
3 years ago
|
|
||
3 years ago
|
No user management per se. .env file allows (or not) to restrict new registration.
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
###### dBeaver
|
||
|
|
||
|
[dBeaver](https://dbeaver.io) installed to view the database entries.
|
||
|
|
||
|
```ad-info
|
||
|
title: Tutorial for setting up conmection
|
||
|
[Tutorial](https://devimalplanet.com/how-to-dbeaver-remote-database-ssh)
|
||
|
```
|
||
|
|
||
|
Once in the tool, select the data to see and the 'data' pane to visualise the tables.
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
##### StandardNotes extensions
|
||
|
|
||
|
```ad-info
|
||
|
title: service parameters
|
||
|
**Location**: ~/standardnotes-extensions
|
||
|
**reverse-proxy**: ~/standardnotes-extensions/public
|
||
|
---
|
||
|
**Address**: https://tools.mfxm.fr/extensions/index.json
|
||
|
```
|
||
|
|
||
|
 
|
||
|
|
||
|
StandardNotes has developped extensions to customise both the skin and editor of the app. It is a paying feature normally but can be self-hosted and free.
|
||
|
One GitHub user is offering a [repo](https://github.com/iganeshk/standardnotes-extensions) for extensions that can be cloned and linked to the application.
|
||
|
|
||
|
* **Configuration file**
|
||
|
|
||
3 years ago
|
```ad-command
|
||
|
~~~
|
||
|
~/standardnotes-extensions/.env
|
||
|
~~~
|
||
|
```
|
||
3 years ago
|
|
||
|
* **Repository update**
|
||
|
|
||
3 years ago
|
```ad-command
|
||
|
~~~
|
||
|
sudo python3 build_repo.py
|
||
|
~~~
|
||
|
```
|
||
|
|
||
|
In the main folder.
|
||
3 years ago
|
|
||
|
 
|
||
|
|
||
3 years ago
|
---
|
||
|
|
||
|
 
|
||
|
|
||
|
#### Git repository
|
||
|
|
||
|
[Gitea](https://gitea.io) is a FOSS enabling self-hosting a Git instance similar to GitHub.
|
||
|
|
||
|
 
|
||
|
|
||
|
##### Service parameters (git server)
|
||
|
|
||
|
```ad-info
|
||
|
title: service parameters
|
||
|
**IP**: 172.21.0.3
|
||
|
**Docker ID**: b6ec6f3843c3c9afe13215f73e0f8002475a145e33b0f0b555970b7f6f1ae38b
|
||
|
**Docker Name**: gitea
|
||
|
**Dedicated user**: git
|
||
|
---
|
||
|
**Address**: https://git.mfxm.fr
|
||
|
```
|
||
|
|
||
|
 
|
||
|
|
||
|
##### Service parameters (git db)
|
||
|
|
||
|
```ad-info
|
||
|
title: service parameters
|
||
|
**IP**: 172.21.0.2
|
||
|
**Docker ID**: a06fac3650f8f7dca29b022401a10f63d825283d762306501690e52ab9073d33
|
||
|
**Docker Name**: gitea_db_1
|
||
|
```
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
##### User management (git)
|
||
3 years ago
|
|
||
|
User management has not been parametered to exclude new users but an admin panel exists to control and remove users under the admin login.
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
##### Doc library (git)
|
||
|
|
||
|
[Link](https://docs.gitea.io/en-us/command-line)
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
##### Utilities
|
||
|
|
||
3 years ago
|
```ad-path
|
||
3 years ago
|
title: Config file
|
||
3 years ago
|
~~~
|
||
3 years ago
|
~/gitea/gitea/gitea/conf/app.ini
|
||
3 years ago
|
~~~
|
||
3 years ago
|
```
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
```ad-code
|
||
3 years ago
|
title: email setup
|
||
|
Gitea can work on internal mail points through:
|
||
3 years ago
|
~~~
|
||
|
ENABLED = true
|
||
|
FROM = (user addresss)
|
||
|
USE_SENDMAIL = false
|
||
|
HOST = (hostname):25
|
||
|
~~~
|
||
3 years ago
|
```
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
---
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
#### Server-side Monitoring
|
||
|
|
||
3 years ago
|
Refer to the [[Configuring Monit|monit section]] for further information on installation and configuration.
|
||
3 years ago
|
|
||
|
List of monitored services:
|
||
|
- System
|
||
|
- SSH
|
||
|
- Fail2ban
|
||
|
- cron
|
||
|
- Postfix
|
||
|
- docker
|
||
|
- Bitwarden
|
||
3 years ago
|
- Mininote
|
||
3 years ago
|
- Git
|
||
|
- Git db
|
||
3 years ago
|
|
||
|
 
|
||
|
|
||
|
---
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
### Utilities
|
||
|
|
||
|
 
|
||
|
|
||
|
#### Cert storage
|
||
|
|
||
3 years ago
|
```ad-path
|
||
|
~~~
|
||
|
/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/
|
||
|
~~~
|
||
|
```
|
||
3 years ago
|
|
||
|
 
|
||
|
|
||
|
---
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
### Pricing
|
||
|
|
||
|
 
|
||
|
|
||
|
<mark class="green">Tools Server</mark> | One-off cost | Recurring subscription p.a.
|
||
|
--------|---------------|:----------------------:
|
||
|
<p style="color:cyan">**Server hosting**</p> |   | *$60*
|
||
|
^ToolsServerCost
|
||
|
|
||
|
 
|
||
|
|
||
|
---
|
||
|
|
||
|
 
|
||
|
|
||
|
### Tasks & Further steps
|
||
|
|
||
|
 
|
||
|
|
||
3 years ago
|
- [ ] [[Server Tools]]: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14
|
||
|
- [x] [[Server Tools]]: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-10-13
|
||
3 years ago
|
- [x] Set-up landing page
|
||
|
|
||
|
 
|
||
|
 
|