Caddy will fetch a **SSL certificate** for all sub-domains and addresses present in the config file automatically, once the declaration is made properly.
Caddy will fetch a **SSL certificate** for all sub-domains and addresses present in the config file automatically, once the declaration is made properly.
@ -114,7 +116,7 @@ Caddy will fetch a **SSL certificate** for all sub-domains and addresses present
Users with sudo rights need to be added to the 'docker' group for being able to instruct docker:
Users with sudo rights need to be added to the 'docker' group for being able to instruct docker:
```ad-command
```ad-command
@ -140,7 +142,7 @@ sudo docker–compose --version
 
 
### docker elements
### docker elements
[[#^Top|TOP]]
 
 
#### docker network
#### docker network
@ -174,7 +176,7 @@ sudo docker-compose up -d
 
 
#### Maintaining containers
#### Maintaining containers
[[#^Top|TOP]]
Maintaining containers with docker is arduous and easier to do with docker-compose.
Maintaining containers with docker is arduous and easier to do with docker-compose.
Easiest is to create aliases in the .bashrc of home directory by adding:
Easiest is to create aliases in the .bashrc of home directory by adding:
@ -213,7 +215,7 @@ From within the container folder.
 
 
#### Update environment variables
#### Update environment variables
[[#^Top|TOP]]
Docker does not have a standard way to update environment variables, and requires to take down and then re-initialise a container with the appropriate variable fed in the run script. To avoid that, the followong steps can be taken:
Docker does not have a standard way to update environment variables, and requires to take down and then re-initialise a container with the appropriate variable fed in the run script. To avoid that, the followong steps can be taken:
**Linux** is the most common OS for servers. **Ubuntu**, **Debian** or **CentOS** the most common distributions.
**Linux** is the most common OS for servers. **Ubuntu**, **Debian** or **CentOS** the most common distributions.
**MacOS** would require a Virtual Machine to run properly.
**MacOS** would require a Virtual Machine to run properly.
@ -95,7 +95,7 @@ More and more literature point that a home Internet connection may not be the mo
 
 
#### Domain
#### Domain
[[#^Top|TOP]]
Domain management is important for several reasons: email and email routine can only be defined once per domain. As such, email services (self-hosting, email aliasing) need to be run on separate domains.
Domain management is important for several reasons: email and email routine can only be defined once per domain. As such, email services (self-hosting, email aliasing) need to be run on separate domains.
For self-hosting, the folllowing domain will be used: **mfxm.fr**
For self-hosting, the folllowing domain will be used: **mfxm.fr**
@ -114,7 +114,7 @@ Security is paramount at the points of connection to the server. SSH protocols a
@ -160,7 +160,7 @@ Backups are managed through the **tar** command and dispatched over the network
 
 
#### Server Monitoring
#### Server Monitoring
[[#^Top|TOP]]
```ad-info
```ad-info
title: Documentation
title: Documentation
[Monit](https://mmonit.com/)
[Monit](https://mmonit.com/)
@ -178,7 +178,7 @@ Monitoring is implemented through a free and open-source tool called [[Configuri
 
 
### Running multiple services on the same hardware
### Running multiple services on the same hardware
[[#^Top|TOP]]
 
 
```ad-tip
```ad-tip
@ -205,7 +205,7 @@ In essence, to run multiple services on the same hardware, a few basic steps nee
 
 
### Self-hosted services
### Self-hosted services
[[#^Top|TOP]]
 
 
A list of FOSS services can be found [here](https://github.com/awesome-selfhosted/awesome-selfhosted)
A list of FOSS services can be found [here](https://github.com/awesome-selfhosted/awesome-selfhosted)
@ -222,7 +222,7 @@ A list of FOSS services can be found [here](https://github.com/awesome-selfhoste
 
 
#### Email service
#### Email service
[[#^Top|TOP]]
Email service can be fully built but has many components to it: server, database, imap, caldav, carddav, DNS specificities, spam whitelisting as well as security (server access & spam filtering). It can therefore be tideous to build an email service from scratch. Pre-packaged solitions exist to manage all components:
Email service can be fully built but has many components to it: server, database, imap, caldav, carddav, DNS specificities, spam whitelisting as well as security (server access & spam filtering). It can therefore be tideous to build an email service from scratch. Pre-packaged solitions exist to manage all components:
1. [IRedMail](https://www.iredmail.org/)
1. [IRedMail](https://www.iredmail.org/)
2. [Mail-in-a-Box](https://mailinabox.email/)
2. [Mail-in-a-Box](https://mailinabox.email/)
@ -239,7 +239,7 @@ title: Documentation
 
 
#### [[Email alias]] service
#### [[Email alias]] service
[[#^Top|TOP]]
```ad-info
```ad-info
title: Documentation
title: Documentation
[Tutorial](https://github.com/simple-login/app)
[Tutorial](https://github.com/simple-login/app)
@ -248,7 +248,7 @@ title: Documentation
 
 
#### Personal [[/Nextcloud|cloud]] & syncing
#### Personal [[/Nextcloud|cloud]] & syncing
[[#^Top|TOP]]
```ad-info
```ad-info
title: Documentation
title: Documentation
[Tutorial](https://nextcloud.com/athome/)
[Tutorial](https://nextcloud.com/athome/)
@ -264,7 +264,7 @@ title: Build your own
 
 
#### Instant Messenging
#### Instant Messenging
[[#^Top|TOP]]
```ad-info
```ad-info
title: Documentation
title: Documentation
[[Element]]
[[Element]]
@ -275,7 +275,7 @@ title: Documentation
#### VPN
#### VPN
Easy service to set-up through [WireGuard](https://www.wireguard.com/)
Easy service to set-up through [WireGuard](https://www.wireguard.com/)
@ -95,7 +97,7 @@ The service will be located under **[emailalias.mfxm.fr](https://emailalias.mfxm
 
 
### Service
### Service
[[#^Top|TOP]]
 
 
```ad-abstract
```ad-abstract
@ -106,7 +108,7 @@ The Email Alias service itself is called [SimpleLogin](https://simplelogin.io/)
 
 
#### Installed dependencies
#### Installed dependencies
[[#^Top|TOP]]
All dependencies for running the alias service.
All dependencies for running the alias service.
 
 
@ -163,7 +165,7 @@ title: sl-email
 
 
##### Nginx
##### Nginx
[[#^Top|TOP]]
Webserver. No particular setup apart from Certificate & pointing towards the sub-domain.
Webserver. No particular setup apart from Certificate & pointing towards the sub-domain.
 
 
@ -181,7 +183,7 @@ Mail Transfer Agent. [[Configuring Postfix|Configuration]] is tailor-made by Sim
 
 
#### Server-side Monitoring
#### Server-side Monitoring
[[#^Top|TOP]]
Refer to the [[Configuring Monit|monit section]] for further information on installation and configuration.
Refer to the [[Configuring Monit|monit section]] for further information on installation and configuration.
List of monitored services:
List of monitored services:
@ -199,7 +201,7 @@ List of monitored services:
 
 
#### Troubleshooting
#### Troubleshooting
[[#^Top|TOP]]
 
 
##### DNS issues
##### DNS issues
@ -221,7 +223,7 @@ Troubleshooting for [SimpleLogin](https://github.com/simple-login/app) and its p
 
 
##### CertBot
##### CertBot
[[#^Top|TOP]]
```ad-warning
```ad-warning
title: Troubleshooting CertBot
title: Troubleshooting CertBot
Running and troubleshooting for CertBot can be found [here](https://certbot.eff.org/docs/install.html)
Running and troubleshooting for CertBot can be found [here](https://certbot.eff.org/docs/install.html)
@ -253,7 +255,7 @@ docker restart sl-app
 
 
##### Force premium subscription for users
##### Force premium subscription for users
[[#^Top|TOP]]
Users will be defaulted to the 'Free' plan and asked to subscribe to the premium plan. In order to force users onto the Premium plan, please update the database:
Users will be defaulted to the 'Free' plan and asked to subscribe to the premium plan. In order to force users onto the Premium plan, please update the database:
@ -95,7 +97,7 @@ The service will be located under **[cloud.mfxm.fr](https://cloud.mfxm.fr)** .
 
 
### Service
### Service
[[#^Top|TOP]]
 
 
```ad-abstract
```ad-abstract
@ -115,7 +117,7 @@ title: Installation
 
 
#### Installed dependencies
#### Installed dependencies
[[#^Top|TOP]]
 
 
##### Apache2
##### Apache2
@ -143,7 +145,7 @@ A comprehensive tutorial on the MPM switch can be found [here](https://www.digit
 
 
##### Certbot
##### Certbot
[[#^Top|TOP]]
Provides SSL certification from **Let's Encrypt**. Installation dependencies are different from Nginx and explained [here](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/)
Provides SSL certification from **Let's Encrypt**. Installation dependencies are different from Nginx and explained [here](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/)
 
 
@ -180,7 +182,7 @@ sudo service mysql restart
 
 
##### Security
##### Security
[[#^Top|TOP]]
| Program name | Type | Description
| Program name | Type | Description
|----------------|------|-------------
|----------------|------|-------------
| **fail2ban** | Daemon | Blocks suspicious attempts to login
| **fail2ban** | Daemon | Blocks suspicious attempts to login
@ -196,7 +198,7 @@ Mail Transfer Agent. Configuration is standard to allow for emails to be sent by
 
 
##### APCu
##### APCu
[[#^Top|TOP]]
Memory caching addon for Nextcloud. Memory caching management is provided by Nextcloud and needs to be set up as a system cron job. After installing APCu, the webserver needs to be **restarted** and the cron job defined:
Memory caching addon for Nextcloud. Memory caching management is provided by Nextcloud and needs to be set up as a system cron job. After installing APCu, the webserver needs to be **restarted** and the cron job defined:
1. **Define the cronjob**
1. **Define the cronjob**
@ -226,7 +228,7 @@ sudo crontab -u www-data -l
 
 
##### SVG support
##### SVG support
[[#^Top|TOP]]
SVG support is installed in the form of a package.
SVG support is installed in the form of a package.
```ad-command
```ad-command
@ -247,7 +249,7 @@ Firewall management, see [[Configuring UFW|here]] for more details.
 
 
#### Server-side monitoring
#### Server-side monitoring
[[#^Top|TOP]]
[Monit](https://mmonit.com/monit/documentation/monit.html) is a process and daemon monitoring tool. More information on operating the software can be found [[Configuring Monit|here]].
[Monit](https://mmonit.com/monit/documentation/monit.html) is a process and daemon monitoring tool. More information on operating the software can be found [[Configuring Monit|here]].
List of monitored services:
List of monitored services:
@ -266,7 +268,7 @@ List of monitored services:
 
 
#### Service management
#### Service management
[[#^Top|TOP]]
Nextcloud offers two alternatives for manaing the service:
Nextcloud offers two alternatives for manaing the service:
1. An admin webpanel
1. An admin webpanel
2. A command line tool
2. A command line tool
@ -280,7 +282,7 @@ Accessed through login into the service with admin credentials. Sertings offer a
 
 
##### Nextcloud command line tool
##### Nextcloud command line tool
[[#^Top|TOP]]
From the server's command line, Nextcloud offers the ability to perform some tasks like user management.
From the server's command line, Nextcloud offers the ability to perform some tasks like user management.
Classic installation with a dedicated configuration:
Classic installation with a dedicated configuration:
```ad-command
```ad-command
@ -180,7 +182,7 @@ Mail Transfer Agent. Configuration is standard to allow for emails to be sent by
 
 
##### Certbot
##### Certbot
[[#^Top|TOP]]
Provides SSL certification from **Let's Encrypt**. Installation dependencies are different from Nginx and explained [here](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/)
Provides SSL certification from **Let's Encrypt**. Installation dependencies are different from Nginx and explained [here](https://linuxhint.com/secure-apache-lets-encrypt-ubuntu/)
@ -97,7 +99,7 @@ The service will be located under **[vpn.mfxm.fr](https://vpn.mfxm.fr)** .
 
 
### Services
### Services
[[#^Top|TOP]]
 
 
```ad-abstract
```ad-abstract
@ -108,7 +110,7 @@ The VPN server will host a single VPN service and dependencies bare metal.
 
 
#### Installed server dependencies
#### Installed server dependencies
[[#^Top|TOP]]
##### Security
##### Security
| Program name | Type | Description
| Program name | Type | Description
@ -144,7 +146,7 @@ bantime = 1m
 
 
##### Postfix
##### Postfix
[[#^Top|TOP]]
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / [[Nextcloud]] or others. Such a [[Configuring Postfix|system]] is required for every server to work correctly.
 
 
@ -160,7 +162,7 @@ Firewall management, see [[Configuring UFW|here]] for more details.
 
 
#### Dedicated Server parameters
#### Dedicated Server parameters
[[#^Top|TOP]]
 
 
| Service | Used value
| Service | Used value
@ -176,7 +178,7 @@ Firewall management, see [[Configuring UFW|here]] for more details.
 
 
#### VPN Service
#### VPN Service
[[#^Top|TOP]]
 
 
```ad-info
```ad-info
@ -205,7 +207,7 @@ title: Server Config file
 
 
##### VPN client parametrisation
##### VPN client parametrisation
[[#^Top|TOP]]
```ad-command
```ad-command
title: In `~` for `melchiorbv`
title: In `~` for `melchiorbv`
~~~bash
~~~bash
@ -238,7 +240,7 @@ Second DNS resolver to use for the clients (optional): 94.140.15.15
[Plain text Accounting](https://plaintextaccounting.org/)
[Plain text Accounting](https://plaintextaccounting.org/)
@ -70,7 +72,7 @@ style: number
 
 
### hLedger
### hLedger
[[#^Top|TOP]]
 
 
Plain Text Accounting is accessible through command-line clients like hledger.
Plain Text Accounting is accessible through command-line clients like hledger.
@ -102,6 +104,7 @@ The underlying database is a (collection of) file(s) readable through classic te
 
 
#### Initialisation
#### Initialisation
[[#^Top|TOP]]
At start of the year/period in any given file, a certain number of initialisations need to be made:
At start of the year/period in any given file, a certain number of initialisations need to be made:
1. **Initialise top-level accounts**
1. **Initialise top-level accounts**
@ -133,7 +136,7 @@ commodity 'layout + number format'
 
 
#### Transactions
#### Transactions
[[#^Top|TOP]]
hLedger allows for three methods for entering transactions:
hLedger allows for three methods for entering transactions:
1. **Through command-line**
1. **Through command-line**
@ -192,7 +195,7 @@ Instructions can be found [here](https://hledger.org/import-csv.html)
 
 
#### Investments
#### Investments
[[#^Top|TOP]]
```ad-info
```ad-info
title: Documentation
title: Documentation
The documentation can be found [here](https://hledger.org/investments.html)
The documentation can be found [here](https://hledger.org/investments.html)
@ -255,7 +258,7 @@ This flexibility enables to implement FIFO/LIFO as per prevailing fiscal rules.
 
 
#### Closing books
#### Closing books
[[#^Top|TOP]]
In order to close books, revenues/expenses need to amount to 0 and only show Asset, Liability and Equity. The below is a growing mapping of revenues and expenses lines:
In order to close books, revenues/expenses need to amount to 0 and only show Asset, Liability and Equity. The below is a growing mapping of revenues and expenses lines:
```ad-code
```ad-code
@ -279,7 +282,7 @@ In order to close books, revenues/expenses need to amount to 0 and only show Ass
 
 
#### Reports
#### Reports
[[#^Top|TOP]]
```ad-info
```ad-info
title: Documentation
title: Documentation
Simple reports can be found [here](https://hledger.org/quickstart.html#run-reports)
Simple reports can be found [here](https://hledger.org/quickstart.html#run-reports)
