melchiorbv
/
Obsidian
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '306ed978f9'
${ noResults }
Obsidian/Networks/Tools Server.md

6.1 KiB
Raw Blame History Escape

Tag Date DocType Hierarchy TimeStamp CPU RAM StorageCapa StorageType Bandwidth Speed OS Domiciliation IPv4 Hostname Host SubDomain UsedDiskSpace
Server
Security
Privacy
App
Web
2021-09-19 Server NonRoot 2021-09-23 2Core 4GB 40GB SSD 4TB Ubuntu 20.04 NL 41.216.181.11 vm919620.desivps.com DesiVPS tools 14%

Parent:: mfxm Website Scope

name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData

^button-ToolsServerEdit

name Save
type command
action Save current file
id Save

^button-ToolsServerSave

Tools server

title: Summary
collapse: open
Higher spec server to be set up with docker to host a variety of tools using containers.


style: number

Server parameters

title: Dashboard access
[https://clients.desivps.com/clientarea.php](https://clients.desivps.com/clientarea.php)


title: Address
The service will be located under **[tools.mfxm.fr](https://tools.mfxm.fr)** .

Services

title: Service description
The Tools server will host a variety of tools in docker containers. Several services will aim to service all others and will be installed outside of docker containers.

Installed server dependencies

Docker
title: [[Docker config|docker]] for non root users
[[Docker config|docker]] predominantly works for the root user. In order to let non-root users instruct Docker, users need to be added to the Docker group:

`sudo usermod -aG docker (username)`

Potentially, the Docker group needs to be defined:

`sudo groupadd docker`

Currently running Docker containers

title: sl-network
ID: 3a4d267e8155e3ff957e15c86360de1431d177b2131455707bea99038f179481
IP: 17.27.37.x

Caddy

Caddy config is the webserver of choice. Refer to the dedicated note for config and parametrisation.

title: authentication token
LWERS4M7njDLiAJe5A6gkv9jRDabvnzBGyYk9vPr1F5dY0LMu47FSjB0v21BAE83rYTOksElzcYmioWA

Security
Program name Type Description
fail2ban Daemon Blocks suspicious attempts to login
unattended-upgrades Program Enables automatic updates of installed programs and OS
logwatch Daemon Monitors activity on server and sends activity logs

fail2ban

Classic installation with a dedicated configuration:

sudo nano /etc/fail2ban/jail.d/sshd.local

With the following parameters:

[sshd] enabled = true port=2227 maxretry = 10 bantime = 1m

Postfix

Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / Nextcloud or others. Such a Postfix config is required for every server to work correctly.

Certbot

Provides SSL certification from Let's Encrypt. Installation dependencies are different from Nginx and explained here

UFW

Firewall management.

Nodejs & Yarn

JavaScript & JS package manager.

Dedicated Server parameters

Service Used value
Internal docker network 17.27.37.x
Port: SSH 2227
Port: Git server 8087
Port: Git SSH 2228

Password manager

Bitwarden is a FOSS enabling self-hosting with a simple deployment through docker/docker-compose.

Service parameters (pw-manager)
title: service parameters
**IP**: 17.27.37.3:80
**Docker ID**: 970b6f4b6150fa03be24287ae29a065c06ff7ed91a3402f8184c8a9aafa5e94d
**Docker Name**: bitwarden_bitwarden_1
---
**Address**: https://pw-manager.mfxm.fr

User management (pw-manager)
title: Link
[Admin panel](https://pw-manager.mfxm.fr)

The admin panel needs to be set up with an authentication token and is accessed with the token. User & key management is done from within this panel.

Personal notes

MiniNote is a FOSS enabling self-hosting with a server-side encryption.

Service parameters (notes)
title: service parameters
**IP**: 17.27.37.7:3000
**Docker ID**: 73d91d338b533c05a4ad15968efb0470e924f780d016fab13c98f8f1dc3820af
**Docker Name**: mininote_mininote_1
---
**Address**: https://notes.mfxm.fr

User management (notes)

No user management per se. Caddy config provides with a layer of authentication to restrict users to access the full service.

Git repository

Gitea is a FOSS enabling self-hosting a Git instance similar to GitHub.

Service parameters (git server)
title: service parameters
**IP**: 172.21.0.3
**Docker ID**: b6ec6f3843c3c9afe13215f73e0f8002475a145e33b0f0b555970b7f6f1ae38b
**Docker Name**: gitea
**Dedicated user**: git
---
**Address**: https://git.mfxm.fr

Service parameters (git db)
title: service parameters
**IP**: 172.21.0.2
**Docker ID**: a06fac3650f8f7dca29b022401a10f63d825283d762306501690e52ab9073d33
**Docker Name**: gitea_db_1

User management

User management has not been parametered to exclude new users but an admin panel exists to control and remove users under the admin login.

Server-side Monitoring

Refer to the Monit config for further information on installation and configuration.

List of monitored services:

  • System
  • SSH
  • Fail2ban
  • cron
  • Postfix
  • docker
    • Bitwarden
    • Mininote

Pricing

Tools Server One-off cost Recurring subscription p.a.

**Server hosting**

| | *$60* ^ToolsServerCost

Tasks & Further steps

  • Tools Server: Backup server 🔁 every 6 months on the 1st Tuesday
  • Set-up landing page