You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

6.9 KiB

Tag Date DocType Hierarchy Performance Characteristics Disk
Server
Security
Privacy
App
Web
Tools
2021-09-19 Server NonRoot
CPU RAM Bandwidth Speed
2Core 4GB 4TB
OS Domiciliation IPv4 Hostname Host SubDomain
Ubuntu 20.04 NL 41.216.181.11 vm919620.desivps.com DesiVPS tools
Capa Type UsedSpace TimeStamp
40GB SSD 19% 2021-09-27

Parent:: mfxm Website Scope


name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData

^button-ToolsServerEdit

name Save
type command
action Save current file
id Save

^button-ToolsServerSave

Tools server

title: Summary
collapse: open
Higher spec server to be set up with docker to host a variety of tools using containers.

style: number


Server parameters

title: Dashboard access
[https://clients.desivps.com/clientarea.php](https://clients.desivps.com/clientarea.php)

title: Address
The service will be located under **[tools.mfxm.fr](https://tools.mfxm.fr)** .


Services

title: Service description
The Tools server will host a variety of tools in docker containers. Several services will aim to service all others and will be installed outside of docker containers.

Installed server dependencies

Docker
title: [[Docker config|docker]] for non root users
[[Docker config|docker]] predominantly works for the root user. In order to let non-root users instruct Docker, users need to be added to the Docker group:

`sudo usermod -aG docker (username)`

Potentially, the Docker group needs to be defined:

`sudo groupadd docker`

Currently running Docker containers

title: sl-network
ID: 3a4d267e8155e3ff957e15c86360de1431d177b2131455707bea99038f179481
IP: 17.27.37.x

Caddy

Caddy config is the webserver of choice. Refer to the dedicated note for config and parametrisation.

title: authentication token
LWERS4M7njDLiAJe5A6gkv9jRDabvnzBGyYk9vPr1F5dY0LMu47FSjB0v21BAE83rYTOksElzcYmioWA

Security
Program name Type Description
fail2ban Daemon Blocks suspicious attempts to login
unattended-upgrades Program Enables automatic updates of installed programs and OS
logwatch Daemon Monitors activity on server and sends activity logs

fail2ban

Classic installation with a dedicated configuration:

sudo nano /etc/fail2ban/jail.d/sshd.local

With the following parameters:

[sshd] enabled = true port=2227 maxretry = 10 bantime = 1m

Postfix

Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / Nextcloud or others. Such a Postfix config is required for every server to work correctly.

Certbot

Provides SSL certification from Let's Encrypt. Installation dependencies are different from Nginx and explained here

UFW

Firewall management.

Nodejs & Yarn

JavaScript & JS package manager.


Dedicated Server parameters

Service Used value
Network: Docker config dedicated 17.27.37.x
IP: pw-manager 17.27.37.3
IP: Mininote 17.27.37.7
IP: Git 172.21.0.3
IP: Git db 172.21.0.4
Port: SSH 2227
Port: Git server 8087
Port: Git SSH 2228


Password manager

Bitwarden is a FOSS enabling self-hosting with a simple deployment through docker/docker-compose.

Service parameters (pw-manager)
title: service parameters
**IP**: 17.27.37.3:80
**DockerID**: 970b6f4b6150fa03be24287ae29a065c06ff7ed91a3402f8184c8a9aafa5e94d
**DockerName**: bitwarden_bitwarden_1
---
**Address**: https://pw-manager.mfxm.fr

User management (pw-manager)
title: Link
[Admin panel](https://pw-manager.mfxm.fr)

The admin panel needs to be set up with an authentication token and is accessed with the token. User & key management is done from within this panel.


Personal notes

MiniNote is a FOSS enabling self-hosting with a server-side encryption.

Service parameters (notes)
title: service parameters
**IP**: 17.27.37.7:3000
**DockerID**: 73d91d338b533c05a4ad15968efb0470e924f780d016fab13c98f8f1dc3820af
**DockerName**: mininote_mininote_1
---
**Address**: https://notes.mfxm.fr

User management (notes)

No user management per se. Caddy config provides with a layer of authentication to restrict users to access the full service.


Git repository

Gitea is a FOSS enabling self-hosting a Git instance similar to GitHub.

Service parameters (git server)
title: service parameters
**IP**: 172.21.0.3
**Docker ID**: b6ec6f3843c3c9afe13215f73e0f8002475a145e33b0f0b555970b7f6f1ae38b
**Docker Name**: gitea
**Dedicated user**: git
---
**Address**: https://git.mfxm.fr

Service parameters (git db)
title: service parameters
**IP**: 172.21.0.2
**Docker ID**: a06fac3650f8f7dca29b022401a10f63d825283d762306501690e52ab9073d33
**Docker Name**: gitea_db_1

User management (git)

User management has not been parametered to exclude new users but an admin panel exists to control and remove users under the admin login.

Doc library (git)

Link

Utilities
title: Config file
~/gitea/gitea/gitea/conf/app.ini

title: email setup
Gitea can work on internal mail points through:
>ENABLED = true
>FROM = (user addresss)
>USE_SENDMAIL = false
>HOST = (hostname):25


Server-side Monitoring

Refer to the Monit config for further information on installation and configuration.

List of monitored services:

  • System
  • SSH
  • Fail2ban
  • cron
  • Postfix
  • docker
    • Bitwarden
    • Mininote
    • Git
    • Git db


Utilities

Cert storage

/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/


Pricing

Tools Server One-off cost Recurring subscription p.a.

**Server hosting**

| | *$60* ^ToolsServerCost


Tasks & Further steps

  • Tools Server: Backup server 🔁 every 6 months on the 1st Tuesday
  • Set-up landing page