6.9 KiB
Tag | Date | DocType | Hierarchy | Performance | Characteristics | Disk | ||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
2021-09-19 | Server | NonRoot |
|
|
|
Parent:: mfxm Website Scope
name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData
^button-ToolsServerEdit
name Save
type command
action Save current file
id Save
^button-ToolsServerSave
Tools server
title: Summary
collapse: open
Higher spec server to be set up with docker to host a variety of tools using containers.
style: number
Server parameters
title: Dashboard access
[https://clients.desivps.com/clientarea.php](https://clients.desivps.com/clientarea.php)
title: Address
The service will be located under **[tools.mfxm.fr](https://tools.mfxm.fr)** .
Services
title: Service description
The Tools server will host a variety of tools in docker containers. Several services will aim to service all others and will be installed outside of docker containers.
Installed server dependencies
Docker
title: [[Docker config|docker]] for non root users
[[Docker config|docker]] predominantly works for the root user. In order to let non-root users instruct Docker, users need to be added to the Docker group:
`sudo usermod -aG docker (username)`
Potentially, the Docker group needs to be defined:
`sudo groupadd docker`
Currently running Docker containers
title: sl-network
ID: 3a4d267e8155e3ff957e15c86360de1431d177b2131455707bea99038f179481
IP: 17.27.37.x
Caddy
Caddy config is the webserver of choice. Refer to the dedicated note for config and parametrisation.
title: authentication token
LWERS4M7njDLiAJe5A6gkv9jRDabvnzBGyYk9vPr1F5dY0LMu47FSjB0v21BAE83rYTOksElzcYmioWA
Security
Program name | Type | Description |
---|---|---|
fail2ban | Daemon | Blocks suspicious attempts to login |
unattended-upgrades | Program | Enables automatic updates of installed programs and OS |
logwatch | Daemon | Monitors activity on server and sends activity logs |
fail2ban
Classic installation with a dedicated configuration:
sudo nano /etc/fail2ban/jail.d/sshd.local
With the following parameters:
[sshd] enabled = true port=2227 maxretry = 10 bantime = 1m
Postfix
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / Nextcloud or others. Such a Postfix config is required for every server to work correctly.
Certbot
Provides SSL certification from Let's Encrypt. Installation dependencies are different from Nginx and explained here
UFW
Firewall management.
Nodejs & Yarn
JavaScript & JS package manager.
Dedicated Server parameters
Service | Used value |
---|---|
Network: Docker config dedicated | 17.27.37.x |
IP: pw-manager | 17.27.37.3 |
IP: Mininote | 17.27.37.7 |
IP: Git | 172.21.0.3 |
IP: Git db | 172.21.0.4 |
Port: SSH | 2227 |
Port: Git server | 8087 |
Port: Git SSH | 2228 |
Password manager
Bitwarden is a FOSS enabling self-hosting with a simple deployment through docker/docker-compose.
Service parameters (pw-manager)
title: service parameters
**IP**: 17.27.37.3:80
**DockerID**: 970b6f4b6150fa03be24287ae29a065c06ff7ed91a3402f8184c8a9aafa5e94d
**DockerName**: bitwarden_bitwarden_1
---
**Address**: https://pw-manager.mfxm.fr
User management (pw-manager)
title: Link
[Admin panel](https://pw-manager.mfxm.fr)
The admin panel needs to be set up with an authentication token and is accessed with the token. User & key management is done from within this panel.
Personal notes
MiniNote is a FOSS enabling self-hosting with a server-side encryption.
Service parameters (notes)
title: service parameters
**IP**: 17.27.37.7:3000
**DockerID**: 73d91d338b533c05a4ad15968efb0470e924f780d016fab13c98f8f1dc3820af
**DockerName**: mininote_mininote_1
---
**Address**: https://notes.mfxm.fr
User management (notes)
No user management per se. Caddy config provides with a layer of authentication to restrict users to access the full service.
Git repository
Gitea is a FOSS enabling self-hosting a Git instance similar to GitHub.
Service parameters (git server)
title: service parameters
**IP**: 172.21.0.3
**Docker ID**: b6ec6f3843c3c9afe13215f73e0f8002475a145e33b0f0b555970b7f6f1ae38b
**Docker Name**: gitea
**Dedicated user**: git
---
**Address**: https://git.mfxm.fr
Service parameters (git db)
title: service parameters
**IP**: 172.21.0.2
**Docker ID**: a06fac3650f8f7dca29b022401a10f63d825283d762306501690e52ab9073d33
**Docker Name**: gitea_db_1
User management (git)
User management has not been parametered to exclude new users but an admin panel exists to control and remove users under the admin login.
Doc library (git)
Utilities
title: Config file
~/gitea/gitea/gitea/conf/app.ini
title: email setup
Gitea can work on internal mail points through:
>ENABLED = true
>FROM = (user addresss)
>USE_SENDMAIL = false
>HOST = (hostname):25
Server-side Monitoring
Refer to the Monit config for further information on installation and configuration.
List of monitored services:
- System
- SSH
- Fail2ban
- cron
- Postfix
- docker
- Bitwarden
- Mininote
- Git
- Git db
Utilities
Cert storage
/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/
Pricing
Tools Server | One-off cost | Recurring subscription p.a. |
---|
**Server hosting**
| | *$60* ^ToolsServerCost
Tasks & Further steps
- Tools Server: Backup server 🔁 every 6 months on the 1st Tuesday
- Set-up landing page