You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

13 KiB

Tag Date DocType Hierarchy location Performance Characteristics Disk CollapseMetaTable
🖥️
🛡️
🕵🏼
📲
🌐
🛠️
2021-09-19 Server NonRoot
52.3790565
4.8981734
CPU RAM Bandwidth Speed
2Core 6GB 3TB
OS Domiciliation IPv4 Hostname Host SubDomain
Ubuntu 20.04 NL 194.5.97.163 Web Horizon tools
Capa Type UsedSpace TimeStamp
90GB SSD 7% 2023-03-02
true

Parent:: mfxm Website Scope, Privacy & Security, @IT & Computer


name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData

^button-ToolsServerEdit

name Save
type command
action Save current file
id Save

^button-ToolsServerSave

Tools server

title: Summary
collapse: open
Higher spec server to be set up with docker to host a variety of tools using containers.

style: number


Server parameters

title: Dashboard access
[Espace clients](https://clients.webhorizon.net/)

title: Address
The service will be located under **[tools.mfxm.fr](https://tools.mfxm.fr)** .


Services

title: Service description
The Tools server will host a variety of tools in docker containers. Several services will aim to service all others and will be installed outside of docker containers.

Installed server dependencies

Docker
title: [[Configuring Docker|docker]] for non root users
[[Configuring Docker|docker]] predominantly works for the root user. In order to let non-root users instruct Docker, users need to be added to the Docker group:

`sudo usermod -aG docker (username)`

Potentially, the Docker group needs to be defined:

`sudo groupadd docker`

Currently running Docker containers

title:  docker network
ID: 3a4d267e8155e3ff957e15c86360de1431d177b2131455707bea99038f179481
IP: 17.27.37.x

Caddy

Configuring Caddy is the webserver of choice. Refer to the dedicated note for config and parametrisation.

title: authentication token
LWERS4M7njDLiAJe5A6gkv9jRDabvnzBGyYk9vPr1F5dY0LMu47FSjB0v21BAE83rYTOksElzcYmioWA

Security
Program name Type Description
Configuring Fail2ban Daemon Blocks suspicious attempts to login
unattended-upgrades Program Enables automatic updates of installed programs and OS
logwatch Daemon Monitors activity on server and sends activity logs

fail2ban

Classic Configuring Fail2ban installation with a dedicated configuration:

~~~bash
sudo nano /etc/fail2ban/jail.d/sshd.local
~~~

With the following parameters:

~~~yaml
[sshd]
enabled = true
port=2227
maxretry = 10
bantime = 1m
~~~

Please refer to the Configuring Fail2ban for a detailed description.

Postfix

Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / Nextcloud or others. Such a Configuring Postfix is required for every server to work correctly.

Certbot

#^Top Provides SSL certification from Let's Encrypt. Installation dependencies are different from Nginx and explained here

UFW

Firewall management, see Configuring UFW for more details.

JQ

jq is a small Linux utility that helps parse json files. It is helpful to read Configuring Caddys logs.


Dedicated Server parameters

#^Top

Service Used value
Network: Configuring Docker dedicated 17.27.37.x
IP: pw-manager 172.18.0.2
IP: Git 172.21.0.3
IP: Git db 172.21.0.4
IP: Wordle 172.23.0.2
IP: FreshRSS 172.22.0.3
IP: Baikal 172.25.0.2
IP: Uptime Kuma 172.26.0.2
Port: SSH 7247
Port: Git server 8087
Port: Git SSH 22


Password manager

Bitwarden is a FOSS enabling self-hosting with a simple deployment through docker/docker-compose thanks to a clone called Vaultwarden.

Service parameters (pw-manager)
title: service parameters
**IP**: 172.18.0.2:80
**DockerID**: 0ae422b57ee3739e8a21c961ee5609b93c72504b1dbab8766cce3f98aedd1213
**DockerName**: vaultwarden
---
**Address**: https://pw-manager.mfxm.fr

Up since 2023-03-03

User management (pw-manager)
title: Link
[Admin panel](https://pw-manager.mfxm.fr/admin/)

The admin panel needs to be set up with an authentication token and is accessed with the token. User & key management is done from within this panel.


Git repository

Gitea is a FOSS enabling self-hosting a Git instance similar to GitHub.

Service parameters (git server)
title: service parameters
**IP**: 172.21.0.3:3000
**Docker ID**: 670b46f834ab0e73b0183dd1c488ae9dbb1d39673695948391dd1a71263e0090
**Docker Name**: gitea
**Dedicated user**: git

---

**Address**: https://git.mfxm.fr

Up since 2023-03-04.

Service parameters (git db)
title: service parameters
**IP**: 172.21.0.2
**Docker ID**: d28c38ea916e8a9554979ad31a1425bd081e20878faa08ba5ac137bfe357fa7a
**Docker Name**: gitea-db-1

User management (git)

User management has not been parametered to exclude new users but an admin panel exists to control and remove users under the admin login.

Doc library (git)

Link

Utilities
title: Config file
~/gitea/gitea/gitea/conf/app.ini

title: email setup
Gitea can work on internal mail points through:
~~~bash
ENABLED = true
FROM = (user addresss)
USE_SENDMAIL = false
HOST = (hostname):25
~~~


News Aggregator

FreshRSS is a News aggregator enabling to read and manage RSS feeds. It is open-source and self-hostable.

Service parameters (News Server)
title: service parameters
**IP**: 172.22.0.3:80
**DockerNames**: freshrss-app
**Docker ID**: 9570cdc893c5277721c6e5da77af224ee312b233c618330a3f59616cbf17052b
**live since**: [[2023-03-05]]

---

**Address**: https://news.mfxm.fr

Service parameters (News db)
title: service parameters
**IP**: 172.22.0.2
**Docker ID**: d28c38ea916e8a9554979ad31a1425bd081e20878faa08ba5ac137bfe357fa7a
**Docker Name**: freshrss-db

Configuration (News)

Docker compose set-up.

~/freshrss

Docs can be found here. In addition, FreshRSS offers the ability to install extensions relatively easily from within the Settings menu.


Contacts server

Baikal is a lightweight CardDAV and CalDAV server that is compatible with all main clients including iOS native system. Docs can be found here.

title: service parameters
**IP**: 172.25.0.2:80
**DockerNames**: baikal-baikal-1
**Docker ID**: bea530530b5dcc0de401793726408172e977f9faf80b9709ed61cae90cc33317
**live since**: [[2023-03-05]]

---

**Address**: https://contacts.mfxm.fr


Uptime manager

Uptime Kuma is a modern utility to monitor the uptime of services and receive alerts. It can be paired with Configuring Telegram bots, Signal or other types of message delivery systems.

title: service parameters
**IP**: 172.26.0.2:3001
**DockerNames**: uptime-kuma
**Docker ID**: 995ba675785e2618bed8a2d125b0bfe7d8eef4d4e3e5cabc35843a1378d8b411
**live since**: [[2023-03-07]]

---

**Address**: https://status.mfxm.fr


Automation

Change detection is a modern utility to monitor the changes in websites. It can be paired with Configuring Telegram bots, Signal or other types of message delivery systems.

title: service parameters
**IP**: 172.27.0.2:5000
**DockerNames**: changedetection
**Docker ID**: 852906e618865b8f3862a327217e0542fc90feffa892ae33b1635d73b211df27
**live since**: [[2023-03-09]]

---

**Address**: https://automat.mfxm.fr


Wordle

Wordle is a word game that has been bought by the New York Times.

Service parameters (Wordle)
title: service parameters
**IP**: 172.23.0.2:80
**DockerNames**: Wordle
**Docker ID**: 694fef02c9a5332d8a862275d865e8af959d4dacdd4a888316240f3d49c40cde
**live since**: [[2023-03-05]]

---
**Address**: https://wordle.mfxm.fr

Configuration (Wordle)

Docker compose set-up.

~/wordle

Docs can be found here.


Server-side Monitoring

Refer to the Configuring Monit for further information on installation and configuration.

List of monitored services:

Configuring Telegram bots are also being implemented to receive logs from logwatch & Configuring Monit.


Utilities

Cert storage

/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/


Pricing

Tools Server One-off cost Recurring subscription p.a.

**Server hosting**

| | *$120* ^ToolsServerCost


Tasks & Further steps

  • 🛠️ Server Tools: Backup server %%done_del%% 🔁 every 6 months on the 1st Tuesday 2023-10-03 📅 2023-10-03

  • 🛠️ Server Tools: Backup server %%done_del%% 🔁 every 6 months on the 1st Tuesday 2023-04-04 📅 2023-04-04 2023-04-03

  • 🛠️ Server Tools: Backup server %%done_del%% 🔁 every 6 months on the 1st Tuesday 2022-10-04 📅 2022-10-04 2022-10-03

  • Server Tools: Backup server 🔁 every 6 months on the 1st Tuesday 2022-04-12 📅 2022-04-12 2022-04-11

  • Server Tools: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14 2022-01-08

  • Server Tools: Backup server 🔁 every 6 months on the 1st Tuesday 2021-10-13

  • Set-up landing page

  • 🖥️ Selfhosting, Server Tools: Upgrader Gitea & Health checks %%done_del%% 🔁 every 4 months 📅 2023-06-18

  • 🖥️ Selfhosting, Server Tools: Upgrader Gitea & Health checks %%done_del%% 🔁 every 4 months 📅 2023-02-18 2023-02-14

  • 🖥️ Selfhosting, Server Tools: Upgrader Gitea & Health checks %%done_del%% 🔁 every 4 months 📅 2022-10-18 2022-10-18

  • 🖥️ Selfhosting, Server Tools: Upgrader Gitea & Health checks 🔁 every 4 months 📅 2022-06-18 2022-06-20

  • 🔐 Selfhosting, Server Tools: Upgrader Bitwarden & Health checks %%done_del%% 🔁 every 4 months 📅 2023-08-18

  • 🔐 Selfhosting, Server Tools: Upgrader Bitwarden & Health checks %%done_del%% 🔁 every 4 months 📅 2023-04-18 2023-04-17

  • 🔐 Selfhosting, Server Tools: Upgrader Bitwarden & Health checks %%done_del%% 🔁 every 4 months 📅 2022-12-18 2022-12-17

  • 🔐 Selfhosting, Server Tools: Upgrader Bitwarden & Health checks %%done_del%% 🔁 every 4 months 📅 2022-08-18 2022-08-17

  • Selfhosting, Server Tools: Upgrader Bitwarden & Health checks 🔁 every 4 months 📅 2022-04-18 2022-04-16

  • 🛠️ Selfhosting, Server Tools: Upgrader Standard Notes & Health checks %%done_del%% 🔁 every 4 months 📅 2023-05-18

  • 🛠️ Selfhosting, Server Tools: Upgrader Standard Notes & Health checks %%done_del%% 🔁 every 4 months 📅 2023-01-18 2023-01-15

  • 🛠️ Selfhosting, Server Tools: Upgrader Standard Notes & Health checks %%done_del%% 🔁 every 4 months 📅 2022-09-18 2022-09-16

  • Selfhosting, Server Tools: Upgrader Standard Notes & Health checks 🔁 every 4 months 📅 2022-05-18 2022-05-15

#^Top