13 KiB
Tag | Date | DocType | Hierarchy | location | Performance | Characteristics | Disk | CollapseMetaTable | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
2021-09-19 | Server | NonRoot |
|
|
|
|
true |
Parent:: mfxm Website Scope, Privacy & Security, @IT & Computer
name Edit Server parameters
type command
action MetaEdit: Run MetaEdit
id EditMetaData
^button-ToolsServerEdit
name Save
type command
action Save current file
id Save
^button-ToolsServerSave
Tools server
title: Summary
collapse: open
Higher spec server to be set up with docker to host a variety of tools using containers.
style: number
Server parameters
title: Dashboard access
[Espace clients](https://clients.webhorizon.net/)
title: Address
The service will be located under **[tools.mfxm.fr](https://tools.mfxm.fr)** .
Services
title: Service description
The Tools server will host a variety of tools in docker containers. Several services will aim to service all others and will be installed outside of docker containers.
Installed server dependencies
Docker
title: [[Configuring Docker|docker]] for non root users
[[Configuring Docker|docker]] predominantly works for the root user. In order to let non-root users instruct Docker, users need to be added to the Docker group:
`sudo usermod -aG docker (username)`
Potentially, the Docker group needs to be defined:
`sudo groupadd docker`
Currently running Docker containers
title: docker network
ID: 3a4d267e8155e3ff957e15c86360de1431d177b2131455707bea99038f179481
IP: 17.27.37.x
Caddy
Configuring Caddy is the webserver of choice. Refer to the dedicated note for config and parametrisation.
title: authentication token
LWERS4M7njDLiAJe5A6gkv9jRDabvnzBGyYk9vPr1F5dY0LMu47FSjB0v21BAE83rYTOksElzcYmioWA
Security
Program name | Type | Description |
---|---|---|
Configuring Fail2ban | Daemon | Blocks suspicious attempts to login |
unattended-upgrades | Program | Enables automatic updates of installed programs and OS |
logwatch | Daemon | Monitors activity on server and sends activity logs |
fail2ban
Classic Configuring Fail2ban installation with a dedicated configuration:
~~~bash
sudo nano /etc/fail2ban/jail.d/sshd.local
~~~
With the following parameters:
~~~yaml
[sshd]
enabled = true
port=2227
maxretry = 10
bantime = 1m
~~~
Please refer to the Configuring Fail2ban for a detailed description.
Postfix
Mail Transfer Agent. Configuration is standard to allow for emails to be sent by programs / deamons / Nextcloud or others. Such a Configuring Postfix is required for every server to work correctly.
Certbot
#^Top Provides SSL certification from Let's Encrypt. Installation dependencies are different from Nginx and explained here
UFW
Firewall management, see Configuring UFW for more details.
JQ
jq
is a small Linux utility that helps parse json
files. It is helpful to read Configuring Caddy‘s logs.
Dedicated Server parameters
Service | Used value |
---|---|
Network: Configuring Docker dedicated | 17.27.37.x |
IP: pw-manager | 172.18.0.2 |
IP: Git | 172.21.0.3 |
IP: Git db | 172.21.0.4 |
IP: Wordle | 172.23.0.2 |
IP: FreshRSS | 172.22.0.3 |
IP: Baikal | 172.25.0.2 |
IP: Uptime Kuma | 172.26.0.2 |
Port: SSH | 7247 |
Port: Git server | 8087 |
Port: Git SSH | 22 |
Password manager
Bitwarden is a FOSS enabling self-hosting with a simple deployment through docker/docker-compose thanks to a clone called Vaultwarden.
Service parameters (pw-manager)
title: service parameters
**IP**: 172.18.0.2:80
**DockerID**: 0ae422b57ee3739e8a21c961ee5609b93c72504b1dbab8766cce3f98aedd1213
**DockerName**: vaultwarden
---
**Address**: https://pw-manager.mfxm.fr
Up since 2023-03-03
User management (pw-manager)
title: Link
[Admin panel](https://pw-manager.mfxm.fr/admin/)
The admin panel needs to be set up with an authentication token and is accessed with the token. User & key management is done from within this panel.
Git repository
Gitea is a FOSS enabling self-hosting a Git instance similar to GitHub.
Service parameters (git server)
title: service parameters
**IP**: 172.21.0.3:3000
**Docker ID**: 670b46f834ab0e73b0183dd1c488ae9dbb1d39673695948391dd1a71263e0090
**Docker Name**: gitea
**Dedicated user**: git
---
**Address**: https://git.mfxm.fr
Up since 2023-03-04.
Service parameters (git db)
title: service parameters
**IP**: 172.21.0.2
**Docker ID**: d28c38ea916e8a9554979ad31a1425bd081e20878faa08ba5ac137bfe357fa7a
**Docker Name**: gitea-db-1
User management (git)
User management has not been parametered to exclude new users but an admin panel exists to control and remove users under the admin login.
Doc library (git)
Utilities
title: Config file
~/gitea/gitea/gitea/conf/app.ini
title: email setup
Gitea can work on internal mail points through:
~~~bash
ENABLED = true
FROM = (user addresss)
USE_SENDMAIL = false
HOST = (hostname):25
~~~
News Aggregator
FreshRSS is a News aggregator enabling to read and manage RSS feeds. It is open-source and self-hostable.
Service parameters (News Server)
title: service parameters
**IP**: 172.22.0.3:80
**DockerNames**: freshrss-app
**Docker ID**: 9570cdc893c5277721c6e5da77af224ee312b233c618330a3f59616cbf17052b
**live since**: [[2023-03-05]]
---
**Address**: https://news.mfxm.fr
Service parameters (News db)
title: service parameters
**IP**: 172.22.0.2
**Docker ID**: d28c38ea916e8a9554979ad31a1425bd081e20878faa08ba5ac137bfe357fa7a
**Docker Name**: freshrss-db
Configuration (News)
Docker compose set-up.
~/freshrss
Docs can be found here. In addition, FreshRSS offers the ability to install extensions relatively easily from within the Settings menu.
Contacts server
Baikal is a lightweight CardDAV and CalDAV server that is compatible with all main clients including iOS’ native system. Docs can be found here.
title: service parameters
**IP**: 172.25.0.2:80
**DockerNames**: baikal-baikal-1
**Docker ID**: bea530530b5dcc0de401793726408172e977f9faf80b9709ed61cae90cc33317
**live since**: [[2023-03-05]]
---
**Address**: https://contacts.mfxm.fr
Uptime manager
Uptime Kuma is a modern utility to monitor the uptime of services and receive alerts. It can be paired with Configuring Telegram bots, Signal or other types of message delivery systems.
title: service parameters
**IP**: 172.26.0.2:3001
**DockerNames**: uptime-kuma
**Docker ID**: 995ba675785e2618bed8a2d125b0bfe7d8eef4d4e3e5cabc35843a1378d8b411
**live since**: [[2023-03-07]]
---
**Address**: https://status.mfxm.fr
Automation
Change detection is a modern utility to monitor the changes in websites. It can be paired with Configuring Telegram bots, Signal or other types of message delivery systems.
title: service parameters
**IP**: 172.27.0.2:5000
**DockerNames**: changedetection
**Docker ID**: 852906e618865b8f3862a327217e0542fc90feffa892ae33b1635d73b211df27
**live since**: [[2023-03-09]]
---
**Address**: https://automat.mfxm.fr
Wordle
Wordle is a word game that has been bought by the New York Times.
Service parameters (Wordle)
title: service parameters
**IP**: 172.23.0.2:80
**DockerNames**: Wordle
**Docker ID**: 694fef02c9a5332d8a862275d865e8af959d4dacdd4a888316240f3d49c40cde
**live since**: [[2023-03-05]]
---
**Address**: https://wordle.mfxm.fr
Configuration (Wordle)
Docker compose set-up.
~/wordle
Docs can be found here.
Server-side Monitoring
Refer to the Configuring Monit for further information on installation and configuration.
List of monitored services:
- System
- SSH
- Configuring Fail2ban
- cron
- Configuring Postfix
- docker
- Bitwarden
- Mininote
- Git
- Git db
Configuring Telegram bots are also being implemented to receive logs from logwatch & Configuring Monit.
Utilities
Cert storage
/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/
Pricing
Tools Server | One-off cost | Recurring subscription p.a. |
---|
**Server hosting**
| | *$120* ^ToolsServerCost
Tasks & Further steps
-
🛠️ Server Tools: Backup server %%done_del%% 🔁 every 6 months on the 1st Tuesday ⏳ 2023-10-03 📅 2023-10-03
-
🛠️ Server Tools: Backup server %%done_del%% 🔁 every 6 months on the 1st Tuesday ⏳ 2023-04-04 📅 2023-04-04 ✅ 2023-04-03
-
🛠️ Server Tools: Backup server %%done_del%% 🔁 every 6 months on the 1st Tuesday ⏳ 2022-10-04 📅 2022-10-04 ✅ 2022-10-03
-
Server Tools: Backup server 🔁 every 6 months on the 1st Tuesday ⏳ 2022-04-12 📅 2022-04-12 ✅ 2022-04-11
-
Server Tools: Backup server 🔁 every 6 months on the 1st Tuesday 📅 2021-10-14 ✅ 2022-01-08
-
Server Tools: Backup server 🔁 every 6 months on the 1st Tuesday ✅ 2021-10-13
-
Set-up landing page
-
🖥️ Selfhosting, Server Tools: Upgrader Gitea & Health checks %%done_del%% 🔁 every 4 months 📅 2023-06-18
-
🖥️ Selfhosting, Server Tools: Upgrader Gitea & Health checks %%done_del%% 🔁 every 4 months 📅 2023-02-18 ✅ 2023-02-14
-
🖥️ Selfhosting, Server Tools: Upgrader Gitea & Health checks %%done_del%% 🔁 every 4 months 📅 2022-10-18 ✅ 2022-10-18
-
🖥️ Selfhosting, Server Tools: Upgrader Gitea & Health checks 🔁 every 4 months 📅 2022-06-18 ✅ 2022-06-20
-
🔐 Selfhosting, Server Tools: Upgrader Bitwarden & Health checks %%done_del%% 🔁 every 4 months 📅 2023-08-18
-
🔐 Selfhosting, Server Tools: Upgrader Bitwarden & Health checks %%done_del%% 🔁 every 4 months 📅 2023-04-18 ✅ 2023-04-17
-
🔐 Selfhosting, Server Tools: Upgrader Bitwarden & Health checks %%done_del%% 🔁 every 4 months 📅 2022-12-18 ✅ 2022-12-17
-
🔐 Selfhosting, Server Tools: Upgrader Bitwarden & Health checks %%done_del%% 🔁 every 4 months 📅 2022-08-18 ✅ 2022-08-17
-
Selfhosting, Server Tools: Upgrader Bitwarden & Health checks 🔁 every 4 months 📅 2022-04-18 ✅ 2022-04-16
-
🛠️ Selfhosting, Server Tools: Upgrader Standard Notes & Health checks %%done_del%% 🔁 every 4 months 📅 2023-05-18
-
🛠️ Selfhosting, Server Tools: Upgrader Standard Notes & Health checks %%done_del%% 🔁 every 4 months 📅 2023-01-18 ✅ 2023-01-15
-
🛠️ Selfhosting, Server Tools: Upgrader Standard Notes & Health checks %%done_del%% 🔁 every 4 months 📅 2022-09-18 ✅ 2022-09-16
-
Selfhosting, Server Tools: Upgrader Standard Notes & Health checks 🔁 every 4 months 📅 2022-05-18 ✅ 2022-05-15