Server: Unterschied zwischen den Versionen
Aus Wiki Freifunk-3Ländereck
80686 (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „== IP-Adressen / Hostnames == {|class="wikitable sortable" !Hostname !IPv4 !IPv6 !Standort !Kommentar |- |gw1 |5.45.110.180 | |netcup GmbH (DE) |Gateway "Weil…“) |
Stefan (Diskussion | Beiträge) (→IP-Adressen / Hostnames) |
||
| (41 dazwischenliegende Versionen von 6 Benutzern werden nicht angezeigt) | |||
| Zeile 5: | Zeile 5: | ||
!IPv6 | !IPv6 | ||
!Standort | !Standort | ||
| + | !ECDSA key Fingerprint | ||
!Kommentar | !Kommentar | ||
|- | |- | ||
| − | | | + | |[[Server:gw3|gw3]] |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |gw3 | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|185.89.196.109 | |185.89.196.109 | ||
|2a03:8460:1:2:109:: | |2a03:8460:1:2:109:: | ||
|masterssystems (Offenbach, DE) | |masterssystems (Offenbach, DE) | ||
| + | |73:91:ea:9e:79:f8:25:79:7a:bd:27:22:5e:cc:18:53 | ||
|Gateway Freifunk Dreiländereck e.V. | |Gateway Freifunk Dreiländereck e.V. | ||
|- | |- | ||
| − | |node1 | + | |[[Server:gw7|gw7]] |
| + | |5.9.143.55 | ||
| + | |2a01:4f8:190:2229::2 | ||
| + | |Hetzner GmbH (DE) | ||
| + | |27:24:cc:40:66:76:ee:01:c7:d6:ec:e8:09:1e:24:d6 | ||
| + | |2. Gateway Freifunk Dreiländereck e.V. | ||
| + | |- | ||
| + | |[[Server:gw9|gw9]] | ||
| + | |144.76.31.247 | ||
| + | |2a01:4f8:191:22f6::2 | ||
| + | |Hetzner GmbH (DE) | ||
| + | |5e:39:59:b5:21:c5:21:d8:a8:1c:fb:05:aa:72:ce:4b | ||
| + | |3. Gateway Freifunk Dreiländereck e.V. | ||
| + | |- | ||
| + | |[[Server:node1|node1]] | ||
|185.89.196.13 | |185.89.196.13 | ||
|2a03:8460:1:2:1:13:: | |2a03:8460:1:2:1:13:: | ||
|masterssystems (Offenbach, DE) | |masterssystems (Offenbach, DE) | ||
| + | |1b:0f:3d:f5:2c:2f:2c:50:c5:9d:60:d3:e1:30:b0:43 | ||
|Applikationsserver Freifunk Dreiländereck e.V. | |Applikationsserver Freifunk Dreiländereck e.V. | ||
|- | |- | ||
|- | |- | ||
| − | |node2 | + | |[[Server:node2|node2]] |
|185.89.197.13 | |185.89.197.13 | ||
|2a03:8460:1:2:2:13:: | |2a03:8460:1:2:2:13:: | ||
|masterssystems (Offenbach, DE) | |masterssystems (Offenbach, DE) | ||
| + | |1b:0f:3d:f5:2c:2f:2c:50:c5:9d:60:d3:e1:30:b0:43 | ||
| + | |Applikationsserver Freifunk Dreiländereck e.V. | ||
| + | |- | ||
| + | |[[Server:services|services]] | ||
| + | |178.63.79.89 | ||
| + | |2a01:4f8:121:3145::2 | ||
| + | |Hetzner GmbH (DE) | ||
| + | |31:3b:63:20:59:0b:cf:f8:69:c3:22:f5:d4:d7:d3:b5 | ||
|Applikationsserver Freifunk Dreiländereck e.V. | |Applikationsserver Freifunk Dreiländereck e.V. | ||
|} | |} | ||
| + | |||
| + | == Setup == | ||
| + | === Standard === | ||
| + | identisch für alle FF3L-Server: | ||
| + | * Debian AMD64 Netinstall (7.8) | ||
| + | * Locale: EN_US.UTF8 | ||
| + | * Partitionierung: | ||
| + | ** vda1: 2 GB swap | ||
| + | ** vda2: Rest ext4 / | ||
| + | * Setup Pakete: | ||
| + | ** SSH Server | ||
| + | ** Standard system utilities | ||
| + | * Pakete nachinstallieren: | ||
| + | ** fail2ban | ||
| + | ** htop | ||
| + | ** iotop | ||
| + | ** joe | ||
| + | ** libpam-ldapd | ||
| + | ** screen | ||
| + | ** strace | ||
| + | ** sudo | ||
| + | * Admin-User (lokal) | ||
| + | ** admin:x:900:900::/home/admin:/bin/bash | ||
| + | |||
| + | ;/etc/ssh/sshd_config | ||
| + | <pre> | ||
| + | ... | ||
| + | PermitRootLogin no | ||
| + | ... | ||
| + | AuthorizedKeysCommand /usr/local/bin/ldap_keys.sh | ||
| + | AuthorizedKeysCommandUser nobody | ||
| + | ... | ||
| + | </pre> | ||
| + | |||
| + | ;LDAP | ||
| + | * URI: ldaps://apps.freifunk-3laendereck.de/ | ||
| + | * nsswitch: aliases, group, passwd, shadow | ||
| + | |||
| + | === Applikationsserver === | ||
| + | * Setup-Profile: | ||
| + | ** Web server | ||
| + | ** SQL database | ||
| + | ** DNS server | ||
| + | ** Mail server | ||
| + | ** SSH server | ||
| + | ** Standard system utilities | ||
| + | * Pakete nachinstallieren: | ||
| + | ** slapd | ||
| + | ** ldap-account-manager | ||
| + | ** apache2-mpm-itk | ||
| + | |||
| + | ;/etc/default/slapd | ||
| + | <pre> | ||
| + | ... | ||
| + | SLAPD_SERVICES="ldaps:/// ldapi:///" | ||
| + | ... | ||
| + | </pre> | ||
| + | |||
| + | ;/etc/ldap/ldap.conf | ||
| + | <pre> | ||
| + | BASE dc=freifunk-3laendereck,dc=net | ||
| + | URI ldapi:/// | ||
| + | ... | ||
| + | TLS_REQCERT allow | ||
| + | </pre> | ||
| + | |||
| + | ;/etc/nslcd.conf | ||
| + | <pre> | ||
| + | ... | ||
| + | uri ldapi:/// | ||
| + | uri ldaps://192.168.13.2/ | ||
| + | ... | ||
| + | base dc=freifunk-3laendereck,dc=net | ||
| + | ... | ||
| + | rootpwmoddn cn=admin,dc=freifunk-3laendereck,dc=net | ||
| + | ... | ||
| + | </pre> | ||
| + | |||
| + | ;/usr/share/pam-configs/mkhomedir | ||
| + | <pre> | ||
| + | Name: Create home directory during login | ||
| + | Default: yes | ||
| + | Priority: 900 | ||
| + | Session-Type: Additional | ||
| + | Session: | ||
| + | required pam_mkhomedir.so umask=0077 skel=/mnt/nfs/home/skel | ||
| + | </pre> | ||
| + | |||
| + | ;update pam config | ||
| + | <pre> | ||
| + | pam-auth-update | ||
| + | </pre> | ||
Aktuelle Version vom 4. Mai 2016, 10:15 Uhr
Inhaltsverzeichnis
IP-Adressen / Hostnames
| Hostname | IPv4 | IPv6 | Standort | ECDSA key Fingerprint | Kommentar |
|---|---|---|---|---|---|
| gw3 | 185.89.196.109 | 2a03:8460:1:2:109:: | masterssystems (Offenbach, DE) | 73:91:ea:9e:79:f8:25:79:7a:bd:27:22:5e:cc:18:53 | Gateway Freifunk Dreiländereck e.V. |
| gw7 | 5.9.143.55 | 2a01:4f8:190:2229::2 | Hetzner GmbH (DE) | 27:24:cc:40:66:76:ee:01:c7:d6:ec:e8:09:1e:24:d6 | 2. Gateway Freifunk Dreiländereck e.V. |
| gw9 | 144.76.31.247 | 2a01:4f8:191:22f6::2 | Hetzner GmbH (DE) | 5e:39:59:b5:21:c5:21:d8:a8:1c:fb:05:aa:72:ce:4b | 3. Gateway Freifunk Dreiländereck e.V. |
| node1 | 185.89.196.13 | 2a03:8460:1:2:1:13:: | masterssystems (Offenbach, DE) | 1b:0f:3d:f5:2c:2f:2c:50:c5:9d:60:d3:e1:30:b0:43 | Applikationsserver Freifunk Dreiländereck e.V. |
| node2 | 185.89.197.13 | 2a03:8460:1:2:2:13:: | masterssystems (Offenbach, DE) | 1b:0f:3d:f5:2c:2f:2c:50:c5:9d:60:d3:e1:30:b0:43 | Applikationsserver Freifunk Dreiländereck e.V. |
| services | 178.63.79.89 | 2a01:4f8:121:3145::2 | Hetzner GmbH (DE) | 31:3b:63:20:59:0b:cf:f8:69:c3:22:f5:d4:d7:d3:b5 | Applikationsserver Freifunk Dreiländereck e.V. |
Setup
Standard
identisch für alle FF3L-Server:
- Debian AMD64 Netinstall (7.8)
- Locale: EN_US.UTF8
- Partitionierung:
- vda1: 2 GB swap
- vda2: Rest ext4 /
- Setup Pakete:
- SSH Server
- Standard system utilities
- Pakete nachinstallieren:
- fail2ban
- htop
- iotop
- joe
- libpam-ldapd
- screen
- strace
- sudo
- Admin-User (lokal)
- admin:x:900:900::/home/admin:/bin/bash
- /etc/ssh/sshd_config
... PermitRootLogin no ... AuthorizedKeysCommand /usr/local/bin/ldap_keys.sh AuthorizedKeysCommandUser nobody ...
- LDAP
- URI: ldaps://apps.freifunk-3laendereck.de/
- nsswitch: aliases, group, passwd, shadow
Applikationsserver
- Setup-Profile:
- Web server
- SQL database
- DNS server
- Mail server
- SSH server
- Standard system utilities
- Pakete nachinstallieren:
- slapd
- ldap-account-manager
- apache2-mpm-itk
- /etc/default/slapd
... SLAPD_SERVICES="ldaps:/// ldapi:///" ...
- /etc/ldap/ldap.conf
BASE dc=freifunk-3laendereck,dc=net URI ldapi:/// ... TLS_REQCERT allow
- /etc/nslcd.conf
... uri ldapi:/// uri ldaps://192.168.13.2/ ... base dc=freifunk-3laendereck,dc=net ... rootpwmoddn cn=admin,dc=freifunk-3laendereck,dc=net ...
- /usr/share/pam-configs/mkhomedir
Name: Create home directory during login
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0077 skel=/mnt/nfs/home/skel
- update pam config
pam-auth-update
