Server: Unterschied zwischen den Versionen

Aus Wiki Freifunk-3Ländereck
Wechseln zu: Navigation, Suche
(Setup)
(IP-Adressen / Hostnames)
 
(36 dazwischenliegende Versionen von 6 Benutzern werden nicht angezeigt)
Zeile 5: Zeile 5:
 
!IPv6
 
!IPv6
 
!Standort
 
!Standort
 +
!ECDSA key Fingerprint
 
!Kommentar
 
!Kommentar
 
|-
 
|-
|gw1
+
|[[Server:gw3|gw3]]
|5.45.110.180
 
|
 
|netcup GmbH (DE)
 
|Gateway "Weil am Rhein" von Bernd
 
|-
 
|gw2
 
|87.106.67.172
 
|
 
|1&1 Internet AG (DE)
 
|Gateway "Rheinfelden" von Rüdiger
 
|-
 
|gw3
 
|146.185.253.182
 
|
 
|XonServers (NL)
 
|Gateway "Schopfheim" von Ben
 
|-
 
|gw4
 
 
|185.89.196.109
 
|185.89.196.109
 
|2a03:8460:1:2:109::
 
|2a03:8460:1:2:109::
 
|masterssystems (Offenbach, DE)
 
|masterssystems (Offenbach, DE)
 +
|73:91:ea:9e:79:f8:25:79:7a:bd:27:22:5e:cc:18:53
 
|Gateway Freifunk Dreiländereck e.V.
 
|Gateway Freifunk Dreiländereck e.V.
 
|-
 
|-
|node1
+
|[[Server:gw7|gw7]]
 +
|5.9.143.55
 +
|2a01:4f8:190:2229::2
 +
|Hetzner GmbH (DE)
 +
|27:24:cc:40:66:76:ee:01:c7:d6:ec:e8:09:1e:24:d6
 +
|2. Gateway Freifunk Dreiländereck e.V.
 +
|-
 +
|[[Server:gw9|gw9]]
 +
|144.76.31.247
 +
|2a01:4f8:191:22f6::2
 +
|Hetzner GmbH (DE)
 +
|5e:39:59:b5:21:c5:21:d8:a8:1c:fb:05:aa:72:ce:4b
 +
|3. Gateway Freifunk Dreiländereck e.V.
 +
|-
 +
|[[Server:node1|node1]]
 
|185.89.196.13
 
|185.89.196.13
 
|2a03:8460:1:2:1:13::
 
|2a03:8460:1:2:1:13::
 
|masterssystems (Offenbach, DE)
 
|masterssystems (Offenbach, DE)
 +
|1b:0f:3d:f5:2c:2f:2c:50:c5:9d:60:d3:e1:30:b0:43
 
|Applikationsserver Freifunk Dreiländereck e.V.
 
|Applikationsserver Freifunk Dreiländereck e.V.
 
|-
 
|-
 
|-
 
|-
|node2
+
|[[Server:node2|node2]]
 
|185.89.197.13
 
|185.89.197.13
 
|2a03:8460:1:2:2:13::
 
|2a03:8460:1:2:2:13::
 
|masterssystems (Offenbach, DE)
 
|masterssystems (Offenbach, DE)
 +
|1b:0f:3d:f5:2c:2f:2c:50:c5:9d:60:d3:e1:30:b0:43
 +
|Applikationsserver Freifunk Dreiländereck e.V.
 +
|-
 +
|[[Server:services|services]]
 +
|178.63.79.89
 +
|2a01:4f8:121:3145::2
 +
|Hetzner GmbH (DE)
 +
|31:3b:63:20:59:0b:cf:f8:69:c3:22:f5:d4:d7:d3:b5
 
|Applikationsserver Freifunk Dreiländereck e.V.
 
|Applikationsserver Freifunk Dreiländereck e.V.
 
|}
 
|}
Zeile 53: Zeile 60:
 
** vda1: 2 GB swap
 
** vda1: 2 GB swap
 
** vda2: Rest ext4 /
 
** vda2: Rest ext4 /
* Pakete:
+
* Setup Pakete:
 
** SSH Server
 
** SSH Server
 
** Standard system utilities
 
** Standard system utilities
* Admin-User (lokal) - Gruppe wheel
+
* Pakete nachinstallieren:
** bernd
+
** fail2ban
** manuel
+
** htop
** markus
+
** iotop
** ruediger
+
** joe
** stefan
+
** libpam-ldapd
 +
** screen
 +
** strace
 +
** sudo
 +
* Admin-User (lokal)
 +
** admin:x:900:900::/home/admin:/bin/bash
 +
 
 +
;/etc/ssh/sshd_config
 +
<pre>
 +
...
 +
PermitRootLogin no
 +
...
 +
AuthorizedKeysCommand /usr/local/bin/ldap_keys.sh
 +
AuthorizedKeysCommandUser nobody
 +
...
 +
</pre>
 +
 
 +
;LDAP
 +
* URI: ldaps://apps.freifunk-3laendereck.de/
 +
* nsswitch: aliases, group, passwd, shadow
  
 
=== Applikationsserver ===
 
=== Applikationsserver ===
* Pakete:
+
* Setup-Profile:
 
** Web server
 
** Web server
 
** SQL database
 
** SQL database
Zeile 71: Zeile 97:
 
** SSH server
 
** SSH server
 
** Standard system utilities
 
** Standard system utilities
 +
* Pakete nachinstallieren:
 +
** slapd
 +
** ldap-account-manager
 +
** apache2-mpm-itk
 +
 +
;/etc/default/slapd
 +
<pre>
 +
...
 +
SLAPD_SERVICES="ldaps:/// ldapi:///"
 +
...
 +
</pre>
 +
 +
;/etc/ldap/ldap.conf
 +
<pre>
 +
BASE    dc=freifunk-3laendereck,dc=net
 +
URI    ldapi:///
 +
...
 +
TLS_REQCERT    allow
 +
</pre>
 +
 +
;/etc/nslcd.conf
 +
<pre>
 +
...
 +
uri ldapi:///
 +
uri ldaps://192.168.13.2/
 +
...
 +
base dc=freifunk-3laendereck,dc=net
 +
...
 +
rootpwmoddn cn=admin,dc=freifunk-3laendereck,dc=net
 +
...
 +
</pre>
 +
 +
;/usr/share/pam-configs/mkhomedir
 +
<pre>
 +
Name: Create home directory during login
 +
Default: yes
 +
Priority: 900
 +
Session-Type: Additional
 +
Session:
 +
        required        pam_mkhomedir.so umask=0077 skel=/mnt/nfs/home/skel
 +
</pre>
 +
 +
;update pam config
 +
<pre>
 +
pam-auth-update
 +
</pre>

Aktuelle Version vom 4. Mai 2016, 10:15 Uhr

IP-Adressen / Hostnames

Hostname IPv4 IPv6 Standort ECDSA key Fingerprint Kommentar
gw3 185.89.196.109 2a03:8460:1:2:109:: masterssystems (Offenbach, DE) 73:91:ea:9e:79:f8:25:79:7a:bd:27:22:5e:cc:18:53 Gateway Freifunk Dreiländereck e.V.
gw7 5.9.143.55 2a01:4f8:190:2229::2 Hetzner GmbH (DE) 27:24:cc:40:66:76:ee:01:c7:d6:ec:e8:09:1e:24:d6 2. Gateway Freifunk Dreiländereck e.V.
gw9 144.76.31.247 2a01:4f8:191:22f6::2 Hetzner GmbH (DE) 5e:39:59:b5:21:c5:21:d8:a8:1c:fb:05:aa:72:ce:4b 3. Gateway Freifunk Dreiländereck e.V.
node1 185.89.196.13 2a03:8460:1:2:1:13:: masterssystems (Offenbach, DE) 1b:0f:3d:f5:2c:2f:2c:50:c5:9d:60:d3:e1:30:b0:43 Applikationsserver Freifunk Dreiländereck e.V.
node2 185.89.197.13 2a03:8460:1:2:2:13:: masterssystems (Offenbach, DE) 1b:0f:3d:f5:2c:2f:2c:50:c5:9d:60:d3:e1:30:b0:43 Applikationsserver Freifunk Dreiländereck e.V.
services 178.63.79.89 2a01:4f8:121:3145::2 Hetzner GmbH (DE) 31:3b:63:20:59:0b:cf:f8:69:c3:22:f5:d4:d7:d3:b5 Applikationsserver Freifunk Dreiländereck e.V.

Setup

Standard

identisch für alle FF3L-Server:

  • Debian AMD64 Netinstall (7.8)
  • Locale: EN_US.UTF8
  • Partitionierung:
    • vda1: 2 GB swap
    • vda2: Rest ext4 /
  • Setup Pakete:
    • SSH Server
    • Standard system utilities
  • Pakete nachinstallieren:
    • fail2ban
    • htop
    • iotop
    • joe
    • libpam-ldapd
    • screen
    • strace
    • sudo
  • Admin-User (lokal)
    • admin:x:900:900::/home/admin:/bin/bash
/etc/ssh/sshd_config
...
PermitRootLogin no 
...
AuthorizedKeysCommand /usr/local/bin/ldap_keys.sh
AuthorizedKeysCommandUser nobody
...
LDAP
  • URI: ldaps://apps.freifunk-3laendereck.de/
  • nsswitch: aliases, group, passwd, shadow

Applikationsserver

  • Setup-Profile:
    • Web server
    • SQL database
    • DNS server
    • Mail server
    • SSH server
    • Standard system utilities
  • Pakete nachinstallieren:
    • slapd
    • ldap-account-manager
    • apache2-mpm-itk
/etc/default/slapd
...
SLAPD_SERVICES="ldaps:/// ldapi:///"
...
/etc/ldap/ldap.conf
BASE    dc=freifunk-3laendereck,dc=net
URI     ldapi:///
...
TLS_REQCERT     allow
/etc/nslcd.conf
...
uri ldapi:///
uri ldaps://192.168.13.2/
...
base dc=freifunk-3laendereck,dc=net
...
rootpwmoddn cn=admin,dc=freifunk-3laendereck,dc=net
...
/usr/share/pam-configs/mkhomedir
Name: Create home directory during login
Default: yes
Priority: 900
Session-Type: Additional
Session:
        required        pam_mkhomedir.so umask=0077 skel=/mnt/nfs/home/skel
update pam config
pam-auth-update