Server: Unterschied zwischen den Versionen
Aus Wiki Freifunk-3Ländereck
80686 (Diskussion | Beiträge) (→Applikationsserver) |
80686 (Diskussion | Beiträge) (→Applikationsserver) |
||
| Zeile 89: | Zeile 89: | ||
* Pakete nachinstallieren: | * Pakete nachinstallieren: | ||
** slapd | ** slapd | ||
| + | ** ldap-account-manager | ||
;/etc/default/slapd | ;/etc/default/slapd | ||
| Zeile 99: | Zeile 100: | ||
;/etc/ldap/ldap.conf | ;/etc/ldap/ldap.conf | ||
<pre> | <pre> | ||
| − | BASE dc=freifunk-3laendereck,dc= | + | BASE dc=freifunk-3laendereck,dc=net |
URI ldapi:/// | URI ldapi:/// | ||
... | ... | ||
TLS_REQCERT allow | TLS_REQCERT allow | ||
| + | </pre> | ||
| + | |||
| + | /etc/nslcd.conf | ||
| + | <pre> | ||
| + | ... | ||
| + | uri ldapi:/// | ||
| + | uri ldaps://192.168.13.2/ | ||
| + | ... | ||
| + | base dc=freifunk-3laendereck,dc=net | ||
| + | ... | ||
</pre> | </pre> | ||
Version vom 3. Mai 2015, 14:16 Uhr
Inhaltsverzeichnis
IP-Adressen / Hostnames
| Hostname | IPv4 | IPv6 | Standort | Kommentar |
|---|---|---|---|---|
| gw1 | 5.45.110.180 | netcup GmbH (DE) | Gateway "Weil am Rhein" von Bernd | |
| gw2 | 87.106.67.172 | 1&1 Internet AG (DE) | Gateway "Rheinfelden" von Rüdiger | |
| gw3 | 146.185.253.182 | XonServers (NL) | Gateway "Schopfheim" von Ben | |
| gw4 | 185.89.196.109 | 2a03:8460:1:2:109:: | masterssystems (Offenbach, DE) | Gateway Freifunk Dreiländereck e.V. |
| node1 | 185.89.196.13 | 2a03:8460:1:2:1:13:: | masterssystems (Offenbach, DE) | Applikationsserver Freifunk Dreiländereck e.V. |
| node2 | 185.89.197.13 | 2a03:8460:1:2:2:13:: | masterssystems (Offenbach, DE) | Applikationsserver Freifunk Dreiländereck e.V. |
Setup
Standard
identisch für alle FF3L-Server:
- Debian AMD64 Netinstall (7.8)
- Locale: EN_US.UTF8
- Partitionierung:
- vda1: 2 GB swap
- vda2: Rest ext4 /
- Setup Pakete:
- SSH Server
- Standard system utilities
- Pakete nachinstallieren:
- fail2ban
- htop
- iotop
- joe
- libpam_ldapd
- screen
- strace
- sudo
- Admin-User (lokal)
- admin:x:900:900::/home/admin:/bin/bash
- /etc/ssh/sshd_config
... PermitRootLogin no ...
- LDAP
- URI: ldaps://apps.freifunk-3laendereck.de/
- nsswitch: aliases, group, passwd, shadow
Applikationsserver
- Setup-Profile:
- Web server
- SQL database
- DNS server
- Mail server
- SSH server
- Standard system utilities
- Pakete nachinstallieren:
- slapd
- ldap-account-manager
- /etc/default/slapd
... SLAPD_SERVICES="ldaps:/// ldapi:///" ...
- /etc/ldap/ldap.conf
BASE dc=freifunk-3laendereck,dc=net URI ldapi:/// ... TLS_REQCERT allow
/etc/nslcd.conf
... uri ldapi:/// uri ldaps://192.168.13.2/ ... base dc=freifunk-3laendereck,dc=net ...
- /usr/share/pam-configs/mkhomedir
Name: Create home directory during login
Default: yes
Priority: 900
Session-Type: Additional
Session:
required pam_mkhomedir.so umask=0077 skel=/mnt/nfs/home/skel
