Server: Unterschied zwischen den Versionen

Aus Wiki Freifunk-3Ländereck
Wechseln zu: Navigation, Suche
K (IP-Adressen / Hostnames: Link zu gw4 Log)
(IP-Adressen / Hostnames)
Zeile 7: Zeile 7:
 
!Kommentar
 
!Kommentar
 
|-
 
|-
|gw1
+
|[[Server:gw1|gw1]]
 
|5.45.110.180
 
|5.45.110.180
 
|
 
|
Zeile 13: Zeile 13:
 
|Gateway "Weil am Rhein" von Bernd
 
|Gateway "Weil am Rhein" von Bernd
 
|-
 
|-
|gw2
+
|[[Server:gw2|gw2]]
 
|87.106.67.172
 
|87.106.67.172
 
|
 
|
Zeile 19: Zeile 19:
 
|Gateway "Rheinfelden" von Rüdiger
 
|Gateway "Rheinfelden" von Rüdiger
 
|-
 
|-
|gw3
+
|[[Server:gw3|gw3]]
 
|146.185.253.182
 
|146.185.253.182
 
|
 
|
Zeile 31: Zeile 31:
 
|Gateway Freifunk Dreiländereck e.V.
 
|Gateway Freifunk Dreiländereck e.V.
 
|-
 
|-
|node1
+
|[[Server:node1|node1]]
 
|185.89.196.13
 
|185.89.196.13
 
|2a03:8460:1:2:1:13::
 
|2a03:8460:1:2:1:13::
Zeile 38: Zeile 38:
 
|-
 
|-
 
|-
 
|-
|node2
+
|[[Server:node2|node2]]
 
|185.89.197.13
 
|185.89.197.13
 
|2a03:8460:1:2:2:13::
 
|2a03:8460:1:2:2:13::

Version vom 23. Mai 2015, 12:55 Uhr

IP-Adressen / Hostnames

Hostname IPv4 IPv6 Standort Kommentar
gw1 5.45.110.180 netcup GmbH (DE) Gateway "Weil am Rhein" von Bernd
gw2 87.106.67.172 1&1 Internet AG (DE) Gateway "Rheinfelden" von Rüdiger
gw3 146.185.253.182 XonServers (NL) Gateway "Schopfheim" von Ben
gw4 185.89.196.109 2a03:8460:1:2:109:: masterssystems (Offenbach, DE) Gateway Freifunk Dreiländereck e.V.
node1 185.89.196.13 2a03:8460:1:2:1:13:: masterssystems (Offenbach, DE) Applikationsserver Freifunk Dreiländereck e.V.
node2 185.89.197.13 2a03:8460:1:2:2:13:: masterssystems (Offenbach, DE) Applikationsserver Freifunk Dreiländereck e.V.

Setup

Standard

identisch für alle FF3L-Server:

  • Debian AMD64 Netinstall (7.8)
  • Locale: EN_US.UTF8
  • Partitionierung:
    • vda1: 2 GB swap
    • vda2: Rest ext4 /
  • Setup Pakete:
    • SSH Server
    • Standard system utilities
  • Pakete nachinstallieren:
    • fail2ban
    • htop
    • iotop
    • joe
    • libpam_ldapd
    • screen
    • strace
    • sudo
  • Admin-User (lokal)
    • admin:x:900:900::/home/admin:/bin/bash
/etc/ssh/sshd_config
...
PermitRootLogin no 
...
AuthorizedKeysCommand /usr/local/bin/ldap_keys.sh   
AuthorizedKeysCommandUser nobody   
...
LDAP
  • URI: ldaps://apps.freifunk-3laendereck.de/
  • nsswitch: aliases, group, passwd, shadow

Applikationsserver

  • Setup-Profile:
    • Web server
    • SQL database
    • DNS server
    • Mail server
    • SSH server
    • Standard system utilities
  • Pakete nachinstallieren:
    • slapd
    • ldap-account-manager
    • apache2-mpm-itk
/etc/default/slapd
...
SLAPD_SERVICES="ldaps:/// ldapi:///"
...
/etc/ldap/ldap.conf
BASE    dc=freifunk-3laendereck,dc=net
URI     ldapi:///
...
TLS_REQCERT     allow
/etc/nslcd.conf
...
uri ldapi:///
uri ldaps://192.168.13.2/
...
base dc=freifunk-3laendereck,dc=net
...
rootpwmoddn cn=admin,dc=freifunk-3laendereck,dc=net
...
/usr/share/pam-configs/mkhomedir
Name: Create home directory during login
Default: yes
Priority: 900
Session-Type: Additional
Session:
        required        pam_mkhomedir.so umask=0077 skel=/mnt/nfs/home/skel