CNM Campus Farm

CNM Campus Farm (hereinafter, the Farm) is the server cluster that supports CNM Cert, CNM Page, and CNM Wiki. These three CNM apps belong to CNM Campus. All of them use MariaDB as their database management system; server databases are synchronized via MariaDB Galera Cluster.

While being a part of CNM Farms, the Server utilizes one DigitalOcean droplet, which is located at the 159.89.230.212 IP address. CNMCyber Team utilizes two more servers that are similar to the Servers. One of them is called CNM Lab Farm; it hosts CNM Next Apps used for experiential learning. Another is called CNM HandsOn Farm; it hosts CNM HandsOn Apps used for hands-on training.

The Farm uses Campus Infrastructure.

DNS zone

Main wikipage: Opplet DNS

Web server files

Legacy

Currently, this Farm is based on four virtual private servers (VPSes; hereinafter, the Nodes).

cnmcyber #53

• page.cnmcyber.com (wp, empty)
• pravka.bskol.com (wiki, rus/eng)
• wiki.cnmcyber.com (wiki, rus/eng, 53/234 galera)
• pravka.idosvid.com (wiki, ukr)
• svazka.bskol.com (SuiteCRM)
• ucebka.bskol.com (moodle, rus)
• cert.cnmcyber.com (moodle, eng)
• ucebka.idosvid.com (moodle, ukr)
• wordpress.bskol.com (wp, vsemka copy)
• worldopp.com (wp, kava, captcha?)
• educaship.com (wp, empty)
• next.bskol.com (NextCloud)
• setka.bskol.com (humhub)
• vsemka.com (wp, vsemka)
• tube.cnmcyber.com (AVideo?)
• cnmcyber.com (wiki, rus/eng)

Next #234

• opplet.friendsofcnm.com (opplet.net copy?)
• theeconomicgroup.com (html, website dev offer)
• theeconomicgroup.org (odoo, empty -- delete?)
• vebka.theeconomicgroup.com (wp/elementor, bskol)
• wiki.friendsofcnm.com (wiki, eng/rus, 53/234 galera)

Employ #9-106

• jitsi.employableu.com
• mail.bskol.com
• mail.cnmcyber.com
• repo.employableu.com (GitLab)

CO #206

• HA Proxy

Security

TLS

Main wikipage: TLS

PHP

Main wikipage: PHP security

PHP security is needed for pretty much any PHP environment; it is not necessarily specific to the App.

LocalSettings.php usually contains sensitive data such as database logins. This data should never be revealed to the public! Due to a security breach somewhere on the server, it might happen that other users are able to view the contents of files. In order to improve security of your data, you should set UNIX permissions for this file accordingly: The webserver user must have access to this file. If this is the same account, who is the owner of the file, then you can set permissions to 600. Sometimes, the webserver user is not the file owner, but they are in the owner's UNIX user group. In this case, permissions of 640 should be fine. For improved security you should narrow permissions down as far as possible.

Additionally, you can create a MySQL user, who is restricted to only the database used by the wiki and provide this user's credentials in LocalSettings.php. Also you can configure your database server to only accept connections from localhost - this should prevent access from outside in case of leaked credentials.

MariaDB

Features

DNS entry point

load balancer on a public web address; high availability functionality is based on HAProxy.

Syncronization

synchronization of resources of common individual nodes, at least databases.

Monitoring

Security

including firewalls

Backup and recovery

One Node is connected to additional storage, which is supposed to be converted to NAS.

Development

Development of the Farm occurs under the HAProxy for CNM Farms project.