Difference between revisions of "CNM Campus Farm"

Revision as of 06:02, 27 December 2023

CNM Campus Farm (hereinafter, the Farm) is the server cluster that supports CNM Cert, CNM Page, and CNM Wiki. These three CNM apps belong to CNM Campus. All of them use MariaDB as their database management system; server databases are synchronized via MariaDB Galera Cluster.

While being a part of CNM Farms, the Server utilizes one DigitalOcean droplet, which is located at the 159.89.230.212 IP address. CNMCyber Team utilizes two more servers that are similar to the Servers. One of them is called CNM Lab Farm; it hosts CNM Next Apps used for experiential learning. Another is called CNM HandsOn Farm; it hosts CNM HandsOn Apps used for hands-on training.

DNS zone

cnmcyber.com35 a / 1 mX / 3 nS / 1 sOA / 1 tXT (NS: digitalocean.com)

TXT mail.next.cnmcyber.com returns v=spf1 +a +mx -all MX mail.next.cnmcyber.com mail handled by mail.next.cnmcyber.com. A opplet.handson.cnmcyber.com directs to 159.65.220.3 A cabin.cnmcyber.com directs to 159.89.93.1 A talk.handson.cnmcyber.com directs to 159.65.220.3 A venture.handson.cnmcyber.com directs to 159.65.220.3 A linkup.handson.cnmcyber.com directs to 159.65.220.3 A lab.handson.cnmcyber.com directs to 159.65.220.3 A mail.handson.cnmcyber.com directs to 159.65.220.3 A cert.handson.cnmcyber.com directs to 159.65.220.3 A wiki.handson.cnmcyber.com directs to 159.65.220.3 A page.handson.cnmcyber.com directs to 159.65.220.3 A tube.handson.cnmcyber.com directs to 159.65.220.3 A social.handson.cnmcyber.com directs to 159.65.220.3 A handson.cnmcyber.com directs to 165.22.107.127 A social.next.cnmcyber.com directs to 167.71.244.79 A tube.next.cnmcyber.com directs to 167.71.244.79 A page.next.cnmcyber.com directs to 167.71.244.79 A wiki.next.cnmcyber.com directs to 167.71.244.79 A cert.next.cnmcyber.com directs to 167.71.244.79 A mail.next.cnmcyber.com directs to 164.68.97.65 A lab.next.cnmcyber.com directs to 167.71.244.79 A linkup.next.cnmcyber.com directs to 167.71.244.79 A venture.next.cnmcyber.com directs to 167.71.244.79 A talk.next.cnmcyber.com directs to 167.71.244.79 A next.cnmcyber.com directs to 167.71.244.79 A cnmcyber.com directs to 159.89.230.212 A talk.cnmcyber.com directs to 159.89.230.212 A venture.cnmcyber.com directs to 159.89.230.212 A linkup.cnmcyber.com directs to 159.89.230.212 A lab.cnmcyber.com directs to 159.89.230.212 A mail.cnmcyber.com directs to 159.89.230.212 A cert.cnmcyber.com directs to 159.89.230.212 A wiki.cnmcyber.com directs to 159.89.230.212 A page.cnmcyber.com directs to 159.89.230.212 A tube.cnmcyber.com directs to 159.89.230.212 A social.cnmcyber.com directs to 159.89.230.212

friendsofcnm.com 1 a / 1 cNAME / 3 nS / 1 sOA (NS: digitalocean.com)

CNAME www.friendsofcnm.com is an alias of friendsofcnm.com. A friendsofcnm.com directs to 159.89.230.212

worldopp.com 1 a / 1 cNAME / 3 nS / 1 sOA (NS: digitalocean.com)

CNAME www.worldopp.com is an alias of worldopp.com. A worldopp.com directs to 159.89.230.212

fixett.com 1 a / 2 cNAME / 3 nS / 1 sOA (NS: digitalocean.com)

CNAME *.fixett.com is an alias of fixett.com. CNAME www.fixett.com is an alias of fixett.com. A fixett.com directs to 157.230.99.203

theeconomicgroup.com 1 a / 2 cNAME / 3 nS / 1 sOA (NS: digitalocean.com)

CNAME *.theeconomicgroup.com is an alias of theeconomicgroup.com. CNAME www.theeconomicgroup.com is an alias of theeconomicgroup.com. A theeconomicgroup.com directs to 45.55.71.142

opplet.net 4 a / 1 cNAME / 1 mX / 3 nS / 1 sOA / 3 tXT (NS: digitalocean.com)

A id.opplet.net directs to 88.99.214.92 TXT mail._domainkey.opplet.net returns v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBMiuIJQQPJ6TYbhMDwGRcaFL9GKyg7ocjoTQShpkWF6pkdS9OleMJBbk1wvFpDM/ayawxXyP7JUbdjw/TcXM/TmWQ+ZbjlPfoLtvqkuWw2iPKFlNzor/K5QZFI8MwZfh3yAdJS+8w/whXVZaq+enF+CQSzqgXFX0QBn6c/7sE+QIDAQAB TXT _dmarc.opplet.net returns v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:postmaster@opplet.net MX opplet.net mail handled by mail.opplet.net. A *.opplet.net directs to 157.230.99.203 A redmine.opplet.net directs to 159.89.93.1 CNAME www.opplet.net is an alias of opplet.net. TXT opplet.net returns v=spf1 a mx ip4:157.230.99.203 ~all A opplet.net directs to 159.89.93.1

opplet.com 1 a / 2 cNAME / 1 mX / 3 nS / 1 sOA (NS: digitalocean.com)

CNAME *.opplet.com is an alias of opplet.com. CNAME www.opplet.com is an alias of opplet.com. MX opplet.com mail handled by opplet.com. A opplet.com directs to 159.89.230.212

careerprise.com 5 a / 5 cNAME / 3 nS / 1 sOA (NS: digitalocean.com)

CNAME www.opplet.careerprise.com is an alias of opplet.careerprise.com. A opplet.careerprise.com directs to 159.89.93.1 CNAME www.campus.careerprise.com is an alias of campus.careerprise.com. CNAME www.dev.careerprise.com is an alias of dev.careerprise.com. CNAME www.wiki.careerprise.com is an alias of wiki.careerprise.com. A dev.careerprise.com directs to 159.89.93.1 A campus.careerprise.com directs to 159.89.93.1 A wiki.careerprise.com directs to 159.89.93.1 CNAME www.careerprise.com is an alias of careerprise.com. A careerprise.com directs to 159.89.93.1

bskol.com 1 a / 3 nS / 1 sOA (NS: digitalocean.com)

A bskol.com directs to 159.89.93.1

bskol.com

bskol.com SOA ns1.contabo.net. hostmaster.contabo.de. 2023100901 3600 7200 2419200 10800 bskol.com NS ns1.contabo.net bskol.com NS ns2.contabo.net bskol.com NS ns3.contabo.net

.bskol.com A 207.244.231.53

bskol.com A 207.244.231.53 haproxy.bskol.com A 185.213.25.206 influx.bskol.com A 49.12.5.41 mail.bskol.com A 62.171.189.106 monitor.bskol.com A 49.12.5.41 npm3.bskol.com A 88.99.214.92 pbs.bskol.com A 88.99.214.92 pf.bskol.com A 88.99.71.85 pm1.bskol.com A 88.99.218.172 pm2.bskol.com A 88.99.71.85 pm3.bskol.com A 88.99.214.92 zabbix.bskol.com A 167.235.255.244 pbs.bskol.com AAAA 2a01:4f8:10a:3f60::2 pf.bskol.com AAAA 2a01:4f8:fff0:53::6 www.bskol.com CNAME bskol.com bskol.com MX0mail.bskol.com bskol.com TXT v=spf1 a mx ip4:62.171.189.106 ~all mail._domainkey.bskol.com TXT v=DKIM1; t=s; p=MIGfMA GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1TWbfA9JJs9Z6FwJ/PvcjLY7aOZGgV36SBOKBebra/pZKiUpj2NLiOLJ0qI8Pm05l/5lnHvsWsWc7fW6g0rF9T6SqYJU3tm96D+SnSyuenr06nQ4KLCIIRt15t0OfGXlZHB1NkaIxlw9ZbFxBeiQYUnihV1PhZj72VwO888W0swIDAQAB _adsp._domainkey.bskol.com TXT dkim=all _dmarc.bskol.com TXT v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:postmaster@bskol.com

employableu.com

employableu.com SOA ns1.contabo.net. hostmaster.contabo.de. 2023110401 3600 7200 2419200 10800 employableu.com NS ns1.contabo.net employableu.com NS ns2.contabo.net employableu.com NS ns3.contabo.net

.employableu.com A 62.171.189.106

books.employableu.com A 88.99.214.92 employableu.com A 62.171.189.106 mail.employableu.com A 62.171.189.106 page.employableu.com A 88.99.214.92 www.employableu.com A 62.171.189.106 employableu.com MX mail.employableu.com

fixett.com

fixett.com SOA ns1.contabo.net. hostmaster.contabo.de. 2020110101 3600 7200 2419200 10800 fixett.com NS ns1.contabo.net fixett.com NS ns2.contabo.net fixett.com NS ns3.contabo.net

.fixett.com A 207.244.231.53

fixett.com A 207.244.231.53 mail.fixett.com A 207.244.231.53 www.fixett.com A 207.244.231.53 fixett.com MX mail.fixett.com

friendsofcnm.com

friendsofcnm.com SOA ns1.contabo.net. hostmaster.contabo.de. 2020080901 3600 7200 2419200 10800 friendsofcnm.com NS ns1.contabo.net friendsofcnm.com NS ns2.contabo.net friendsofcnm.com NS ns3.contabo.net

.friendsofcnm.com A 207.244.225.234

friendsofcnm.com A 207.244.225.234 mail.friendsofcnm.com A 207.244.225.234 www.friendsofcnm.com A 207.244.225.234 friendsofcnm.com MX mail.friendsofcnm.com

idosvid.com

idosvid.com SOA ns1.contabo.net. hostmaster.contabo.de. 2022100601 3600 7200 2419200 10800 idosvid.com NS ns1.contabo.net idosvid.com NS ns2.contabo.net idosvid.com NS ns3.contabo.net

.idosvid.com A 207.244.231.53

idosvid.com A 207.244.231.53 mail.idosvid.com A 207.244.231.53 www.idosvid.com A 207.244.231.53 idosvid.com MX mail.idosvid.com

theeconomicgroup.com

theeconomicgroup.com SOA ns1.contabo.net. hostmaster.contabo.de. 2020080901 3600 7200 2419200 10800 theeconomicgroup.com NS ns1.contabo.net theeconomicgroup.com NS ns2.contabo.net theeconomicgroup.com NS ns3.contabo.net

.theeconomicgroup.com A 207.244.225.234

mail.theeconomicgroup.com A 207.244.225.234 theeconomicgroup.com A 207.244.225.234 www.theeconomicgroup.com A 207.244.225.234 theeconomicgroup.com MX mail.theeconomicgroup.com

vsemka.com

vsemka.com SOA ns1.contabo.net. hostmaster.contabo.de. 2022021302 3600 7200 2419200 10800 vsemka.com NS ns1.contabo.net vsemka.com NS ns2.contabo.net vsemka.com NS ns3.contabo.net

.vsemka.com A 207.244.231.53

mail.vsemka.com A 207.244.231.53 vsemka.com A 207.244.231.53 www.vsemka.com A 207.244.231.53 vsemka.com MX mail.vsemka.com

worldopp.com

worldopp.com SOA ns1.contabo.net. hostmaster.contabo.de. 2021032702 3600 7200 2419200 10800 worldopp.com NS ns1.contabo.net worldopp.com NS ns2.contabo.net worldopp.com NS ns3.contabo.net

.worldopp.com A 207.244.231.53

mail.worldopp.com A 207.244.231.53 worldopp.com A 207.244.231.53 www.worldopp.com CNAME worldopp.com worldopp.com MX mail.worldopp.com

Web server files

Legacy

Currently, this Farm is based on four virtual private servers (VPSes; hereinafter, the Nodes).

cnmcyber #53

page.cnmcyber.com (wp, empty)
pravka.bskol.com (wiki, rus/eng)
wiki.cnmcyber.com (wiki, rus/eng, 53/234 galera)
pravka.idosvid.com (wiki, ukr)
svazka.bskol.com (SuiteCRM)
ucebka.bskol.com (moodle, rus)
cert.cnmcyber.com (moodle, eng)
ucebka.idosvid.com (moodle, ukr)
wordpress.bskol.com (wp, vsemka copy)
worldopp.com (wp, kava, captcha?)
educaship.com (wp, empty)
next.bskol.com (NextCloud)
setka.bskol.com (humhub)
vsemka.com (wp, vsemka)
tube.cnmcyber.com (AVideo?)
cnmcyber.com (wiki, rus/eng)

Next #234

opplet.friendsofcnm.com (opplet.net copy?)
theeconomicgroup.com (html, website dev offer)
theeconomicgroup.org (odoo, empty -- delete?)
vebka.theeconomicgroup.com (wp/elementor, bskol)
wiki.friendsofcnm.com (wiki, eng/rus, 53/234 galera)

Employ #9-106

jitsi.employableu.com
mail.bskol.com
mail.cnmcyber.com
repo.employableu.com (GitLab)

CO #206

HA Proxy

Security

TLS

Main wikipage: TLS

PHP

Main wikipage: PHP security

PHP security is needed for pretty much any PHP environment; it is not necessarily specific to the App.

LocalSettings.php usually contains sensitive data such as database logins. This data should never be revealed to the public! Due to a security breach somewhere on the server, it might happen that other users are able to view the contents of files. In order to improve security of your data, you should set UNIX permissions for this file accordingly: The webserver user must have access to this file. If this is the same account, who is the owner of the file, then you can set permissions to 600. Sometimes, the webserver user is not the file owner, but they are in the owner's UNIX user group. In this case, permissions of 640 should be fine. For improved security you should narrow permissions down as far as possible.

Additionally, you can create a MySQL user, who is restricted to only the database used by the wiki and provide this user's credentials in LocalSettings.php. Also you can configure your database server to only accept connections from localhost - this should prevent access from outside in case of leaked credentials.

MariaDB

Features

DNS entry point

load balancer on a public web address; high availability functionality is based on HAProxy.

Syncronization

synchronization of resources of common individual nodes, at least databases.

Monitoring

Security

including firewalls

Backup and recovery

One Node is connected to additional storage, which is supposed to be converted to NAS.

Development

Development of the Farm occurs under the HAProxy for CNM Farms project.

Difference between revisions of "CNM Campus Farm"

Revision as of 06:02, 27 December 2023

Contents

DNS zone

Web server files

Legacy

Security

TLS

PHP

MariaDB

Features

DNS entry point

Syncronization

Monitoring

Security

Backup and recovery

Development

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

@@ Line 102: / Line 102: @@
 A 	bskol.com	directs to	159.89.93.1
+bskol.com
+bskol.com	SOA	ns1.contabo.net. hostmaster.contabo.de. 2023100901 3600 7200 2419200 10800
+bskol.com	NS	ns1.contabo.net
+bskol.com	NS	ns2.contabo.net
+bskol.com	NS	ns3.contabo.net
+*.bskol.com	A	207.244.231.53
+bskol.com	A	207.244.231.53
+haproxy.bskol.com	A	185.213.25.206
+influx.bskol.com	A	49.12.5.41
+mail.bskol.com	A	62.171.189.106
+monitor.bskol.com	A	49.12.5.41
+npm3.bskol.com	A	88.99.214.92
+pbs.bskol.com	A	88.99.214.92
+pf.bskol.com	A	88.99.71.85
+pm1.bskol.com	A	88.99.218.172
+pm2.bskol.com	A	88.99.71.85
+pm3.bskol.com	A	88.99.214.92
+zabbix.bskol.com	A	167.235.255.244
+pbs.bskol.com	AAAA	2a01:4f8:10a:3f60::2
+pf.bskol.com	AAAA	2a01:4f8:fff0:53::6
+www.bskol.com	CNAME	bskol.com
+bskol.com	MX0mail.bskol.com
+bskol.com	TXT	v=spf1 a mx ip4:62.171.189.106 ~all
+mail._domainkey.bskol.com	TXT	v=DKIM1; t=s; p=MIGfMA	GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1TWbfA9JJs9Z6FwJ/PvcjLY7aOZGgV36SBOKBebra/pZKiUpj2NLiOLJ0qI8Pm05l/5lnHvsWsWc7fW6g0rF9T6SqYJU3tm96D+SnSyuenr06nQ4KLCIIRt15t0OfGXlZHB1NkaIxlw9ZbFxBeiQYUnihV1PhZj72VwO888W0swIDAQAB
+_adsp._domainkey.bskol.com	TXT	dkim=all
+_dmarc.bskol.com	TXT	v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:postmaster@bskol.com
+employableu.com
+employableu.com	SOA	ns1.contabo.net. hostmaster.contabo.de. 2023110401 3600 7200 2419200 10800
+employableu.com	NS	ns1.contabo.net
+employableu.com	NS	ns2.contabo.net
+employableu.com	NS	ns3.contabo.net
+*.employableu.com	A	62.171.189.106
+books.employableu.com	A	88.99.214.92
+employableu.com	A	62.171.189.106
+mail.employableu.com	A	62.171.189.106
+page.employableu.com	A	88.99.214.92
+www.employableu.com	A	62.171.189.106
+employableu.com	MX	mail.employableu.com
+fixett.com
+fixett.com	SOA	ns1.contabo.net. hostmaster.contabo.de. 2020110101 3600 7200 2419200 10800
+fixett.com	NS	ns1.contabo.net
+fixett.com	NS	ns2.contabo.net
+fixett.com	NS	ns3.contabo.net
+*.fixett.com	A	207.244.231.53
+fixett.com	A	207.244.231.53
+mail.fixett.com	A	207.244.231.53
+www.fixett.com	A	207.244.231.53
+fixett.com	MX	mail.fixett.com
+friendsofcnm.com
+friendsofcnm.com	SOA	ns1.contabo.net. hostmaster.contabo.de. 2020080901 3600 7200 2419200 10800
+friendsofcnm.com	NS	ns1.contabo.net
+friendsofcnm.com	NS	ns2.contabo.net
+friendsofcnm.com	NS	ns3.contabo.net
+*.friendsofcnm.com	A	207.244.225.234
+friendsofcnm.com	A	207.244.225.234
+mail.friendsofcnm.com	A	207.244.225.234
+www.friendsofcnm.com	A	207.244.225.234
+friendsofcnm.com	MX	mail.friendsofcnm.com
+idosvid.com
+idosvid.com	SOA	ns1.contabo.net. hostmaster.contabo.de. 2022100601 3600 7200 2419200 10800
+idosvid.com	NS	ns1.contabo.net
+idosvid.com	NS	ns2.contabo.net
+idosvid.com	NS	ns3.contabo.net
+*.idosvid.com	A	207.244.231.53
+idosvid.com	A	207.244.231.53
+mail.idosvid.com	A	207.244.231.53
+www.idosvid.com	A	207.244.231.53
+idosvid.com	MX	mail.idosvid.com
+theeconomicgroup.com
+theeconomicgroup.com	SOA	ns1.contabo.net. hostmaster.contabo.de. 2020080901 3600 7200 2419200 10800
+theeconomicgroup.com	NS	ns1.contabo.net
+theeconomicgroup.com	NS	ns2.contabo.net
+theeconomicgroup.com	NS	ns3.contabo.net
+*.theeconomicgroup.com	A	207.244.225.234
+mail.theeconomicgroup.com	A	207.244.225.234
+theeconomicgroup.com	A	207.244.225.234
+www.theeconomicgroup.com	A	207.244.225.234
+theeconomicgroup.com	MX	mail.theeconomicgroup.com
+vsemka.com
+vsemka.com	SOA	ns1.contabo.net. hostmaster.contabo.de. 2022021302 3600 7200 2419200 10800
+vsemka.com	NS	ns1.contabo.net
+vsemka.com	NS	ns2.contabo.net
+vsemka.com	NS	ns3.contabo.net
+*.vsemka.com	A	207.244.231.53
+mail.vsemka.com	A	207.244.231.53
+vsemka.com	A	207.244.231.53
+www.vsemka.com	A	207.244.231.53
+vsemka.com	MX	mail.vsemka.com
+worldopp.com
+worldopp.com	SOA	ns1.contabo.net. hostmaster.contabo.de. 2021032702 3600 7200 2419200 10800
+worldopp.com	NS	ns1.contabo.net
+worldopp.com	NS	ns2.contabo.net
+worldopp.com	NS	ns3.contabo.net
+*.worldopp.com	A	207.244.231.53
+mail.worldopp.com	A	207.244.231.53
+worldopp.com	A	207.244.231.53
+www.worldopp.com	CNAME	worldopp.com
+worldopp.com	MX	mail.worldopp.com
 ==Web server files==