Difference between revisions of "CNM Campus Farm"
| (28 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | [[CNM Campus Farm]] (hereinafter, the ''Farm'') is the server cluster that supports [[CNM Cert]], [[CNM Page]], and [[CNM Wiki]]. These three [[CNM app]]s belong to [[CNM Campus]]. All of them use [[MariaDB]] as their [[database management system]]; server databases are synchronized via [[MariaDB Galera Cluster]]. | |
| − | + | While being a part of [[CNM Farms]], the ''Server'' utilizes one [[DigitalOcean]] droplet, which is located at the [http://159.89.230.212 159.89.230.212] [[IP address]]. [[CNMCyber Team]] utilizes two more servers that are similar to the ''Servers''. One of them is called [[CNM Lab Farm]]; it hosts [[CNM Next Apps]] used for [[experiential learning]]. Another is called [[CNM HandsOn Farm]]; it hosts [[CNM HandsOn Apps]] used for [[hands-on training]]. | |
| + | The ''Farm'' uses [[Campus Infrastructure]]. | ||
| − | [[Category:CNM | + | |
| + | ==DNS zone== | ||
| + | : ''Main wikipage: [[Opplet DNS]]'' | ||
| + | |||
| + | ==Web server files== | ||
| + | |||
| + | ==Legacy== | ||
| + | Currently, this ''Farm'' is based on four [[virtual private server]]s ([[VPS]]es; hereinafter, the ''Nodes''). | ||
| + | |||
| + | cnmcyber #53 | ||
| + | * page.cnmcyber.com (wp, empty) | ||
| + | * pravka.bskol.com (wiki, rus/eng) | ||
| + | * wiki.cnmcyber.com (wiki, rus/eng, 53/234 galera) | ||
| + | * pravka.idosvid.com (wiki, ukr) | ||
| + | * svazka.bskol.com (SuiteCRM) | ||
| + | * ucebka.bskol.com (moodle, rus) | ||
| + | * cert.cnmcyber.com (moodle, eng) | ||
| + | * ucebka.idosvid.com (moodle, ukr) | ||
| + | * wordpress.bskol.com (wp, vsemka copy) | ||
| + | * worldopp.com (wp, kava, captcha?) | ||
| + | * educaship.com (wp, empty) | ||
| + | * next.bskol.com (NextCloud) | ||
| + | * setka.bskol.com (humhub) | ||
| + | * vsemka.com (wp, vsemka) | ||
| + | * tube.cnmcyber.com (AVideo?) | ||
| + | * cnmcyber.com (wiki, rus/eng) | ||
| + | |||
| + | Next #234 | ||
| + | * opplet.friendsofcnm.com (opplet.net copy?) | ||
| + | * theeconomicgroup.com (html, website dev offer) | ||
| + | * theeconomicgroup.org (odoo, empty -- delete?) | ||
| + | * vebka.theeconomicgroup.com (wp/elementor, bskol) | ||
| + | * wiki.friendsofcnm.com (wiki, eng/rus, 53/234 galera) | ||
| + | |||
| + | Employ #9-106 | ||
| + | * jitsi.employableu.com | ||
| + | * mail.bskol.com | ||
| + | * mail.cnmcyber.com | ||
| + | * repo.employableu.com (GitLab) | ||
| + | |||
| + | CO #206 | ||
| + | * HA Proxy | ||
| + | |||
| + | ==Security== | ||
| + | ===TLS=== | ||
| + | ::''Main wikipage: [[TLS]]'' | ||
| + | |||
| + | ===PHP=== | ||
| + | ::''Main wikipage: [[PHP security]]'' | ||
| + | :[[PHP security]] is needed for pretty much any PHP environment; it is not necessarily specific to the ''App''. | ||
| + | LocalSettings.php usually contains sensitive data such as database logins. This data should never be revealed to the public! Due to a security breach somewhere on the server, it might happen that other users are able to view the contents of files. In order to improve security of your data, you should set UNIX permissions for this file accordingly: The webserver user must have access to this file. If this is the same account, who is the owner of the file, then you can set permissions to 600. Sometimes, the webserver user is not the file owner, but they are in the owner's UNIX user group. In this case, permissions of 640 should be fine. For improved security you should narrow permissions down as far as possible. | ||
| + | |||
| + | Additionally, you can create a MySQL user, who is restricted to only the database used by the wiki and provide this user's credentials in LocalSettings.php. Also you can configure your database server to only accept connections from localhost - this should prevent access from outside in case of leaked credentials. | ||
| + | |||
| + | ===MariaDB=== | ||
| + | |||
| + | ==Features== | ||
| + | ===DNS entry point=== | ||
| + | : [[load balancer]] on a public web address; high availability functionality is based on [[HAProxy]]. | ||
| + | |||
| + | ===Syncronization=== | ||
| + | : synchronization of resources of common individual nodes, at least databases. | ||
| + | |||
| + | ===Monitoring=== | ||
| + | |||
| + | ===Security=== | ||
| + | : including firewalls | ||
| + | |||
| + | ===Backup and recovery=== | ||
| + | One ''Node'' is connected to additional storage, which is supposed to be converted to NAS. | ||
| + | |||
| + | ==Development== | ||
| + | Development of the ''Farm'' occurs under the [[HAProxy for CNM Farms]] project. | ||
| + | |||
| + | [[Category:CNM Cloud products]] | ||
Latest revision as of 19:39, 10 January 2024
CNM Campus Farm (hereinafter, the Farm) is the server cluster that supports CNM Cert, CNM Page, and CNM Wiki. These three CNM apps belong to CNM Campus. All of them use MariaDB as their database management system; server databases are synchronized via MariaDB Galera Cluster.
While being a part of CNM Farms, the Server utilizes one DigitalOcean droplet, which is located at the 159.89.230.212 IP address. CNMCyber Team utilizes two more servers that are similar to the Servers. One of them is called CNM Lab Farm; it hosts CNM Next Apps used for experiential learning. Another is called CNM HandsOn Farm; it hosts CNM HandsOn Apps used for hands-on training.
The Farm uses Campus Infrastructure.
Contents
DNS zone
- Main wikipage: Opplet DNS
Web server files
Legacy
Currently, this Farm is based on four virtual private servers (VPSes; hereinafter, the Nodes).
cnmcyber #53
- page.cnmcyber.com (wp, empty)
- pravka.bskol.com (wiki, rus/eng)
- wiki.cnmcyber.com (wiki, rus/eng, 53/234 galera)
- pravka.idosvid.com (wiki, ukr)
- svazka.bskol.com (SuiteCRM)
- ucebka.bskol.com (moodle, rus)
- cert.cnmcyber.com (moodle, eng)
- ucebka.idosvid.com (moodle, ukr)
- wordpress.bskol.com (wp, vsemka copy)
- worldopp.com (wp, kava, captcha?)
- educaship.com (wp, empty)
- next.bskol.com (NextCloud)
- setka.bskol.com (humhub)
- vsemka.com (wp, vsemka)
- tube.cnmcyber.com (AVideo?)
- cnmcyber.com (wiki, rus/eng)
Next #234
- opplet.friendsofcnm.com (opplet.net copy?)
- theeconomicgroup.com (html, website dev offer)
- theeconomicgroup.org (odoo, empty -- delete?)
- vebka.theeconomicgroup.com (wp/elementor, bskol)
- wiki.friendsofcnm.com (wiki, eng/rus, 53/234 galera)
Employ #9-106
- jitsi.employableu.com
- mail.bskol.com
- mail.cnmcyber.com
- repo.employableu.com (GitLab)
CO #206
- HA Proxy
Security
TLS
- Main wikipage: TLS
PHP
- Main wikipage: PHP security
- PHP security is needed for pretty much any PHP environment; it is not necessarily specific to the App.
LocalSettings.php usually contains sensitive data such as database logins. This data should never be revealed to the public! Due to a security breach somewhere on the server, it might happen that other users are able to view the contents of files. In order to improve security of your data, you should set UNIX permissions for this file accordingly: The webserver user must have access to this file. If this is the same account, who is the owner of the file, then you can set permissions to 600. Sometimes, the webserver user is not the file owner, but they are in the owner's UNIX user group. In this case, permissions of 640 should be fine. For improved security you should narrow permissions down as far as possible.
Additionally, you can create a MySQL user, who is restricted to only the database used by the wiki and provide this user's credentials in LocalSettings.php. Also you can configure your database server to only accept connections from localhost - this should prevent access from outside in case of leaked credentials.
MariaDB
Features
DNS entry point
- load balancer on a public web address; high availability functionality is based on HAProxy.
Syncronization
- synchronization of resources of common individual nodes, at least databases.
Monitoring
Security
- including firewalls
Backup and recovery
One Node is connected to additional storage, which is supposed to be converted to NAS.
Development
Development of the Farm occurs under the HAProxy for CNM Farms project.
