Members: Difference between revisions
Jump to navigation
Jump to search
(Add email images step) |
(Added link to ansible playbook) |
||
| Line 2: | Line 2: | ||
== Setup == | == Setup == | ||
=== Ansible === | |||
An ansible playbook to configure the server can be found on github https://github.com/somakeit/members_ansible_config (currently only visible to org members) | |||
=== Setup notes === | |||
These are the steps taken to set it up when Scorpia @ I replaced the much more expensive droplet. | These are the steps taken to set it up when Scorpia @ I replaced the much more expensive droplet. | ||
Made new droplet: 46.101.29.241 ubuntu 22.04 | Made new droplet: 46.101.29.241 ubuntu 22.04 | ||
=== Created user accounts === | ==== Created user accounts ==== | ||
* tyler | * tyler | ||
* bracken | * bracken | ||
| Line 13: | Line 18: | ||
* chris18890 as existing admin | * chris18890 as existing admin | ||
=== Server hardening === | ==== Server hardening ==== | ||
* Disable PermitRootLogin for ssh | * Disable PermitRootLogin for ssh | ||
* Enabled UFW with allow for port 22 globaly | * Enabled UFW with allow for port 22 globaly | ||
| Line 21: | Line 26: | ||
* Copied letsencrypt files from the old server, installed certbot with apt, dry-ran a renew sucessfully | * Copied letsencrypt files from the old server, installed certbot with apt, dry-ran a renew sucessfully | ||
=== Mysql === | ==== Mysql ==== | ||
* installed mariadb-server | * installed mariadb-server | ||
* Copied the live database to the new server, needs to be re-done clean before golive. | * Copied the live database to the new server, needs to be re-done clean before golive. | ||
* Copied clean database over at approx 17:00. | * Copied clean database over at approx 17:00. | ||
=== Redis === | ==== Redis ==== | ||
* Apt-get install redis | * Apt-get install redis | ||
* set requirepass | * set requirepass | ||
=== Nginx === | ==== Nginx ==== | ||
* Installed nginx | * Installed nginx | ||
=== HMS === | ==== HMS ==== | ||
* created hms user | * created hms user | ||
* checked out hms git repo | * checked out hms git repo | ||
| Line 57: | Line 62: | ||
* add uncommitted images used in emails. | * add uncommitted images used in emails. | ||
=== NPM === | ==== NPM ==== | ||
* install node 14 https://github.com/nodesource/distributions/blob/master/README.md | * install node 14 https://github.com/nodesource/distributions/blob/master/README.md | ||
* https://unix.stackexchange.com/questions/627635/upgrading-nodejs-on-ubuntu-how-to-fix-broken-pipe-error | * https://unix.stackexchange.com/questions/627635/upgrading-nodejs-on-ubuntu-how-to-fix-broken-pipe-error | ||
| Line 66: | Line 71: | ||
* npm run | * npm run | ||
=== Other === | ==== Other ==== | ||
* install laravel-echo-server | * install laravel-echo-server | ||
* add systemd for echo server and horizon | * add systemd for echo server and horizon | ||
| Line 72: | Line 77: | ||
* Add new box IP to mailgun approved IPs | * Add new box IP to mailgun approved IPs | ||
=== OpenVPN (for the doors) === | ==== OpenVPN (for the doors) ==== | ||
==== Installed using https://github.com/angristan/openvpn-install and (https://github.com/angristan/openvpn-install/issues/1030). ==== | |||
* Created a client for kong and added route-nopull to make it a split tunnel config. | * Created a client for kong and added route-nopull to make it a split tunnel config. | ||
* Created a client for extDoorPi added route-nopull | * Created a client for extDoorPi added route-nopull | ||
Revision as of 23:46, 3 December 2022
Members is the Digital Ocean droplet hosting members.somakeit.org.uk.
Setup
Ansible
An ansible playbook to configure the server can be found on github https://github.com/somakeit/members_ansible_config (currently only visible to org members)
Setup notes
These are the steps taken to set it up when Scorpia @ I replaced the much more expensive droplet.
Made new droplet: 46.101.29.241 ubuntu 22.04
Created user accounts
- tyler
- bracken
- other ssh keys left in root auth keys for now (unusable because PermitRootLogin is off)
- dpslwk so Matt (HMS author) can help
- chris18890 as existing admin
Server hardening
- Disable PermitRootLogin for ssh
- Enabled UFW with allow for port 22 globaly
- UFW allow 80 and 443 globaly
- UFW allow 1194/udp globally for OpenVPN
- UFW allow 3306 from 10.8.0.0/24 for doors to access database over encrypted tunnel
- Copied letsencrypt files from the old server, installed certbot with apt, dry-ran a renew sucessfully
Mysql
- installed mariadb-server
- Copied the live database to the new server, needs to be re-done clean before golive.
- Copied clean database over at approx 17:00.
Redis
- Apt-get install redis
- set requirepass
Nginx
- Installed nginx
HMS
- created hms user
- checked out hms git repo
- installed php php-redis php-curl php-xml
- installed composer
- curl -sS https://getcomposer.org/installer | php
- sudo mv composer.phar /usr/local/bin/composer
- composer install
- composer update
attempt 2 with old php
- sudo apt install software-properties-common
- sudo add-apt-repository ppa:ondrej/php -y
- sudo apt install php7.4 php7.4-redis php7.4-curl php7.4-xml php7.4-zip php7.4-sql php7.4-mysql php7.4 php7.4-fpm php7.4-mbstring
- sudo update-alternatives --config php
- recheckout hms
- add .env file
- composer update
- run artisan commands from vagrant script (some may have caused issues)
- add crontab as set by vagrant script
- add hms-7.4.conf in /etc/php/7.4/fpm/pool.d/
- run php artisan config:cache then php artisan hor:ter
- add uncommitted images used in emails.
NPM
- install node 14 https://github.com/nodesource/distributions/blob/master/README.md
- https://unix.stackexchange.com/questions/627635/upgrading-nodejs-on-ubuntu-how-to-fix-broken-pipe-error
- copy npm rc
- add font awsome token
- npm install
- add resources/sass/_variables_somakeit.scss
- npm run
Other
- install laravel-echo-server
- add systemd for echo server and horizon
- copy over oauth keys
- Add new box IP to mailgun approved IPs
OpenVPN (for the doors)
Installed using https://github.com/angristan/openvpn-install and (https://github.com/angristan/openvpn-install/issues/1030).
- Created a client for kong and added route-nopull to make it a split tunnel config.
- Created a client for extDoorPi added route-nopull
- Installed openvpn configs on both pis, tested and door access working.