Members

From SoMakeIt
Revision as of 09:17, 1 December 2022 by Scorpia (talk | contribs) (Add email images step)
Jump to navigation Jump to search

Members is the Digital Ocean droplet hosting members.somakeit.org.uk.

Setup

These are the steps taken to set it up when Scorpia @ I replaced the much more expensive droplet.

Made new droplet: 46.101.29.241 ubuntu 22.04

Created user accounts

  • tyler
  • bracken
  • other ssh keys left in root auth keys for now (unusable because PermitRootLogin is off)
  • dpslwk so Matt (HMS author) can help
  • chris18890 as existing admin

Server hardening

  • Disable PermitRootLogin for ssh
  • Enabled UFW with allow for port 22 globaly
  • UFW allow 80 and 443 globaly
  • UFW allow 1194/udp globally for OpenVPN
  • UFW allow 3306 from 10.8.0.0/24 for doors to access database over encrypted tunnel
  • Copied letsencrypt files from the old server, installed certbot with apt, dry-ran a renew sucessfully

Mysql

  • installed mariadb-server
  • Copied the live database to the new server, needs to be re-done clean before golive.
  • Copied clean database over at approx 17:00.

Redis

  • Apt-get install redis
  • set requirepass

Nginx

  • Installed nginx

HMS

  • created hms user
  • checked out hms git repo
  • installed php php-redis php-curl php-xml
  • installed composer
  • curl -sS https://getcomposer.org/installer | php
  • sudo mv composer.phar /usr/local/bin/composer
  • composer install
  • composer update

attempt 2 with old php

  • sudo apt install software-properties-common
  • sudo add-apt-repository ppa:ondrej/php -y
  • sudo apt install php7.4 php7.4-redis php7.4-curl php7.4-xml php7.4-zip php7.4-sql php7.4-mysql php7.4 php7.4-fpm php7.4-mbstring
  • sudo update-alternatives --config php
  • recheckout hms
  • add .env file
  • composer update
  • run artisan commands from vagrant script (some may have caused issues)
  • add crontab as set by vagrant script
  • add hms-7.4.conf in /etc/php/7.4/fpm/pool.d/
  • run php artisan config:cache then php artisan hor:ter
  • add uncommitted images used in emails.

NPM

Other

  • install laravel-echo-server
  • add systemd for echo server and horizon
  • copy over oauth keys
  • Add new box IP to mailgun approved IPs

OpenVPN (for the doors)

Log