Members

From SoMakeIt
Revision as of 23:46, 3 December 2022 by Scorpia (talk | contribs) (Added link to ansible playbook)
Jump to navigation Jump to search

Members is the Digital Ocean droplet hosting members.somakeit.org.uk.

Setup

Ansible

An ansible playbook to configure the server can be found on github https://github.com/somakeit/members_ansible_config (currently only visible to org members)

Setup notes

These are the steps taken to set it up when Scorpia @ I replaced the much more expensive droplet.

Made new droplet: 46.101.29.241 ubuntu 22.04

Created user accounts

  • tyler
  • bracken
  • other ssh keys left in root auth keys for now (unusable because PermitRootLogin is off)
  • dpslwk so Matt (HMS author) can help
  • chris18890 as existing admin

Server hardening

  • Disable PermitRootLogin for ssh
  • Enabled UFW with allow for port 22 globaly
  • UFW allow 80 and 443 globaly
  • UFW allow 1194/udp globally for OpenVPN
  • UFW allow 3306 from 10.8.0.0/24 for doors to access database over encrypted tunnel
  • Copied letsencrypt files from the old server, installed certbot with apt, dry-ran a renew sucessfully

Mysql

  • installed mariadb-server
  • Copied the live database to the new server, needs to be re-done clean before golive.
  • Copied clean database over at approx 17:00.

Redis

  • Apt-get install redis
  • set requirepass

Nginx

  • Installed nginx

HMS

  • created hms user
  • checked out hms git repo
  • installed php php-redis php-curl php-xml
  • installed composer
  • curl -sS https://getcomposer.org/installer | php
  • sudo mv composer.phar /usr/local/bin/composer
  • composer install
  • composer update

attempt 2 with old php

  • sudo apt install software-properties-common
  • sudo add-apt-repository ppa:ondrej/php -y
  • sudo apt install php7.4 php7.4-redis php7.4-curl php7.4-xml php7.4-zip php7.4-sql php7.4-mysql php7.4 php7.4-fpm php7.4-mbstring
  • sudo update-alternatives --config php
  • recheckout hms
  • add .env file
  • composer update
  • run artisan commands from vagrant script (some may have caused issues)
  • add crontab as set by vagrant script
  • add hms-7.4.conf in /etc/php/7.4/fpm/pool.d/
  • run php artisan config:cache then php artisan hor:ter
  • add uncommitted images used in emails.

NPM

Other

  • install laravel-echo-server
  • add systemd for echo server and horizon
  • copy over oauth keys
  • Add new box IP to mailgun approved IPs

OpenVPN (for the doors)

Installed using https://github.com/angristan/openvpn-install and (https://github.com/angristan/openvpn-install/issues/1030).

  • Created a client for kong and added route-nopull to make it a split tunnel config.
  • Created a client for extDoorPi added route-nopull
  • Installed openvpn configs on both pis, tested and door access working.

Log

Retrieved from ‘https://wiki.somakeit.org.uk/index.php?title=Members&oldid=110