CNM Campus Farm

From CNM Wiki
Jump to: navigation, search

CNM Campus Farm (hereinafter, the Farm) is the server cluster that supports CNM Cert, CNM Page, and CNM Wiki. These three CNM apps belong to CNM Campus. All of them use MariaDB as their database management system; server databases are synchronized via MariaDB Galera Cluster.

While being a part of CNM Farms, the Server utilizes one DigitalOcean droplet, which is located at the IP address. CNMCyber Team utilizes two more servers that are similar to the Servers. One of them is called CNM Lab Farm; it hosts CNM Next Apps used for experiential learning. Another is called CNM HandsOn Farm; it hosts CNM HandsOn Apps used for hands-on training.

The Farm uses Campus Infrastructure.

DNS zone

Main wikipage: Opplet DNS

Web server files


Currently, this Farm is based on four virtual private servers (VPSes; hereinafter, the Nodes).

cnmcyber #53

  • (wp, empty)
  • (wiki, rus/eng)
  • (wiki, rus/eng, 53/234 galera)
  • (wiki, ukr)
  • (SuiteCRM)
  • (moodle, rus)
  • (moodle, eng)
  • (moodle, ukr)
  • (wp, vsemka copy)
  • (wp, kava, captcha?)
  • (wp, empty)
  • (NextCloud)
  • (humhub)
  • (wp, vsemka)
  • (AVideo?)
  • (wiki, rus/eng)

Next #234

  • ( copy?)
  • (html, website dev offer)
  • (odoo, empty -- delete?)
  • (wp/elementor, bskol)
  • (wiki, eng/rus, 53/234 galera)

Employ #9-106

  • (GitLab)

CO #206

  • HA Proxy



Main wikipage: TLS


Main wikipage: PHP security
PHP security is needed for pretty much any PHP environment; it is not necessarily specific to the App.

LocalSettings.php usually contains sensitive data such as database logins. This data should never be revealed to the public! Due to a security breach somewhere on the server, it might happen that other users are able to view the contents of files. In order to improve security of your data, you should set UNIX permissions for this file accordingly: The webserver user must have access to this file. If this is the same account, who is the owner of the file, then you can set permissions to 600. Sometimes, the webserver user is not the file owner, but they are in the owner's UNIX user group. In this case, permissions of 640 should be fine. For improved security you should narrow permissions down as far as possible.

Additionally, you can create a MySQL user, who is restricted to only the database used by the wiki and provide this user's credentials in LocalSettings.php. Also you can configure your database server to only accept connections from localhost - this should prevent access from outside in case of leaked credentials.



DNS entry point

load balancer on a public web address; high availability functionality is based on HAProxy.


synchronization of resources of common individual nodes, at least databases.



including firewalls

Backup and recovery

One Node is connected to additional storage, which is supposed to be converted to NAS.


Development of the Farm occurs under the HAProxy for CNM Farms project.