Difference between revisions of "CNM Lab Farm"
(→Features) |
(→Development) |
||
Line 23: | Line 23: | ||
|pm3.bskol.com||[[AAAA record]]||2a01:4f8:10b:cdb::2||Node 3 | |pm3.bskol.com||[[AAAA record]]||2a01:4f8:10b:cdb::2||Node 3 | ||
|} | |} | ||
+ | |||
+ | (hereinafter, the ''Next'') is the part of [[CNM Cloud]] that is dedicated to technological [[research and development]] ([[R&D]]) undertaken to discover and shape the future of [[CNM Cloud]]. | ||
+ | |||
+ | While being a part of [[CNM Farms]], the ''Server'' utilizes one [[DigitalOcean]] droplet, which is located at the [http://167.71.244.79 167.71.244.79] [[IP address]], and shall support all the applications that are installed at the [[CNM Next Farm]]. In other words, the ''Server'' can be described as a learning and testing variant of the [[CNM Bureau Farm]]. | ||
+ | |||
+ | |||
+ | ==Platform== | ||
+ | |||
+ | The ''Server'' is set up as a [[Digitalocean]] droplet with dedicated 1 vCPU and 2GB / 50GB Disk in its NYC3 datacenter (New York). The dedicated resources can be increased when the existing ones can no longer support all the services that the ''Server'' is expected to provide. | ||
+ | |||
+ | ===OS=== | ||
+ | :[[Ubuntu]] 18.04.3 (LTS) x64; kernel configs are setup to speed up servers and avoid limitations. | ||
+ | |||
+ | ===Control panel=== | ||
+ | :An instance of [[Vesta Control Panel]] is installed in order to manage all the services through a [[web browser]]. The panel allows for creating users, email addresses, databases, adding domains, setup cronjob, or restart any service. | ||
+ | |||
+ | :The control panel is enhanced with a [[Softaculous]] installation, which allows for automatic installation of popular commercial and [[open-source]] [[end-user application]]s to the ''Server''. Its scripts are executed from the panel's administration area. | ||
+ | |||
+ | ==DNS records== | ||
+ | :All the ''Server's'' [[hostname]]s shall be [[fully qualified domain name]]s ([[fully qualified domain name|FQDN]]s). The records shall be validated with https://intodns.com/ | ||
+ | |||
+ | ===A records=== | ||
+ | :{|class="wikitable" width=100% style="text-align:center;" | ||
+ | |[[DNS record|Record]] | ||
+ | ![[Hostname]]!!Value!![[TTL]] (seconds) | ||
+ | |- | ||
+ | ![[A record|A]] | ||
+ | |[https://next.friendsofcnm.org next.friendsofcnm.org]||directs to [http://167.71.244.79 167.71.244.79]||3600 | ||
+ | |- | ||
+ | ![[A record|A]] | ||
+ | |[https://tube.next.friendsofcnm.org tube.next.friendsofcnm.org]||directs to [http://167.71.244.79 167.71.244.79]||3600 | ||
+ | |- | ||
+ | ![[A record|A]] | ||
+ | |[https://lab.next.friendsofcnm.org lab.next.friendsofcnm.org]||directs to [http://167.71.244.79 167.71.244.79]||3600 | ||
+ | |- | ||
+ | ![[A record|A]] | ||
+ | |[https://cert.next.friendsofcnm.org cert.next.friendsofcnm.org]||directs to [http://167.71.244.79 167.71.244.79]||3600 | ||
+ | |- | ||
+ | ![[A record|A]] | ||
+ | |[https://wiki.next.friendsofcnm.org wiki.next.friendsofcnm.org]||directs to [http://167.71.244.79 167.71.244.79]||3600 | ||
+ | |- | ||
+ | ![[A record|A]] | ||
+ | |[https://mail.next.friendsofcnm.org mail.next.friendsofcnm.org]||directs to [http://167.71.244.79 167.71.244.79]||3600 | ||
+ | |- | ||
+ | ![[A record|A]] | ||
+ | |[https://linkup.next.friendsofcnm.org linkup.next.friendsofcnm.org]||directs to [http://167.71.244.79 167.71.244.79]||3600 | ||
+ | |- | ||
+ | ![[A record|A]] | ||
+ | |[https://page.next.friendsofcnm.org page.next.friendsofcnm.org]||directs to [http://167.71.244.79 167.71.244.79]||3600 | ||
+ | |- | ||
+ | ![[A record|A]] | ||
+ | |[https://venture.next.friendsofcnm.org venture.next.friendsofcnm.org]||directs to [http://167.71.244.79 167.71.244.79]||3600 | ||
+ | |} | ||
+ | |||
+ | ===CNAME records=== | ||
+ | :{|class="wikitable" width=100% style="text-align:center;" | ||
+ | |[[DNS record|Record]] | ||
+ | ![[Hostname]]!!Value!![[TTL]] (seconds) | ||
+ | |- | ||
+ | ![[CNAME record|CNAME]] | ||
+ | |www.next.friendsofcnm.org||is an alias of next.friendsofcnm.org.||43200 | ||
+ | |- | ||
+ | ![[CNAME record|CNAME]] | ||
+ | |www.tube.next.friendsofcnm.org||is an alias of tube.next.friendsofcnm.org.||43200 | ||
+ | |- | ||
+ | ![[CNAME record|CNAME]] | ||
+ | |www.lab.next.friendsofcnm.org||is an alias of lab.next.friendsofcnm.org.||43200 | ||
+ | |- | ||
+ | ![[CNAME record|CNAME]] | ||
+ | |www.cert.next.friendsofcnm.org||is an alias of cert.next.friendsofcnm.org.||43200 | ||
+ | |- | ||
+ | ![[CNAME record|CNAME]] | ||
+ | |www.wiki.next.friendsofcnm.org||is an alias of wiki.next.friendsofcnm.org.||43200 | ||
+ | |- | ||
+ | ![[CNAME record|CNAME]] | ||
+ | |www.mail.next.friendsofcnm.org||is an alias of mail.next.friendsofcnm.org.||43200 | ||
+ | |- | ||
+ | ![[CNAME record|CNAME]] | ||
+ | |www.linkup.next.friendsofcnm.org||is an alias of linkup.next.friendsofcnm.org.||43200 | ||
+ | |- | ||
+ | ![[CNAME record|CNAME]] | ||
+ | |www.page.next.friendsofcnm.org||is an alias of page.next.friendsofcnm.org.||43200 | ||
+ | |- | ||
+ | ![[CNAME record|CNAME]] | ||
+ | |www.venture.next.friendsofcnm.org||is an alias of venture.next.friendsofcnm.org.||43200 | ||
+ | |} | ||
+ | |||
+ | ===Mail-essential records=== | ||
+ | :{|class="wikitable" width=100% style="text-align:center;" | ||
+ | |[[DNS record|Record]] | ||
+ | ![[Hostname]]!!Value!!Priority!![[TTL]] (seconds) | ||
+ | |- | ||
+ | ![[MX record|MX]] | ||
+ | |next.friendsofcnm.org||mail handled by mail.next.friendsofcnm.org.||10||14400 | ||
+ | |- | ||
+ | ![[TXT record|TXT]] | ||
+ | |next.friendsofcnm.org||returns "v=spf1 a mx ip4:167.71.244.79 ~all"|| ||3600 | ||
+ | |- | ||
+ | ![[TXT record|TXT]] | ||
+ | |next.friendsofcnm.org REQUESTED _dmarc.next.friendsofcnm.org||returns "v=DMARC1; p=none"|| ||3600 | ||
+ | |- | ||
+ | ![[TXT record|TXT]] | ||
+ | |mail._domainkey.next.friendsofcnm.org REQUESTED mail._domainkey||returns "v=DKIM1; k=rsa; p=MIGfMA0GCSq GSIb3DQEBAQUAA4 GNADCBiQKBg QDNffFa+nz/ +QeiKhLU85vAX8ozQrE4 Fh1R9pmbeyuAX+ n+ MhFElPMKnulNLf/ itiHVUb4cP5B5 ynWuwXWqGq4eW+ U7T4lFJey N1H1Eft lITjyTVPAUM upoRkRtZN dXyZeFM1Jz OftZFcR f6B1ZU9Bt6b QZ0Lu8J/ aNnHnXt7ewaQIDAQAB"|| ||3600 | ||
+ | |- | ||
+ | ![[TXT record|TXT]] | ||
+ | |_domainkey REQUESTED _domainkey.next.friendsofcnm.org||returns "t=y; o=~;"|| ||3600 | ||
+ | |} | ||
+ | |||
+ | ===NS records=== | ||
+ | :{|class="wikitable" width=100% style="text-align:center;" | ||
+ | |[[DNS record|Record]] | ||
+ | ![[Hostname]]!!Value!![[TTL]] (seconds) | ||
+ | |- | ||
+ | ![[NS record|NS]] | ||
+ | |friendsofcnm.org||directs to ns1.digitalocean.com.||1800 | ||
+ | |- | ||
+ | ![[NS record|NS]] | ||
+ | |friendsofcnm.org||directs to ns2.digitalocean.com.||1800 | ||
+ | |- | ||
+ | ![[NS record|NS]] | ||
+ | |friendsofcnm.org||directs to ns3.digitalocean.com.||1800 | ||
+ | |} | ||
+ | |||
+ | ==Backups== | ||
+ | The backup policy shall be created in order to setup daily, weekly, and/or monthly backups. | ||
+ | |||
+ | ===Internal backup=== | ||
+ | :Internal backups are set up through the control panel. Auto backup is scheduled on every Saturday for all domains, web, databases, emails, and all configs. | ||
+ | |||
+ | ===External backup=== | ||
+ | :External backups are temporarily set up through [[DigitalOcean]] on a weekly basis. | ||
+ | |||
+ | ==Applications== | ||
+ | Any [[CNM app]] listed below shall comply with the [[CNM Cloud requirements]]. | ||
+ | |||
+ | ===Moodle=== | ||
+ | :One testing instance of [[CNM Moodle]] shall be run on the ''Server'' and to be located at https://cert.next.friendsofcnm.org in the [[World Wide Web]]. The instance shall be based on [[Moodle]] software and shall duplicate the production instance located at https://cert.friendsofcnm.org | ||
+ | |||
+ | ===Labware=== | ||
+ | :One testing instance of [[CNM Labware]] shall be run on the ''Server'' and to be located at https://lab.next.friendsofcnm.org in the [[World Wide Web]]. The instance shall be based on a combination of [[Redmine]] and [[Apache Subversion|SVN]] software, linked to [[Bitbucket]]'s file storage, and shall duplicate the production instance located at https://lab.friendsofcnm.org | ||
+ | |||
+ | ===Linkupware=== | ||
+ | :One testing instance of [[CNM Linkupware]] shall be run on the ''Server'' and to be located at https://linkup.next.friendsofcnm.org in the [[World Wide Web]]. The instance shall be based on [[SuiteCRM]] software and shall duplicate the production instance located at https://linkup.friendsofcnm.org | ||
+ | |||
+ | ===Mailware=== | ||
+ | :One testing instance of [[CNM Mailware]] shall be run on the ''Server'' and to be located at https://mail.next.friendsofcnm.org in the [[World Wide Web]]. The instance shall be based on [[Roundcube]] software and shall duplicate the production instance located at https://mail.friendsofcnm.org | ||
+ | |||
+ | :When [https://mxtoolbox.com/ mxtoolbox.com] detects spam issues, delist requests shall be sent to the blocking authorities such as ivmSIP24 and spamhaus Zen particularly using [https://www.invaluement.com/ invaluement.com]. | ||
+ | |||
+ | ===CNM WordPress=== | ||
+ | :One testing instance of [[CNM WordPress]] shall be run on the ''Server'' and to be located at https://page.next.friendsofcnm.org in the [[World Wide Web]]. The instance shall be based on [[WordPress]] software and shall duplicate the production instance located at https://page.friendsofcnm.org | ||
+ | |||
+ | ===CNM Odoo=== | ||
+ | :One testing instance of [[CNM Odoo]] shall be run on the ''Server'' and to be located at https://venture.next.friendsofcnm.org in the [[World Wide Web]]. The instance shall be based on [[Odoo]] software and shall duplicate the production instance located at https://venture.friendsofcnm.org | ||
+ | |||
+ | ===Tubeware=== | ||
+ | :One testing instance of [[CNM Tubeware]] shall be run on the ''Server'' and to be located at https://tube.next.friendsofcnm.org in the [[World Wide Web]]. The instance shall be based on [[YouPHPTube]] software and shall duplicate the production instance located at https://tube.friendsofcnm.org | ||
+ | |||
+ | ===Wikiware=== | ||
+ | :Two testing instances of [[CNM MediaWiki]], for two different languages, shall be run on the ''Server'' and to be located at https://wiki.next.friendsofcnm.org in the [[World Wide Web]]. The instance shall be based on [[MediaWiki]] software and shall duplicate the production instance located at https://wiki.friendsofcnm.org . In addition, one instance of [[Tiki Wiki CMS Groupware]] shall be installed for testing purposes. | ||
+ | |||
+ | ==Server provisioning== | ||
+ | |||
+ | ===Mail servers=== | ||
+ | :Two [[mail server]]s are designed to receive and send [[email]]s. A [[Postfix]] instance shall communicate with [[mail exchanger]]s and a [[Dovecot]] instance shall communicate with [[email client]]s. | ||
+ | |||
+ | ===Web servers=== | ||
+ | :Two [[web server]]s are designed to satisfy requests of [[World Wide Web]] clients. [[Nginx]] is placed in front of [[Apache HTTP Server]] and tuned shall be used as a reverse proxy, load balancer, mail proxy and HTTP cache. Particularly, [[Nginx]] handles static files. | ||
+ | |||
+ | ===FTP servers=== | ||
+ | :A [[Very Secure File Transfer Protocol Daemon]] ([[Very Secure File Transfer Protocol Daemon|vsFTPd]]) shall be used for secure file transfers. | ||
+ | |||
+ | ===Databases=== | ||
+ | :No standalone [[database server]] is planned. Separate [[database management system]]s, which are based on [[MariaDB]] instances, shall serve separate applications as follows: | ||
+ | :{|class="wikitable" width=100% style="text-align:center;" | ||
+ | |+Databases used in the ''Server'' | ||
+ | |- | ||
+ | |[[CNM app|CNM app]] | ||
+ | ![[Database management system|DBMS]]!!Size (tables) | ||
+ | |- | ||
+ | ![[CNM Moodle]] | ||
+ | |rowspan="5"|[[MariaDB]] | ||
+ | |- | ||
+ | ![[CNM Labware|Labware]] | ||
+ | |- | ||
+ | ![[CNM Linkupware|Linkupware]] | ||
+ | |- | ||
+ | ![[CNM Mailware|Mailware]] | ||
+ | |- | ||
+ | ![[CNM WordPress]] | ||
+ | |- | ||
+ | ![[CNM Odoo]] | ||
+ | |Unknown | ||
+ | |- | ||
+ | ![[CNM Tubeware|Tubeware]] | ||
+ | |rowspan="2"|[[MariaDB]] | ||
+ | |- | ||
+ | ![[CNM MediaWiki]] | ||
+ | |} | ||
+ | |||
+ | :[[PostgreSQL]] and [[MongoDB]] may also be considered for further applications. | ||
+ | |||
+ | ===SSL certificates=== | ||
+ | :All domains, including all sub-domains, are provisioned with [[Let's Encrypt]] [[SSL certificate]]s. | ||
+ | |||
+ | ==Requirements== | ||
+ | Requirements to the ''Server'' are a part of [[CNM Cyber requirements]]. | ||
+ | |||
+ | ===Business requirements=== | ||
+ | :The ''Team'' needs the ''Server'' because of the following: | ||
+ | :*Those learners who are a part of the ''Team'' shall have opportunities for hands-on training; AND/OR | ||
+ | :*The associates of the ''Team'' shall have opportunities for experimenting on [[CNM app]]s; | ||
+ | :without any fear of disrupting the services of [[CNMCyber]]. | ||
+ | |||
+ | ===Solution requirements=== | ||
+ | :The ''Server'' shall be: | ||
+ | :*Located at the same facility and produce the same services as the [[CNM Bureau Farm]]; | ||
+ | :*Accessible to: | ||
+ | :*#Use its administrative panel: | ||
+ | :*#*24/7 to the ''Team'' fellows; | ||
+ | :*#*24/7 to those ''Team'' associates whom the [[CNM Technology Board]] authorizes; | ||
+ | :*#*When needed, those ''Team'' learners who are in their hands-on training; | ||
+ | :*#View its publicly-open pages 24/7 and register to everyone: | ||
+ | :*Easily restored when the ''Server'' fails. Those failures may particularly be caused by hands-on training sessions and experiments. | ||
+ | |||
+ | ===Project requirements=== | ||
+ | :The following requirements are effective with regard to the ''Server'' developments: | ||
+ | :*All public data related to requirements to the ''Server'' shall be published on [[CNM Wiki]]. | ||
+ | :*All private data related to the ''Server'' shall be published on [[CNM Lab]]. | ||
+ | :*Only the [[CNM Technology Board]] can approve changes. | ||
+ | |||
+ | ==Administration== | ||
+ | The ''Board'' oversees the ''Server'' development and, particularly, approves the ''Server's'' requirements. The [[Friends Of CNM]] implements the approved requirements. | ||
+ | |||
+ | ===History=== | ||
+ | :[[Gary Ihar]] introduced the idea of the ''Server'' in early August of 2019. After MichaelC approved the idea, [[Gary Ihar]] started recruitment of the contractor. Some design ideas were proposed by Chris M. In early September, Atif G. was hired as the contractor. By mid-September, he installed the control panel, all its applications, web and mail servers. Atif G. also configured [[SSL certificate]]s, generated DNS records, and plugged most of the applications into the [[WorldOpp Federated Farm]] through [[LDAP]]. | ||
+ | |||
+ | ===To-do list=== | ||
+ | :The ''Team'' believes that it is needed to: | ||
+ | :#Plug all the applications into the federal server through LDAP. | ||
+ | :#Design the policy of granting access to the ''Team'' staffers and learners. | ||
+ | :#Document all developments using [[CNM Lab]]. | ||
+ | |||
+ | ===Things to be clarified=== | ||
+ | :*packages updated + upgraded | ||
+ | :*vesta controlpanel has been installed | ||
+ | :*now need to setup its configs | ||
+ | :*vesta control panel detail | ||
+ | :*softaculous also installed with vesta | ||
+ | :*nginx tunning ok | ||
+ | :*mysql tunning ok | ||
+ | :*apache tunning ok | ||
+ | :*security limits config done | ||
+ | :*php configs done | ||
==Development== | ==Development== | ||
Development of the ''Farm'' occurs under the [[Farm for Lab]] project. | Development of the ''Farm'' occurs under the [[Farm for Lab]] project. | ||
− | [[Category:CNM Cloud products]] | + | ==See also== |
+ | |||
+ | ===Related lectures=== | ||
+ | :*[[What Cloud Next Is]]. | ||
+ | |||
+ | [[Category:CNM Cloud products]][[Category: CNM Cyber Orientation]][[Category: Articles]] |
Revision as of 22:36, 20 September 2023
CNM Lab Farm is a farm that is based on one bare-metal server. This Farm requires no high availability functionality due to the experimental nature of the applications installed on it. Due to the lack of high availability requirement, this farm will require an advanced backup and recovery system.
Contents
Features
DNS entry point
- load balancer on a public web address
Syncronization
- synchronization of resources of common individual nodes, at least databases.
Monitoring
Security
- including firewalls
Backup and recovery
DNS zone
- To locate #The Farm's public resources in the Internet, the following DNS records are created in #The Farm's DNS zone:
Field Type Data Comment (not a part of the records) pm3.bskol.com AAAA record 2a01:4f8:10b:cdb::2 Node 3
(hereinafter, the Next) is the part of CNM Cloud that is dedicated to technological research and development (R&D) undertaken to discover and shape the future of CNM Cloud.
While being a part of CNM Farms, the Server utilizes one DigitalOcean droplet, which is located at the 167.71.244.79 IP address, and shall support all the applications that are installed at the CNM Next Farm. In other words, the Server can be described as a learning and testing variant of the CNM Bureau Farm.
Platform
The Server is set up as a Digitalocean droplet with dedicated 1 vCPU and 2GB / 50GB Disk in its NYC3 datacenter (New York). The dedicated resources can be increased when the existing ones can no longer support all the services that the Server is expected to provide.
OS
- Ubuntu 18.04.3 (LTS) x64; kernel configs are setup to speed up servers and avoid limitations.
Control panel
- An instance of Vesta Control Panel is installed in order to manage all the services through a web browser. The panel allows for creating users, email addresses, databases, adding domains, setup cronjob, or restart any service.
- The control panel is enhanced with a Softaculous installation, which allows for automatic installation of popular commercial and open-source end-user applications to the Server. Its scripts are executed from the panel's administration area.
DNS records
- All the Server's hostnames shall be fully qualified domain names (FQDNs). The records shall be validated with https://intodns.com/
A records
Record Hostname Value TTL (seconds) A next.friendsofcnm.org directs to 167.71.244.79 3600 A tube.next.friendsofcnm.org directs to 167.71.244.79 3600 A lab.next.friendsofcnm.org directs to 167.71.244.79 3600 A cert.next.friendsofcnm.org directs to 167.71.244.79 3600 A wiki.next.friendsofcnm.org directs to 167.71.244.79 3600 A mail.next.friendsofcnm.org directs to 167.71.244.79 3600 A linkup.next.friendsofcnm.org directs to 167.71.244.79 3600 A page.next.friendsofcnm.org directs to 167.71.244.79 3600 A venture.next.friendsofcnm.org directs to 167.71.244.79 3600
CNAME records
Record Hostname Value TTL (seconds) CNAME www.next.friendsofcnm.org is an alias of next.friendsofcnm.org. 43200 CNAME www.tube.next.friendsofcnm.org is an alias of tube.next.friendsofcnm.org. 43200 CNAME www.lab.next.friendsofcnm.org is an alias of lab.next.friendsofcnm.org. 43200 CNAME www.cert.next.friendsofcnm.org is an alias of cert.next.friendsofcnm.org. 43200 CNAME www.wiki.next.friendsofcnm.org is an alias of wiki.next.friendsofcnm.org. 43200 CNAME www.mail.next.friendsofcnm.org is an alias of mail.next.friendsofcnm.org. 43200 CNAME www.linkup.next.friendsofcnm.org is an alias of linkup.next.friendsofcnm.org. 43200 CNAME www.page.next.friendsofcnm.org is an alias of page.next.friendsofcnm.org. 43200 CNAME www.venture.next.friendsofcnm.org is an alias of venture.next.friendsofcnm.org. 43200
Mail-essential records
Record Hostname Value Priority TTL (seconds) MX next.friendsofcnm.org mail handled by mail.next.friendsofcnm.org. 10 14400 TXT next.friendsofcnm.org returns "v=spf1 a mx ip4:167.71.244.79 ~all" 3600 TXT next.friendsofcnm.org REQUESTED _dmarc.next.friendsofcnm.org returns "v=DMARC1; p=none" 3600 TXT mail._domainkey.next.friendsofcnm.org REQUESTED mail._domainkey returns "v=DKIM1; k=rsa; p=MIGfMA0GCSq GSIb3DQEBAQUAA4 GNADCBiQKBg QDNffFa+nz/ +QeiKhLU85vAX8ozQrE4 Fh1R9pmbeyuAX+ n+ MhFElPMKnulNLf/ itiHVUb4cP5B5 ynWuwXWqGq4eW+ U7T4lFJey N1H1Eft lITjyTVPAUM upoRkRtZN dXyZeFM1Jz OftZFcR f6B1ZU9Bt6b QZ0Lu8J/ aNnHnXt7ewaQIDAQAB" 3600 TXT _domainkey REQUESTED _domainkey.next.friendsofcnm.org returns "t=y; o=~;" 3600
NS records
Record Hostname Value TTL (seconds) NS friendsofcnm.org directs to ns1.digitalocean.com. 1800 NS friendsofcnm.org directs to ns2.digitalocean.com. 1800 NS friendsofcnm.org directs to ns3.digitalocean.com. 1800
Backups
The backup policy shall be created in order to setup daily, weekly, and/or monthly backups.
Internal backup
- Internal backups are set up through the control panel. Auto backup is scheduled on every Saturday for all domains, web, databases, emails, and all configs.
External backup
- External backups are temporarily set up through DigitalOcean on a weekly basis.
Applications
Any CNM app listed below shall comply with the CNM Cloud requirements.
Moodle
- One testing instance of CNM Moodle shall be run on the Server and to be located at https://cert.next.friendsofcnm.org in the World Wide Web. The instance shall be based on Moodle software and shall duplicate the production instance located at https://cert.friendsofcnm.org
Labware
- One testing instance of CNM Labware shall be run on the Server and to be located at https://lab.next.friendsofcnm.org in the World Wide Web. The instance shall be based on a combination of Redmine and SVN software, linked to Bitbucket's file storage, and shall duplicate the production instance located at https://lab.friendsofcnm.org
Linkupware
- One testing instance of CNM Linkupware shall be run on the Server and to be located at https://linkup.next.friendsofcnm.org in the World Wide Web. The instance shall be based on SuiteCRM software and shall duplicate the production instance located at https://linkup.friendsofcnm.org
Mailware
- One testing instance of CNM Mailware shall be run on the Server and to be located at https://mail.next.friendsofcnm.org in the World Wide Web. The instance shall be based on Roundcube software and shall duplicate the production instance located at https://mail.friendsofcnm.org
- When mxtoolbox.com detects spam issues, delist requests shall be sent to the blocking authorities such as ivmSIP24 and spamhaus Zen particularly using invaluement.com.
CNM WordPress
- One testing instance of CNM WordPress shall be run on the Server and to be located at https://page.next.friendsofcnm.org in the World Wide Web. The instance shall be based on WordPress software and shall duplicate the production instance located at https://page.friendsofcnm.org
CNM Odoo
- One testing instance of CNM Odoo shall be run on the Server and to be located at https://venture.next.friendsofcnm.org in the World Wide Web. The instance shall be based on Odoo software and shall duplicate the production instance located at https://venture.friendsofcnm.org
Tubeware
- One testing instance of CNM Tubeware shall be run on the Server and to be located at https://tube.next.friendsofcnm.org in the World Wide Web. The instance shall be based on YouPHPTube software and shall duplicate the production instance located at https://tube.friendsofcnm.org
Wikiware
- Two testing instances of CNM MediaWiki, for two different languages, shall be run on the Server and to be located at https://wiki.next.friendsofcnm.org in the World Wide Web. The instance shall be based on MediaWiki software and shall duplicate the production instance located at https://wiki.friendsofcnm.org . In addition, one instance of Tiki Wiki CMS Groupware shall be installed for testing purposes.
Server provisioning
Mail servers
- Two mail servers are designed to receive and send emails. A Postfix instance shall communicate with mail exchangers and a Dovecot instance shall communicate with email clients.
Web servers
- Two web servers are designed to satisfy requests of World Wide Web clients. Nginx is placed in front of Apache HTTP Server and tuned shall be used as a reverse proxy, load balancer, mail proxy and HTTP cache. Particularly, Nginx handles static files.
FTP servers
- A Very Secure File Transfer Protocol Daemon (vsFTPd) shall be used for secure file transfers.
Databases
- No standalone database server is planned. Separate database management systems, which are based on MariaDB instances, shall serve separate applications as follows:
Databases used in the Server CNM app DBMS Size (tables) CNM Moodle MariaDB Labware Linkupware Mailware CNM WordPress CNM Odoo Unknown Tubeware MariaDB CNM MediaWiki
- PostgreSQL and MongoDB may also be considered for further applications.
SSL certificates
- All domains, including all sub-domains, are provisioned with Let's Encrypt SSL certificates.
Requirements
Requirements to the Server are a part of CNM Cyber requirements.
Business requirements
- The Team needs the Server because of the following:
- Those learners who are a part of the Team shall have opportunities for hands-on training; AND/OR
- The associates of the Team shall have opportunities for experimenting on CNM apps;
- without any fear of disrupting the services of CNMCyber.
Solution requirements
- The Server shall be:
- Located at the same facility and produce the same services as the CNM Bureau Farm;
- Accessible to:
- Use its administrative panel:
- 24/7 to the Team fellows;
- 24/7 to those Team associates whom the CNM Technology Board authorizes;
- When needed, those Team learners who are in their hands-on training;
- View its publicly-open pages 24/7 and register to everyone:
- Use its administrative panel:
- Easily restored when the Server fails. Those failures may particularly be caused by hands-on training sessions and experiments.
Project requirements
- The following requirements are effective with regard to the Server developments:
- All public data related to requirements to the Server shall be published on CNM Wiki.
- All private data related to the Server shall be published on CNM Lab.
- Only the CNM Technology Board can approve changes.
Administration
The Board oversees the Server development and, particularly, approves the Server's requirements. The Friends Of CNM implements the approved requirements.
History
- Gary Ihar introduced the idea of the Server in early August of 2019. After MichaelC approved the idea, Gary Ihar started recruitment of the contractor. Some design ideas were proposed by Chris M. In early September, Atif G. was hired as the contractor. By mid-September, he installed the control panel, all its applications, web and mail servers. Atif G. also configured SSL certificates, generated DNS records, and plugged most of the applications into the WorldOpp Federated Farm through LDAP.
To-do list
- The Team believes that it is needed to:
- Plug all the applications into the federal server through LDAP.
- Design the policy of granting access to the Team staffers and learners.
- Document all developments using CNM Lab.
Things to be clarified
- packages updated + upgraded
- vesta controlpanel has been installed
- now need to setup its configs
- vesta control panel detail
- softaculous also installed with vesta
- nginx tunning ok
- mysql tunning ok
- apache tunning ok
- security limits config done
- php configs done
Development
Development of the Farm occurs under the Farm for Lab project.