Difference between revisions of "CNM Cloud Next"

From CNM Wiki
Jump to: navigation, search
(DNS records)
(DNS records)
Line 74: Line 74:
 
|}
 
|}
 
|-
 
|-
![[MX record|MX]]
+
![[TXT record|TXT]]
|
+
|next.friendsofcnm.org||returns "v=spf1 a mx ip4:167.71.244.79 ~all"||3600
@  TXT    "v=spf1 a mx ip4:167.71.244.79 ~all"
 
 
|-
 
|-
![[MX record|MX]]
+
![[TXT record|TXT]]
 
|
 
|
 
_dmarc.next.friendsofcnm.org  TXT    "v=DMARC1; p=none"
 
_dmarc.next.friendsofcnm.org  TXT    "v=DMARC1; p=none"
 
|-
 
|-
![[MX record|MX]]
+
![[TXT record|TXT]]
 
|
 
|
 
mail._domainkey  TXT                                                                                                                                                  "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNffFa+nz/+QeiKhLU85vAX8ozQrE4Fh1R9pmbeyuAX+n+MhFElPMKnulNLf/itiHVUb4cP5B5ynWuwXWqGq4eW+U7T4lFJeyN1H1EftlITjyTVPAUMupoRkRtZNdXyZeFM1JzOftZFcRf6B1ZU9Bt6bQZ0Lu8J/aNnHnXt7ewaQIDAQAB"
 
mail._domainkey  TXT                                                                                                                                                  "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNffFa+nz/+QeiKhLU85vAX8ozQrE4Fh1R9pmbeyuAX+n+MhFElPMKnulNLf/itiHVUb4cP5B5ynWuwXWqGq4eW+U7T4lFJeyN1H1EftlITjyTVPAUMupoRkRtZNdXyZeFM1JzOftZFcRf6B1ZU9Bt6bQZ0Lu8J/aNnHnXt7ewaQIDAQAB"
 
|-
 
|-
![[MX record|MX]]
+
![[TXT record|TXT]]
 
|
 
|
 
_domainkey      TXT    "t=y; o=~;"
 
_domainkey      TXT    "t=y; o=~;"
Line 111: Line 110:
 
 
 
3600 Copy
 
3600 Copy
More
 
TXT
 
next.friendsofcnm.org Copy
 
returns
 
"v=spf1 a mx ip4:167.71.244.79 ~all" Copy
 
 
3600
 
  
 
|-
 
|-

Revision as of 12:11, 21 September 2019

The CNM Next Server (hereinafter, the Server) is a compute server that the CNM Digital Team (hereinafter, the Team) uses for learning and testing. While being a part of CNM Servers, the Server utilizes one DigitalOcean droplet, which is located at the 167.71.244.79 IP address, and shall support all the applications that are installed at the CNM Fellow Server. In other words, the Server can be described as a learning and testing variant of the CNM Fellow Server.


Platform

The Server is set up as a Digitalocean droplet with dedicated 1 vCPU and 2GB / 50GB Disk in its NYC3 datacenter (New York). The dedicated resources can be increased when the existing ones can no longer support all the services that the Server is expected to provide.

OS

Ubuntu 18.04.3 (LTS) x64

DNS records

All the Server's hostnames shall be fully qualified domain names (FQDNs). The following records shall be associated with the Server:
Record Hostname Value Priority TTL (seconds)
A next.friendsofcnm.org directs to 167.71.244.79   3600
A video.next.friendsofcnm.org directs to 167.71.244.79   3600
A lab.next.friendsofcnm.org directs to 167.71.244.79   3600
A cert.next.friendsofcnm.org directs to 167.71.244.79   3600
A wiki.next.friendsofcnm.org directs to 167.71.244.79   3600
A mail.next.friendsofcnm.org directs to 167.71.244.79   3600
A linkup.next.friendsofcnm.org directs to 167.71.244.79   3600
A page.next.friendsofcnm.org directs to 167.71.244.79   3600
A venture.next.friendsofcnm.org directs to 167.71.244.79   3600
CNAME www.next.friendsofcnm.org is an alias of next.friendsofcnm.org.   43200
CNAME www.video.next.friendsofcnm.org is an alias of video.next.friendsofcnm.org.   43200
CNAME www.lab.next.friendsofcnm.org is an alias of lab.next.friendsofcnm.org.   43200
CNAME www.cert.next.friendsofcnm.org is an alias of cert.next.friendsofcnm.org.   43200
CNAME www.wiki.next.friendsofcnm.org is an alias of wiki.next.friendsofcnm.org.   43200
CNAME www.mail.next.friendsofcnm.org is an alias of mail.next.friendsofcnm.org.   43200
CNAME www.linkup.next.friendsofcnm.org is an alias of linkup.next.friendsofcnm.org.   43200
CNAME www.page.next.friendsofcnm.org is an alias of page.next.friendsofcnm.org.   43200
CNAME www.venture.next.friendsofcnm.org is an alias of venture.next.friendsofcnm.org.   43200
MX next.friendsofcnm.org mail handled by mail.next.friendsofcnm.org. 10 14400

|- !TXT |next.friendsofcnm.org||returns "v=spf1 a mx ip4:167.71.244.79 ~all"||3600 |- !TXT | _dmarc.next.friendsofcnm.org TXT "v=DMARC1; p=none" |- !TXT | mail._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNffFa+nz/+QeiKhLU85vAX8ozQrE4Fh1R9pmbeyuAX+n+MhFElPMKnulNLf/itiHVUb4cP5B5ynWuwXWqGq4eW+U7T4lFJeyN1H1EftlITjyTVPAUMupoRkRtZNdXyZeFM1JzOftZFcRf6B1ZU9Bt6bQZ0Lu8J/aNnHnXt7ewaQIDAQAB" |- !TXT | _domainkey TXT "t=y; o=~;"


TXT _domainkey.next.friendsofcnm.org Copy returns "t=y; o=~;" Copy

3600 Copy More TXT mail._domainkey.next.friendsofcnm.org Copy returns "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNffFa+nz/+QeiKhLU85vAX8ozQrE4Fh1R9pmbeyuAX+n+MhFElPMKnulNLf/itiHVUb4cP5B5ynWuwXWqGq4eW+U7T4lFJeyN1H1EftlITjyTVPAUMupoRkRtZNdXyZeFM1JzOftZFcRf6B1ZU9Bt6bQZ0Lu8J/aNnHnXt7ewaQIDAQAB" Copy

3600 Copy More TXT next.friendsofcnm.org Copy returns "v=DMARC1; p=none" Copy

3600 Copy

|- !NS |friendsofcnm.org||directs to ns1.digitalocean.com.|| ||1800 |- !NS |friendsofcnm.org||directs to ns2.digitalocean.com.|| ||1800 |- !NS |friendsofcnm.org||directs to ns3.digitalocean.com.|| ||1800 |}

The records shall be validated with https://intodns.com/

Control panel

An instance of Vesta Control Panel is installed in order to manage all the services through a web browser. The panel allows for creating users, email addresses, databases, adding domains, setup cronjob, or restart any service.
The control panel is enhanced with a Softaculous installation, which allows for automatic installation of popular commercial and open-source end-user applications to the Server. Its scripts are executed from the panel's administration area.

Backups

The backup policy shall be created in order to setup daily, weekly, and/or monthly backups.

Internal backup

Internal backups are set up through the control panel. Auto backup is scheduled on every Saturday for all domains, web, databases, emails, and all configs.

External backup

External backups are temporarily set up through DigitalOcean on a weekly basis.

Applications

Any CNM app listed below shall comply with the CNM software requirements.

Certware

One testing instance of CNM Certware shall be run on the Server and to be located at https://cert.next.friendsofcnm.org in the World Wide Web. The instance shall be based on Moodle software and shall duplicate the production instance located at https://cert.friendsofcnm.org

Labware

One testing instance of CNM Labware shall be run on the Server and to be located at https://lab.next.friendsofcnm.org in the World Wide Web. The instance shall be based on a combination of Redmine and SVN software, linked to Bitbucket's file storage, and shall duplicate the production instance located at https://lab.friendsofcnm.org

Linkupware

One testing instance of CNM Linkupware shall be run on the Server and to be located at https://linkup.next.friendsofcnm.org in the World Wide Web. The instance shall be based on SuiteCRM software and shall duplicate the production instance located at https://linkup.friendsofcnm.org

Mailware

One testing instance of CNM Mailware shall be run on the Server and to be located at https://mail.next.friendsofcnm.org in the World Wide Web. The instance shall be based on Roundcube software and shall duplicate the production instance located at https://mail.friendsofcnm.org
When mxtoolbox.com detects spam issues, delist requests shall be sent to the blocking authorities such as ivmSIP24 and spamhaus Zen particularly using invaluement.com.

Pageware

One testing instance of CNM Pageware shall be run on the Server and to be located at https://page.next.friendsofcnm.org in the World Wide Web. The instance shall be based on WordPress software and shall duplicate the production instance located at https://page.friendsofcnm.org

Ventureware

One testing instance of CNM Ventureware shall be run on the Server and to be located at https://venture.next.friendsofcnm.org in the World Wide Web. The instance shall be based on Odoo software and shall duplicate the production instance located at https://venture.friendsofcnm.org

Videoware

One testing instance of CNM Videoware shall be run on the Server and to be located at https://video.next.friendsofcnm.org in the World Wide Web. The instance shall be based on YouPHPTube software and shall duplicate the production instance located at https://video.friendsofcnm.org

Wikiware

Two testing instances of CNM Wikiware, for two different languages, shall be run on the Server and to be located at https://wiki.next.friendsofcnm.org in the World Wide Web. The instance shall be based on MediaWiki software and shall duplicate the production instance located at https://wiki.friendsofcnm.org . In addition, one instance of Tiki Wiki CMS Groupware shall be installed for testing purposes.

Server provisioning

Mail servers

Two mail servers are designed to receive and send emails. A Postfix instance shall communicate with mail exchangers and a Dovecot instance shall communicate with email clients.

Web servers

Two web servers are designed to satisfy requests of World Wide Web clients. Nginx is placed in front of Apache HTTP Server and tuned shall be used as a reverse proxy, load balancer, mail proxy and HTTP cache. Particularly, Nginx handles static files.

FTP servers

A Very Secure File Transfer Protocol Daemon (vsFTPd) shall be used for secure file transfers.

Databases

No standalone database server is planned. Separate database management systems, which are based on MariaDB instances, shall serve separate applications as follows:
Databases used in the Server
CNM app DBMS Size (tables)
Certware MariaDB
Labware
Linkupware
Mailware
Pageware
Videoware
Wikiware
PostgreSQL and MongoDB may also be considered for further applications.

SSL certificates

All domains, including all sub-domains, are provisioned with Let's Encrypt SSL certificates.

Requirements

Requirements to the Server are a part of CNM Digital (requirements).

Business requirements

The Team needs the Server because of the following:
  • Those learners who are a part of the Team shall have opportunities for hands-on training; AND/OR
  • The associates of the Team shall have opportunities for experimenting on CNM apps;
without any fear of disrupting the services of CNM Digital.

Solution requirements

The Server shall be:
  • Located at the same facility and produce the same services as the CNM Fellow Server;
  • Accessible to:
    1. Use its administrative panel:
      • 24/7 to the Team fellows;
      • 24/7 to those Team associates whom the CNM Technology Board authorizes;
      • When needed, those Team learners who are in their hands-on training;
    2. View its publicly-open pages 24/7 and register to everyone:
  • Easily restored when the Server fails. Those failures may particularly be caused by hands-on training sessions and experiments.

Project requirements

The following requirements are effective with regard to the Server developments:
  • All public data related to requirements to the Server shall be published at CNM Wikis.
  • All private data related to the Server shall be published at CNM Labs.
  • Only the CNM Technology Board can approve changes.

Administration

The Board oversees the Server development and, particularly, approves the Server's requirements. The Friends Of CNM implements the approved requirements.

History

Gary Ihar introduced the idea of the Server in early August of 2019. After MichaelC approved the idea, Gary Ihar started recruitment of the contractor. Some design ideas were proposed by Chris M. In early September, Atif G. was hired as the contractor. By mid-September, he installed the control panel, all its applications, web and mail servers. Atif G. also configured SSL certificates, generated DNS records, and plugged most of the applications into the federal server through LDAP.

Action backlog

The Team believes that it is needed to:
  1. Plug all the applications into the federal server through LDAP.
  2. Design the policy of granting access to the Team staffers and learners.
  3. Document all developments using CNM Labs.